1 October 2024 | Dave Ashenhurst

What is a Digital Product Passport? The complete guide

Most brands treat supply chain data like a filing cabinet — it's messy, spread across PDFs and spreadsheets, and only gets opened when something goes wrong. But the EU's new Ecodesign for Sustainable Products Regulation (ESPR) changes that. Your product data now needs to follow the physical item everywhere it goes, from raw material to recycling bin. How do you turn a mountain of supplier spreadsheets into a compliant Digital Product Passport without breaking your operations?

In this guide, you will learn

  1. A clear definition of the Digital Product Passport (DPP) and its core components.
  2. The specific regulations, like the ESPR, that make DPPs mandatory.
  3. The core data categories required for a compliant passport.
  4. How technical standards like GS1 Digital Link and EPCIS 2.0 work together.
  5. The implementation timeline for textiles, batteries, and electronics.
  6. Practical, actionable steps to prepare your internal data systems today.
Book a 15-minute DPP Walkthrough →

What is a Digital Product Passport?

A Digital Product Passport (DPP) is a structured digital record that stores and shares verified information about a product throughout its entire lifecycle. It acts as a digital identity card, linked to a physical item via a data carrier like a QR code, providing instant access to data regarding a product's material origin, environmental footprint, and end-of-life instructions.

Instead of vague marketing claims about sustainability, anyone in the value chain — customs authorities, recyclers, even consumers — can access authenticated facts about what a product is made of and where it came from.

Scan the QR code on a winter jacket and you can see where the cotton was grown, who dyed the fabric, what chemicals were used, and whether the factory holds valid labour certifications.

The DPP is required under the EU's Ecodesign for Sustainable Products Regulation (ESPR) — the legal framework that makes product transparency mandatory, not optional.

Why are Digital Product Passports happening now?

The EU's Ecodesign for Sustainable Products Regulation (ESPR) entered into force on 18 July 2024, creating the legal framework for Digital Product Passports. The ESPR itself doesn't impose DPP requirements directly — instead, the European Commission will publish product-specific "delegated acts" that define exactly what data each product category must include and by when. Once a delegated act is adopted, companies typically have an 18-month transition period before enforcement begins.

The ESPR replaces the old Ecodesign Directive and dramatically expands its scope — from energy-related products to almost everything you'd find on a shop shelf.

Regulators have prioritised sectors with high environmental impact:

  • Batteries: Under the separate EU Battery Regulation, Digital Battery Passports become mandatory starting in February 2027.
  • Textiles: Designated as a top priority due to high resource intensity, textiles are expected to face mandatory compliance between 2027 and 2028.
  • Electronics and construction: These sectors will follow as the European Commission publishes product-specific "delegated acts" — the secondary legislation that defines the exact data requirements and compliance deadlines for each category. The delegated act process involves public consultations, impact assessments, and scrutiny periods, which means timelines can shift.

Beyond regulation, consumers are pushing for transparency too. Europeans throw away roughly 11 kg of textiles per person annually (source: European Environment Agency). "Proof, not promises" is becoming the baseline expectation.

To harmonise these requirements, the European Commission has mandated CEN and CENELEC — the European standards organisations responsible for technical harmonisation — to finalise eight European standards for DPP architecture by 31 March 2026. These include prEN 18221, which specifies the protocols for data storage and persistence.

What data goes into a Digital Product Passport?

The exact data fields will be defined by product-specific delegated acts, but we can already identify the core data categories that form the backbone of a compliant textile passport.

  • Product identification: Name, model, unique product or batch identifier, and manufacturing date.
  • Material composition: Detailed breakdown of fibres (e.g., 95% organic cotton, 5% elastane) and recycled content percentages.
  • Supply chain mapping: Locations and identities of facilities across Tiers 1–4, from assembly to raw material production.
  • Environmental impact: Metrics including carbon footprint (Global Warming Potential), water consumption, and energy use based on standardised methodologies like Product Environmental Footprint (PEF) — the EU's method for calculating a product's environmental impact across its full life cycle.
  • Social compliance: Verified evidence of fair labour conditions and human rights compliance.
  • Circularity and end-of-life: Instructions for disassembly, repairability scores, and guidance on local recycling infrastructure.
  • Chemical safety: Documentation on the presence of hazardous substances or "Substances of Concern" (SoC).
  • Compliance documentation: Digital versions of the Declaration of Conformity, CE markings, and technical audit reports.

For a cotton t-shirt, the DPP would include the cotton origin (India, GOTS certified), the spinning mill (Turkey), the dyehouse (Portugal, OEKO-TEX certified), the garment factory (Portugal, BSCI audited), material composition (95% organic cotton, 5% elastane), carbon footprint (4.2 kg CO₂e), and care/repair instructions.

This data will typically be pulled from your ERP (Enterprise Resource Planning), PLM (Product Lifecycle Management), and direct supplier declarations. For a deeper look at how all of these components connect, see our post on the anatomy of a DPP solution based on GS1 standards.

How does a Digital Product Passport work technically?

A DPP is not a single file stored in a central government database; it's a decentralised system where brands remain responsible for their data. Three open standards make this work.

GS1 Digital Link

The link between the physical item and the digital record is usually a QR code encoded with a GS1 Digital Link. This standard turns a traditional barcode into a web-enabled URL.

Let's look at an example:

https://id.trackvision.ai/01/04012345000010/21/ABC123

  • https://id.trackvision.ai — The resolver domain that hosts the data.
  • /01/ — The GS1 Application Identifier for a GTIN (Global Trade Item Number).
  • 04012345000010 — The product's actual GTIN.
  • /21/ — The Application Identifier for a serial number.
  • ABC123 — The unique serial number for that specific item.

In practice, many brands choose to host their resolver on their own domain (e.g., id.yourbrand.com) so they retain full ownership of their product URLs regardless of which technology partner they use.

GS1 EPCIS 2.0

While the Digital Link points to the passport, GS1 EPCIS 2.0 is the language used to record what happened to the product. It captures supply chain "events" — who did what, where, and when — allowing for a verifiable chain of custody from raw material to finished product. TrackVision provides a purpose-built EPCIS repository for storing and querying these events at scale.

W3C Verifiable Credentials

To prevent fraud and greenwashing, DPP data can be cryptographically signed using W3C Verifiable Credentials. This ensures that the information is untampered and originates from an authenticated source, such as a certified laboratory or auditor.

Content negotiation

Think of content negotiation like a multilingual translator. When a consumer scans the QR code with a smartphone, the system recognises they're using a browser and serves a human-readable webpage. When a regulator's system scans the same code, it requests the data in a machine-readable format (like JSON-LD), allowing for automated compliance checks. Same QR code, different audiences, different responses.

Who needs to comply with Digital Product Passport requirements?

Compliance is based on the product category and applies to all goods placed on the EU market, regardless of where the company is headquartered.

Sector Regulation Expected date Product categories
Batteries EU Battery Regulation February 2027 EV, industrial, and LMT batteries
Textiles ESPR Delegated Act 2027–2028 (expected) Apparel, footwear, and accessories
Electronics ESPR 2028–2029 (expected) Consumer electronics and ICT products
Industrial ESPR 2026–2027 Iron, steel, and aluminium products
Construction CPR 2027–2030 Steel, cement, and insulation

Note: Exact dates for textiles are still being finalised through forthcoming delegated acts by the European Commission.

Mid-market brands are particularly exposed. You're likely too large to qualify for SME exemptions but may lack the massive IT budgets of global conglomerates who can afford 24-month enterprise implementations. Implementing early avoids market exclusion and significant penalties — the ESPR requires EU Member States to set fines that, for serious infringements, must include a maximum of at least 4% of the operator's annual turnover in the affected Member States.

How to prepare for DPP compliance

You don't need a complete digital system on day one, but the process of collecting supplier data takes significant time. Start now and iterate.

  1. Audit your product data: Identify what information already exists in your ERP or PLM systems and where the gaps are — particularly regarding Tier 2 and Tier 3 suppliers.
  2. Map your supply chain: Move beyond your Tier 1 garment factory to identify your fabric mills, yarn spinners, and raw material sources.
  3. Engage your suppliers: Start socialising the coming requirements with your partners. Ensure your contracts allow for the sharing of traceability data.
  4. Choose your technical approach: Opt for open, interoperable GS1 standards rather than proprietary "walled garden" systems to avoid long-term vendor lock-in.
  5. Pilot one product line: Choose a single, high-volume style to test the end-to-end flow of generating IDs, activating QR codes, and serving digital content.
  6. Run a compliance assessment: Check your pilot results against the ESPR data requirements to identify gaps before scaling.

Frequently asked questions

Is a Digital Product Passport mandatory?

Yes — once enforcement begins for your product category. The ESPR framework is already in force. As each product-specific delegated act is adopted and its transition period ends, placing that product on the EU market without a valid, registered Digital Product Passport will be prohibited.

What is the difference between a DPP and a product label?

A physical label has limited space and is static once printed. A DPP provides virtually unlimited, updateable data linked via a QR code, allowing for "live" information like repair history, recycling instructions, and updated compliance status.

How much does DPP compliance cost?

Costs vary based on supply chain complexity and digital maturity. While initial setup requires investment in traceability software, early adopters often see cost savings through reduced manual auditing, improved supplier data quality, and faster compliance reporting.

Can I use my existing ERP data for a DPP?

In theory, yes. In practice, almost certainly not on its own. Your ERP holds SKU names and purchase orders, but it rarely contains farm-level origins or detailed carbon footprint metrics. A DPP platform acts as a consolidation layer — pulling together data from your ERP, PLM, and direct supplier declarations into a single compliant passport.

What happens if I don't comply with DPP requirements?

Non-compliance risks severe penalties, including heavy fines, product recalls, or a complete ban on selling your products within the European Union. Enforcement will be handled by national market surveillance authorities.

Do Digital Product Passports apply outside the EU?

While the mandate originates in the EU, it affects any global brand selling into Europe. Furthermore, other regions including the UK and parts of Asia are already exploring similar digital labelling frameworks, making DPP readiness a global concern.

How TrackVision helps

Did you know the TrackVision traceability system can provide every component in the DPP solution we've described today? This includes:

  • AI Supplier Portal: Collects verified data from Tier 2, 3, and 4 suppliers in 24 EU languages — no supplier account needed.
  • GS1 Digital Link Resolver: Generates and manages the unique URLs and QR codes for every item or batch.
  • EPCIS 2.0 Repository: A scalable engine that records every supply chain event with full chain-of-custody.
  • DPP Page Builder: Consumer-facing product passport pages with your brand identity, built and edited by an AI agent.
  • Compliance Assessment: Maps your current data against the specific ESPR delegated act requirements and names the gaps.
  • Validation Gatekeeper: AI cross-references supplier data against regulatory requirements to catch errors before they become compliance failures.

You can choose to adopt the entire stack, or pick and choose a subset to fill your data gaps.

Watch the full platform walkthrough:

Book a 15-minute DPP walkthrough or explore our DPP solution.
Recommended for you
What is GS1 EPCIS 2.0? What is GS1 EPCIS 2.0?
About the author
Dave Ashenhurst
I lead architecture and engineering. I use AI tools, like Claude Code, all day.

Recommended reading

NEW
What is a Digital Product Passport? The complete guide
21 March 2026 | Dave Ashenhurst
Using AI for DPP compliance: from spreadsheets to passports in 60 days
21 March 2026 | Dave Ashenhurst
epcis AI traceability
AI for supply chain data: why standards matter more than models
16 March 2026 | Dave Ashenhurst