DPPCustoms accessEU

EU Digital Product Passport customs access review workflow

A grounded workflow for checking which DPP data is public, restricted, or available to customs authorities before an ESPR-covered product is imported or released.

Use it to align access rights, registry upload evidence, web-portal expectations, and customs release checks without inventing unsupported customs data fields. The customs registry starts when the Commission sets it up by 19 July 2026.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
4

Structured answer sets in this page tree.

Primary sources
4

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

This workflow helps product, trade compliance, and DPP implementation teams review customs access for an EU Digital Product Passport under the Ecodesign for Sustainable Products Regulation. It focuses on the legally grounded handoffs: the passport data carrier and unique product identifier, stakeholder access rights set in product-specific delegated acts, the Commission registry, the public web portal, and the customs check for release for free circulation.

Section 1

Classify DPP data by access route

Start by separating DPP data into three access routes. Public data is the information that stakeholders can search or compare through the Commission web portal when access rights allow it. Restricted data is DPP information available only to named actor types under product-specific access rights. Customs access is the authority route for customs duties, including risk management, customs controls, and release for free circulation.

Do not treat the passport as one public document. ESPR requires access to DPP data to be regulated by delegated-act access rights, and it requires free and easy access for listed actors, including customs authorities, based on those respective access rights.

  • Public: data intended for search or comparison through the web portal, without expanding beyond the access rights set for the product group.
  • Restricted: supplier, operator, service-provider, or lifecycle data that needs login, credentials, or role-based access because it is not meant for every stakeholder.
  • Customs: registry and DPP data customs authorities may retrieve and use for duties under Union law, including customs controls and release for free circulation.
  • Not classified yet: any data element whose access rule depends on a product-specific delegated act that is not yet available for the product group.
Sources for this answer
Regulation (EU) 2024/1781 (ESPR)
Supports the public, restricted, and customs access split because ESPR requires DPP access to follow product-group access rights and lists customs authorities among actors with access based on those rights.
CEN-CENELEC workshop on DPP design guidelines
Supports treating the DPP implementation as a design exercise covering data carriers, portal contents, information exchange, and applications.
Section 2

Check the registry and portal handoffs

The registry handoff is not the same as publishing the whole passport. ESPR requires the Commission registry to securely store at least unique identifiers; for products intended for release for free circulation, it also stores the commodity code. The economic operator placing the product on the market or putting it into service uploads the required registry data, and the registry returns a unique registration identifier.

The portal handoff is different. ESPR requires the Commission to set up a publicly accessible web portal for searching and comparing DPP data, but the portal must respect the same access rights specified in delegated acts. A useful review therefore checks that the registry record, product passport, data carrier, resolver or link, and portal-visible data are consistent without exposing restricted fields as public content.

  • Confirm the passport is connected through a data carrier to a persistent unique product identifier.
  • Confirm the product, packaging, or accompanying documentation carries the data carrier location required by the applicable delegated act.
  • Confirm the registry upload evidence covers the required unique identifiers and, for products intended for release for free circulation, the commodity code.
  • Confirm the unique registration identifier returned by the registry is stored for customs handoff, while noting that registry communication is not proof of compliance.
  • Confirm public portal data is limited to fields whose access rights allow public search or comparison.
Sources for this answer
Regulation (EU) 2024/1781 (ESPR)
Supports the registry and portal handoff steps, including unique identifiers, commodity code storage for release for free circulation, and the public portal constrained by access rights.
European Commission ESPR overview
Supports the plain-language explanation that the DPP is a digital identity card storing product sustainability information, circularity information, and legal-compliance information.
Recommended next step

Test DPP customs access before import release

Use this workflow to check access rights, registry identifiers, portal exposure, and customs handoff evidence before ESPR-covered products reach release-for-free-circulation review.

Research workflow
Open Research Copilot

Ask DPP customs and access-rights questions against cited ESPR source material.

Explore next step
Talk to Sorena
Discuss DPP implementation

Review registry handoffs, access controls, and import-release readiness with Sorena.

Explore next step
Section 3

Review customs release readiness without inventing customs fields

For customs release readiness, stay inside the ESPR mechanics. When a product covered by an ESPR delegated act is placed under the customs procedure for release for free circulation, the person intending to place it under that procedure must provide or make available the unique registration identifier to customs authorities once the registry is operational, which the Regulation says must happen by 19 July 2026.

Customs may release the product for free circulation only after verifying, at minimum, that the unique registration identifier and the commodity code correspond to registry data. ESPR also says that release for free circulation is not proof of compliance with ESPR or other Union law, so the workflow should not convert customs release into a broader conformity sign-off.

  • Ready: the product is covered by an applicable delegated act and has a DPP available under Articles 9 to 11.
  • Ready: the registry upload exists and the unique registration identifier is available to the importer, broker, or filing team that will provide it to customs.
  • Ready: the commodity code used for customs release is aligned with the commodity code stored in the registry for that product.
  • Blocked: no delegated-act basis identifies the required DPP data or access rights for the product group.
  • Blocked: the review asks for extra customs field mechanics not grounded in ESPR, such as unverified filing columns, broker scripts, or penalty thresholds.
Sources for this answer
Regulation (EU) 2024/1781 (ESPR)
Supports the customs release readiness criteria: provide the unique registration identifier, verify it with the commodity code against the registry, and avoid treating release as proof of compliance.
European Commission consultation on the Digital Product Passport
Supports the implementation context that the DPP is intended to be available to consumers, businesses, and relevant public authorities, and may host additional information such as instructions or conformity documents.
Section 4

Keep access-control evidence

Close the review with evidence that proves the access model is deliberate. The evidence should show which actor type can see, create, update, or retrieve each field; how public portal data differs from restricted data; and how customs receives the registry identifier needed for release for free circulation.

The evidence should also show that DPP data remains accurate, complete, up to date, reliable, and protected. ESPR requires data authentication, reliability, integrity, security, privacy, and fraud avoidance, and it restricts rights to introduce, modify, or update DPP data based on delegated-act access rights.

  • Access matrix: actor type, field group, action allowed, source of the access right, and whether the field is public, restricted, or customs-accessible.
  • Registry evidence: upload timestamp or record reference, unique product identifier, unique registration identifier, commodity code for release-for-free-circulation products, and owner of the record.
  • Portal evidence: public fields exposed for search or comparison, restricted fields suppressed from public view, and test results for an unauthenticated user.
  • Customs handoff evidence: who provides the unique registration identifier, where the identifier is stored for filing support, and how commodity-code alignment is checked.
  • Change-control evidence: who may introduce, modify, or update DPP data and how reliability, integrity, security, privacy, and fraud controls are tested.
Sources for this answer
Regulation (EU) 2024/1781 (ESPR)
Supports the access-control evidence list because ESPR restricts DPP update rights by access rights and requires data authentication, reliability, integrity, security, privacy, and fraud avoidance.
CEN-CENELEC workshop on DPP design guidelines
Supports using a DPP design record for implementation decisions involving data carriers, portal contents, and information exchanges.
Primary sources

References and citations

CEN-CENELEC workshop on DPP design guidelines
cencenelec.eu
Referenced sections
  • Supports using a DPP design record for implementation decisions involving data carriers, portal contents, and information exchanges.
"information exchanges and applications"
European Commission consultation on the Digital Product Passport
single-market-economy.ec.europa.eu
Referenced sections
  • Supports the implementation context that the DPP is intended to be available to consumers, businesses, and relevant public authorities, and may host additional information such as instructions or conformity documents.
"consumers, businesses and relevant public authorities"
European Commission ESPR overview
commission.europa.eu
Referenced sections
  • Supports the plain-language explanation that the DPP is a digital identity card storing product sustainability information, circularity information, and legal-compliance information.
"digital identity card for products"
Regulation (EU) 2024/1781 (ESPR)
eur-lex.europa.eu
Referenced sections
  • Supports the access-control evidence list because ESPR restricts DPP update rights by access rights and requires data authentication, reliability, integrity, security, privacy, and fraud avoidance.
"data authentication, reliability and integrity"
Related guides

Explore more topics

Annex III Data Model Planning for EU Digital Product Passports
Plan EU Digital Product Passport data fields, identifiers, access rights, update owners, registry inputs, and evidence records against ESPR Annex III and product-specific delegated acts.
Digital Product Passport vs Digital Twin
Compare EU Digital Product Passports with digital twins: legal access duties, identifiers, public and restricted data, evidence, governance, and reuse limits.
Digital Product Passport vs Paper Product Passports
Compare EU regulated digital product passports with paper, PDF, web, and internal product passports across access, identifiers, data carriers, restricted data, customs checks, registry, and interoperability.
DPP Data Governance RACI Template for EU Digital Product Passports
Assign accountable owners for EU Digital Product Passport data, access rights, supplier inputs, resolver links, registry uploads, verification checks, and retained evidence.
DPP data-model intake workflow for EU Digital Product Passports
A grounded intake workflow for EU Digital Product Passport data models: product group, delegated-act status, source owner, supplier data, access class, identifiers, carrier, checks, and publication readiness.
DPP Governance, Verification and Audit Controls
Build EU Digital Product Passport governance controls for data owners, supplier evidence, access logs, validation checks, audit records, and product release gates.
DPP QR code vs NFC data carrier choices under EU ESPR
How to choose QR code, NFC, or another data carrier for an EU Digital Product Passport without assuming ESPR mandates one universal carrier.
DPP registry and web portal integration under EU ESPR
Grounded guide to EU Digital Product Passport registry and web portal integration under ESPR, covering identifiers, data carriers, access rights, service providers, and lookup design.
DPP vs Battery Passport: ESPR and Battery Regulation Comparison
Compare the ESPR Digital Product Passport framework with the EU Batteries Regulation battery passport by scope, timing, data, access rights, identifiers, registry, governance, and evidence.
DPP vs EPREL Comparison
Compare the EU Digital Product Passport with EPREL: product-passport scope, energy-label database role, access model, identifiers, data carriers, and overlap limits.
DPP vs GS1 Digital Link: Duties vs Standard
Compare EU Digital Product Passport requirements with GS1 Digital Link: legal scope, identifiers, data carriers, access rights, registry, portal, customs checks, and implementation consequences.
EU Digital Product Passport access: public, restricted, and customs views
How ESPR Digital Product Passport access should be split across public users, restricted actors, authorities, customs, the EU registry, and the web portal.
EU Digital Product Passport API and resolver architecture
Grounded DPP architecture guidance for data carriers, product identifiers, resolver lookup paths, access rights, registry integration, and interoperability without premature protocol mandates.
EU Digital Product Passport Applicability Test
Check whether an ESPR delegated act or battery passport rule may require a Digital Product Passport, which operator owns it, and what evidence to keep.
EU Digital Product Passport architecture and integration
Grounded guide to EU Digital Product Passport architecture: data carriers, identifiers, access rights, registry, portal, supplier flows, customs checks, and governance.
EU Digital Product Passport checklist
A concrete EU Digital Product Passport readiness checklist covering product-group scope, passport fields, identifiers, data carriers, access rights, supplier evidence, registry preparation, and publication controls.
EU Digital Product Passport compliance: ESPR requirements
Grounded EU Digital Product Passport compliance guide covering ESPR passport data, identifiers, data carriers, access rights, registry readiness, supplier validation, and evidence.
EU Digital Product Passport Data Carriers, Access Control, and UX
How to choose DPP data carriers, identifiers, access rights, and scanning UX under ESPR Articles 9-14, with QR, NFC, RFID, registry, and customs constraints.
EU Digital Product Passport data requirements and fields
How to plan Digital Product Passport data fields under ESPR: delegated-act scope, Annex III data categories, access rights, customs data, and supplier validation.
EU Digital Product Passport deadlines and compliance calendar
Grounded EU Digital Product Passport calendar for ESPR and battery passport milestones, with product-group dates flagged as dependent on delegated acts.
EU Digital Product Passport FAQ
Direct answers on EU Digital Product Passport scope, creators, product groups, registry, customs checks, access rights, identifiers, data carriers, and governance.
EU Digital Product Passport identifier and data carrier design
How to design Digital Product Passport identifiers, QR or other data carriers, resolver links, registry records, access paths, and evidence without overclaiming the EU rules.
EU Digital Product Passport penalties and enforcement
What ESPR says about Digital Product Passport penalties, Member State fine rules, market surveillance, customs checks, and unresolved product-specific delegated acts.
EU Digital Product Passport Product Group Readiness
Prepare product groups for EU Digital Product Passport rules by tracking ESPR delegated-act status, data fields, suppliers, identifiers, access rights, and registry handoffs.
EU Digital Product Passport requirements under ESPR
source-linked overview of EU Digital Product Passport requirements under ESPR: product-specific delegated acts, data fields, identifiers, carriers, registry, access rights, supplier data validation, and open points.
EU Digital Product Passport supplier data validation controls
Build a supplier data validation file for EU Digital Product Passports: source owner, product link, access class, data model fit, evidence quality, approval record, and release gate.
EU DPP customs access: registry, portal, and restricted data
FAQ on customs access under the EU Digital Product Passport: what customs can verify, how the registry and public portal differ, and how access rights limit DPP data.
EU DPP implementation playbook and vendor selection
Select Digital Product Passport vendors against ESPR requirements for identifiers, data carriers, access rights, decentralized storage, registry readiness, portal access, and verification evidence.
EU DPP Product-Group Readiness Checklist
A source-grounded checklist for preparing a product group for an EU Digital Product Passport delegated act, covering data fields, suppliers, identifiers, carriers, access rights, and registry readiness.
EU DPP QR Code and Data Carrier Implementation Guide
Grounded guidance for using QR codes and other data carriers in EU Digital Product Passport programs, including unique identifiers, access, resolver testing, and evidence.
EU DPP supplier data validation workflow
A grounded workflow for checking supplier data before it is used in an EU Digital Product Passport, covering product linkage, evidence, owners, access class, and approval records.
EU DPP unique identifier requirements: product, operator and facility IDs
FAQ on how ESPR Digital Product Passport identifiers connect products, economic operators, facilities, data carriers, resolvers and registry evidence.
Public vs restricted EU Digital Product Passport data
How to separate public, restricted, authority, and customs access in EU Digital Product Passport designs under ESPR and battery passport rules.
What is a Digital Product Passport under ESPR?
A visitor-friendly explanation of EU Digital Product Passports under ESPR: product data, identifiers, data carriers, access rights, registry, web portal, and delegated acts.
What is the EU Digital Product Passport registry?
FAQ on the ESPR Digital Product Passport registry: what it stores, who uploads data, how identifiers work, and what teams should avoid assuming.
Which products come first for the EU Digital Product Passport?
FAQ on EU Digital Product Passport product priority: batteries have a separate passport rule, while ESPR product groups depend on the working plan and delegated acts.
Who must create an EU Digital Product Passport?
DPP responsibility under the EU ESPR: how manufacturers, importers, distributors, suppliers, service providers, and delegated acts fit together.