Build the passport around the ESPR rule set: product-specific delegated acts, mandatory data, identifiers, data carriers, access rights, registry checks, and evidence.
Use this page to turn DPP compliance into a controlled operating model for product, master data, supply chain, IT, customs, and market surveillance readiness.
Structured answer sets in this page tree.
Cited legal and guidance references.
The EU Digital Product Passport is not only a QR code or product page. Under the Ecodesign for Sustainable Products Regulation, passport obligations are set through product-specific delegated acts and are tied to conformity, technical documentation, unique identifiers, access rules, registry data, and the economic operator that places the product on the EU market.
Start by confirming whether the product is covered by an ESPR delegated act that requires a digital product passport. The delegated act controls the product group, the data to include, the passport level, the applicable conformity assessment, and any product-specific information rules.
For covered products, the manufacturer must make a digital product passport available before placing the product on the market or putting it into service. Importers must check that the passport exists before placing covered products on the market. Treat the passport as part of the conformity system, not as a separate marketing asset.
The passport data model should be built from the delegated act and Annex III categories, not from a generic sustainability questionnaire. ESPR lists possible passport elements such as the unique product identifier, GTIN or equivalent identifier, commodity codes, compliance documentation, instructions, manufacturer and importer information, operator identifiers, facility identifiers, and the backup service provider reference.
The data carrier must resolve to the right passport record and remain usable through the product life cycle where possible. CEN-CENELEC guidance separates the design choices for product, operator, facility, and registry identifiers from the carrier and portal choices, which helps teams avoid hard-coding one QR destination before the data model and access model are stable.
A compliant DPP separates public information from restricted information. ESPR expects differentiated access by data type and stakeholder, while protecting confidential business information and personal data. Customers should be able to access public information without turning that access into unnecessary personal-data collection.
The architecture should also be ready for the EU DPP registry and web portal. ESPR requires a registry for unique identifiers linked to products placed on the market or put into service, and a public web portal for searching and comparing passport data according to access rights. Customs authorities are expected to use registry data to verify at least the registration identifier and commodity code for imported products.
Most passport failures start upstream: supplier declarations, materials data, recycled content evidence, component identifiers, and facility information are accepted without validation rules. The DPP owner should run supplier data through the same control discipline as product master data and conformity documentation.
Governance should cover who may create, approve, update, restrict, or retire passport data. CEN-CENELEC guidance recommends considering versioning, timestamps, authentication, access rights, backup, and third-party verification options because the passport remains useful only if users can trust the data and detect changes or tampering.
A DPP evidence file should let a decision owner or authority trace each published field back to the rule, system, supplier record, calculation, approver, and publication event. Keep this evidence with the product's technical documentation rather than in a separate web-content workflow.
Do not add unsupported penalties, fixed thresholds, or launch dates to the passport plan unless the applicable delegated act or official implementation act supplies them. Where the regulation leaves details to future product-specific rules, mark the field as pending instead of filling it with a generic claim.
Use this DPP compliance guide to connect product scope, passport data, identifiers, access rights, supplier evidence, registry readiness, and conformity records before launch.
Answer ESPR and Digital Product Passport implementation questions with cited source material.
Review product scope, passport data, access rules, supplier evidence, and registry readiness with Sorena.
"information contained in the DPP provided to its users should be trustworthy"
"Digital Product Passport"
"Ecodesign for Sustainable Products Regulation"
"technical documentation and the EU declaration of conformity"