Digital Product Passport Requirements: What You Must Comply With
What the regulation actually defines
The Digital Product Passport is defined in Article 2 of the ESPR, Regulation (EU) 2024/1781 as a set of product-specific data, accessible electronically through a data carrier (QR code, NFC, watermark). It follows the product across its entire life cycle: manufacturing, distribution, use, repair, resale, recycling.
New to the topic? Start with our primer: What is a Digital Product Passport? This article goes deeper: technical workings, legal responsibilities and concrete compliance requirements.
How a DPP works technically
1. The unique identifier
Every passport is linked to a Unique Product Identifier (UPI). Granularity differs by sector:
- •Model level: one passport shared by all units of a reference
- •Batch level: one passport per production batch
- •Item level: one passport per individual unit — mandatory for batteries
Item-level at scale is not a theoretical problem: the 3.4 million passports Arianee operates are individual passports, created automatically.
2. The data carrier
The identifier is physically carried by the product via a QR code, an NFC chip or a digital watermark, and must remain readable for the product's entire lifetime. For our home-appliance clients, this marking is integrated directly in the factory at production time — including in China: every product leaves the line with its passport already active. The difference between the carrier and the passport is covered in DPP vs QR code vs label.
3. Hosting and the EU registry
Passport data is hosted by the economic operator or its DPP service provider. The European Commission is building a central registry (Article 13 ESPR) that stores identifiers and references service providers — without hosting the data itself. We analysed this decentralised architecture in our breakdown of the EU DPP registry. Arianee is a recognised DPP service provider under the implementing regulation (Art. 3.f): hosting, brand integrations and registry interoperability are our job — no migration needed for our clients.
4. Differentiated access rights
Not all data is public. The Commission's methodology defines access tiers: consumers, professional repairers, recyclers, upstream suppliers and authorities each see different fields. This is the architecture Arianee has operated since 2018: an immutable Core DPP, a cryptographically signed event log and role-based access rights.
Who is responsible for what?
| Actor | Main obligation |
|---|---|
| EU manufacturer | Create and maintain the DPP before placing on the market |
| Importer | Guarantee the existence and accuracy of the DPP for imported products |
| Distributor | Verify the DPP is present and accessible to customers |
| Marketplace | Ensure listed products are compliant |
| Repairer / recycler | Consult and, where applicable, enrich the passport |
Requirements by sector
The ESPR is a framework: precise obligations arrive through sector-specific delegated acts. Where things stand:
- •Batteries: first regulated sector, via the dedicated Regulation 2023/1542 — passport mandatory in February 2027 for batteries above 2 kWh. Details in Battery passport requirements 2027
- •Textiles & footwear: delegated act expected in 2027
- •Iron & steel: ESPR pilot sector from 2026
- •Electronics, furniture: 2027–2028
- •WEEE and the French AGEC law already impose related information duties — see Which regulations require a Digital Product Passport?
What data must be collected?
Requirements vary by category, but the Commission consistently classifies data into three tiers: essential (mandatory), strongly recommended and voluntary. The recurring families: identification, composition and substances, durability and repairability, environmental footprint, end-of-life. The field-by-field breakdown: What data goes into a Digital Product Passport?
Penalties for non-compliance
Penalties are set by each Member State, but the ESPR requires them to be "effective, proportionate and dissuasive". In practice, a product without a valid DPP can be barred from the EU market, withdrawn from sale or blocked at customs — the commercial risk far outweighs the fines.
Where to start
- 01.Map your affected products and their regulatory deadlines
- 02.Audit the data available in your systems (PIM, ERP, PLM) and across your suppliers
- 03.Choose an infrastructure that handles identifiers, hosting, access rights and interoperability with the EU registry
- 04.Pilot on one product line before scaling
Arianee operates more than 3.4 million passports in production and is a recognised DPP service provider under the implementing regulation. Discover the platform or request a demo.
Take action
Discover how to implement your Digital Product Passport in compliance with European regulations.
Request a demo