Digital Product Passport (2026)

EU ESPR Regulation 2024/1781 — the regulatory backbone

For most of industrial history, a physical product told you almost nothing about itself — a care label, a barcode, and a country of origin stamped somewhere unhelpful. The EU has decided that era is over: soon every item placed on its market will carry a digital dossier that travels with it from raw material to recycling bin, and everything below is the work of giving ordinary products that second, digital identity. The Ecodesign for Sustainable Products Regulation (ESPR), formally Regulation (EU) 2024/1781, was adopted in June 2024 as the legal backbone for the Digital Product Passport. ESPR replaces and significantly expands the 2009 Ecodesign Directive, covering almost any physical product placed on the EU market.

**Phased rollout timeline.** ESPR enforcement is phased through delegated acts per product category. The textile delegated act is expected adoption late 2026 / Q2 2027; an 18-month transition window means enforcement starts 2028. Battery Regulation 2023/1542 (adopted earlier but related) mandates Battery Passport from February 2027 for batteries above 2 kWh. Subsequent delegated acts cover footwear, furniture, tires, mattresses, electronics, steel + aluminum and other categories on a multi-year cadence through 2033.

**Three-phase compliance.** Phase 1 — minimal compliance (2027 textile / 2028 enforcement) requires basic product identification, material composition, care instructions and recyclability. Phase 2 — advanced compliance (2030) adds chain-of-custody, recycled-content attestation, sustainability certifications. Phase 3 — full circular-economy compliance (2033) adds take-back, repair, resale provenance, second-hand transfer flow.

**18-category JRC priority list.** The Joint Research Centre published the priority categories for DPP rollout in November 2024: textiles, footwear, furniture, tires, mattresses, electronics, ICT equipment, white goods, batteries, steel + aluminum, chemicals, construction products, packaging, motor vehicles, agriculture / food / beverage products, others. Categories not on the priority list will be added through subsequent delegated acts.

**Carrier requirement** — ESPR requires each product to have a unique digital identifier accessible via NFC tap or QR scan that resolves to category-specific data. GS1 Digital Link URL syntax is the EU-preferred carrier; vendor-proprietary URL schemes risk retrofit cost when ESPR delegated acts harden.

EU Battery Regulation 2023/1542 — Battery Passport first to enforce

Battery Regulation 2023/1542 entered force August 2023 and mandates a Battery Passport from 18 February 2027 for batteries above 2 kWh — electric vehicles, e-bikes, industrial batteries, large consumer electronics. The Battery Passport is the first ESPR-aligned DPP to reach mandatory enforcement; design patterns established here propagate to subsequent textile / footwear / other category DPPs.

• **Scope** — batteries above 2 kWh placed on EU market from February 2027. Covers electric-vehicle batteries (LFP, NMC, etc.), e-bike + scooter batteries, industrial batteries, large stationary storage (residential solar), and certain large consumer-electronics batteries.
• **Data scope** — battery chemistry, manufacturer + manufacture location, raw-material origin (lithium, cobalt, nickel, manganese — links to OECD Due Diligence Guidance), recycled-content percentage, carbon footprint per kWh, performance + durability, state-of-health monitoring data, end-of-life recycling instructions.
• **Carrier** — QR code + GS1 Digital Link URL is mandatory; NFC carrier is optional supplement. Manufacturers can deploy NFC tags alongside the mandatory QR for consumer-facing additional engagement.
• **Battery Pass Consortium guidance** — the EU-funded Battery Pass project (thebatterypass.eu) published reference data model + content guidance ahead of regulation enforcement. Reference architecture aligns with CIRPASS-2.
• **Implementation reality** — major battery manufacturers (CATL, BYD, LG Energy Solution, Samsung SDI, Tesla) are in deployment-build phase in 2026. Their Battery Passport implementations set de facto industry patterns that subsequent ESPR delegated acts likely codify.
• **Connection to ESPR** — Battery Regulation 2023/1542 predates ESPR but aligns with the ESPR data-element approach. Brands implementing Battery Passport gain head-start operational learning for textile / electronics DPP rollouts.

GS1 Digital Link URL syntax — the DPP carrier preferred by the EU

EU ESPR doesn't dictate a specific URL syntax, but converges on GS1 Digital Link as the carrier preference. Procurement teams designing DPP URL schemes should adopt GS1 Digital Link from day one to avoid retrofitting later when ESPR delegated acts harden.

• **Canonical URL pattern** — `https://brand.com/01/{GTIN}/21/{serial}`. The `/01/` segment holds the GTIN (Global Trade Item Number); `/21/` holds the unique serial number. Optional segments (`/10/{batch}`, `/17/{expiry}`) add lot and expiry context.
• **Same URL, multiple carriers** — the GS1 Digital Link URL works as: (a) a 2D QR code (GS1 Sunrise 2027 transition); (b) an NFC NDEF record; (c) manual browser entry. Single URL covers physical-layer + visual-layer + manual access.
• **Resolver architecture** — GS1's reference architecture defines a resolver service that takes the Digital Link URL and returns category-specific responses (product info, DPP, after-sales, recall info). Brands route any URL segment to any back-end service.
• **EU alignment** — NXP, STMicroelectronics, NFC Forum, GS1 have all aligned product NFC URL templates with GS1 Digital Link patterns. The combination of NTAG 213 / 424 DNA SUN signing + GS1 Digital Link URL syntax is the proven dual-purpose stack.
• **Multi-region compliance** — same URL works for EU DPP, planned UK textile labelling, US state-level requirements (California SB 707 textile labelling), Japan / Korea market requirements. Single chip + single URL covers multi-region compliance.
• **Sunrise 2027** — global GS1 industry-coordinated transition to 2D barcodes by December 2027. By that date, most consumer-product barcodes will carry a GS1 Digital Link URL, providing the visual-layer carrier alongside the NFC physical-layer carrier.

CIRPASS-2 reference architecture — interoperability foundation

CIRPASS-2 (Collaborative Initiative for a Reference Open-source DPP Architecture, Stage 2) is the EU-funded reference architecture project for DPP interoperability. Procurement teams should plan implementation against the CIRPASS-2 data model and resolver pattern rather than vendor-proprietary stacks — minimises retrofit cost when ESPR delegated acts harden.

• **CIRPASS-2 scope** — EU Horizon Europe funded project; consortium of 30+ industry + research partners; covers reference data model, resolver specification, governance framework, federated DPP architecture.
• **Data model** — defines DPP data-element categories: manufacturer, product origin, material composition + recycled content, carbon footprint, repair / take-back, end-of-life recyclability, chain-of-custody, sustainability certifications, performance + durability. Each category has standardised fields aligned with ISO / IEC standards.
• **Resolver pattern** — federated architecture where the carrier URL resolves to the manufacturer's resolver service, which then provides category-specific data. No single centralised DPP database; brands retain data sovereignty.
• **Governance** — CIRPASS-2 provides reference governance framework for cross-brand data access, regulator inspection workflow, consumer-rights mechanism (right-to-data-portability under GDPR).
• **Vendor-proprietary risk** — DPP vendors offering proprietary URL schemes or proprietary data models create retrofit risk when ESPR delegated acts publish. The pragmatic procurement choice is CIRPASS-2-aligned vendors (Authena, atma.io, Scantrust, Qliktag have all aligned roadmaps).
• **JRC priority alignment** — CIRPASS-2 work covers the 18 JRC priority categories; reference architecture is designed to extend to additional categories as delegated acts publish.

Chip selection — NTAG 213 vs 213 TagTamper vs 424 DNA SUN

Chip selection for DPP carriers depends on the trust + tamper-evidence requirement of the data layer. For general-information DPP carriers (textile composition, care instructions, recyclability) NTAG 213 is sufficient. For anti-counterfeit-grade DPP carriers (luxury, pharma, electronics where authentication matters as much as data access) NTAG 424 DNA SUN provides cryptographic authentication.

• **NTAG 213 (NXP MF0ICU2, 144 B)** — general-information DPP carrier. Chip UID + URL only; no cryptographic authentication. Use case: textile / apparel / footwear DPP where consumer-tap-to-information is the primary value. Cost: $0.05–0.15 per chip; $0.20–0.50 per printed inlay.
• **NTAG 213 TagTamper** — adds tamper-evident wire-loop detection. Use case: packaging-tampering detection for pharma, cosmetics, supplements. Cost: $0.10–0.18 per chip.
• **NTAG 424 DNA SUN (NXP NT4H2421Gx)** — AES-128 CMAC per-tap unique URL signing. Server-side validation detects clones in real time. Use case: luxury, electronics, pharma, alcohol, automotive parts where authentication matters as much as DPP data. Cost: $0.20–0.50 per chip.
• **NTAG 424 DNA TT** — NTAG 424 DNA with tamper-detection wire-loop. Combines AES-CMAC authentication with tamper-evident detection. Cost: $0.30–0.55 per chip.
• **STMicroelectronics ST25TV02KC** — alternative supplier with AES-128 SUN-equivalent authentication; useful for brands wanting supply-chain diversification.
• **Hybrid programme** — many brands deploy NTAG 213 across the bulk of SKUs (textile DPP general-information carrier) + NTAG 424 DNA SUN on higher-trust SKUs (luxury / premium / regulated). The chip layer follows the trust requirement, not the brand-tier hierarchy.

Data scope — 18 DPP data element categories

The CIRPASS-2 reference data model defines 18 DPP data-element categories. Each category has standardised fields; specific ESPR delegated acts will dictate which categories are mandatory per product type.

• **Mandatory vs optional** — ESPR delegated acts dictate which of the 18 categories are mandatory per product type. Textile delegated act expected to mandate: manufacturer, origin, material composition, recycled content, care, sustainability certifications, end-of-life.
• **Data source integration** — DPP resolver typically reads from: PLM (Centric, Bamboo Rose, PTC FlexPLM) for material + product spec; ERP (SAP S/4HANA, Oracle Cloud) for manufacturer + origin; SCM (Coupa, JAGGAER, Blue Yonder) for chain-of-custody; sustainability platform (Higg Index, EcoVadis, Sphera) for cert + carbon-footprint data.
• **Versioning** — DPP data changes over product lifetime (recall flag, ownership transfer, repair history). Resolver returns current state; immutable audit log retained server-side for regulator inspection.
• **Data residency + GDPR** — DPP includes consumer-side personal data (ownership transfer, repair history) which falls under GDPR. Resolver architecture must support GDPR data-subject rights (access, portability, erasure).

Implementation roadmap — pilot to multi-category rollout

DPP implementation typically follows a five-phase roadmap, and the schedule punishes haste and delay with equal enthusiasm. Skip phases and you repay it later in retrofit cost; linger too long in the early ones and the ESPR enforcement calendar arrives without you. The phases below are sequenced so each one earns the right to begin the next.

• **Phase 1 (Q1–Q3 2026) — pilot SKU + vendor selection.** Pick 1–5 hero SKUs from the highest-priority ESPR category for the brand. Validate carrier (NFC + QR), chip selection, URL syntax (GS1 Digital Link), resolver architecture (CIRPASS-2-aligned), backend integration (PLM + ERP + sustainability data feeds). 1,000–10,000 unit pilot batch.
• **Phase 2 (Q4 2026 / Q1 2027) — vendor + architecture finalisation.** Lock in chip vendor (NXP NTAG 213 / 424 DNA baseline), tag converter (Smartrac/Avery Dennison, Identiv, Checkpoint), DPP platform (CIRPASS-2-aligned: Authena, Scantrust, atma.io, Qliktag), backend integration. Sign multi-year contracts.
• **Phase 3 (2027) — category rollout.** Extend to a full product category (all textile / footwear / electronics SKUs). 100,000+ unit volume. Validate carrier + URL + backend at scale. EU DPP textile delegated act adoption; 18-month transition window begins.
• **Phase 4 (2028) — multi-category rollout + minimal-compliance enforcement.** Extend to additional ESPR categories. EU DPP textile minimal-compliance enforcement live. Each new SKU shipping into EU market has DPP-compliant carrier.
• **Phase 5 (2030+) — advanced compliance + circular-economy.** Add chain-of-custody data, recycled-content attestation, take-back / repair flow, second-hand transfer flow. 2033: full circular-economy compliance with end-of-life take-back integration.

Carrier cost economics — chip + label + backend at category scale

DPP at category scale (millions of SKUs) has three cost drivers: chip + tag, backend resolver + analytics, and sustainability + compliance data acquisition. There is a dependable irony in the budget — the chip, the line item that always attracts the hardest bargaining, is the smallest of the three at high volume. What moves the total is the resolver you run and the sustainability data you have to go and collect, not the margin you squeezed out of each tag.

• **Per-unit chip economics** — at 10M unit annual volume + $0.10 per chip = $1M / year chip cost. Backend resolver SaaS at $0.10 per item per year = $1M / year. Total annual cost ~$2–5M for the chip + resolver layer; this is the order-of-magnitude figure for category-scale rollouts.
• **Scale economies** — chip cost drops 30–50% from 100k MOQ to 1M MOQ; another 20–30% from 1M to 10M. Backend resolver fixed costs amortise more favourably at higher item-count.
• **First-party vs SaaS** — at >5M annual item volume, first-party server build often pays back within 18–24 months vs SaaS subscription. Below 5M, SaaS time-to-market advantage usually wins.

FAQ