Passfolia

How to Collect Supplier Data for a Digital Product Passport

Most of what goes into a Digital Product Passport, fibre or cell composition, recycled content, carbon footprint, substances of concern, facility identifiers, does not live in your systems. It lives with your suppliers, often two or three tiers up, and collecting it reliably takes months. That lead time, not the passport page itself, is the real project.

This page reflects the rules as of 10 July 2026. Regulatory dates are dated and may change, confirm against the current instruments or with qualified advisers.

The passport page is the easy part

A Digital Product Passport, as framed by the Ecodesign for Sustainable Products Regulation (Regulation (EU) 2024/1781), is at heart a structured public record about a product, reachable through a data carrier such as a QR code. Building that page, the hosting, the QR, the data structure, is a solved technical problem. It is the part a software vendor can genuinely take off your plate.

What no vendor can do for you is know your product. Look at the adopted battery passport annex or the draft textile specification and count the fields your own ERP can actually answer: product name, model, dimensions, your own company identifiers. It is a minority. The rest describes materials, processes and facilities that belong to other companies.

That is why the sensible way to think about a DPP project is not "build a passport" but "build a supply of accurate data, then present it." The presentation layer takes days. The data supply takes a season or more, and it is the part where starting early actually pays.

Which fields come from suppliers, and which you already have

The pattern is consistent across the two most concrete specifications that exist as of July 2026. For batteries, Annex XIII of Regulation (EU) 2023/1542 groups passport data into identity, technical and performance, carbon footprint and materials, circularity and safety, and compliance. For textiles, the JRC's May 2026 draft specification (a draft, not law) proposes around 49 data points across product identification, producer identification, product information, and compliance documentation.

Typically in-house: product identity (GTIN, model and batch identifiers, customs codes), your own legal-entity and importer details, technical characteristics you specify and test, care instructions, warranty terms, and your declarations of conformity.

Typically from suppliers: material and chemical composition (fibre content, cell chemistry), recycled content percentages and the evidence behind them (the Batteries Regulation's recycled-content rules under Article 8 cover cobalt, lithium, nickel and lead specifically), substances of concern with names and concentrations, carbon-footprint contributions from upstream processing, and facility identifiers such as GLN or EORI for the sites where key steps happened. The JRC textile draft puts facility identifiers and recycled-content data at batch level, which means suppliers must report them per production run, not once per product.

A useful first exercise: take the field list for your product group, mark each field H (in-house) or S (supplier), and note which supplier and which tier for every S. That one-page map is the honest scope of your project.

Why tier-2 and tier-3 data is the long pole

Your tier-1 supplier, the mill, the assembler, the cell maker, often does not hold the data either. Recycled content originates with the fibre or material producer at tier 2 or 3. Substance-of-concern data sits with chemical formulators. Facility identifiers belong to sites you may have no contract with and no leverage over. Every tier adds a request, a wait, a translation, and a chance the answer comes back incomplete.

This is why the delegated-act timelines are less generous than they look. The battery passport applies from 18 February 2027 under Regulation (EU) 2023/1542, with the delegated act on data content and access rights due from the Commission by 18 August 2026, roughly six months between the final rules and the hard deadline. A textile delegated act is expected in the late 2026 to 2027 window per the Commission's first ESPR working plan (COM(2025) 187), and delegated acts under ESPR generally allow a transition period after adoption. But a transition period is only usable if your suppliers can already answer the questions when it starts. If you begin mapping and requesting only when the act is adopted, you spend the transition period discovering which suppliers cannot answer, with no time left to fix it.

Starting before the clock starts is the whole point. The field lists are already visible, adopted in the battery annex, drafted by the JRC for textiles, so the requests you would send in 2027 can be sent now, against a known-imperfect but substantially stable list.

A practical workflow: map, request, chase, verify, version

Map. Turn the relevant annex or draft into a concrete field list for one real product. Mark each field's source: your systems, tier-1, or deeper. Flag the fields that need evidence rather than a bare number (recycled content and carbon footprint usually do).

Request, in a structured format. Send each supplier the specific fields you need from them, with the units, the granularity (per model or per batch), and the format defined up front. A form with typed fields beats a spreadsheet, which beats a Word template, which beats an open-ended email. Whatever you use, the goal is that the answer arrives ready to store, not ready to re-type.

Chase. Plan for silence. First requests to suppliers who have never been asked for this data get partial answers or none; response rates improve with a named contact, a stated deadline, and a reason. Track per supplier, per field; "80% of suppliers responded" hides the fact that nobody answered the recycled-content question.

Verify. Sanity-check what comes back: percentages that sum past 100, recycled content claimed without a certificate, a carbon figure with no methodology, a facility identifier that doesn't resolve. Where the rules require evidence, file the evidence alongside the value.

Confirm status and version. Record who supplied each value, when, and on what basis. When a supplier updates a figure, new batch, new certificate, corrected number, keep the old value in the record's history rather than overwriting it. A passport is a public claim; you want to be able to show what you said, when, and why.

The pitfalls that eat the schedule

Data trapped in PDFs and inboxes. The default supply-chain answer to any data request is an emailed PDF, a test report, a mill certificate, a scanned declaration. Every PDF means someone re-types values into your system, which adds errors and makes updates invisible. If your collection process is an inbox, your error rate is your re-typing rate.

No agreed structure. Ask ten suppliers for "fibre composition" without a schema and you get ten formats. Define the structure in the request, or you will spend the project normalising answers instead of collecting them.

Self-declaration where evidence is required. A supplier saying "30% recycled" is a claim, not data. Recycled-content and carbon-footprint figures in regulated passports need a stated basis, a certificate, a chain-of-custody scheme, a calculation to a defined methodology. (For batteries, carbon-footprint declarations under Regulation (EU) 2023/1542 phase in ahead of the passport itself, with methodologies set in delegated acts.) Collect the evidence with the value, first time; going back for it later doubles the chase.

One-and-done collection. Suppliers change materials, sites and certifications. Batch-level fields, by definition, change per batch. Treat collection as a recurring cycle with review dates, not a launch task.

Making it a workflow instead of an email thread

The failure mode in all of the above is the same: unstructured requests, answered unstructured, tracked by memory. The fix is to give each supplier a direct, structured way to answer that lands the data in the passport record without an intermediary inbox.

This is how Passfolia handles it: for any passport field that needs a supplier's input, you generate a shareable tokenised link and send it to that supplier. The link opens a form scoped to exactly the fields you need from them, typed, with the units and granularity fixed, and the supplier completes it directly, no account required. Their answers flow into the product's passport record as a new version, attributed to them and timestamped, so the audit trail shows who provided what and when. Outstanding requests are visible per supplier and per field, which turns "chase" from an inbox archaeology exercise into a list.

None of this makes the underlying work disappear; suppliers still have to find their numbers and their certificates, and you still have to verify them. What it removes is the re-typing, the format chaos, and the lost thread. On a project whose real constraint is lead time across multiple companies, that is the difference between a season and a year. And because passports built this way are versioned and structured against the adopted or draft field lists, you get compliance-ready structure, aligned to adopted rules where they exist, tracked where they don't.

Key facts

  • The DPP framework is Regulation (EU) 2024/1781 (ESPR); passport obligations arrive product group by product group via delegated acts, not all at once , ESPR, Chapter III
  • The battery passport applies from 18 February 2027 to LMT, EV and industrial batteries over 2 kWh , Regulation (EU) 2023/1542, Article 77
  • The delegated act detailing battery-passport data access and management is due from the Commission by 18 August 2026 , Regulation (EU) 2023/1542 (status as of July 2026)
  • Battery passport data content follows Annex XIII: identity, technical/performance, carbon footprint and materials, circularity/safety, compliance , Regulation (EU) 2023/1542, Annex XIII
  • Recycled-content rules for batteries specifically cover cobalt, lithium, nickel and lead , Regulation (EU) 2023/1542, Article 8
  • The JRC's May 2026 draft textile DPP specification proposes ~49 data points in 4 categories, with facility identifiers and recycled content at batch level , JRC draft, not adopted law
  • Textiles and iron & steel are priority groups in the first ESPR working plan; a textile delegated act is expected late 2026 to 2027 , COM(2025) 187 (as of July 2026)
  • Facility identifiers in the JRC textile draft use existing schemes such as GLN and EORI , JRC textile DPP draft, May 2026

Frequently asked questions

My delegated act isn't adopted yet, why collect supplier data now?

Because the collection takes longer than the transition period. The field lists are already substantially visible, adopted for batteries in Annex XIII of Regulation (EU) 2023/1542, drafted by the JRC for textiles, and the slow part is getting tier-2 and tier-3 suppliers to answer reliably, which routinely takes months per supplier relationship. Starting now means you spend the eventual transition period fixing gaps instead of discovering them.

Which passport fields will my suppliers have to provide?

Usually the material ones: composition (fibres, chemistries), recycled-content percentages with supporting evidence, substances of concern and their concentrations, upstream carbon-footprint data, and identifiers for the facilities where key production steps happened. Product identity, your own company details, technical specs you set yourself, and your conformity documents are typically in-house. The exact split depends on your product group's annex or draft; map it field by field.

What if a supplier just emails me a PDF certificate?

Keep the PDF, it is evidence, but do not treat it as the data. Extract the values into your structured record, link the PDF as the supporting document, and note the date and source. Better, change the request format so the next answer arrives structured: a scoped form the supplier fills in directly costs them no more effort than composing the email did.

Is a supplier's self-declared "30% recycled" figure enough?

Treat it as a starting claim. For regulated passports, recycled-content and carbon figures need a stated basis, a certificate, a chain-of-custody scheme, or a calculation to a defined methodology (for batteries, methodologies come via delegated acts under Regulation (EU) 2023/1542). Ask for the evidence in the same request as the number, and store them together.

How far up the chain do I realistically need to go?

As far up as the data originates. Recycled content starts with the material producer, substance data with the chemical formulator, facility identifiers with each site that performed a key step, often tier 2 or 3, where you may have no direct contract. In practice you route those requests through your tier-1 supplier or approach the upstream party directly; either way, each extra tier adds weeks, which is the core argument for starting early.

Does collecting all this data make my product compliant?

No, and be wary of anyone who says otherwise. Compliance for a given product group exists only once its delegated act is adopted and its requirements are met in full; for most groups the acts are still pending as of July 2026, so a textile passport today is voluntary transparency. What early collection gives you is the data foundation those acts will draw on: compliance-ready structure, aligned to adopted rules where they exist, tracked where they don't.

Sources
  • Regulation (EU) 2024/1781 (Ecodesign for Sustainable Products Regulation), DPP framework, Chapter III
  • Regulation (EU) 2023/1542 (EU Batteries Regulation), Articles 7, 8, 77 and Annex XIII
  • COM(2025) 187, first ESPR working plan (priority product groups incl. textiles, iron & steel)
  • JRC draft textile DPP data specification, May 2026 (draft, subject to change)
  • European Commission, Batteries Regulation secondary-legislation timeline (delegated act on passport data content/access due 18 August 2026)

Get ahead of your product's passport.

Publish a passport today, free for your first three products, full schema, real QR codes.

Start free