EU Digital Product Passport 2027

ESPR framework and the Digital Product Passport obligation — what the regulation actually requires

The EU Ecodesign for Sustainable Products Regulation (ESPR) — Regulation (EU) 2024/1781, adopted by the European Parliament and Council on 13 June 2024 and entered into force on 18 July 2024 — is the master framework that introduces the Digital Product Passport. ESPR repeals Directive 2009/125/EC (the old Ecodesign Directive) and expands its scope from energy-related products to essentially any physical product placed on the EU market, with category-specific requirements defined through delegated acts adopted under Article 4. The first ESPR Working Plan 2025-2030, adopted by the Commission on 16 April 2025, identified the priority product groups: iron and steel (delegated act 2026), aluminium / textiles / tyres (2027), furniture (2028), mattresses (2029), and intermediate materials. The DPP is the data-layer mechanism that implements ESPR's information requirements, and understanding the framework architecture is the prerequisite for category-specific compliance planning.

• ESPR scope: the regulation applies to virtually any physical product placed on the EU market, with specific requirements defined per product category through delegated acts. The category-specific delegated acts set the detailed performance, information and circularity requirements, and the first-batch categories include batteries, textiles, consumer electronics, furniture, construction products, iron and steel, and chemicals.
• Delegated-act mechanism: each product category becomes subject to DPP requirements when the Commission adopts the delegated act defining the category-specific data elements, the verification regime and the effective date. The delegated-act timeline is the practical driver of when any specific product category goes live.
• Battery Regulation as the first DPP. The Battery Regulation (EU 2023/1542) predates ESPR but aligns with the DPP architecture and is the first category to carry operational DPP obligations, with battery passport requirements effective February 18, 2027 for industrial batteries, electric vehicle batteries and light-means-of-transport batteries above 2 kWh.
• Unique product identifier requirement. Each individual product unit (not just each SKU) must carry a globally unique identifier accessible through a machine-readable data carrier. The carrier can be NFC tag, QR code, RFID transponder or other approved technology, and must be durable enough to last the product's expected lifetime.
• Data-set structure: the DPP links the unique identifier to a lifecycle dataset hosted in a registry or manufacturer-controlled platform. The dataset contents vary by category but typically include material composition, carbon footprint, recycled-content percentage, repairability score, substance-of-concern presence, and end-of-life recycling instructions.
• Supply-chain participation: manufacturers, importers and economic operators downstream of the manufacturer contribute data to the passport at each stage, creating an auditable chain of custody. The data-provenance model is explicit about who contributes which data elements, so compliance is a cross-functional obligation rather than a single-party obligation.
• Consumer and professional accessibility. The DPP must be accessible to consumers for general information (typically through tap-to-URL NFC or QR scan) and to professional actors (repair technicians, recyclers, regulators) for more detailed lifecycle information. Some data elements are public by design; others are restricted to authenticated professional access.

Phased rollout by product category — 2026 through 2030 and the category-specific timelines

The DPP obligation does not arrive as a single big-bang regulation; it arrives category by category as the European Commission adopts delegated acts under ESPR Article 4. The first concrete dates published to date are: Battery Regulation passport mandatory from 18 February 2027 for EV / industrial / LMT / SLI batteries; ESPR Working Plan 2025-2030 (adopted 16 April 2025) prioritising iron and steel (delegated act 2026), aluminium / textiles / tyres (2027), furniture (2028), mattresses (2029); Construction Products Regulation (EU) 2024/3110 (in force 7 January 2025) with DPP mandatory ~18 months after the supporting digital infrastructure is established (expected 2027-2028); revised Toy Safety Regulation with a 30-month transition period after entry into force, putting toys at 2029-2030. The 2027 date is the battery passport's implementation date, not the universal DPP deadline.

• Batteries and electric vehicles. The EU Batteries Regulation (Regulation (EU) 2023/1542, in force 17 August 2023) requires a battery passport accessible via QR code, mandatory from 18 February 2027 for electric-vehicle batteries (>25 kg), light-means-of-transport batteries, industrial batteries above 2 kWh and SLI (starting/lighting/ignition) automotive batteries placed on the EU market. Implementing acts and Commission guidelines are scheduled for adoption by 18 August 2026 (Article 78 review). The battery passport is the detailed precedent that other categories will follow structurally.
• Iron and steel: first ESPR-specific delegated act planned for 2026, focusing on emissions, energy efficiency and resilience. Iron and steel are intermediate materials whose DPP feeds downstream product categories (automotive, construction, consumer electronics).
• Textiles, aluminium and tyres: ESPR Working Plan first-wave product groups for 2027 delegated acts. Textile DPP focuses on fibre composition, secondary-material content, microplastic release and repairability. Aluminium and tyres carry secondary-materials and recyclability emphasis. Industry pilot programmes (CIRPASS-2 textile pilot; EON / Aware Vector textile DPP platforms) are running ahead of the 2027 delegated act.
• Furniture: ESPR Working Plan 2028 delegated act. Furniture presents specific material-disclosure complexity (wood species, adhesives, flame-retardants, foam chemistries) that the delegated act will address.
• Mattresses and consumer electronics: ESPR Working Plan 2029 delegated act for mattresses; electronics repairability rules introduced in 2027 in parallel. Smartphones, tablets, laptops and household consumer electronics are in scope; the EU's right-to-repair framework (Directive (EU) 2024/1799) interacts with the electronics-DPP requirements.
• Construction products: governed by the new Construction Products Regulation (EU) 2024/3110 (adopted 27 November 2024, in force 7 January 2025), which replaces Regulation (EU) 305/2011 and explicitly recognises QR codes, NFC chips and RFID transponders as compliant DPP data carriers (Article on data carrier requirements; aligns with ISO 15459). DPP mandatory 18 months after supporting digital infrastructure is established, expected 2027-2028.
• Iron, steel and aluminium. Priority categories under ESPR for their carbon-footprint and circular-economy importance. Timeline tracks the delegated-act pace and is in the 2027-2030 horizon for first-wave requirements.
• Chemicals and ingredient disclosure. Separate regulatory tracks address chemical ingredient disclosure (REACH, CLP) with DPP cross-references. Chemical-product DPPs are expected later in the rollout cycle than physical-product DPPs.
• Continuing working-plan expansion. The ESPR framework contemplates continuous expansion beyond the first working plan. Categories not currently specified can enter scope through subsequent working-plan cycles, so suppliers to any physical-product category in the EU market should assume future DPP relevance.

Why NFC and RFID are the preferred DPP carrier technologies — durability, authentication and consumer accessibility

The ESPR regulation is technology-neutral at the carrier level, permitting NFC tags, QR codes, RFID transponders and other approved technologies. In practice, NFC and RFID are emerging as the preferred carriers for many product categories because they solve three problems that QR-only approaches do not: durability across the product's full lifetime, cryptographic authentication of the tag/product pairing, and dual-use carrier strategies that also serve supply-chain logistics. Understanding the carrier tradeoffs is the core technology decision a DPP programme faces.

• Lifetime durability: a DPP carrier must remain readable for the product's expected lifetime, which for furniture, appliances and industrial batteries can be 10-20 years. Printed QR codes fade, scuff and abrade over multi-year product life; NFC tags embedded in labels, housings or textile care tags survive the full lifecycle intact.
• Cryptographic authentication: NTAG 424 DNA generates a cryptographically signed URL on every scan via the SUN (Secure Unique NFC) protocol, so cloned tags and tampered products are detectable at the point of consumer interaction. QR codes can be copied indefinitely without detection, creating an anti-counterfeiting blind spot that DPP intends to close.
• Consumer-device accessibility: NFC reader support is universal in iPhones from iPhone 7 onwards (2016) and in Android devices from roughly 2013. The installed base exceeds 90% of smartphones in developed markets, meaning 'tap your phone to see the DPP' is viable as the primary consumer interaction for most product categories.
• Tamper detection: NTAG 424 DNA supports a tamper detection flag readable in the SUN response, detecting physical tampering of the tag or the surrounding product. For categories where counterfeiting or product tampering is a concern (batteries, consumer electronics, high-value apparel), tamper detection is a material DPP feature.
• Larger memory options: ICODE DNA provides larger on-tag memory than NTAG 424 DNA when the DPP implementation stores additional data directly on the tag rather than purely in the cloud. The typical DPP implementation stores minimum data on the tag and the full lifecycle record in a cloud registry, but specific categories may benefit from on-tag data caching.
• UHF for supply-chain coexistence. UHF RFID serves supply-chain inventory and logistics in high-volume categories (textiles at retail, consumer electronics at distribution). Dual-technology labels combining a consumer-facing NFC inlay with a logistics-facing UHF inlay satisfy both DPP consumer accessibility and retailer mandate requirements on a single label.
• QR as visual backup. Many DPP implementations carry both an NFC tag and a printed QR code, with QR serving as a universally scannable fallback when NFC is unavailable or when the user prefers camera-based interaction. The dual-carrier approach is slightly more expensive but materially more robust and is common in high-profile brand deployments.

Chip selection — NTAG 424 DNA, ICODE DNA and specialized DPP-class chips

Within the NFC chip space, a small number of chips are specifically well-suited to DPP applications because they combine the right memory, authentication, tamper-detection and URL-encoding features. Chip selection influences unit cost, encoding complexity, consumer-interaction design and the ease of integration with cloud registries. For most DPP use cases, the selection converges on two or three chips.

• NTAG 424 DNA — the flagship DPP-class NFC chip from NXP. Supports SUN authentication with AES-128 cryptography, tamper-detect flag, 256 bytes of user memory, and NFC Forum Type 4 compliance readable by all modern smartphones. The go-to choice for the majority of consumer-facing DPP applications.
• NTAG 424 DNA TagTamper. A variant of NTAG 424 DNA with a physical tamper-loop input that detects the tag being lifted or the loop being cut, used for seal-style anti-tamper applications in pharmaceutical, liquor and high-value packaging where mechanical tamper detection is required.
• ICODE DNA: NXP's higher-memory ICODE family chip with SUN-equivalent authentication and more on-tag memory than NTAG 424 DNA. Suitable for applications storing extended data on the tag rather than in the cloud, and for applications needing the ICODE air-interface (ISO 15693) for longer read range than standard NFC.
• MIFARE DESFire EV3 — used for DPP applications that also need credentialing or access-control functionality on the same tag. AES-128 mutual authentication and per-application access rights let a single chip serve both DPP consumer identification and access-credential functions in specific use cases.
• SLIX2 and SLIX-L. ICODE family chips with ISO 15693 interface and larger memory, used in library, asset-tracking and some DPP applications where the longer-range vicinity-coupling protocol is operationally preferred over NFC's proximity coupling.
• UCODE DNA: NXP's UHF UCODE chip with DNA-family authentication features, enabling UHF-side cryptographic authentication that complements NFC-side DPP tags in dual-technology label architectures.
• Battery passport specialized chips. The Battery Regulation's specific data requirements (cell chemistry, capacity history, charge-cycle counts) are often implemented with specialized battery-management-system integration rather than a single NFC chip alone. The NFC tag in a battery passport typically serves as the consumer-accessible pointer into a larger BMS-managed dataset.

Dual-technology label strategies — NFC for consumers, UHF for supply chain on a single carrier

A single product can need DPP consumer-tap accessibility and supply-chain UHF visibility simultaneously. Retail textiles are the canonical example, where the consumer scans their shirt for the DPP while the same shirt was read by a UHF portal at the distribution centre three weeks earlier. Dual-technology labels carry both an NFC inlay and a UHF inlay on a single substrate, aligned on a single product, with a single logical identifier tying the NFC-side DPP and the UHF-side supply-chain record together.

• Architectural advantage: one encoded tag on one product serving two purposes is operationally simpler than two tags that can become out-of-sync. When the NFC and UHF inlays share a logical identifier, the DPP record and the supply-chain record stay synchronized by construction.
• Physical layout: dual-technology labels typically place the NFC inlay and UHF inlay side-by-side on the same substrate with separate antenna resonances. The layout has to manage mutual coupling between the two antennas, which credible label designers address through antenna placement, substrate selection and tuning adjustments.
• Encoding alignment: the NFC-side URL and the UHF-side EPC are encoded to resolve to the same product identifier in the backend. For a GS1-aligned implementation, the UHF EPC is typically an SGTIN-96 encoding of the product's GTIN and serial, and the NFC URL incorporates the same SGTIN in its path.
• Retailer mandate alignment: for textile and consumer-goods suppliers subject to Walmart, Target or European retailer UHF mandates, the UHF side of the dual-technology label serves the retailer compliance requirement while the NFC side serves DPP. One supplier investment, two regulatory outcomes.
• Cost and BOM: dual-technology labels cost roughly 1.5-2.5x a single-technology label depending on the specific chips and substrate. For mid-to-high-value categories (apparel above a price threshold, consumer electronics, durable goods), the incremental cost is comfortably absorbed; for low-ASP categories the economics require closer analysis.
• Logistics read performance: the UHF side has to maintain portal read rates (target 99.5%+) at distribution centres despite the presence of the adjacent NFC inlay. The antenna-design work is mature, and credible label suppliers validate read performance across the relevant portal configurations as part of their design release process.
• Consumer experience design: the NFC side is tuned for close-proximity tap at a defined location (brand tag on garment, data-plate on appliance). The consumer-facing design considers discoverability (how does the consumer know where to tap?), feedback (what does the consumer see after tap?) and progressive disclosure (basic info first, detailed data on demand).

DPP data architecture and registry integration — on-tag minimum, cloud-hosted full dataset

The DPP data architecture separates the carrier (the NFC tag, QR code or UHF tag) from the dataset (the full lifecycle record). The carrier stores a minimum identifier, and the full dataset lives in a cloud-hosted registry under manufacturer or operator control. Understanding the separation is essential because it clarifies what belongs on the tag (identifier and authentication), what belongs in the cloud (lifecycle record), and what the integration work entails.

• Minimum tag encoding: the tag carries a unique identifier (typically a URL incorporating the product serial, with SUN-authenticated tokens for NTAG 424 DNA). The full dataset is not on the tag; the tag is the pointer to the dataset.
• Cloud-hosted lifecycle dataset. The full DPP dataset (material composition, carbon footprint, recycled content, repairability, end-of-life instructions) is stored in a registry, which may be manufacturer-controlled, sector-specific or EU-operated depending on the category-specific delegated act.
• Registry interoperability: the EU contemplates registry interoperability standards so that a consumer scanning a product can reach the DPP regardless of which registry hosts it. Manufacturers typically either operate their own registry that meets the interoperability standards or participate in a sector registry operated by a trade association or service provider.
• Data-provenance and updates. The dataset evolves over the product's lifecycle: initial manufacturer contribution, importer additions, retailer additions, repair events, second-hand transfers, end-of-life recycling events. The registry architecture supports append-only event logging with data-provenance attestation.
• Professional access tiers: some DPP data is public (consumer access) and some is professional-restricted (repair technicians, recyclers, regulators). The registry implements tiered access, with professional users authenticating via sector credentials to access their portion of the dataset.
• Integration with PLM, ERP and sustainability systems. The manufacturer-side data flowing into the DPP registry comes from product lifecycle management (PLM), ERP, sustainability-accounting, material-compliance and supplier-data systems. The integration project is usually larger than the tag-selection project and is where most DPP programme effort lands.
• EPCIS alignment: the EPCIS (Electronic Product Code Information Services) standard is a natural fit for the DPP event-log architecture because it already defines a structured event-log model for supply-chain events. Manufacturers already using EPCIS for retailer-mandate compliance are architecturally well-positioned for DPP.

Battery Regulation DPP specifics — the first operational DPP as a template for the regime

The Battery Regulation (EU 2023/1542) is the first operational Digital Product Passport and is a template for the data elements, verification approach and carrier-technology expectations of the broader ESPR regime. The specifics matter both for battery-industry manufacturers facing the February 2027 deadline and for non-battery manufacturers who should read the Battery Regulation implementation as a preview of how their own category's delegated act is likely to be structured.

• Scope: applies to industrial batteries, electric vehicle batteries, light-means-of-transport (LMT) batteries and stationary energy storage batteries above 2 kWh. Portable consumer batteries (AA, AAA, smartphone, laptop) are on a later timeline and are not yet in scope for the February 18, 2027 date.
• Required data elements: the battery passport includes: manufacturer identification, battery category and model, battery chemistry (LFP, NMC, NCA, solid-state), cell count and configuration, rated capacity (kWh and Ah), weight, manufacturing date and place, carbon footprint per kWh (calculated per EU methodology), recycled-content percentage for cobalt/lithium/nickel/lead, state-of-health and state-of-charge during life, expected cycle life, presence of hazardous substances, and end-of-life recycling instructions.
• Unique identifier: each battery unit carries a globally unique identifier encoded as a data carrier on the battery. NFC is the common choice because battery form factors suit tag mounting and consumer/repair-technician tap interaction is a natural access path. QR codes are also permitted but face readability challenges over the battery's multi-year lifecycle under vibration and thermal cycling.
• Durability and access classes. The carrier must remain readable for the full expected battery life (typically 10-15 years for EV batteries, 10-20 years for stationary storage). The regulation sets tag-durability and -readability requirements that effectively exclude printed QR codes from premium implementations; NFC tags mounted in protected housing positions are the practical compliant path.
• Battery management system (BMS) integration. The data elements that change over time (SoC, SoH, cycle count, temperature history) come from the BMS rather than the NFC tag itself. The DPP architecture typically uses the NFC tag as consumer pointer and the BMS+cloud as technical data store, with gateway architectures that propagate BMS readings into the DPP registry on a defined cadence.
• Global Battery Alliance (GBA) pilot. The Global Battery Alliance has run multi-year pilots of the battery passport concept ahead of the regulation, testing registry architectures, data-exchange protocols and stakeholder workflows. GBA-aligned platforms (Circulor, Spherity, Fluree, Minespider) provide sector-specific implementations that manufacturers can adopt rather than building from scratch.
• Data-provenance and attestation. Battery raw-material provenance (cobalt, lithium, nickel origin tracing through the mine-to-pack supply chain) is a distinctive battery-passport requirement with parallels that will likely apply to textiles (cotton origin), electronics (conflict mineral attestation) and other categories. The data-provenance layer uses decentralized identifier (DID) and verifiable credential (VC) standards in several sector-platform implementations.
• Second-life and recycling integration. The battery DPP supports second-life repurposing (grid storage, backup power) and end-of-life recycling with specific data elements transferred between original manufacturer, second-life operator and recycler. The multi-operator, multi-lifecycle-stage data model is the most complex aspect of the battery DPP and is the pattern that other durable-product DPPs will follow as they mature.

DPP registry implementations and emerging service providers — sector platforms, EPCIS alignment and interoperability

The DPP registry layer is where the full lifecycle dataset lives, and a growing ecosystem of registry-platform providers serves specific sectors or general DPP use cases. Manufacturers planning their programme architecture choose among building their own registry, participating in a sector-association platform, or subscribing to a third-party DPP-as-a-service platform. Understanding the platform landscape informs the build-versus-buy decision and the vendor-evaluation process.

• CIRPASS consortium: the EU-funded CIRPASS project (2022-2024) produced foundational work on DPP architecture, data models and interoperability standards that underlies many emerging implementations. The CIRPASS-2 follow-up extends the work into specific sector pilots for electronics, textiles and batteries. Manufacturers reviewing platform vendors should confirm CIRPASS alignment as a baseline interoperability signal.
• Battery sector platforms: Circulor (raw-material provenance, used by Volvo Polestar and others), Spherity (decentralized identity-based battery passport), Fluree (knowledge-graph-based DPP), Minespider (mine-to-end-use tracing) and the Global Battery Alliance's own pilot platform are the leading options for battery manufacturers facing the 2027 deadline. Selection depends on existing supply-chain data-exchange relationships, blockchain-versus-conventional architecture preferences, and sector-ecosystem alignment.
• Textile sector platforms: EON Group (used by H&M, Target and others), Made2Flow, Aware Vector and Circularise offer textile-industry-focused DPP platforms that handle fiber-provenance, material composition and garment-lifecycle tracking. Textile DPP is expected 2027-2029 depending on delegated-act pace, and manufacturers pilot-testing during 2025-2026 materially reduce go-live risk.
• Electronics sector platforms: iPoint-systems (EU compliance and data-management, existing relationships with many electronics OEMs), Siemens SiGREEN (carbon-footprint-focused), SAP Green Ledger and Oracle Fusion Cloud ESG Reporting integrate DPP capabilities into broader sustainability reporting stacks that electronics OEMs already use.
• EPCIS 2.0 alignment — the GS1 EPCIS 2.0 standard is the natural event-log schema for DPP supply-chain events. Manufacturers already using EPCIS for retailer-mandate compliance have architectural alignment with DPP event capture. EPCIS 2.0 explicitly supports Digital Product Passport event categories and provides a JSON-LD format that interoperates with registry platforms implementing the CIRPASS data model.
• EU Data Spaces framework. The EU's sector-specific Data Spaces initiative (Manufacturing Data Space, Circular Economy Data Space) provides the institutional framework for cross-platform DPP interoperability. Registry platforms that implement Data Space connectors provide manufacturers with future-proofed interoperability against the direction the EU institutional framework is moving.
• Blockchain versus conventional architectures. Some DPP platforms use permissioned blockchain (Hyperledger Fabric, Ethereum private chains) for tamper-evident event logging; others use conventional relational or graph databases with cryptographic signatures. Both approaches satisfy the regulation; blockchain offers stronger multi-party audit-trail guarantees but adds operational complexity. The decision often depends on the sector's broader blockchain adoption (high in battery raw-material tracing, lower in most other categories).
• Verifiable credentials and decentralized identifiers. The W3C Verifiable Credentials and DID standards are gaining traction as the data-provenance model for DPP, letting each economic operator sign their contribution to the lifecycle record with cryptographically verifiable attestation. Platforms implementing VC and DID are better positioned for multi-party DPPs (batteries with mine-to-recycler trails, textiles with fiber-to-garment trails) than platforms relying on centralized trust.
• On-premise versus SaaS deployment. Data-sovereignty preferences drive some manufacturers toward on-premise DPP registry deployment; SaaS deployment is operationally simpler and is common for mid-market manufacturers without dedicated platform-operations teams. Hybrid models where the manufacturer operates the primary registry with SaaS-hosted consumer-facing endpoints are also common.
• Platform selection criteria: key evaluation criteria include: CIRPASS alignment, EPCIS 2.0 support, Data Space connector availability, sector-ecosystem relationships, verifiable credential support, integration with manufacturer PLM/ERP, consumer-experience quality (branded NFC-tap landing pages), multi-language support for EU-market rollout, and total cost of ownership over the platform's expected multi-year use. A structured RFQ with 2-4 platform finalists in 2025-2026 pilots is the pattern that well-prepared manufacturers are following.

Pre-2027 programme design — how branded manufacturers get ready

The manufacturers who are furthest along in DPP readiness are not scrambling to meet a 2027 deadline; they are running multi-year programmes that began when the ESPR working plan was published and that continue through the category-specific delegated acts. Understanding the programme design lets operators who are earlier in the journey catch up efficiently rather than duplicating preparation work at the category deadlines.

• Category mapping and scope assessment. The first programme step is mapping the manufacturer's product portfolio against the ESPR working plan, identifying which categories are in scope, when the category-specific delegated act is expected, and what the data-element requirements are likely to be. The output is a multi-year roadmap per product category.
• Data-inventory gap analysis. For each category, the manufacturer inventories the data elements the DPP will require against the data elements currently captured in PLM, ERP, sustainability-accounting and supplier systems. The gap analysis identifies where new data-capture workflows are needed upstream of DPP go-live.
• Carrier-technology selection: the NFC versus QR versus UHF decision is made per category with input from consumer experience, brand protection, supply-chain logistics and retailer-mandate alignment. Dual-technology labels are often selected for categories with parallel retailer UHF mandates.
• Pilot programme: a pilot programme (typically 12-18 months before category go-live) runs a representative SKU through the full tag selection, encoding, registry integration, consumer-interaction and data-provenance workflow. The pilot surfaces integration issues, cost unknowns and organizational gaps in time to resolve them.
• Registry platform selection: the manufacturer selects whether to operate its own DPP registry, participate in a sector-association registry, or use a third-party DPP-as-a-service platform. The selection depends on volume, sector dynamics, data-sovereignty preferences and integration complexity.
• Supplier data-onboarding: upstream suppliers (material suppliers, component suppliers, assembly subcontractors) need to provide the data the manufacturer contributes to the DPP. Supplier data-onboarding is often the longest-tail part of the programme, with supplier systems ranging from mature PLM integration to spreadsheet-based attestation.
• Rollout sequencing: enterprise rollout typically moves from pilot SKU to pilot category to full category to enterprise-wide deployment, with each stage gated on defined technical and organizational readiness measures. The sequencing lets operations scale without the risk profile of a big-bang enterprise cutover.

FAQ