Step 1. Your Product and Your Deadline
The question is not whether your product falls within the scope of EU DPP legislation – for most companies reading this, it does. The question is when, and how much time that leaves for preparation.
The Digital Product Passport is introduced through two parallel tracks. The first is the Ecodesign for Sustainable Products Regulation (ESPR, Regulation (EU) 2024/1781), which covers most physical product categories through delegated acts – secondary legislation the Commission adopts separately for each sector. The second track consists of sector-specific regulations that introduce DPP requirements directly, without waiting for delegated acts.
The schedule below comes from the ESPR Working Plan 2025–2030 (COM(2025)187 final) and from regulations already in force. The dates listed are when delegated acts are expected to be adopted – not when compliance begins. Enforcement follows adoption, typically after a transition period. The companies that meet their deadline without disruption are the ones that start preparing before the delegated act arrives, not after.
19 July 2026 – the central EU DPP registry opens. Registration becomes possible for all categories.
18 February 2027 – Battery Passport mandatory for EV batteries, light means of transport batteries (e-bikes, e-scooters, electric motorcycles), and industrial batteries above 2 kWh. Fixed directly in the EU Battery Regulation (Regulation (EU) 2023/1542). SLI batteries follow a later timeline.
2026 – iron and steel; low-temperature emitters; household washing machines and washer-dryers; household dishwashers; professional laundry appliances; professional dishwashers; energy label for local space heaters.
2027 – textiles and apparel; tyres; aluminium; displays; horizontal repairability measure covering consumer electronics and small household appliances.
2028 – furniture; EV chargers; electric motors and variable speed drives; household refrigerating appliances; refrigerating appliances with a sales function.
2029 – mattresses; light sources and separate control gears; horizontal measure on recycled content and recyclability of electrical and electronic equipment; detergents and surfactants (23 September 2029, fixed in Regulation (EU) 2026/405).
2030 and beyond – local space heaters (ecodesign, mid-2030); mobile phones and tablets; tumble dryers; welding equipment; standby and off-mode consumption (end 2030); toys from 1 August 2030, fixed in the Toy Safety Regulation (Regulation (EU) 2025/2509).
Construction products – phased by product family under the revised CPR (Regulation (EU) 2024/3110), after adoption of relevant delegated acts and update of harmonised technical specifications, through to 2032.
If your product category is not yet listed – or its delegated act has not yet been published – that does not mean preparation can wait. Data collection, platform selection, and the verification process all take time. The delegated act sets the technical requirements; it does not start the clock on your readiness.
Step 2. Your Role in the Chain
The EU DPP system assigns obligations to a specific legal entity: the economic operator. This is the entity responsible for placing the product on the EU market. Understanding which role you occupy determines everything that follows.
EU-based manufacturer You are the economic operator. You create the DPP, you register it in the registry, you sign it with your qualified electronic seal or signature, and you are legally accountable for the accuracy of the data – for as long as that DPP exists in the registry. That includes ensuring the passport remains accessible and can be updated by authorised actors across the value chain as the product moves through its lifecycle.
EU importer If the product is manufactured outside the EU and you place it on the EU market, you are the economic operator. The legal responsibility for the DPP is yours – including the obligation to sign each registration. The product data, however, has to come from your supplier. They know the materials, the production process, the substances used. Building DPP data requirements into procurement contracts is not optional – it is part of your compliance chain.
Authorised representative If a non-EU manufacturer has appointed an authorised representative within the EU, that representative assumes all economic operator obligations in full – including signing every DPP. Many non-EU companies already have an authorised representative in place for GPSR purposes; the DPP adds a significant new layer of legal responsibility to that role.
Exporter based outside the EU If you manufacture products sold on the EU market but have no EU legal entity, your EU buyer – the importer – is the economic operator and bears full responsibility for the DPP. In practice, the data must come from you. Your EU partners will increasingly ask for it as compliance deadlines approach. Being ready before they ask is the stronger position.
One point that applies to all roles: regardless of who performs the technical work of registration, responsibility cannot be delegated. If a platform provider registers the DPP on your behalf, you – the economic operator – remain legally accountable for the accuracy of every data point in every passport.
Step 3. Data About the Product: What Is Needed and Where It Comes From
This step can – and should – begin now, before the registry opens and before the delegated act for your category is published. The categories of data required are consistent across most product types, even if the specific fields will be confirmed by each delegated act.
In March 2026, the Commission published the JRC Methodology for Defining Data Requirements for the Digital Product Passport (JRC145830) – the first official document explaining how data requirements are built for each sector. The methodology works from use cases outward: a recycler needs material composition and disassembly instructions; customs needs unique identifiers and compliance references; a consumer might need care instructions and a repairability score. From those use cases, specific data fields are defined and classified as mandatory, recommended, or voluntary.
The data categories that appear consistently across product types:
Unique product identifiers – built on GS1 Digital Link and GTIN standards. If your products do not yet have GTINs assigned, this is the first practical step to take now.
Material composition – including any substances of concern under EU chemical regulations (REACH). For most manufacturers, this means requesting Material Safety Data Sheets and composition declarations from every supplier in the chain.
Environmental performance data – carbon footprint, recyclability, durability indicators. The specific metrics depend on the product category.
Repairability and end-of-life information – disassembly instructions, availability of spare parts, recycling guidance.
Compliance references – links to declarations of conformity, test reports, certification documents.
Granularity: the decision that shapes everything
Before choosing a platform or beginning registration, the economic operator needs to know at what level the DPP will be registered: model level (one passport per product design), batch level (one passport per production run), or item level (one passport per individual unit).
The JRC Methodology (JRC145830) identifies granularity as the primary cost driver in DPP implementation. Moving from model level to item level is not a software configuration – it requires a system that assigns and tracks a unique identifier for each individual unit through production, logistics, and the supply chain. Most companies do not have that system today. If the delegated act for your category requires item-level registration, building that operational capability is the foundational project – and it needs to start before the delegated act is published, not after.
Step 4. Choosing a DPP Platform: What to Look For
The choice of platform provider is not a procurement decision – it is an infrastructure decision. The provider you choose will hold your product data, manage your registrations, and maintain the connection to the EU registry for a minimum of ten years. This choice also directly affects how Step 5 – registry verification – works for you.
Does the provider hold its own qualified electronic seal?
This is the most consequential question. Every DPP registered in the EU registry must be signed with a qualified electronic signature or sealed with a qualified electronic seal in accordance with the eIDAS Regulation (Regulation (EU) No 910/2014). A registration without a valid signature or seal is automatically rejected. If the provider holds its own qualified seal, the economic operator can register DPPs through delegated access without needing to obtain separate eIDAS credentials. If the provider does not hold a seal, the operator must obtain one independently.
How is delegation structured?
Under the draft implementing regulation (Ares(2026)4424976), the economic operator can delegate registration actions to a third party – but legal responsibility stays with the operator. The provider should be able to explain clearly how access rights are assigned, how actions are logged, and how the operator can verify what has been registered on their behalf.
How does the provider handle versioning and updates?
Each DPP is a living document. Every update must be timestamped and linked to the original registration identifier. When data requirements change – because a delegated act is amended or because the product changes – the relevant fields must be updatable without creating a new passport. Ask for a clear explanation of how the provider manages this.
What happens to your data if the provider ceases to operate?
Default data retention in the registry is ten years. Your DPP data must remain accessible for that period. Understand what contractual and technical guarantees the provider offers for data portability and continuity.
What is the provider's GS1 infrastructure?
DPP unique identifiers are built on GS1 Digital Link and GTIN standards. A provider with GS1 Solution Partner status operates within the verified GS1 ecosystem – which matters for identifier quality and interoperability. Fluxy.One is a GS1 Belgilux Solution Partner and manages GS1 Digital Link QR code generation as part of the DPP service.
Step 5. Registry Verification: Two Paths to Verified Economic Operator Status
Before any DPP can be registered in the EU registry, the economic operator must complete an identity verification process and obtain verified economic operator status. Without it, no registration is possible – for any product, in any category.
This step opens on 19 July 2026 when the registry goes live. Preparation, however, can begin now.
What verified economic operator status means
Verified status confirms that the entity registering DPPs is legally who it claims to be. It is valid for up to three years, or until the electronic identification means expire – whichever comes first. After that, the verification process repeats.
Path one: direct verification
The economic operator obtains a qualified electronic seal – for legal entities – or a qualified electronic signature – for sole traders – from a qualified trust service provider under the eIDAS Regulation. The seal or signature is then used to complete the verification process in the registry directly.
For EU-established legal entities, qualified trust service providers are listed in each Member State's national trusted list. For non-EU economic operators, national eID systems are not available – only qualified electronic signatures or electronic attestations issued under EU law are accepted.
Every DPP subsequently registered by this operator must be signed or sealed using these same credentials. Each registration is individually signed – not as a batch, but document by document. This is a legal requirement, not a technical detail.
Path two: verification through a platform provider
If the chosen platform provider holds its own qualified electronic seal, the economic operator can receive delegated access through the provider's verified account. Registration is then performed by the provider on the operator's behalf, using the provider's seal. This path removes the need for the operator to obtain separate eIDAS credentials.
This is a legitimate and practical route – particularly for smaller companies and those without existing eIDAS infrastructure. What it does not change is accountability: the economic operator remains fully responsible for the accuracy of every registered DPP, regardless of who signs the registration.
What to prepare now
Identify which path applies to your situation based on Step 4 – the provider you have chosen. If taking the direct path, begin identifying qualified trust service providers in your jurisdiction. If working through a provider, confirm in writing that they hold or are obtaining a qualified seal before the registry opens.
Step 6. DPP Registration: What Happens and What It Produces
Registration opens on 19 July 2026. By that date, the economic operator should have completed Steps 1–5: product scope confirmed, role defined, data prepared, provider selected, verification path identified.
What happens during registration
Each DPP is registered individually – at model, batch, or item level, as specified by the applicable delegated act. The registration is submitted either through the registry's secure user interface or through the API.
Upon submission, the Commission's registry automatically verifies:
– the existence and semantic completeness of mandatory data fields, as defined in the applicable delegated act and the semantic repository; – the conformity of the DPP with the required granularity level; – the validity of the commodity code, where relevant; – the link to the backup hosted by the DPP service provider, where relevant; – the presence of a valid qualified electronic signature or seal in accordance with the eIDAS Regulation.
The last point bears emphasis. Every DPP is a signed legal document. The signature or seal is verified automatically at the point of registration. A submission without a valid signature or seal is rejected. There is no manual review, no grace period, no workaround.
What registration produces
Following successful verification, the registry generates a unique and persistent registration identifier. This identifier is the anchor for everything that follows: updates, versioning, customs checks, and retailer verification all reference it.
Proof of registration
Once a DPP is registered, the economic operator can generate a proof of registration – a secure electronic document sealed with the Commission's qualified electronic seal and a qualified timestamp, as set out in Article 9(3) of the draft implementing regulation (Ares(2026)4424976). It serves as legal evidence for third parties – customs authorities, retailers, B2B buyers – that the registration obligation has been fulfilled.
The proof of registration is valid for 90 days from the date of generation and can be regenerated at any time. Think of it as the DPP equivalent of a customs declaration: it does not contain all the product data, but it proves – in a form that any third party can verify – that the obligation has been met.
Customs authorities access this through the EU Customs Single Window Environment (Regulation (EU) 2022/2399), the digital framework connecting EU border controls to regulatory registries. As compliance deadlines arrive for each product category, customs at EU external borders will verify incoming shipments against the registry in real time. A shipment without a registered DPP can be detained – not delayed with a warning, but detained pending resolution.
For exporters: the compliance deadline is not the day to finish creating a DPP. It is the day the DPP must already be registered, tested, and working.
Step 7. After Registration: A Living Document
Registration is not the end of the process. A DPP is a living record – and the economic operator is responsible for keeping it accurate for as long as the product is on the market and beyond.
Versioning
Every change to a registered DPP is logged in the registry's log system and linked to the original registration identifier with a timestamp. This creates a complete, tamper-evident audit trail. Each new version does not replace the previous one – it is added to the record. Market surveillance authorities and customs authorities have access to this log.
Each updated version of the DPP must also be signed with a qualified electronic signature or seal. The signing requirement does not apply only to first registration – it applies to every registered version of the document.
Who can update a DPP
Beyond the economic operator, other authorised actors can add information to a DPP over the product's life: repairers, recyclers, remanufacturers. Their role and the scope of what they can update will be defined in the delegated act for each product category. All updates are logged under their verified identity.
The economic operator is responsible for ensuring that the DPP remains accessible to all authorised actors throughout the product's lifecycle. Access is not optional – it is a structural requirement of the system.
Data retention
Where EU law does not specify a retention period for a product category, DPP registration data is retained in the registry for ten years from the date of first registration, in accordance with the Commission's Blue Guide on EU product rules. Where sector-specific law sets a different retention period, that period applies. This ten-year horizon should inform both the choice of platform provider and the internal data management processes of the economic operator.
Monitoring regulatory changes
Delegated acts will be amended. Data requirements will evolve. When that happens, the relevant fields in affected DPPs must be updated to reflect the new requirements. Versioning handles the technical side of this – but the operator needs a process for monitoring regulatory changes and acting on them before enforcement begins.
Not sure where to start? Fluxy.One offers a free initial consultation – no commitment, just clarity on what DPP compliance means for your specific products and markets. Get in touch →
EU product regulations continue to develop through delegated acts and implementing measures. The information in this guide reflects the regulatory position as of May 2026, including the ESPR Working Plan 2025–2030 (COM(2025)187 final) and the Commission's draft implementing regulation on the DPP registry (Ares(2026)4424976). Exact compliance dates are confirmed when each delegated act is published. This guide is for orientation, not legal advice.
If you are unsure how these requirements apply to your specific situation, Fluxy.One offers a free initial consultation – reach out at fluxy.one. Fluxy.One is an EU Digital Product Passport platform for manufacturers, importers, and exporters navigating ESPR, the Battery Regulation, the Toy Safety Regulation, CPR, and related requirements. {ZeroBox} is Fluxy.One's entry-level solution for independent European brands.
