// SUB-PILLAR — DIGITAL PRODUCT PASSPORT

Digital Product Passport — The Complete ESPR Guide

The Digital Product Passport (DPP) is the central innovation of the Ecodesign for Sustainable Products Regulation (EU 2024/1781). A DPP is a structured, machine-readable data record linked to a specific product via a physical data carrier. It makes product sustainability data accessible to market surveillance authorities, customs officials, consumers, and recyclers throughout the product's entire lifecycle. This page explains what a DPP is, what data it must contain, how it is technically implemented, and how to register a compliant DPP.

What Is a Digital Product Passport?

A Digital Product Passport is a standardised data record that travels with a product throughout its lifecycle. The concept is defined in Article 2(30) of ESPR as "a set of data specific to a product, available through a data carrier, that contains information about the product's environmental sustainability." The DPP is not a physical document — it is a digital data structure hosted in a registry and accessible via a machine-readable data carrier (typically a QR code or NFC chip) attached to the product.

The DPP serves multiple purposes simultaneously. For market surveillance authorities, it provides a machine-readable record of the product's compliance status, technical documentation references, and conformity assessment details. For customs authorities, it enables rapid verification that products entering the EU market meet the applicable ecodesign requirements. For consumers, it provides accessible information about the product's repairability, recyclability, and environmental impact. For recyclers and waste management operators, it provides the information needed to efficiently process the product at end of life — including the location of hazardous substances, disassembly instructions, and recycled content percentages.

The Legal Basis for DPP Requirements

The DPP requirement is established in Article 9 of ESPR, which requires that delegated acts specify the data that must be included in the DPP for each product group. Annex III of ESPR sets out the categories of data that DPPs may contain. The specific data requirements for each product group are defined in the relevant delegated act. Article 10 of ESPR sets out the technical requirements for DPP systems, including requirements for data accessibility, data portability, data security, and the durability of DPP data beyond the manufacturer's existence.

The EUR-Lex reference for ESPR is CELEX:32024R1781. The DPP provisions are directly applicable in all EU Member States without national transposition.

DPP Data Categories — Annex III

Annex III of ESPR lists the data categories that DPPs may contain, subject to specification in delegated acts. The key categories are as follows.

General product information: The manufacturer's name, address, and contact details; the product's trade name and model identifier; the batch number or serial number; the date of manufacture; the country of origin; and the product's intended use and user instructions.

Materials and components: The materials used in the product, expressed as percentages by weight; the recycled content of each material; the substances of concern present in the product above specified threshold concentrations and their location within the product; and information about components that can be replaced or repaired.

Performance data: The product's energy efficiency class (where applicable); the product's durability expressed as expected lifespan under normal use; the repairability score (where required by the delegated act); the carbon footprint per unit (where required); and any other performance parameters specified in the delegated act.

End-of-life information: Disassembly instructions; recycling instructions; the location of hazardous substances within the product; the recyclability rate; and information about take-back schemes or extended producer responsibility programmes.

Compliance information: The reference to the applicable delegated act; the conformity assessment procedure used; the reference number of the EU Declaration of Conformity; the notified body identification number (where applicable); and the CE marking affixation date.

The Data Carrier — How the DPP Is Physically Linked to the Product

The data carrier is the physical mechanism that links the DPP data to the product. ESPR Article 9(2) requires that the data carrier be placed on the product, its label, or its packaging. The data carrier must be machine-readable and must link to the DPP data. The specific data carrier technology required for each product group is specified in the relevant delegated act, but ESPR anticipates that QR codes (conforming to ISO/IEC 18004) and NFC chips will be the primary technologies used.

The data carrier must contain or link to the product passport identifier — a unique identifier that links the data carrier to the DPP record in the registry. The product passport identifier must conform to the format specified in the implementing regulations. The Commission is developing implementing regulations that will specify the technical format for product passport identifiers, drawing on existing standards such as GS1 Digital Link (ISO/IEC 15459) and the EU's EPCIS standard.

QR code placement requirements specify that the QR code must be placed in a location where it is accessible to consumers and market surveillance authorities without requiring disassembly of the product. For products where the QR code cannot be placed on the product itself (for example, due to size constraints), it may be placed on the packaging or in the accompanying documentation, provided that the packaging or documentation remains with the product throughout its lifecycle.

DPP Registry Infrastructure

The DPP data must be hosted in a registry that meets the technical requirements set out in the ESPR implementing regulations. The EU is developing a central ESPR Product Database that will serve as the reference registry infrastructure. However, ESPR also permits manufacturers to use accredited third-party DPP registries, provided that those registries meet the technical specifications for data accessibility, data portability, data security, and durability.

The key technical requirements for DPP registry infrastructure include: the DPP data must be accessible via a standardised API; the data must be available in a machine-readable format (JSON-LD is the expected standard); the registry must implement access controls that allow different levels of data access for different stakeholders (market surveillance authorities have full access; consumers have access to the public data subset; recyclers have access to the end-of-life data subset); and the registry must guarantee data durability beyond the manufacturer's existence — typically through escrow arrangements or transfer to the EU Product Database.

Self-Hosted vs. Registry-Based DPP — Key Considerations

Factor	Self-Hosted DPP	Third-Party Registry (e.g., digitalproductpassports.co.za)
Setup cost	High — requires API development, hosting infrastructure, security implementation	Low — subscription-based, infrastructure provided
Technical expertise required	High — JSON-LD, API standards, ISO/IEC 15459	Low — guided onboarding process
Data durability compliance	Manufacturer must arrange escrow or transfer agreements	Registry handles durability obligations
Market surveillance access	Manufacturer must implement authority access controls	Registry handles authority access protocols
Scalability	Manufacturer must scale infrastructure as product range grows	Registry scales automatically
Suitable for	Large manufacturers with dedicated IT resources and 10,000+ SKUs	SMEs, exporters, manufacturers with limited IT resources

DPP Implementation Timeline

DPP requirements apply on a product-group-by-product-group basis, as specified in each delegated act. The EU Battery Regulation (2023/1542) was the first regulation to introduce DPP requirements — battery DPPs are required for industrial batteries and EV batteries from February 2027, and for all batteries from August 2027. For other product groups, DPP requirements will apply when the relevant ESPR delegated act enters into force. Based on the Commission's working plan, textile DPPs are expected to be required from 2027–2028, electronics DPPs from 2028–2029, and furniture DPPs from 2029–2030.

Manufacturers should not wait for the delegated act to be finalised before beginning DPP preparation. The process of selecting a registry, implementing the data carrier, compiling the required data, and testing the DPP system takes six to eighteen months for most manufacturers. Starting this process two years before the expected compliance date is the recommended approach.

Frequently Asked Questions

What is a Digital Product Passport under ESPR?

A DPP is a structured data record linked to a product via a machine-readable data carrier (QR code or NFC chip). It contains sustainability data including materials, recycled content, repairability, carbon footprint, and end-of-life instructions, accessible to authorities, consumers, and recyclers.

When is a DPP required?

DPP requirements apply per product group when the relevant ESPR delegated act enters into force. Battery DPPs are required from February 2027 (EU Battery Regulation). Textile and electronics DPPs are expected from 2027–2029. Check the delegated act tracker for your sector.

Can I host my own DPP or do I need a registry?

ESPR permits both self-hosted DPPs and third-party registry-based DPPs, provided the system meets the technical requirements for data accessibility, portability, security, and durability. Third-party registries are the practical choice for most SMEs and exporters.

What data must a DPP contain?

The specific data requirements are set in the delegated act for your product group. Generally, DPPs must include product identification, materials and recycled content, substances of concern, performance data (energy efficiency, repairability score, carbon footprint), end-of-life instructions, and compliance references.

How is the DPP linked to the physical product?

Via a data carrier — typically a QR code (ISO/IEC 18004) or NFC chip — physically attached to the product, its label, or its packaging. The data carrier contains or links to the unique product passport identifier that connects to the DPP record in the registry.

DPP Data Architecture — What the Passport Must Contain

The Digital Product Passport is not a marketing document or a product brochure. It is a structured data record that must contain specific categories of information as defined in Annex III of ESPR. The data architecture of a DPP must be designed to serve multiple audiences simultaneously: market surveillance authorities who need to verify compliance, customs authorities who need to confirm that a product meets EU requirements, consumers who need information about repairability and end-of-life, and recyclers who need to know what materials and substances are present in the product.

Annex III of ESPR specifies the following data categories that delegated acts may require DPPs to contain: general product identification information (manufacturer name and address, product model identifier, batch or serial number, date of manufacture, country of origin); materials and substances information (bill of materials, recycled content percentages by material, substances of concern above threshold concentrations, location of substances of concern within the product); performance data (energy efficiency class, durability rating, repairability score, carbon footprint per functional unit, water use, hazardous substance content); end-of-life information (disassembly instructions, recycling instructions, location of hazardous substances, recycled content verification); and compliance information (applicable delegated act reference, conformity assessment procedure used, EU Declaration of Conformity reference, CE marking status).

Not all of these data categories will be required for every product. Each delegated act specifies which Annex III data categories apply to the product group it covers, and what the specific data requirements are. The DPP for a smartphone will contain different data than the DPP for a washing machine or a piece of furniture. However, the underlying data architecture — a structured record linked to a product via a unique identifier and a data carrier — is the same across all product categories.

The Product Passport Identifier and Data Carrier Requirements

Every DPP must be linked to a specific product or batch of products via a unique product passport identifier (PPID). The PPID is a machine-readable identifier that uniquely identifies the DPP record and links it to the physical product. The PPID must be embedded in the data carrier that is physically attached to the product. The data carrier must be machine-readable and must link to the DPP data — either directly (by encoding the DPP URL in the data carrier) or indirectly (by encoding the PPID, which can be resolved to the DPP URL via a registry lookup).

GS1 Digital Link (ISO/IEC 18975) is the preferred data carrier standard for ESPR DPPs. A GS1 Digital Link QR code encodes a URL that includes the product's GTIN (Global Trade Item Number) and, optionally, the batch number or serial number. The URL resolves to a landing page that provides access to the DPP data and other product information. The advantage of GS1 Digital Link over a simple URL QR code is that it uses a standardised URL structure that can be resolved by any GS1-compliant resolver, ensuring long-term accessibility even if the manufacturer's website changes.

The data carrier must be physically attached to the product, its label, or its packaging. It must be visible and accessible without requiring disassembly of the product. For products where physical attachment is not practical (such as bulk materials or construction products), the data carrier may be attached to the packaging or the accompanying documentation. The data carrier must remain functional throughout the product's expected lifespan — a QR code that fades or becomes unreadable within two years does not meet the ESPR requirement for lifecycle accessibility.

DPP Registry Infrastructure — Hosting Requirements

The DPP data must be hosted in a registry infrastructure that meets the technical requirements set out in the ESPR implementing regulations. The EU is developing a product database (the ESPR Product Database) that will serve as the reference registry infrastructure. However, manufacturers can also use accredited third-party DPP registries that meet the technical specifications. The key requirements for DPP registry infrastructure are: data accessibility (the DPP must be accessible to all authorised parties throughout the product's lifecycle, including after the manufacturer ceases to exist); data integrity (the DPP data must be tamper-evident and verifiable); data portability (the DPP data must be exportable in machine-readable formats); and data durability (the DPP data must be preserved for the full lifecycle of the product, which may be 10–25 years for durable goods).

The requirement for data durability after the manufacturer ceases to exist is particularly significant. It means that DPP data cannot simply be hosted on the manufacturer's own website — if the manufacturer goes out of business, the website disappears and the DPP becomes inaccessible. DPP data must be hosted in a registry that has institutional continuity beyond any individual manufacturer. This is one of the key reasons why third-party DPP registries, such as digitalproductpassports.co.za, are an important part of the ESPR compliance infrastructure.

// NEXT STEP

Register Your Digital Product Passport

Compliance with ESPR begins with a registered, machine-readable Digital Product Passport. The DPP Registry at digitalproductpassports.co.za provides the infrastructure to mint, host, and verify DPP records for manufacturers and exporters supplying the EU market.