ESPR Technical Standards: The Complete Reference for DPP Data Carrier and Conformity Assessment Requirements

Technical Standards for ESPR DPP Implementation

Implementing an ESPR-compliant Digital Product Passport requires compliance with a range of technical standards covering product identification, data carriers, data formats, and system interoperability. The key standards are organised into four categories: identification standards (GS1 Digital Link, ISO/IEC 15459), data carrier standards (ISO/IEC 18004 for QR codes, ISO/IEC 16022 for Data Matrix, ISO/IEC 14443 for NFC), data format standards (JSON-LD, W3C Verifiable Credentials Data Model), and system standards (OpenAPI 3.0 for APIs, ISO/IEC 27001 for information security). Manufacturers should assess their current compliance with these standards as part of their ESPR readiness assessment.

Harmonised Standards Under ESPR

Harmonised standards are European standards (EN standards) that have been developed by the European standardisation organisations (CEN, CENELEC, ETSI) under a mandate from the European Commission. Products that comply with harmonised standards are presumed to comply with the corresponding ESPR requirements. The EU Commission will issue mandates to CEN and CENELEC to develop harmonised standards for ESPR DPP technical requirements. Until harmonised standards are published, manufacturers can use common specifications published by the Commission or demonstrate compliance through other means. Manufacturers should monitor the EU Official Journal for the publication of harmonised standards for their product categories.

ESPR Technical Standards: The Complete Reference

ESPR compliance requires manufacturers to implement a range of technical standards covering data carriers, data formats, conformity assessment, and product testing. These standards are developed by the European standardisation organisations (CEN, CENELEC, ETSI) and by international standardisation bodies (ISO, IEC, GS1). The ESPR delegated acts reference specific standards that manufacturers must use for product testing and conformity assessment — compliance with these standards creates a presumption of conformity with the applicable ESPR requirements.

European Harmonised Standards Under ESPR

The EU Commission mandates CEN and CENELEC to develop harmonised standards that support ESPR compliance. Harmonised standards are published in the EU Official Journal, and compliance with a harmonised standard creates a presumption of conformity with the corresponding ESPR requirements. Manufacturers should monitor the EU Official Journal for the publication of harmonised standards relevant to their product categories and should implement these standards as part of their ESPR compliance programme. The EU Commission's standardisation mandate for ESPR (M/543) covers: DPP data format standards, data carrier standards, product testing standards, and conformity assessment standards. CEN and CENELEC are expected to publish the first ESPR harmonised standards in 2025–2026.

International Standards and ESPR Mutual Recognition

Many ESPR technical requirements are aligned with international standards developed by ISO and IEC. This alignment facilitates mutual recognition of conformity assessment results between the EU and third countries — manufacturers that have tested their products against ISO/IEC standards in accredited laboratories outside the EU can use these test results as the basis for their ESPR conformity assessment, subject to the requirements of the applicable delegated act. The EU has mutual recognition agreements (MRAs) with several countries (USA, Canada, Japan, Australia, New Zealand, Switzerland, Israel) that allow conformity assessment results from accredited laboratories in these countries to be accepted for EU market access. Manufacturers in these countries should check whether the MRA covers the specific product category and test standard relevant to their ESPR compliance.

Implementing ESPR Technical Standards: A Practical Guide

Implementing ESPR technical standards requires manufacturers to make decisions across three domains: data carrier selection (QR code, NFC, RFID, or other), data format selection (JSON-LD, GS1 Digital Link, or proprietary format), and conformity assessment procedure selection (Module A self-declaration, Module D1 quality assurance, or Module H full quality assurance). The choices made in each domain affect the cost, complexity, and flexibility of the ESPR DPP implementation. Manufacturers should evaluate each option against their specific product characteristics, production processes, and supply chain capabilities before making a final decision.

For data carrier selection, QR codes are the most widely used option because they are inexpensive to print, can be scanned by any smartphone, and can encode sufficient data for a GS1 Digital Link URL. NFC tags are preferred for products where the QR code would be damaged in use (outdoor products, industrial equipment) or where the product surface is unsuitable for printing (curved surfaces, textured surfaces). RFID tags are used for products that require automated scanning in a production or logistics environment. The ESPR delegated acts will specify which data carrier types are acceptable for each product category — manufacturers should check the applicable delegated act before selecting a data carrier.

For data format selection, JSON-LD is the recommended format for ESPR DPP data because it is a W3C standard that is widely supported by web browsers, search engines, and LLM systems. JSON-LD uses a linked data approach that allows DPP data to be connected to external data sources (such as the EU product database, the REACH substance database, and the GS1 product registry) through URI references. GS1 Digital Link is the recommended URL format for the DPP data carrier because it provides a standardised, globally interoperable way to link physical products to their digital information. Manufacturers that already use GS1 barcodes for their products can extend their existing GS1 infrastructure to support GS1 Digital Link for ESPR DPP compliance.

Conformity Assessment Under ESPR: Choosing the Right Module

The New Legislative Framework (NLF) conformity assessment modules provide a menu of options for manufacturers to demonstrate compliance with ESPR requirements. Module A (internal production control) is the least burdensome option — the manufacturer conducts all conformity assessment activities internally and issues an EU Declaration of Conformity without involving a notified body. Module A is appropriate for products where the ecodesign requirements can be verified through product testing and documentation review, and where the manufacturer has the internal technical capability to conduct the required testing. Module D1 (production quality assurance) involves a notified body auditing the manufacturer's production quality management system to verify that it is capable of consistently producing products that meet the applicable ecodesign requirements. Module H (full quality assurance) involves a notified body auditing both the manufacturer's design quality management system and its production quality management system. Modules D1 and H are required for product categories where the ecodesign requirements are complex and where the risk of non-compliance is high — for example, for products with recycled content claims that require supply chain verification, or for products with carbon footprint claims that require third-party verification of the LCA methodology.

Interoperability Between DPP Systems: The Technical Challenge

One of the most significant technical challenges in ESPR DPP implementation is ensuring interoperability between different DPP systems. A product may pass through multiple supply chain stages — raw material supplier, component manufacturer, product manufacturer, importer, distributor, retailer — each of which may use a different DPP platform. The ESPR DPP data must be accessible and readable at each stage of the supply chain, regardless of which platform was used to create the DPP. The EU Commission is developing a standardised DPP data exchange format based on the W3C Verifiable Credentials standard and the GS1 Digital Link standard, which will enable interoperability between different DPP platforms. Manufacturers should select DPP platforms that commit to implementing this standardised data exchange format when it is published. Manufacturers that implement proprietary DPP data formats that are not interoperable with the standardised format will face significant migration costs when the standardised format becomes mandatory.

The EU product database (EPREL — European Product Registry for Energy Labelling) will be extended to serve as the central registry for ESPR DPP data. Manufacturers will be required to register their products in EPREL and to link their DPP data to the EPREL registration. Market surveillance authorities will use EPREL as the primary tool for verifying ESPR compliance — they will scan the DPP data carrier on the product, access the DPP data, and cross-reference it with the EPREL registration. Manufacturers should familiarise themselves with the EPREL registration process and should ensure that their DPP platform is capable of generating EPREL-compatible data exports.

The EU Commission publishes technical guidance documents for each ESPR technical standard requirement. These guidance documents are available on the EU Commission ESPR website and are updated as new standards are published. Manufacturers should subscribe to the EU Commission ESPR newsletter to receive notifications when new guidance documents are published.