EN

Digital Product Passport Regulation: A Manufacturer's Guide

Alexander Zinchenko
2026-06-24
Digital Product Passport Regulation: A Manufacturer's Guide

Key Takeaways

  • The EU Digital Product Passport is mandatory under Regulation (EU) 2024/1781 (ESPR), which entered into force in July 2024.
  • Batteries are first in line, with DPP requirements applying from February 2027. Textiles, electronics, construction materials, and other categories follow through 2030.
  • Any manufacturer, importer, or brand selling physical goods into the EU must comply. Location of headquarters does not affect scope.
  • Compliance depends on the quality of your underlying product data. Companies with fragmented, poorly governed data will struggle with the deadline regardless of which DPP platform they choose.
  • The regulation applies to almost every physical product category. Food, pharmaceuticals, and living organisms are exempt.

What the Regulation Actually Says

The EU's Digital Product Passport sits inside a larger piece of legislation: the Ecodesign for Sustainable Products Regulation, known as ESPR, which replaced the older Ecodesign Directive from 2009. Where the old directive focused mainly on energy-related products, ESPR covers nearly everything manufactured and sold in the EU. It is one of the primary instruments of the European Green Deal and the EU's broader circular economy strategy, which aims to make products more durable, repairable, and recyclable across their full product lifecycle and value chain.

The DPP is the regulation's primary information tool. Under Article 13 of ESPR, economic operators placing products on the EU market must register a mandatory digital product passport in the EU digital registry and keep it updated. The passport travels with the product, accessible via a scannable data carrier, typically a QR code or RFID tag, embedded on the product or its packaging. Data interoperability is a core requirement: passport records must be structured so that procurement tools, regulatory databases, and recycling systems can all read them without manual translation.

ESPR is a framework regulation. The exact data fields for each product category are being set through product-specific delegated acts, published progressively under the ESPR Working Plan 2025-2030. Once a delegated act is adopted for your sector, you have 18 months before enforcement begins. That window sounds comfortable. In practice, the data work alone consumes most of it.

What a Digital Product Passport Must Contain

The digital product passport is a structured digital record. While the precise field list varies by product category, the regulation establishes a consistent core of required information.

Every passport must include a unique product identifier, the manufacturer's or importer's details, and the date and place of manufacture. Beyond that, it must carry material composition data and a full bill of materials (including substances of concern), sourcing information, product carbon footprint, and other lifecycle assessment data, repairability scores, durability ratings, and end-of-life instructions.

Environmental data within the passport is typically drawn from lifecycle assessment (LCA) studies and Environmental Product Declarations (EPDs) where these exist. For manufacturers who have already produced EPDs or product carbon footprint (PCF) calculations, that data is a direct input to the passport. It does not need to be recalculated. It needs to be structured and made machine-readable.

The record must be machine-readable and in an open format. The DPP operates on a tiered access model: regulators and customs authorities have full access, supply chain partners access the data relevant to their role, and end users access a public-facing layer via the data carrier on the product. Customers scan a QR code or RFID tag and reach the information relevant to them, not the complete compliance record.

A passport that exists but cannot be verified is not compliant. The regulation requires audit trails, data governance, and the ability to demonstrate where each piece of information came from.

Companies in chemicals, electrical components, or building materials typically have much of this data somewhere in the business already. The problem is fragmentation: ERP systems, supplier portals, material safety datasheets, engineering documentation, quality management tools, each holds a piece. A passport cannot be assembled from scattered sources on demand; the data must be structured, validated, and maintained as a governed product record before any DPP platform can use it.

Who Is in Scope

Scope is broad by design. ESPR applies to manufacturers, importers, authorised representatives, and fulfilment service providers placing physical goods on the EU market. Being headquartered outside the EU provides no exemption if you sell into the EU directly or through intermediaries.

The categories with confirmed or near-confirmed DPP requirements span most of industrial manufacturing. Batteries fall under the EU Battery Regulation (2023/1542), with DPP mandatory from 18 February 2027, a fixed deadline already pressing on equipment manufacturers with battery-powered products. Iron and steel are among the first intermediate product groups targeted under the ESPR Working Plan, with regulatory adoption work indicated for 2026. Textiles and apparel, consumer electronics, furniture, tyres, chemicals, construction products including aluminium, and energy-related products are all expected to follow under delegated acts through 2030.

Construction product manufacturers face a second layer of DPP obligations. Alongside ESPR, the revised Construction Products Regulation (CPR) adds sector-specific requirements, including links to Declaration of Performance, CE-marking documentation, and environmental performance data derived from EN 15804-aligned LCAs. If you manufacture cement, insulation, structural steel, or similar products, both regulations may apply.

Food, medicines, living organisms, and certain vehicles with their own type-approval frameworks are exempt. Everything else is likely in scope by 2030.

ESPR recognises that compliance places a heavier burden on SMEs than on large manufacturers. Product-specific delegated acts include provisions for SME support, and the Commission is expected to publish guidance on proportionate compliance pathways. That said, SMEs supplying large manufacturers may face commercial pressure to deliver structured DPP data earlier than their own regulatory deadline, because ESPR holds the primary manufacturer responsible for aggregating the full supply chain's data.

Why Data Readiness Is the Actual Problem

Most companies approaching digital product passport compliance underestimate how much of the work happens before any DPP platform is involved. The passport is only as good as the data behind it. And for most manufacturers, that data has never been collected, structured, or governed to the standard the regulation requires.

In projects we implemented for industrial equipment manufacturers, the first serious challenge was rarely the DPP technology itself. It was discovering that material composition data was incomplete, that supplier-provided declarations were inconsistent across product lines, and that carbon footprint figures had never been calculated at the individual product level. Fixing that takes time. The 18-month implementation window after a delegated act is adopted is not generous once you account for the data work.

There is also a supplier dimension that gets underestimated. A digital product passport is only as accurate as the data your suppliers can provide. Many tier-2 and tier-3 suppliers, particularly in industrial component chains, do not yet have the systems to generate structured, machine-readable declarations.

Supply chain traceability means knowing what every component is made of, where it came from, and what environmental profile it carries. That granularity is a prerequisite for a compliant passport, and building it takes longer than most manufacturers expect. Companies end up carrying that onboarding burden themselves, or accepting data gaps that create compliance risk.

The specific gaps that appear most often:

  • Material and substance data held in PDFs or spreadsheets rather than structured product records
  • Supplier data that arrives in inconsistent formats with no validation workflow
  • No single system of record linking the product identifier to all relevant compliance attributes
  • No change management process to update the passport when a component or supplier changes

The digital product passport regulation does not prescribe which software you use. But it requires data that meets defined quality standards, is traceable to its source, and can be updated and republished as products evolve. Companies that treat this as a data governance project from the start build an infrastructure that scales. Those who treat it as a reporting exercise find themselves rebuilding it when the next delegated act arrives.

Software for Digital Product Passport Compliance

Once data is in order, the technical layer of compliance involves three things: a system to hold and manage the product data, a mechanism to generate and publish the machine-readable passport record, and integration with the EU digital product passport registry once it is operational.

Most manufacturers already have ERP and PLM systems that hold parts of the required data. Those systems are not designed to produce consumer-facing, machine-readable passport records or to handle the multi-party data sharing the regulation requires. A product information management system bridges that gap, holding enriched product data and connecting upstream to ERP and downstream to the digital product passport registry and data carriers.

It is worth understanding how the registry model works. The EU DPP system uses a decentralised architecture: manufacturers host their own product data on accredited third-party service providers, and the central EU registry acts as a directory of unique identifiers that point to where each passport is stored. This means the registry does not hold all the data centrally. It holds the index. Manufacturers retain legal responsibility for the accuracy and completeness of the data in their own hosted records.

AtroPIM includes a native module for Digital Product Passport functionality. The system's flexible EAV-based data model allows teams to define exactly the attributes each product category requires under its delegated act, with no schema constraints forcing workarounds.

Supplier data, material composition records, compliance certificates, and sustainability metrics sit alongside standard product content in a single record. ERP and PLM integrations pull procurement and engineering data automatically, so the passport record stays current without manual reconciliation. AtroPIM is available as on-premise or SaaS, which matters for manufacturers in regulated industries with data residency obligations.

The registry infrastructure on the EU side is still being developed. GS1 is leading standardisation work on the data carrier and resolver network, including the GS1 Digital Link standard that maps product identifiers to their hosted passport records. CEN/CLC JTC 24 is developing the European standards for digital product passport systems. The technical specifications are evolving, and any implementation approach should be built to adapt as those standards are finalised.

Data quality requirements will be embedded in those standards. Incomplete or unverified passport data will not satisfy market surveillance authorities even if the technical format is correct. That means the software layer is only as useful as the data governance behind it. Choosing the right platform is necessary, but not sufficient on its own.

Enforcement and Market Access

The DPP is not a voluntary scheme. Products placed on the EU market without a required passport after the applicable deadline can be withdrawn by market surveillance authorities. Customs authorities are also gaining access to the EU registry, which means goods arriving without a valid passport can be stopped at the border before they reach distributors or retailers.

The consequences are practical: loss of market access, removal from sale, and potential customs seizures for imports. Retailers and distributors are adding their own pressure ahead of the regulatory deadline, driven by ESG commitments and supply chain due diligence obligations. They are already requesting product sustainability data from suppliers, regardless of whether the formal DPP requirement has landed in that product category yet. A supplier without structured, exportable product data is increasingly a liability to distribution partners.

The broader EU regulatory environment is tightening in parallel. The Green Claims Directive is raising the bar on environmental marketing, and a verified digital product passport is increasingly what distinguishes a substantiated sustainability claim from greenwashing. Companies already reporting under CSRD or managing CBAM obligations on carbon-intensive goods will find that much of the underlying product data overlaps. Structured DPP compliance infrastructure serves multiple regulatory requirements from the same data foundation.

Companies with operations in the UK should also be aware that ESPR creates a de facto compliance requirement even without direct UK regulation. Any product exported to the EU must carry a compliant DPP. UK manufacturers selling into the EU through distributors need to be ready on the EU timetable.

Where to Start

The manufacturers making steady progress toward digital product passport compliance are treating it as a product data infrastructure project, not a sustainability project or an IT project.

Start with a data audit. Map every attribute that the relevant delegated act will require for your product category. For batteries, the EU Battery Regulation already specifies required fields in detail. For other categories, the ESPR Working Plan provides enough signal to begin gap analysis now. Then identify where each required data point currently lives, who owns it, and what its quality looks like.

If your sector has no delegated act yet, that is not a reason to wait. The core data categories are consistent across product groups: material composition, substances of concern, sourcing, carbon footprint, and repairability. A manufacturer who builds the data infrastructure around those fields now will need only minor adjustments when the category-specific act is published. One who waits until the act is confirmed will have 18 months to do what should have taken two years.

Three practical starting points, regardless of sector or company size:

  • Assign ownership for each data domain (materials, sustainability, supplier declarations) to a named person or team. Unowned data does not get collected.
  • Run a completeness check against the known field list for your product category. Any field below 80% completeness needs a remediation plan before you select software.
  • Map supplier data flows. Which suppliers can deliver structured, machine-readable data? Which ones send PDFs or spreadsheets? The gap there defines your supplier onboarding scope.

The gap between what you have and what the regulation requires is the actual project scope. The technology choice follows from that, not the other way around. A well-structured product data management platform, whether a PIM or MDM system with a native digital product passport module, can make DPP compliance manageable once the data foundations are solid. Starting with the software before fixing the data just moves the problem downstream.

Rated 0/5 based on 0 ratings