ESPR Annex III specifies the data categories that delegated acts may require in a Digital Product Passport. The specific mandatory fields for your product are set by the applicable delegated act. This guide breaks down all 12 Annex III categories, the access tier for each, and what data collection is required.
| Category | Data Required | Access Tier |
|---|---|---|
| General product information | Product name, model, batch number, manufacturer details, EU AR details, country of manufacture | Public |
| Substances of concern | SVHC list with CAS numbers, concentration ranges, location in product | Public (summary) / Restricted (full) |
| Repair and maintenance | Disassembly instructions, spare parts list, repair manual, availability of spare parts | Public (instructions) / Restricted (professional repair data) |
| End-of-life | Disassembly for recycling, waste stream classification, hazardous material locations, recycling instructions | Public |
| Carbon footprint | GHG emissions per unit or per functional unit, lifecycle stage breakdown (A1–A3, B, C, D) | Public |
| Recycled content | Percentage of recycled material by weight, by material type, with verification methodology | Public |
| Product environmental footprint | PEF score per EN 15804 or applicable product category rules | Public |
| Energy consumption | Energy consumption in use phase, energy efficiency class, test conditions | Public |
| Resource consumption | Water consumption, critical raw material content, material efficiency | Public |
| Durability | Expected product lifetime, test results for durability standards, warranty terms | Public |
| Repairability | Repairability score, availability of software updates, availability of repair services | Public |
| Spare parts availability | Minimum period of spare parts availability, spare parts ordering information | Public |
ESPR Article 8(6) establishes that not all DPP data is publicly accessible. The delegated act specifies which data fields are accessible to which actors. The general framework is:
The ESPR regulation and its delegated acts distinguish between mandatory data fields (which must be included in every DPP for the product category) and recommended data fields (which are encouraged but not legally required). The mandatory data fields are specified in the delegated act for each product category and are based on the Annex III data categories. The recommended data fields are identified in the delegated act as providing additional value for consumers, supply chain partners, or market surveillance authorities, but their absence does not constitute non-compliance. Manufacturers should include recommended data fields where the data is available, as this improves the quality of the DPP and may provide competitive advantages (for example, a product with a voluntarily disclosed lower carbon footprint than the mandatory minimum may be preferred by environmentally conscious buyers).
The ESPR regulation requires that DPP data be accurate, complete, and up to date. Article 9(3) specifies that the information in the DPP must be based on reliable, accurate, and complete information. For some data fields — particularly carbon footprint, recycled content, and substances of concern — the delegated act will specify verification requirements. Verification may be required by a third-party auditor (for high-stakes data fields such as carbon footprint), by a notified body (for conformity assessment data), or by the manufacturer's own quality management system (for lower-stakes data fields). Manufacturers should establish data governance processes that ensure the accuracy of DPP data and document the basis for each data field — this documentation will be required if market surveillance authorities request evidence to support the DPP data.
The ESPR DPP is a living document — it must be updated when the product's characteristics change, when new information becomes available, or when the delegated act requirements change. Article 9(4) of ESPR specifies that the DPP must be updated when the product is repaired, refurbished, or remanufactured. For products with State of Health data (such as batteries), the DPP must be updated at each service interval to reflect the current State of Health. For products with software (such as electronics), the DPP must be updated when a software update changes the product's energy consumption or other ecodesign parameters. Manufacturers must establish processes for triggering DPP updates when relevant product changes occur, and must ensure that the updated DPP data is propagated to all systems that store or display the DPP data.
Effective DPP data governance requires clear allocation of roles and responsibilities within the manufacturer's organisation. The key roles are: DPP data owner (responsible for the accuracy and completeness of DPP data for a specific product or product family), DPP system administrator (responsible for the technical operation of the DPP system), supply chain data coordinator (responsible for collecting DPP data from suppliers), compliance manager (responsible for ensuring that DPP data meets the requirements of the applicable delegated act), and data quality auditor (responsible for verifying the accuracy of DPP data before it is published). Manufacturers should document these roles and responsibilities in their DPP governance framework and ensure that all relevant staff are trained on their DPP data responsibilities. The DPP governance framework should also specify the process for updating DPP data when product designs change or new information becomes available.
ESPR requires that DPP data be kept accurate and up to date throughout the product's lifecycle. The key triggers for DPP data updates are: product design changes (if the manufacturer changes the product's material composition, energy efficiency, or other ecodesign parameters, the DPP data must be updated to reflect the change); component substitutions (if a component is substituted with a different component that has different ecodesign characteristics, the DPP data must be updated); new substance of concern information (if a substance used in the product is newly identified as a substance of concern under REACH or CLP, the DPP substance disclosure must be updated); and regulatory changes (if the delegated act for the product category is amended to require additional data, the DPP must be updated to include the new data). Manufacturers should implement a DPP data management process that includes regular reviews of DPP data accuracy and a clear procedure for updating DPP data when any of these triggers occur.
ESPR Annex III specifies 12 data categories: general product information, substances of concern, repair and maintenance information, end-of-life information, carbon footprint, recycled content, product environmental footprint, energy consumption, resource consumption, durability, repairability, and spare parts availability.
ESPR Article 8(6) establishes tiered access: consumers and the public access general product information; repair technicians and recyclers access technical repair and end-of-life data; market surveillance authorities and customs have full access to all data fields including confidential business information.
No. The applicable delegated act specifies which Annex III data categories are mandatory for each product group. Not all categories will apply to every product. The Battery Regulation, for example, specifies detailed carbon footprint and recycled content requirements that go beyond the Annex III categories.
The EU DPP Registry goes live on 19 July 2026. EU customs will verify DPP compliance automatically from that date. Products without a valid DPP can be refused entry. Register now at Africa's first ESPR-compliant DPP registry.
Register Your Digital Product Passport →DPP data requirements operate at three levels. The first level is ESPR Annex III — the minimum data categories that every DPP must contain, regardless of product category. The second level is the delegated act for the specific product category — which selects the relevant Annex III categories and adds product-specific data fields. The third level is the DPP technical specification published under ESPR Article 13 — which specifies the exact data formats, units, and measurement methodologies for each data field.
Manufacturers must comply with all three levels. Annex III compliance alone is not sufficient — the delegated act may require additional data fields not in Annex III. Delegated act compliance alone is not sufficient — the DPP technical specification specifies how the data must be formatted and measured. A DPP that contains all required data fields but uses non-standard units or measurement methodologies is non-compliant.
DPP data fields are either static or dynamic. Static data fields are set when the product is manufactured and do not change during the product's lifetime — material composition, dimensions, manufacturing date, and the EU Declaration of Conformity reference are all static. Dynamic data fields change during the product's lifetime — State of Health for batteries, repair history, and refurbishment status are all dynamic. Dynamic data fields require a data update mechanism — the DPP system must be able to receive and process updates to dynamic data fields throughout the product's lifetime.
The distinction between static and dynamic data is important for DPP system design. A DPP system that only supports static data (a simple database with fixed records) is sufficient for products with no dynamic data fields. A DPP system for batteries must support real-time State of Health updates, which requires a more complex data architecture with a data pipeline from the battery management system to the DPP data record.
Not all DPP data fields require third-party verification. For most data fields, the manufacturer's self-declaration is sufficient — the manufacturer measures the data, records it in the DPP, and is responsible for its accuracy. However, for high-impact data fields (such as carbon footprint and recycled content), delegated acts may require third-party verification of the data before it can be included in the DPP.
Third-party verification adds cost and time to the DPP registration process. Manufacturers should check the delegated act for their product category to determine which data fields require third-party verification and plan accordingly. For products where third-party verification is required, the verification process typically takes 4-12 weeks and must be completed before the DPP can be registered.
ESPR Article 8(5) requires that DPP data be accurate, complete, and up to date. Manufacturers are liable for the accuracy of the data in their DPPs. Inaccurate DPP data — whether intentional (greenwashing) or unintentional (measurement error) — is an ESPR violation. Market surveillance authorities can compare DPP data against physical product test results and take enforcement action where discrepancies are found.
The accuracy requirement creates an ongoing obligation for manufacturers. When a product's design changes, the DPP must be updated. When new measurement methodologies become available that produce more accurate results, manufacturers should update their DPPs to use the new methodologies. Manufacturers who maintain DPPs with outdated or inaccurate data risk enforcement action even if the original data was accurate when the DPP was registered.
DPP data accuracy is a legal requirement under ESPR — manufacturers that provide inaccurate data in their DPPs are subject to the same enforcement actions as manufacturers that fail to provide a DPP at all. Market surveillance authorities have the power to verify DPP data accuracy by conducting product testing, reviewing technical documentation, and auditing supply chain data. Manufacturers should implement a DPP data quality management process that includes: regular audits of DPP data accuracy against the product's technical documentation; a clear procedure for correcting inaccurate DPP data; and a record-keeping system that documents all DPP data updates and the reasons for each update. The DPP data quality management process should be included in the manufacturer's quality management system and should be subject to internal audit.