---
title: "Who must create an EU Digital Product Passport?"
canonical_url: "https://www.sorena.io/artifacts/eu/digital-product-passport/faq/who-must-create-a-digital-product-passport"
source_url: "https://www.sorena.io/artifacts/eu/digital-product-passport/faq/who-must-create-a-digital-product-passport"
author: "Sorena AI"
description: "DPP responsibility under the EU ESPR: how manufacturers, importers, distributors, suppliers, service providers, and delegated acts fit together."
published_at: "2026-05-09"
updated_at: "2026-05-09"
keywords:
  - "EU Digital Product Passport"
  - "DPP responsibility"
  - "ESPR economic operator"
  - "DPP manufacturer importer distributor"
  - "delegated acts"
  - "Digital Product Passport"
  - "ESPR"
  - "economic operator"
  - "manufacturer"
  - "importer"
  - "distributor"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# Who must create an EU Digital Product Passport?

DPP responsibility under the EU ESPR: how manufacturers, importers, distributors, suppliers, service providers, and delegated acts fit together.

*FAQ* *DPP* *EU*

## EU Digital Product Passport Who must create a Digital Product Passport?

Under the ESPR, the answer starts with the economic operator placing a covered product on the EU market or putting it into service, then follows the product-specific delegated act.

Use this FAQ to separate DPP creation, passport updates, supplier data, service-provider hosting, and importer or distributor checks.

The EU ESPR does not assign one universal DPP creator for every future product group. It says product-specific delegated acts must identify which actors create a Digital Product Passport or update its data, while the operator placing the product on the market or putting it into service carries key passport and registry duties.

## Who is responsible for creating an EU Digital Product Passport?

For an ESPR product covered by a delegated act, start with the economic operator that places the product on the EU market or puts it into service. ESPR Article 10 requires that operator to make available a back-up copy of the DPP through a DPP service provider, and Article 13 requires that operator to upload the required registry data.

That does not mean every operator in the chain may freely decide who creates or updates the passport. Article 9 says the delegated act for the product group must specify the actors that create the DPP or update passport data, what data they may introduce or update, and the detailed arrangements for doing so.

- Manufacturer-led placement: the manufacturer normally owns the product conformity file, DPP availability, and current passport content for products it places on the EU market or puts into service.
- Imported product: the importer must check before placing the product on the EU market that a DPP is available in accordance with ESPR Article 9 and the applicable delegated act.
- Distribution: the distributor must verify, before making a covered product available, that it is labelled or linked to a DPP where the delegated act requires it.
- Updates: do not give write access broadly; follow the delegated act's rules on which actors may introduce or update which data.

Sources for this answer:

- [Regulation (EU) 2024/1781 establishing ESPR](https://eur-lex.europa.eu/eli/reg/2024/1781/oj/eng?ref=sorena.io) - Supports that ESPR delegated acts specify the actors that create or update DPP data and that the placing-on-market operator has DPP back-up and registry duties.
- [CEN-CENELEC CWA 18186:2025 DPP design guidance](https://www.cencenelec.eu/media/CEN-CENELEC/CWAs/RI/2025/cwa18186_2025.pdf?ref=sorena.io) - Supports treating DPP design as a product-group and supply-chain implementation exercise rather than a single universal owner rule.

## How do manufacturer, importer, and distributor duties differ?

The manufacturer obligation is the strongest anchor in ESPR. For covered products, Article 27 requires manufacturers to ensure the product is accompanied by required information and that a DPP is available, including a back-up copy of the most up-to-date passport version stored by a DPP service provider.

Importers and distributors are not passive. Before placing a covered product on the market, importers must ensure that the manufacturer has handled conformity assessment, required information, and DPP availability. Before making the product available, distributors must verify that the product is labelled or linked to a DPP where the delegated act requires it, and they must stop making it available if the product or manufacturer is not compliant.

- Assign product accountability to the manufacturer or brand owner that controls design, technical documentation, declaration of conformity, and passport content.
- For non-EU manufacturers, require the EU importer file to show that the passport exists, is accessible, and has the required back-up copy before market placement.
- Give distributors and dealers a checkable acceptance rule: no required DPP link, data carrier, documents, or instructions means the product should not move forward.
- Keep marketplace and distance-selling teams supplied with the data carrier copy or unique product identifier so customers can access required passport information before purchase where ESPR requires it.

Sources for this answer:

- [Regulation (EU) 2024/1781 establishing ESPR](https://eur-lex.europa.eu/eli/reg/2024/1781/oj/eng?ref=sorena.io) - Supports the distinct ESPR obligations of manufacturers, importers, and distributors for DPP availability, checks, and market availability controls.

## What responsibility do suppliers and service providers have?

Suppliers are usually data contributors, not the default public owner of the final-product passport. ESPR Article 38 says that, when the delegated act specifies it, supply-chain actors must provide relevant information free of charge to manufacturers, notified bodies, and competent national authorities, allow manufacturer assessment when information is absent, and enable verification of information related to their activities.

DPP service providers are different from suppliers. They may store or process passport data for the economic operator, but ESPR Article 11 limits their processing to what is necessary for the service unless specifically agreed with the operator placing the product on the market or putting it into service.

- Put supplier evidence in contract and onboarding records: material composition, substance data, component identifiers, production or environmental data, and verification access where the delegated act requires those data.
- Give suppliers clear data ownership and correction paths so the manufacturer can keep passport data accurate, complete, and up to date.
- Treat service-provider hosting as governance infrastructure: back-up copy, availability, access control, security, privacy, and continuity after insolvency or cessation of activity.
- Separate 'can contribute data' from 'is legally responsible for creating the passport' unless the delegated act assigns that creation or update role.

Sources for this answer:

- [Regulation (EU) 2024/1781 establishing ESPR](https://eur-lex.europa.eu/eli/reg/2024/1781/oj/eng?ref=sorena.io) - Supports supply-chain information duties when specified in a delegated act and the limits on DPP service-provider processing.
- [CEN-CENELEC CWA 18186:2025 DPP design guidance](https://www.cencenelec.eu/media/CEN-CENELEC/CWAs/RI/2025/cwa18186_2025.pdf?ref=sorena.io) - Supports practical supply-chain DPP information exchanges between raw-material suppliers, manufacturing suppliers, manufacturers, reuse operators, and recyclers.

## What governance record should a company keep?

A useful DPP responsibility record should identify the legal trigger, the product group, the market-placement actor, the delegated-act rule, and the teams allowed to create or update passport data. It should also show how supplier data is requested, checked, corrected, and locked before publication.

Do not publish a fixed DPP responsibility answer for every product line before the product-specific delegated act exists. Instead, keep a product-group watchlist and convert it into binding owners once the delegated act defines the product scope, passport level, data content, access rights, creation and update actors, registry data, and application details.

- Product identity: model, batch, or item level required by the delegated act.
- Responsible operator: manufacturer, importer, authorised representative, dealer, distributor, fulfilment service provider, or other actor identified for the product fact pattern.
- Passport operations: creator, updater, approval owner, service provider, back-up copy location, registry upload owner, and access-rights owner.
- Supplier controls: data fields requested, supplier source, validation method, correction owner, and evidence retained for authority or notified-body checks.
- Review trigger: delegated-act changes, product design changes, supplier changes, importer changes, DPP service-provider changes, or non-conformity concerns.

Sources for this answer:

- [Regulation (EU) 2024/1781 establishing ESPR](https://eur-lex.europa.eu/eli/reg/2024/1781/oj/eng?ref=sorena.io) - Supports using the delegated act to determine passport level, data content, access rights, creators, update actors, registry data, and market-placement duties.
- [CEN-CENELEC CWA 18186:2025 DPP design guidance](https://www.cencenelec.eu/media/CEN-CENELEC/CWAs/RI/2025/cwa18186_2025.pdf?ref=sorena.io) - Supports maintaining a DPP design process that considers product-group requirements, supply-chain information exchanges, target audiences, and implementation choices.

## Primary sources

- [Regulation (EU) 2024/1781 establishing ESPR](https://eur-lex.europa.eu/eli/reg/2024/1781/oj/eng?ref=sorena.io) - Primary legal source for ESPR DPP creation and update actors, economic-operator duties, manufacturer/importer/distributor obligations, supply-chain information duties, service-provider rules, and delegated acts.
  - Quote: "actors that are to create a digital product passport"
- [CEN-CENELEC CWA 18186:2025 DPP design guidance](https://www.cencenelec.eu/media/CEN-CENELEC/CWAs/RI/2025/cwa18186_2025.pdf?ref=sorena.io) - Practical DPP design source for supply-chain information exchanges, market-compliance information flows, and product-group implementation choices.
  - Quote: "information generated and shared within supply chains"

## Topic Guides

- [Annex III Data Model Planning for EU Digital Product Passports](/artifacts/eu/digital-product-passport/annex-iii-data-model-planning.md): Plan EU Digital Product Passport data fields, identifiers, access rights, update owners, registry inputs, and evidence records against ESPR Annex III and product-specific delegated acts.
- [Digital Product Passport vs Digital Twin](/artifacts/eu/digital-product-passport/dpp-vs-digital-twin.md): Compare EU Digital Product Passports with digital twins: legal access duties, identifiers, public and restricted data, evidence, governance, and reuse limits.
- [Digital Product Passport vs Paper Product Passports](/artifacts/eu/digital-product-passport/dpp-vs-traditional-product-passports.md): Compare EU regulated digital product passports with paper, PDF, web, and internal product passports across access, identifiers, data carriers, restricted data, customs checks, registry, and interoperability.
- [DPP customs access review workflow for ESPR products](/artifacts/eu/digital-product-passport/customs-access-review-workflow.md): Review public, restricted, and customs access for EU Digital Product Passports, including registry handoffs, portal access rights, and release-for-free-circulation evidence.
- [DPP Data Governance RACI Template for EU Digital Product Passports](/artifacts/eu/digital-product-passport/dpp-data-governance-raci-template.md): Assign accountable owners for EU Digital Product Passport data, access rights, supplier inputs, resolver links, registry uploads, verification checks, and retained evidence.
- [DPP data-model intake workflow for EU Digital Product Passports](/artifacts/eu/digital-product-passport/dpp-data-model-intake-workflow.md): A grounded intake workflow for EU Digital Product Passport data models: product group, delegated-act status, source owner, supplier data, access class, identifiers, carrier, checks, and publication readiness.
- [DPP Governance, Verification and Audit Controls](/artifacts/eu/digital-product-passport/governance-verification-and-audit.md): Build EU Digital Product Passport governance controls for data owners, supplier evidence, access logs, validation checks, audit records, and product release gates.
- [DPP QR code vs NFC data carrier choices under EU ESPR](/artifacts/eu/digital-product-passport/faq/qr-code-vs-nfc-carrier-choices.md): How to choose QR code, NFC, or another data carrier for an EU Digital Product Passport without assuming ESPR mandates one universal carrier.
- [DPP registry and web portal integration under EU ESPR](/artifacts/eu/digital-product-passport/dpp-registry-and-web-portal-integration.md): Grounded guide to EU Digital Product Passport registry and web portal integration under ESPR, covering identifiers, data carriers, access rights, service providers, and lookup design.
- [DPP vs Battery Passport: ESPR and Battery Regulation Comparison](/artifacts/eu/digital-product-passport/dpp-vs-battery-passport.md): Compare the ESPR Digital Product Passport framework with the EU Batteries Regulation battery passport by scope, timing, data, access rights, identifiers, registry, governance, and evidence.
- [DPP vs EPREL Comparison](/artifacts/eu/digital-product-passport/dpp-vs-eprel.md): Compare the EU Digital Product Passport with EPREL: product-passport scope, energy-label database role, access model, identifiers, data carriers, and overlap limits.
- [DPP vs GS1 Digital Link: Duties vs Standard](/artifacts/eu/digital-product-passport/dpp-vs-gs1-digital-link.md): Compare EU Digital Product Passport requirements with GS1 Digital Link: legal scope, identifiers, data carriers, access rights, registry, portal, customs checks, and implementation consequences.
- [EU Digital Product Passport access: public, restricted, and customs views](/artifacts/eu/digital-product-passport/public-restricted-and-customs-access.md): How ESPR Digital Product Passport access should be split across public users, restricted actors, authorities, customs, the EU registry, and the web portal.
- [EU Digital Product Passport API and resolver architecture](/artifacts/eu/digital-product-passport/api-and-resolver-architecture.md): Grounded DPP architecture guidance for data carriers, product identifiers, resolver lookup paths, access rights, registry integration, and interoperability without premature protocol mandates.
- [EU Digital Product Passport Applicability Test](/artifacts/eu/digital-product-passport/applicability-test.md): Check whether an ESPR delegated act or battery passport rule may require a Digital Product Passport, which operator owns it, and what evidence to keep.
- [EU Digital Product Passport architecture and integration](/artifacts/eu/digital-product-passport/architecture-and-integration.md): Grounded guide to EU Digital Product Passport architecture: data carriers, identifiers, access rights, registry, portal, supplier flows, customs checks, and governance.
- [EU Digital Product Passport checklist](/artifacts/eu/digital-product-passport/checklist.md): A concrete EU Digital Product Passport readiness checklist covering product-group scope, passport fields, identifiers, data carriers, access rights, supplier evidence, registry preparation, and publication controls.
- [EU Digital Product Passport compliance: ESPR requirements](/artifacts/eu/digital-product-passport/compliance.md): Grounded EU Digital Product Passport compliance guide covering ESPR passport data, identifiers, data carriers, access rights, registry readiness, supplier validation, and evidence.
- [EU Digital Product Passport Data Carriers, Access Control, and UX](/artifacts/eu/digital-product-passport/data-carriers-access-control-and-ux.md): How to choose DPP data carriers, identifiers, access rights, and scanning UX under ESPR Articles 9-14, with QR, NFC, RFID, registry, and customs constraints.
- [EU Digital Product Passport data requirements and fields](/artifacts/eu/digital-product-passport/data-requirements-and-fields.md): How to plan Digital Product Passport data fields under ESPR: delegated-act scope, Annex III data categories, access rights, customs data, and supplier validation.
- [EU Digital Product Passport deadlines and compliance calendar](/artifacts/eu/digital-product-passport/deadlines-and-compliance-calendar.md): Grounded EU Digital Product Passport calendar for ESPR and battery passport milestones, with product-group dates flagged as dependent on delegated acts.
- [EU Digital Product Passport FAQ](/artifacts/eu/digital-product-passport/faq.md): Direct answers on EU Digital Product Passport scope, creators, product groups, registry, customs checks, access rights, identifiers, data carriers, and governance.
- [EU Digital Product Passport identifier and data carrier design](/artifacts/eu/digital-product-passport/unique-identifier-and-data-carrier-design.md): How to design Digital Product Passport identifiers, QR or other data carriers, resolver links, registry records, access paths, and evidence without overclaiming the EU rules.
- [EU Digital Product Passport penalties and enforcement](/artifacts/eu/digital-product-passport/penalties-and-fines.md): What ESPR says about Digital Product Passport penalties, Member State fine rules, market surveillance, customs checks, and unresolved product-specific delegated acts.
- [EU Digital Product Passport Product Group Readiness](/artifacts/eu/digital-product-passport/product-group-readiness.md): Prepare product groups for EU Digital Product Passport rules by tracking ESPR delegated-act status, data fields, suppliers, identifiers, access rights, and registry handoffs.
- [EU Digital Product Passport requirements under ESPR](/artifacts/eu/digital-product-passport/requirements.md): source-linked overview of EU Digital Product Passport requirements under ESPR: product-specific delegated acts, data fields, identifiers, carriers, registry, access rights, supplier data validation, and open points.
- [EU Digital Product Passport supplier data validation controls](/artifacts/eu/digital-product-passport/supplier-data-validation.md): Build a supplier data validation file for EU Digital Product Passports: source owner, product link, access class, data model fit, evidence quality, approval record, and release gate.
- [EU DPP customs access: registry, portal, and restricted data](/artifacts/eu/digital-product-passport/faq/customs-access.md): FAQ on customs access under the EU Digital Product Passport: what customs can verify, how the registry and public portal differ, and how access rights limit DPP data.
- [EU DPP implementation playbook and vendor selection](/artifacts/eu/digital-product-passport/implementation-playbook-and-vendor-selection.md): Select Digital Product Passport vendors against ESPR requirements for identifiers, data carriers, access rights, decentralized storage, registry readiness, portal access, and verification evidence.
- [EU DPP Product-Group Readiness Checklist](/artifacts/eu/digital-product-passport/product-group-readiness-checklist.md): A source-grounded checklist for preparing a product group for an EU Digital Product Passport delegated act, covering data fields, suppliers, identifiers, carriers, access rights, and registry readiness.
- [EU DPP QR Code and Data Carrier Implementation Guide](/artifacts/eu/digital-product-passport/dpp-qr-code-implementation-guide.md): Grounded guidance for using QR codes and other data carriers in EU Digital Product Passport programs, including unique identifiers, access, resolver testing, and evidence.
- [EU DPP supplier data validation workflow](/artifacts/eu/digital-product-passport/supplier-data-validation-workflow.md): A grounded workflow for checking supplier data before it is used in an EU Digital Product Passport, covering product linkage, evidence, owners, access class, and approval records.
- [EU DPP unique identifier requirements: product, operator and facility IDs](/artifacts/eu/digital-product-passport/faq/unique-identifier-requirements.md): FAQ on how ESPR Digital Product Passport identifiers connect products, economic operators, facilities, data carriers, resolvers and registry evidence.
- [Public vs restricted EU Digital Product Passport data](/artifacts/eu/digital-product-passport/faq/public-vs-restricted-passport-data.md): How to separate public, restricted, authority, and customs access in EU Digital Product Passport designs under ESPR and battery passport rules.
- [What is a Digital Product Passport under ESPR?](/artifacts/eu/digital-product-passport/what-is-a-dpp.md): A visitor-friendly explanation of EU Digital Product Passports under ESPR: product data, identifiers, data carriers, access rights, registry, web portal, and delegated acts.
- [What is the EU Digital Product Passport registry?](/artifacts/eu/digital-product-passport/faq/dpp-registry.md): FAQ on the ESPR Digital Product Passport registry: what it stores, who uploads data, how identifiers work, and what teams should avoid assuming.
- [Which products come first for the EU Digital Product Passport?](/artifacts/eu/digital-product-passport/faq/which-products-come-first.md): FAQ on EU Digital Product Passport product priority: batteries have a separate passport rule, while ESPR product groups depend on the working plan and delegated acts.

*Recommended next step*

*Placement: after governance section*

## Turn DPP responsibility into an accountable evidence workflow

Use this DPP responsibility FAQ to assign the market-placement owner, supplier data controls, service-provider governance, and delegated-act watchlist before passport publication.

- [Open Research Copilot](/solutions/research-copilot.md): Answer Digital Product Passport implementation questions with cited source material.
- [Discuss Digital Product Passport implementation](/contact.md): Review DPP roles, supplier evidence, and delegated-act monitoring with Sorena.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/eu/digital-product-passport/faq/who-must-create-a-digital-product-passport