A Digital Product Passport (DPP) is a structured digital record of a product's identity, materials, and sustainability and circularity data, published as a web page that anyone can reach by scanning a QR code on the product itself. It comes from EU law and arrives product group by product group, batteries are first, from 18 February 2027.
This page reflects the rules as of 10 July 2026. Regulatory dates are dated and may change, confirm against the current instruments or with qualified advisers.
Strip away the jargon and a Digital Product Passport has three parts. First, a structured data record: a defined set of fields about one product, what it is, what it's made of, its carbon footprint, how to repair or recycle it. The exact fields are set per product group by EU law, not chosen by the manufacturer.
Second, a passport page: the record published on the web, where a customs officer, a repairer or a shopper can read it. Different audiences may see different slices, some fields are public, others restricted to specific roles.
Third, a data carrier: the physical link between the object and its record, in practice a QR code printed on the product, its packaging or its documentation. Scan the code, land on the passport. The carrier travels with the product; the data lives online and can be corrected and updated over the product's life.
The passport is per product, and the required level of granularity depends on the rules for that product group, for batteries it is per individual battery; the European Commission's draft textile specification works at batch level as a minimum.
The legal framework is the Ecodesign for Sustainable Products Regulation (ESPR), Regulation (EU) 2024/1781, in force since July 2024. ESPR creates the Digital Product Passport as a concept and sets its architecture, Articles 9 to 14 cover the passport, its data carrier, unique identifiers and the registry.
Here is the part most summaries get wrong: ESPR by itself does not require any specific product to have a passport. It is a framework. The actual obligations arrive through delegated acts, one per product group, each defining which products are covered, which data fields are mandatory, who may see what, and from what date. No product needs a DPP until the delegated act for its group applies.
The one passport requirement already adopted sits outside ESPR: the battery passport, written directly into the EU Batteries Regulation, Regulation (EU) 2023/1542 (Article 77). It applies from 18 February 2027 to electric-vehicle batteries, light-means-of-transport batteries (e-bikes, scooters), and industrial batteries with a capacity above 2 kWh placed on the EU market from that date.
As of July 2026, the honest status per product group is one of three:
Adopted, the rule is law. Batteries (Regulation (EU) 2023/1542): passport mandatory from 18 February 2027 for the categories above. A supporting delegated act detailing the passport's data content and access rights is due from the Commission by 18 August 2026 and had not been adopted as of early July 2026.
Expected, named in the Commission's first ESPR working plan (COM(2025) 187, adopted April 2025) but with no adopted act yet. The plan's priority product groups include iron & steel (delegated act indicatively 2026), textiles and apparel, tyres and aluminium (indicatively 2027), then furniture and mattresses. Compliance typically follows adoption by around 18 months, so the first ESPR-based passports are realistically a 2027–2028 obligation. Note what is not on the first list: consumer electronics is not among the first working plan's priority groups.
Voluntary, everything else. A clothing brand can publish product passports today, and many do for transparency and customer trust, but as of July 2026 that is a voluntary passport, not legal compliance, the textile delegated act is still a draft-stage exercise (the Commission's Joint Research Centre published a draft textile data specification in May 2026 with roughly 49 data points across four categories, a draft, subject to change).
There is no single date by which "all products need a DPP". Anyone telling you otherwise is compressing an act-by-act rollout into a headline.
The battery passport is the concrete template, because its data requirements are already law (Annex XIII of Regulation (EU) 2023/1542). Its fields group into: identity (manufacturer, model, serial or batch identifiers, manufacturing place and date), technical and performance data (capacity, expected lifetime, state of health for the individual battery), carbon footprint and materials (a lifecycle carbon-footprint declaration, recycled-content shares for cobalt, lithium, nickel and lead, hazardous substances), circularity and safety (dismantling and repair information, safety measures) and compliance (test results, due-diligence report references).
Access is tiered. Some fields are public to anyone who scans the code; others are reserved for people with a legitimate interest, repairers, recyclers, market surveillance authorities. The precise access-rights rules for batteries are part of the delegated act due by 18 August 2026, so the exact split was still being finalised as of July 2026.
ESPR-based passports for other product groups will follow the same logic, a defined data set with role-based access, but each group's fields are set by its own delegated act. The JRC's draft textile specification gives a preview of the direction for apparel: fibre composition, recycled content, presence of substances of concern, repairability and care information.
The data carrier is the machine-readable link on the product, ESPR permits QR codes and similar carriers, and in practice the QR code is the default. It must remain readable for the product's expected lifetime, which is why it goes on the product or its permanent labelling rather than a swing tag alone.
The URL inside that QR code is where GS1 Digital Link comes in. Rather than an arbitrary web address, a GS1 Digital Link URL embeds the product's global trade item number in a standard path, https://id.example.com/01/{GTIN}, so the same scan works for a shopper's phone, a retailer's till and a recycler's system, and the identifier is globally unique. It is the emerging standard for DPP identifiers and the sensible default for anyone building passports now.
The EU DPP Registry is a central register run by the European Commission, it stores the unique identifiers of passports (not the full product data, which stays with the manufacturer or its provider) so authorities and customs can verify that a passport exists. ESPR Article 13 required the Commission to establish the registry by 19 July 2026; the supporting delegated act covering registry operation, data carriers and certification of DPP service providers is expected in late 2026. Until those rules and their technical standards land, no provider can truthfully claim registry integration or certified-service-provider status. ESPR also requires a backup copy of the passport to be available through an independent service provider, so passports survive a manufacturer's insolvency.
The obligation falls on the economic operator placing the product on the EU market. For EU manufacturers, that is the manufacturer. For products made outside the EU, it is the importer, the passport obligation does not stop at the EU border, and a brand cannot assume its overseas supplier will handle it. Brand owners selling under their own name carry manufacturer obligations even when production is outsourced.
Practically, that means the responsible party has to assemble data it usually does not hold in one place: material composition sits with suppliers, carbon-footprint numbers with sustainability teams or consultants, technical specs in engineering systems. Most of the real work of a DPP is not publishing the page, it is collecting and maintaining accurate data from a supply chain, and being able to show when each value was added and changed.
Waiting for final rules is legitimate; starting from zero the month they apply is not, because the data-collection work has a long lead time. Sensible preparation, in order:
Get identifiers in order. Ensure products carry GTINs (or an equivalent unique identifier scheme) and adopt GS1 Digital Link URLs, so the QR codes you print now stay valid as rules firm up.
Start collecting the data. Use the adopted battery annex or the draft textile specification for your sector as the working field list, and set up a routine for requesting data from suppliers, chasing composition and origin data is the slowest part of any passport programme.
Publish voluntary passports. A voluntary passport built on the current draft structure gives you the workflow, exposes your data gaps early, and is honest to describe as transparency rather than compliance. This is the approach Passfolia is built for: hosted passport pages with GS1 Digital Link QR codes, versioned records so you can show what changed and when, and supplier data requests via a shareable link, a compliance-ready structure, aligned to adopted rules where they exist and tracked where they don't.
Track your product group's act. Delegated-act timelines move. Whatever you build should record which version of which rule it was built against.
No. The 2027 date applies only to batteries, EV, light-transport and industrial batteries above 2 kWh, from 18 February 2027 under Regulation (EU) 2023/1542. Every other product group gets its own delegated act with its own date; the first ESPR-based acts are expected from 2026–2027, with compliance typically about 18 months after adoption. There is no blanket deadline.
The QR code is only the data carrier, the doorway. The passport itself is the structured data record behind it: a defined set of fields about the product's identity, materials and circularity, published as a page with access rules, kept accurate over the product's life. Printing a code is the easy part; assembling and maintaining the data is the actual work.
Yes, and it is often worth doing, but call it what it is. As of July 2026, a passport for, say, apparel is a voluntary transparency passport, since the textile delegated act is not yet adopted. Building one against the current draft specification gets your identifiers, supplier data collection and publishing workflow working before the mandatory version arrives.
It depends on the field and the reader. Some data is public to anyone who scans the code; other data is restricted to roles with a legitimate need, repairers, recyclers, market surveillance authorities. For batteries, the exact access-rights split is set in a delegated act due by 18 August 2026, so as of July 2026 the final rules were still pending.
Yes, if you place them on the EU market. Under ESPR and the Batteries Regulation, the obligation sits with the economic operator placing the product on the market, for imported goods, that is the importer, and brand owners selling under their own name carry manufacturer obligations even with outsourced production.
The passport is the product's data record, hosted by the manufacturer or its service provider. The registry is a central EU system, required under ESPR Article 13 by 19 July 2026, that stores each passport's unique identifier so authorities and customs can verify a passport exists. It does not hold the full product data, and the detailed rules for connecting to it are expected in a delegated act in late 2026.
Publish a passport today, free for your first three products, full schema, real QR codes.
Start free