Artifact GuideEU

EU Digital Product Passport (DPP) FAQ

Fast answers: scope, data, carriers, access rights, registry, customs and implementation.

Grounded in ESPR (Regulation (EU) 2024/1781) and implementation guidance.

Back to main artifact Review sources

Author

Sorena AI

Published

Mar 4, 2026

Updated

Mar 4, 2026

Questions

Structured answer sets in this page tree.

Primary sources

Cited legal and guidance references.

Publication metadata

Sorena AI

Published Mar 4, 2026

Updated Mar 4, 2026

Overview

This FAQ focuses on real implementation questions: when DPP is mandatory, what fields are required, how QR/data carriers work, how access rights are enforced, and what "open standards and no vendor lock-in" means in practice.

Question 1

Is DPP mandatory for every product in the EU?

No. Under ESPR, DPP obligations are set by product-group delegated acts adopted under Article 4.

Delegated acts specify what data must be included, which carriers to use, who can access what, and who can update what.

Always start from the delegated act for your product group.
Some product groups may be exempt where technical specifications are not available or where other EU digital systems already meet the objectives.

Question 2

What is the current DPP implementation status in the EU?

The EU already has the ESPR legal framework in force, but DPP rollout still depends on product-group delegated acts and supporting EU systems.

As of 6 March 2026, the key implementation anchors are the first ESPR working plan for 2025-2030, the 19 July 2026 registry deadline, and the completed 2025 consultation on DPP service-provider rules.

19 Apr 2025: deadline for adoption of the first ESPR working plan.
Apr 2025: first ESPR working plan released for 2025-2030.
9 Apr 2025 to 1 Jul 2025: Commission consultation on DPP service-provider storage, management, and possible certification rules.
By 19 Jul 2026: Commission must set up the EU DPP registry.

Question 3

What exactly is a DPP under ESPR?

A DPP is a set of data specific to a product, accessible electronically via a data carrier, including the information specified in the applicable delegated act.

The DPP must be designed to support traceability, actor access, and compliance verification.

DPP quality requirement: data should be accurate, complete and up to date (Article 9).
DPP must remain available for the period specified by delegated acts (at least expected lifetime).

Question 4

Is a QR code required for DPP?

ESPR requires a data carrier physically present on product/packaging/documentation that connects to a persistent unique product identifier.

Delegated acts specify one or more data carriers. QR codes are common, but not the only possible carrier.

Choose carriers based on lifecycle environment and durability (repair/refurbish/recycle contexts).
Avoid dead links: use a stable resolver and a persistent identifier strategy.

Question 5

What is 'model vs batch vs item' DPP level and why does it matter?

Delegated acts specify whether DPP is established at model, batch or item level. This drives your ID strategy and update workload.

Item-level DPP implies per-unit identifiers; model-level implies shared identifiers across units.

Model-level: simpler operations; versioned updates.
Batch-level: manufacturing context-aware; requires batch identifiers and mappings.
Item-level: strongest traceability; highest complexity.

Question 6

What data fields are required in a DPP?

The delegated act for your product group selects from Annex III data elements and may add product-specific ecodesign information.

Annex III includes identifiers, commodity codes, compliance documentation, manuals/safety info, operator identifiers, facility identifiers, importer EORI, and service provider references.

Build a canonical data dictionary: field definition, owner, source system, update SLA, and access classification.
Keep evidence: compliance docs should have references and integrity controls (hash/signature) where appropriate.

Question 7

How does pre-purchase access work (including distance selling)?

Delegated acts must specify how customers can access the DPP before being bound by a contract, including distance selling.

Article 10 also requires the economic operator to provide dealers and online marketplaces with digital copies of the carrier/identifier (or a webpage link) where needed.

Public view: make required fields accessible on product pages and in-store scanning flows.
Restricted view: enforce access rights with authentication and audit logs.

Question 8

When does the EU DPP registry matter?

ESPR requires the Commission to set up an EU digital registry by 19 July 2026 storing at least unique identifiers and issuing a unique registration identifier associated with uploaded identifiers.

For release for free circulation, customs workflows can require providing that unique registration identifier once the registry is operational.

Plan registry integration early: upload pipeline, response storage, and customs data flows.
Treat registry as a compliance dependency with operational SLAs.

Question 9

Can DPP store customers' personal data?

ESPR states that personal data relating to customers must not be stored in the DPP without explicit consent under GDPR.

Best practice is to keep public DPP access free of personal data collection and only collect personal data where necessary and justified.

Public scans: avoid forcing apps or accounts; avoid collecting personal data for public access.
Restricted access: use secure credentials and least privilege; store minimal personal data with explicit consent where needed.

Question 10

What does 'open standards' and 'no vendor lock-in' mean in practice?

Article 10 requires DPP data to be based on open standards and transferable through an open interoperable data exchange network without vendor lock-in.

Practically, you should be able to migrate providers without reprinting carriers and without losing data or audit history.

Use stable resolver URLs you control; avoid vendor-specific domains embedded in QR codes.
Prove exportability: schema + data + history can be exported and rehydrated.
Contract for continuity: ensure service providers cannot sell/reuse data beyond what is necessary unless specifically agreed.

Recommended next step

Use EU Digital Product Passport (DPP) FAQ as a cited research workflow

Research Copilot can take EU Digital Product Passport (DPP) FAQ from cited answers to recurring questions on this topic to a reusable workflow inside Sorena. Teams working on EU Digital Product Passport (DPP) can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Research workflow

Open Research Copilot for EU Digital Product Passport (DPP) FAQ

Start from EU Digital Product Passport (DPP) FAQ and answer scope, timing, and interpretation questions with cited outputs.

Explore next step

Talk to Sorena

Talk through EU Digital Product Passport (DPP)

Review your current process, evidence gaps, and next steps for EU Digital Product Passport (DPP) FAQ.

Explore next step

Primary sources