European Commission Confirms Decentralised Architecture for Digital Product Passports
A central registry that doesn't store the data
The European Commission has published a new draft implementing regulation on the Digital Product Passport registry. The signal sent to the market is clear: Europe is moving towards a decentralised architecture, where 'DPP service providers' become a recognised regulatory category in their own right.
According to the draft, the central European registry is not intended to directly host all product data. It will store unique identifiers and references to 'DPP service providers', responsible for maintaining product passports and their associated data.
The European registry will be responsible for:
- •Registering DPPs
- •Generating unique identifiers
- •Maintaining registration proofs
- •Referencing DPP service providers
'DPP service providers' will be responsible for:
- •Hosting passport data and backups
- •Managing integrations with brands and value chain actors
- •Ensuring semantic compliance
- •Managing updates, versions and retention periods
- •Guaranteeing interoperability with the European infrastructure
This approach addresses a central challenge: scaling. Digital Product Passports will need to support millions — then billions — of products. A distributed infrastructure allows greater flexibility, resilience and long-term governance.
'DPP service providers' become a regulatory category
One of the most important points in the text is the official introduction of 'DPP service providers' as a recognised component of the European architecture. This formalises the role of actors capable of operating compliant DPP infrastructures at scale.
The draft mentions potential criteria around:
- •Security — technical and organisational guarantees on product data protection
- •Cloud sovereignty — data residency and governance conditions in line with European law
- •Service reliability — availability, continuity and resilience levels of the operated infrastructure
- •Compliance and auditability — ability to demonstrate semantic compliance and produce verifiable traces
These elements could structure the future landscape of DPP infrastructures in Europe.
The DPP enters an operational phase
The text shifts the DPP topic from a theoretical logic towards very concrete implementation challenges. Among the requirements highlighted:
eIDAS verification
Brands, but also repairers, refurbishers, recyclers and other value chain actors, will need to have eIDAS-compatible verification mechanisms.
Semantic compliance
DPP data will need to be structured according to a European semantic repository to guarantee interoperability between sectors and systems.
Product granularity management
The regulation formalises the relationships between models, batches and individual items. An important challenge for industries with different traceability levels.
Proof of Registration
Each registered DPP will generate an official registration proof including operator identity, timestamp and cryptographic verification.
Versioning and retention
The history of DPPs must remain traceable and accessible over long periods, with retention obligations potentially extending up to 10 years depending on the sector.
Anti-fraud and anti-scraping
The text explicitly mentions the risks of 'massive data download', signalling strong expectations around monitoring, access control and abuse prevention.
A rapidly expanding scope
Beyond ESPR, the draft already references batteries, construction products, toys and detergents. DPPs are progressively becoming a cross-cutting infrastructure for product lifecycle data management.
| Product group | Status in the draft |
|---|---|
| Batteries | Explicitly referenced |
| Construction products | Explicitly referenced |
| Toys | Explicitly referenced |
| Detergents | Explicitly referenced |
| ESPR (general) | Main framework |
What this means for your company
The regulation has not yet been officially adopted and certain details may still evolve. But the direction taken by Europe now appears very clear: build a scalable, interoperable and distributed DPP ecosystem.
For companies preparing their DPP strategy, the topic is no longer theoretical. The infrastructure choices made today will define how product data, traceability, compliance and circular services will work tomorrow.
What this changes for Arianee: Arianee is recognised as a DPP Service Provider within the meaning of the Implementing Regulation Art. 3.f. The decentralised architecture confirmed by this draft corresponds exactly to our model: an open hub that hosts passports, manages brand integrations, ensures semantic compliance and guarantees interoperability with the EU Registry. Our clients will not need to perform any migration.
Take action
Discover how to implement your Digital Product Passport in compliance with European regulations.
Request a demo