The Digital Product Passport sounds straightforward – scan a code, see the data. But the regulation behind it is being misread in ways that are quietly pushing companies toward the wrong decisions. Here are eight assumptions worth reconsidering before they cost you time you no longer have.
Scan the QR code on that jacket. A page opens: fabric composition, factory location, recycled content. It looks like a Digital Product Passport. In a sense it is – but only the way a front door is a house. The door is visible. Most of the building is behind it.
The Digital Product Passport is embedded in Regulation (EU) 2024/1781 – the Ecodesign for Sustainable Products Regulation, ESPR – and it is spreading faster than most brands track. Batteries from February 2027. Textiles, aluminium, tyres, furniture through 2027–2028. Electronics, construction materials, toys following in sequence. By 2030, the majority of major product groups on the EU market will be covered under ESPR or parallel regulations. The question has stopped being whether DPP will reach your category. It is whether you will have made the right decisions before it does.
Eight misconceptions are making those decisions harder than they need to be.
This gets the technology backwards.
The QR code, NFC tag or RFID label is a data carrier – a physical access point directing whoever scans it to a digital record stored elsewhere. That record is the Digital Product Passport: structured, machine-readable data covering material composition, substance declarations, environmental footprint, repairability, compliance certificates, end-of-life instructions. All of it formatted to open standards (e.g. GS1 Digital Link and JSON-LD), so that any system, any regulator, any recycler can read it without asking you to explain it.
ESPR Article 9 is explicit: the DPP is "a set of data specific to a product," accessible via a carrier physically present on the product, its packaging, or accompanying documentation. The carrier is the address. The passport is what lives there.
Building what lives there – structured data models, access controls, interoperability, update mechanisms across the product lifecycle – is a genuine technical undertaking. The compliance risk is not whether a QR code is present. It is whether the data behind it is substantiated, machine-readable, and would survive scrutiny from a market surveillance authority. That is not a problem you solve with a document link. It is a system.
ESPR Article 13 requires the European Commission to establish a central digital registry by 19 July 2026. It will store, at minimum, unique product identifiers – the codes that link a physical product to its digital record. Customs authorities will use it to verify compliance at the border. A public portal will let stakeholders search and compare passport data, with access rights calibrated by role. Delegated acts may expand what the registry holds beyond identifiers.
What the registry will not do is host passport content itself.
The actual data lives with certified DPP service providers – independent platforms accredited under rules the Commission is finalising. ESPR Article 11 adds a second requirement: an up-to-date backup must be held by a separate, independent third-party operator. If a provider closes, the backup operator holds the data and transfers it. The regulation was written to ensure your passport outlasts any platform.
This is also a guarantee of ownership. If you move providers, the identifier travels with you. The data, in an open interoperable format, follows. Choosing a DPP provider is a strategic decision – before signing anything, there are questions worth asking.
ESPR is a framework regulation covering, in principle, any physical goods placed on the EU market. Product-specific requirements arrive through delegated acts, issued category by category. The Working Plan 2025–2030, adopted April 2025, identifies the first wave: iron and steel (delegated act expected 2026), aluminium, textiles, tyres (2027), furniture and mattresses (2028). Electronics and household appliances are addressed through parallel work streams. Construction products sit under CPR (EU) 2024/1305, aligned with the same DPP architecture. Chemicals are in preparatory study. Batteries have their own regulation – covered in the next section.
Toys deserve a specific mention. The Toy Safety Regulation (EU) 2025/2509, adopted November 2025, mandates a digital product passport for every toy sold on the EU market from 1 August 2030. Same architecture, sector-specific safety data.
There are genuine exclusions: perishable food in standard single-use packaging, certain low-value single-use plastics, products too short-lived to justify a passport. FMCG food brands are largely outside ESPR DPP scope – though the PPWR packaging regulation applies to them separately, as we covered in our compliance guide.
For everything else durable: the question is when, not if.
The Battery Regulation (EU) 2023/1542 is a standalone regulation, separate from ESPR. It introduced the first legally binding Digital Product Passport deadline in EU history: from 18 February 2027, EV batteries, light-means-of-transport batteries – e-bikes, e-scooters – and rechargeable industrial batteries above 2 kWh cannot be placed on the EU market or put into service without a digital passport. No exceptions, regardless of where the manufacturer is based.
The 2 kWh threshold is lower than it sounds. Beyond obvious EV applications, it covers stationary energy storage, professional power tools, and medical equipment with substantial rechargeable cells. Standard consumer batteries – phones, laptops, the AA format – fall outside the passport requirement. But anything between a consumer cell and a clear industrial system needs careful assessment.
A question that comes up often: if a product contains a battery requiring a passport, does the product also need a separate ESPR DPP? The two obligations are distinct – Battery Passport for the battery, ESPR DPP for the containing product – but ESPR Article 9(4) explicitly allows the Commission to exempt product categories from the DPP requirement where another EU law already provides an equivalent digital information system. Both regimes also share the same central registry infrastructure. Duplication is something the regulation was designed to avoid.
February 2027 is ten months away. For anyone manufacturing or importing battery-containing products into Europe, the implementation clock is already running, and it does not have much buffer.
The Working Plan dates – iron and steel around 2026, textiles around 2027 – refer to when the Commission plans to adopt the delegated act, not when compliance begins. After adoption, there is a mandatory transition period of at least 18 months.
Preparation takes its own time, and how long depends on the number of products in scope, the state of existing data systems, and how complex the supply chain is. A brand with a focused product range and organised documentation can have a pilot passport live in weeks. A company managing hundreds of SKUs across multiple suppliers without structured data should budget twelve to eighteen months. Either way: starting when the act is published means spending the entire transition window just getting ready, not getting better.
What is already knowable without waiting: the general data architecture, specified in ESPR Article 9 and the horizontal standards being developed by CEN/CENELEC JTC 24; and the categories of information almost certainly required – material composition, substance declarations, environmental footprint, repairability, end-of-life data – well signalled in the Working Plan and JRC preparatory studies. The specific field names will arrive with the delegated act. The substance is clear enough to build against now.
In some cases, yes. Automatically, in the right format, in time: almost never.
ESPR places responsibility for DPP accuracy and completeness on the economic operator who places the product on the EU market – the brand or importer. The supplier provides data; the brand is accountable for what ends up in the passport.
The supply chain data problem is structural. A 2026 KPMG survey of more than 70 European companies found that 81% lacked structured lifecycle data in the format DPP compliance requires. Most material declarations exist as PDFs, emails, or entries in systems never designed to feed a product passport.
For companies importing into the EU, this opens a more interesting dynamic than it might appear. Brands are already factoring DPP readiness into supplier selection – not as a regulatory exercise, but a commercial one. A manufacturer who can deliver structured, verified, machine-readable material data is simply easier to work with. In markets where comparable products compete on similar terms, this is becoming a differentiator. If you supply to European brands, DPP-readiness is already an argument at the negotiating table.
A DPP looks, from the outside, like a certificate – completed once all the information is in, then submitted. That is the wrong mental model.
A Digital Product Passport is a dynamic record. A unique identifier can be assigned to a product early, before all data fields are populated. Data is added and updated as materials are confirmed, certifications arrive, production details settle. ESPR requires the data to be "accurate, complete and up to date" – not complete before the product ships.
The useful first move is not collecting everything. It is understanding what you already have, what is missing, and which gaps are critical for initial compliance versus which can follow later. That distinction requires mapping your product category against the emerging data requirements – and it is work best done with a DPP operator before any commitments are made.
{ZeroBox} is designed for exactly this entry point: for independent brands with a focused product range, it starts from what already exists – tech packs, certificates, test reports – identifies the real gaps, and builds toward a compliant passport iteratively. The right moment to start is not when you have everything ready. It is when you want to understand what you are actually missing.
ESPR Article 2 defines the scope as "any physical goods that are placed on the market or put into service, including components and intermediate products." Company size does not appear in that sentence.
The confusion usually comes from CSRD – the Corporate Sustainability Reporting Directive – which does set obligations based on size and turnover. CSRD determines whether you must report on your company's sustainability performance. ESPR determines whether your products need a passport to enter the EU market. They are different instruments with different logic.
ESPR contains one genuine size-based provision: the prohibition on destroying unsold consumer goods (Article 25) does not apply to micro and small enterprises. Real, and worth knowing – but unrelated to the DPP obligation.
The Working Plan commits to harmonised requirements that avoid disproportionate burdens on SMEs, and the Commission is expected to develop support tools and simplified pathways. None of that changes the underlying obligation. It shapes how you meet it.
Small brands that will navigate DPP well are not those with compliance departments. They are the ones who figured out early what their specific situation actually requires – and found the right solution for it.
The EU's DPP framework continues to develop through delegated acts, technical standards, and implementing legislation. The timelines and requirements in this article reflect publicly available information as of April 2026 and do not constitute legal or compliance advice.
Fluxy.One — the transparency infrastructure for the global economy.
Book Free Demo
Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website. More information
Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website. More information
.png)
