Artifact GuideEU

EU Digital Product Passport (DPP) Compliance Guide

How to comply with DPP requirements - as shipped systems and operating processes.

Built from ESPR Articles 9-15 + Annex III and implementation guidance from CWA and CIRPASS.

Back to main artifact Review sources

Author

Sorena AI

Published

Mar 4, 2026

Updated

Mar 4, 2026

Sections

Structured answer sets in this page tree.

Primary sources

Cited legal and guidance references.

Publication metadata

Sorena AI

Published Mar 4, 2026

Updated Mar 4, 2026

Overview

DPP compliance is achieved when: (1) your product group obligations are scoped correctly, (2) DPPs are available and accessible as required, (3) data is accurate/complete/up to date, (4) access rights and security are enforced, and (5) registry/customs dependencies are handled. This guide shows the end-to-end compliance program you can execute.

Section 1

Phase 1 - Scope: delegated act coverage and DPP granularity

Start with the delegated act for your product group: it specifies what data is required, what carriers to use, who can access and update which fields, and whether DPP is model/batch/item level.

Treat the granularity decision as a system requirement that drives ID strategy, labeling costs, and lifecycle updates.

Confirm product group definition and commodity codes; identify the required Annex III data elements for the product group.
Lock DPP level (model/batch/item) and define what "model" or "batch" means for your product family and production process.
Create a roles map: manufacturer/importer/distributor/dealer/marketplace and who creates/updates each field.

Section 2

Phase 2 - Data: Annex III mapping, governance and evidence

Annex III provides a structured list of data elements that can be required in a DPP (IDs, compliance docs, manuals, operator IDs, facility IDs, importer EORI, service provider references).

Your job is to implement a canonical DPP data model with provenance, versioning, and SLAs for freshness.

Build a canonical schema: structured, machine-readable fields for identity and compliance evidence; store document references and hashes/signatures where appropriate.
Map each field to a source system and owner; define update triggers and validation rules.
Implement data quality monitoring: "accurate, complete, up to date" as measurable requirements.

Section 3

Phase 3 - Identity and carriers: persistent identifiers + physical data carriers

Article 10 requires a data carrier connected to a persistent unique product identifier and physical presence on the product/packaging/documentation.

Implement this like a hardware rollout: print processes, placement specs, durability tests, and fallback access for distance selling.

Define identifier scheme(s) and a stable resolver; avoid vendor-specific URLs that break on migration.
Select carriers (QR/2D code, RFID/EPC, etc.) and validate scan reliability across lifecycle environments.
Enable distance selling: provide dealers/online marketplaces a digital copy of carrier/identifier or link where physical access isn't possible.

Section 4

Phase 4 - Access rights and UX: public vs restricted views

Delegated acts define which actors can access what data and who can update what data. Article 11 requires free and easy access based on those rights.

Build multiple views off one dataset: a public consumer view and restricted role-based views with audit logs.

Public view: pre-purchase access, including distance selling; avoid collecting personal data for public access.
Restricted view: authentication, role-based access, and audit logging; ensure update rights are restricted per delegated act.
Lifecycle linking: if a new DPP is created, link to original DPP(s) and preserve history.

Section 5

Phase 5 - Registry, portal and customs readiness

ESPR requires an EU DPP registry (by 19 July 2026) and a web portal, and introduces customs workflows using the unique registration identifier once the registry is operational.

Plan registry integration and customs flows early, even if your delegated act is not yet live.

Registry: build an upload pipeline for unique identifiers and additional delegated-act registry fields; store the unique registration identifier returned.
Portal: ensure public data is searchable/compareable and restricted data remains protected by rights.
Customs: be able to provide the unique registration identifier for release for free circulation; support automated verification flows where possible.

Section 6

Phase 6 - Architecture: open standards, interoperability and no vendor lock-in

Article 10 requires open standards, interoperable formats and transferability through an open interoperable network without vendor lock-in.

You should be able to migrate providers without reprinting labels or losing audit history.

API-first design: canonical DPP layer with stable schemas, exportability, and view renderers.
Interoperability: align technical, semantic and organisational aspects so DPP can interact across actors and product groups.
Service provider constraints: providers must not sell/reuse/process DPP data beyond what is necessary unless specifically agreed.

Section 7

Operate DPP as a service: monitoring and incident response

The compliance target is long-lived availability and correctness. Broken resolution, stale docs, or access regressions become compliance issues.

Run DPP with SLOs and an incident playbook.

SLOs: resolver uptime, scan success rates, freshness SLAs for key fields, and access control regression tests.
Audit drills: periodically produce evidence that DPP meets Article 10/11 requirements (IDs, carriers, access, security).
Continuous improvement: iterate based on stakeholder feedback (repairers, recyclers, authorities) and delegated act updates.

Recommended next step

Operationalize EU Digital Product Passport (DPP) Compliance Guide across ESG workflows

ESG Compliance can take EU Digital Product Passport (DPP) Compliance Guide from operationalizing the guidance into a tracked program to a reusable workflow inside Sorena. Teams working on EU Digital Product Passport (DPP) can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

ESG workflow

Open ESG Compliance for EU Digital Product Passport (DPP) Compliance Guide

Start from EU Digital Product Passport (DPP) Compliance Guide and manage cross team sustainability work, reporting, and evidence from one workflow.

Explore next step

Talk to Sorena

Talk through EU Digital Product Passport (DPP)

Review your current process, evidence gaps, and next steps for EU Digital Product Passport (DPP) Compliance Guide.

Explore next step

Primary sources