Table of Contents
The Digital Product Passport (DPP) is a structured, machine-readable record, reachable through a data carrier on the product such as a QR code, that makes standardised information about a product available across its whole lifecycle. The European Union is making it mandatory, product group by product group, and for manufacturers and distributors that turns sustainability data into a legal obligation with deadlines attached. This article explains what a DPP is, the law behind it, which data it must hold, who is liable, and why the whole thing is, at heart, a product-data challenge.
What Is a Digital Product Passport?
A Digital Product Passport is the digital identity of a physical product. Scan the data carrier and you reach information that follows the item from raw material to disposal: what it is made of, which substances of concern it contains, how to repair it, how to recycle it, and where it came from. The audience is broad on purpose. Consumers use it to make better choices, businesses use it along the supply chain, and authorities use it to check compliance. The point is not a marketing label but a single, trustworthy place where a product’s environmental and technical facts live.
The Legal Basis: the EU Ecodesign Regulation (ESPR)
The DPP is created by the Ecodesign for Sustainable Products Regulation, Regulation (EU) 2024/1781, known as the ESPR. It was published in the Official Journal in June 2024 and entered into force on 18 July 2024, replacing the old Ecodesign Directive from 2009. The ESPR is a framework regulation, which is an important detail. It does not set the rules for a toaster or a t-shirt directly. Instead it empowers the European Commission to adopt delegated acts for each product group, and those acts decide the specific ecodesign and DPP requirements that apply. A product covered by such an act may only be placed on the market if its passport exists and is registered in a central, Commission-run DPP registry.
Timeline and affected product groups
The phasing runs through delegated acts, so the dates below mix firm statutory milestones with sector estimates that only become binding once the relevant act is adopted. Treat the non-battery sector years as guidance, not as hard deadlines.
| Date | Milestone |
| 18 Jul 2024 | ESPR enters into force (Regulation (EU) 2024/1781). Firm. |
| 19 Apr 2025 | First ESPR working plan due, naming the priority product groups. Firm. |
| 19 Jul 2026 | Central DPP registry operational; ban on destroying unsold textiles for large enterprises begins. Firm. |
| 18 Feb 2027 | Battery passport becomes mandatory under the EU Battery Regulation (2023/1542). The first DPP in practice. Firm. |
| ~2027–2030 | Delegated acts for priority groups (textiles, iron & steel, aluminium, electronics, furniture, tyres and others) phase in. Subject to each delegated act. |
The eleven priority groups named for early treatment include iron and steel, aluminium, textiles, furniture, tyres, detergents, paints, lubricants, chemicals, energy-related products and electronics. Batteries sit on their own legal track under the Battery Regulation and act as the working proof of concept for everything that follows.
What Data a Digital Product Passport Must Contain
The exact fields come from each delegated act, but the ESPR sets the categories, and they are consistent enough to plan around. A passport typically has to carry the following.
- Product identity: name, model, batch, manufacture date and a unique product identifier.
- Materials and substances: composition, sourcing and any substances of concern.
- Reparability and durability: spare-parts availability, disassembly and repair instructions.
- Recyclability and end of life: recycled content, recycling and take-back guidance.
- Environmental performance: carbon footprint and other lifecycle indicators.
- Supply-chain traceability: information on origin along the chain.
Access has to be free of charge and through a standardised data carrier on the product, usually a QR code, RFID or NFC tag, tied to a unique identifier from the ISO 15459 family. The technical detail, meaning the data model, interoperability and access rights, is being defined by the CEN and CENELEC committee JTC 24 as a set of harmonised European standards, with GS1 contributing an application standard. The pattern is worth remembering: the ESPR creates the legal duty, and the standards bodies define how it works in practice. (The exact standard numbers should be checked against CEN-CENELEC before you cite them.)
Who Must Comply, Including Non-EU Manufacturers
The duty falls on the economic operator that places the product on the EU market or puts it into service, and that holds regardless of where the product was made. A manufacturer has to prepare the technical documentation, run the conformity assessment, draw up the EU declaration of conformity, affix the CE marking and create the passport. Importers and distributors are treated as manufacturers when they sell under their own name or trademark, or when they modify a product. A manufacturer based outside the EU has to appoint an authorised representative established in the Union, and online marketplaces are obliged to cooperate with market-surveillance authorities. Scope follows the product group rather than company size, so small and medium enterprises are included, with some lighter reporting in places.
Penalties and Liability
This is the part most explainers skip, and it is the part a decision-maker actually worries about. Member States set the penalties, and the ESPR requires them to be effective, proportionate and dissuasive. In practice that means fines and, notably, the possibility of being excluded from public procurement for a period, which for many B2B manufacturers is a direct commercial threat. Non-compliant products can be withdrawn or recalled, and there is exposure to civil and collective or representative actions brought on behalf of consumers. Market-surveillance authorities report on enforcement on a regular cycle. The takeaway is straightforward: a missing or wrong passport is not a paperwork nuisance, it can block sales and carry real liability.
What the DPP Means in Practice: a Product-Data Challenge
Strip away the regulation and the DPP is a data problem. A manufacturer has to assemble, govern and publish dozens of attributes for thousands of products, pulling in supplier data and supply-chain information that often sits in disconnected systems and spreadsheets today. This is precisely the work a PIM system is built for. The PIM holds and enriches the product attributes and syndicates them to a data carrier or DPP endpoint. Master data management governs the cross-domain and supplier master data, including the Scope 3 information that is hardest to collect. A DAM stores the linked documents such as repair manuals and certificates. Treating all of this with disciplined Data Governance is what makes a passport auditable rather than a scramble.
A practical example makes it concrete. A power-tools manufacturer with a large, variant-rich catalogue cannot compile repairability, materials and carbon data by hand for every SKU across every market. Once those attributes live in a governed product-data platform, the passport becomes an output of the system rather than a project repeated for every product group.
How to Prepare for the Digital Product Passport
You do not need every delegated act finalised to start. The groundwork is the same across sectors, and the following sequence keeps it focused. At its core the DPP demands high data quality: complete, current and auditable product attributes.
- Confirm whether and when your products are in scope, starting with the priority groups and the battery track.
- Audit the data you already hold against the likely DPP categories, and find the gaps, especially supplier and Scope 3 data.
- Assign ownership for product and sustainability data so someone is accountable for accuracy.
- Build the attribute model in a PIM and connect suppliers, so the required fields are captured at the source.
- Pilot one product group, generate a passport end to end, and connect the data carrier before scaling.
Frequently Asked Questions
Is the Digital Product Passport mandatory, and from when?
Yes, progressively. The ESPR is in force since July 2024 and rolls out per product group through delegated acts. The battery passport is mandatory from 18 February 2027, with other priority groups following as their acts are adopted.
Which products need a Digital Product Passport?
The priority groups include textiles, iron and steel, aluminium, electronics, furniture and tyres, among others, plus batteries under their own regulation. The exact scope for each is set by its delegated act.
Who is legally responsible for the DPP?
The economic operator placing the product on the EU market, regardless of where it was made. Importers and distributors can be treated as manufacturers, and non-EU manufacturers must appoint an EU authorised representative.
What data must a Digital Product Passport contain?
Typically product identity, materials and substances of concern, reparability and durability, recyclability and end of life, carbon footprint and supply-chain traceability, reachable free of charge through a data carrier such as a QR code.
How does a PIM help with DPP compliance?
A PIM aggregates, governs and enriches the required product attributes and publishes them to the data carrier, turning the passport into a repeatable output of your product-data platform rather than a manual project.
The Digital Product Passport is coming product group by product group, and the manufacturers who treat it as a data discipline rather than a last-minute compliance scramble will carry far less cost and risk. Start by mapping your products to the timeline, find the data you are missing, and put it under one governed roof so the passport becomes something your systems produce on demand.
