EU Digital Product Passport: Key Requirements and Insights

Introduction

If your business sells physical goods into the EU — even from the US or Asia — a major compliance requirement is already in motion. Regulation (EU) 2024/1781, the Ecodesign for Sustainable Products Regulation (ESPR), entered into force on 18 July 2024 and applies to any business that manufactures, imports, distributes, or sells covered products in the EU market, regardless of where it is headquartered.

The centerpiece of ESPR is the Digital Product Passport (DPP): a structured digital record that travels with every covered product and makes verified sustainability, materials, and end-of-life data accessible to consumers, regulators, and supply chain partners alike.

The timeline is tighter than it looks. The EU's central DPP registry is due by July 2026, and from February 2027, certain large batteries become the first product category legally required to carry a passport.

More categories follow through the decade. Industry bodies like EURATEX recommend 24 to 36 months of preparation time for apparel alone — which means for most businesses, that window has already started closing.

This guide covers what the DPP is, what data it must contain, which sectors face deadlines and when, why QR codes have become the dominant data carrier, and concrete steps to start preparing now.


Key Takeaways

  • The DPP is a legal requirement under Regulation (EU) 2024/1781, covering virtually all physical goods sold in the EU — including imports
  • Batteries face the first enforcement deadline: February 2027
  • Core data requirements include a unique product identifier, material origins, sustainability metrics, and end-of-life guidance
  • QR codes are the most practical DPP data carrier — dynamic codes are essential, since product records must remain updatable
  • Start preparation now — supplier alignment alone can exceed the time most enforcement windows allow

What Is the EU Digital Product Passport?

The European Commission formally defines a DPP as a set of data specific to a product, accessible electronically through a data carrier.

In practice, it functions as a digital identity record — linking a physical product to verified information about its materials, origin, environmental performance, and end-of-life guidance. That data lives in a centralised registry and is accessible via a scannable identifier on the product or its packaging.

ESPR establishes five core functions for the DPP:

  • Support sustainable product design and circular production practices
  • Help consumers and businesses make genuinely informed purchasing choices
  • Facilitate repair, reuse, and recycling across the supply chain
  • Increase transparency on lifecycle environmental impacts
  • Enable customs and market surveillance authorities to verify compliance and authenticity

Five core ESPR Digital Product Passport functions illustrated as circular process

Who Must Comply

ESPR applies to any business placing physical goods on the EU market. Importers bear compliance responsibility for products manufactured outside the EU.

The regulation exempts several product categories:

  • Food and animal feed
  • Medicinal and veterinary medicinal products
  • Living plants, animals, and micro-organisms
  • Products of human origin

All other physical goods are in scope. Exact data requirements for each category will be confirmed through product-specific delegated acts — secondary legislation published on a rolling basis as the Commission finalises each sector.


What Information Must a DPP Include?

ESPR does not prescribe a single universal data template. Exact fields are confirmed through product-specific delegated acts — but the regulation's Annex III and Articles 5 and 7 establish the core content categories that all DPPs must address.

Unique Product Identifier

Every DPP must be anchored to a unique identifier (at model, batch, or serial level) that links the physical product to its verified digital record. ESPR requires identifiers to comply with ISO/IEC 15459 or equivalent standards. GS1's Digital Link standard encodes GTINs and batch or serial data into structured web links, making it a practical implementation pathway aligned with these requirements.

Material and Component Data

  • Raw material origins and responsible sourcing details
  • Names of suppliers involved across the supply chain (not just the finished-product manufacturer)
  • Any substances of concern present in the product

This data must trace back through the supply chain; surface-level finished-product data does not satisfy the requirement.

Sustainability Metrics

Required sustainability data includes:

  • Carbon footprint and energy use across production and use phases
  • Emissions data covering the full product lifecycle
  • Recycled content percentage and environmental footprint metrics

ESPR requires this data to be accurate, complete, and up to date. Market surveillance authorities can verify it at any time, so self-reported figures without supporting documentation will not hold up to scrutiny.

Repair and End-of-Life Information

  • Repairability scores and available replacement components
  • Repair history records (the DPP is a living record, updated throughout the product's life)
  • Disposal and recycling instructions

Compliance Documentation

The DPP must include an EU Declaration of Conformity, applicable technical documentation, and contact details for the responsible economic operator : the manufacturer, authorised representative, or importer. Under ESPR, this documentation must be producible for market surveillance authorities on request.


Which Sectors Are Affected, and When?

DPP requirements are introduced by product category through delegated acts under ESPR. Each act triggers its own enforcement timeline — and the clock starts from adoption regardless of business readiness.

Confirmed Near-Term Deadlines

Date Milestone
19 July 2026 EU central DPP registry required to be operational (Article 13, ESPR)
18 February 2027 Battery passport mandatory under EU Battery Regulation for LMT batteries, industrial batteries over 2 kWh, and EV batteries

EU Digital Product Passport enforcement timeline from 2024 to 2030 key milestones

Priority Sectors in the ESPR 2025–2030 Working Plan

The first ESPR Working Plan, adopted April 2025, identifies these priority product groups for delegated act development:

  • Steel and aluminium
  • Textiles and apparel
  • Furniture
  • Tyres and mattresses
  • Detergents, paints, and lubricants
  • ICT products and other electronics

For textiles, an EPRS study scenario suggests a phased approach — a simplified DPP by 2027, an advanced DPP by 2030 — though this remains a study scenario rather than an adopted legal deadline. Electronics face a similar position: a Working Plan priority, but with delegated acts still pending.

The Lead-Time Problem

EURATEX recommends 24 to 36 months of transition time for apparel DPP implementation. A CEPS analysis of the battery passport points to several persistent barriers across supply chains:

  • Supply chain data silos blocking end-to-end traceability
  • Confidentiality concerns around sharing supplier-level data
  • Manual data collection processes that don't scale to DPP volume requirements

If your category is in scope, the delegated act publication is not the right moment to start preparing — by then, you're already behind.


The Role of QR Codes as DPP Data Carriers

The DPP is not stored on the product itself — it lives in a digital registry and is accessed via a data carrier attached to the product or packaging. ESPR defines a data carrier as a linear barcode symbol, a two-dimensional symbol, or another automatic identification and data capture medium readable by a device. CEN/CENELEC implementation guidance identifies QR codes, DataMatrix, and passive RFID tags (NFC, RAIN RFID) as practical options.

The Battery Regulation goes further, explicitly requiring the battery passport to be accessible through a QR code — which points to where the broader DPP ecosystem is heading.

Why QR Codes Dominate in Practice

QR codes have emerged as the default format for good reason:

  • Scannable by any smartphone — no additional hardware required
  • Cost-effective to print on labels and packaging at scale
  • Readable by consumers, repair professionals, regulators, and logistics partners using the same identifier
  • Aligned with GS1 Sunrise 2027, which aims to enable 2D barcode scanning at retail point of sale by end of 2027

GS1 US data shows that 79% of consumers are more likely to purchase products with a scannable QR code providing additional product information — making DPP compliance a potential consumer-facing asset, not merely a regulatory obligation.

Static vs. Dynamic QR Codes: Why the Distinction Matters

Static QR codes encode a fixed destination. Once printed, the linked data cannot change without reprinting every label.

Dynamic QR codes use a redirect layer — the code points to a short URL that can be updated at any time. The physical label stays the same; the destination and linked data can be revised whenever needed.

For DPP compliance, this distinction is operationally significant. The DPP is explicitly a living record — repair events must be logged, sustainability data updated, regulatory requirements revised as delegated acts evolve. A static QR code cannot support that requirement without a product recall or relabelling programme.

Static versus dynamic QR code comparison for EU Digital Product Passport compliance

This is where QRStuff's dynamic QR codes address the compliance gap directly. The platform is built around the core DPP requirement: linked data must stay current without touching the physical label.

Key capabilities for DPP use cases include:

  • Update passport data at any time without reprinting labels
  • Manage codes at enterprise scale via API integration with ERP and MES systems
  • Access real-time scan analytics by device type, geography, and timestamp
  • Native GS1 Digital Link support, encoding GTINs and batch or serial data into structured URIs that satisfy DPP unique identifier requirements while remaining scannable at retail

With 99.9% uptime and SOC2 and GDPR compliance, QRStuff provides the reliability and data governance that DPP infrastructure demands.


How to Prepare for DPP Compliance

Step 1: Conduct a Data Audit

Map what product information you currently hold against the core DPP data categories. The most common gaps are:

  • Tier 3 and Tier 4 supplier material origins
  • Verified sustainability metrics (carbon footprint, energy use)
  • Repairability scores and replacement component availability
  • Structured end-of-life and recycling guidance

Use this audit to identify what you still need to source, structure, or verify before your sector's deadline.

Step 2: Align Suppliers Early

Supplier readiness is the longest lead-time item in DPP implementation. The EPRS textile study specifically flags Tier 3 and Tier 4 suppliers — where language barriers, technology gaps, and resource constraints make data collection most difficult.

Set clear data requirements with upstream suppliers now, before your delegated act is finalised. Waiting until the act is published leaves insufficient time to close the gaps that matter most.

Step 3: Build and Test the Technical Infrastructure

With supplier data flows in motion, the next priority is building the systems that will carry and update that information.

  1. Choose your data carrier — dynamic QR codes suit most product categories best, given the ongoing update requirements
  2. Build a record-update workflow to handle changes as product data shifts, repair events occur, or regulatory requirements evolve
  3. Run a pilot on one product line before scaling — this surfaces data gaps, system limits, and supplier coordination issues at a manageable cost

Three-step DPP technical infrastructure build process flow for manufacturers

For manufacturers managing multiple product lines, QRStuff's Enterprise plan (£185/month) covers the infrastructure this step demands: API access for automated record updates, bulk QR code generation at SKU or serial level, role-based access controls, and dedicated account support. That combination keeps DPP compliance manageable as you scale beyond the pilot.


Frequently Asked Questions

What is the EU Digital Product Passport?

The EU DPP is a structured digital record mandated under Regulation (EU) 2024/1781 (ESPR) that consolidates verified information on a product's materials, origin, environmental performance, and end-of-life guidance. It is accessed via a scannable identifier (such as a QR code) physically attached to the product or its packaging.

What are the compliance requirements for the EU Digital Product Passport?

Core requirements include a unique product identifier (model, batch, or serial level), material and sourcing data tracing back through the supply chain, sustainability metrics, repair and end-of-life information, and an EU Declaration of Conformity. Exact data fields are confirmed through product-specific delegated acts, so requirements vary by sector.

What will change with the EU Digital Product Passport in 2027?

From 18 February 2027, certain large batteries (LMT batteries, industrial batteries over 2 kWh, and EV batteries) become the first product category legally required to carry a passport under the EU Battery Regulation, with the central registry operational by July 2026. Delegated acts for textiles, electronics, furniture, and other priority sectors are in development under the 2025–2030 ESPR Working Plan.

Is a digital ID required for the EU Digital Product Passport?

Yes. Each DPP must be anchored to a unique product identifier embedded in a data carrier (such as a QR code, barcode, or NFC tag) physically attached to the product. ESPR requires identifiers to comply with ISO/IEC 15459 or equivalent standards, linking the physical product to its verified digital record in the EU registry.

Does the Digital Product Passport apply to companies outside the EU?

The DPP applies to any product placed on the EU market regardless of where it is manufactured or headquartered. For products made outside the EU, compliance responsibility falls on the importer or authorised EU representative.

What happens if a company doesn't comply with DPP requirements?

Under ESPR, non-compliant products cannot be placed on the EU market. Penalties are set by individual member states but must include fines and potential exclusion from public procurement procedures. National market surveillance authorities are responsible for enforcement.