What's the difference between a Digital Product Passport and a barcode?

A barcode encodes a product identifier — a GTIN, EAN, or similar. It points at a product but contains no information about it. A DPP is the structured dataset that the QR-code-encoded GS1 Digital Link URI resolves to. The QR is the door; the DPP is the room behind it. The DPP carries dozens to hundreds of mandatory fields covering identity, materials, performance, supply chain, and end-of-life — all per EU regulation.

Which products need a DPP first?

Batteries are the headline first deadline — 18 February 2027 for EV, industrial >2 kWh, and LMT (light means of transport) batteries under EU Reg 2023/1542. Iron & steel and textiles follow in 2027–2029. Construction products, electronics, packaging, tyres, furniture, chemicals, toys, FMCG, and jewellery all roll out progressively from 2026 through ~2031 under ESPR + their category-specific regulations.

Who fills in the DPP — the manufacturer, the importer, or the supplier?

The economic operator placing the product on the EU market — typically the manufacturer (if EU-based) or the importer (if non-EU manufacturer). Suppliers and component vendors are not directly in scope; they are upstream sources for data the operator must publish. About 40–70 % of mandatory DPP fields originate upstream of the economic operator, so supplier engagement is the critical path even though the operator owns the legal obligation.

Does my product need a DPP if I only sell within Bulgaria / Germany / France?

Yes — DPP scope is the EU market, not specific member states. If you place a covered product on any EU-member-state market (including your home market), the obligation applies. The same passport works across all 27 member states; there's no per-country variant.

Is there a transition period if I miss the deadline?

No formal transition period beyond what implementing acts spell out. From the cut-off date for your category, products without a passport cannot legally be placed on the EU market — meaning customs can refuse them, market surveillance can pull them from shelves, and the importer / manufacturer faces administrative and (in serious cases) criminal liability. Stockpiles of pre-deadline product can usually be sold through, but new placements must comply.

What Is a Digital Product Passport? (And What It Isn't)

Q: Is the DPP the same as ESPR / Battery Regulation / PPWR?

No — those regulations create the obligation, the DPP is the data instance the obligation produces. ESPR (Regulation (EU) 2024/1781) is the umbrella; underneath it sit category-specific regulations like the EU Battery Regulation 2023/1542, the Construction Products Regulation 2024/3110, and the PPWR 2025/40. Each adds its own field set + deadline + enforcement; the DPP is the shared output format across all of them.

Q: Is the data inside a DPP public?

Partially. The DPP has three access tiers: public (consumer view, accessible to anyone scanning the QR), restricted (business partners with access tokens), and authority (regulators, recyclers, market surveillance — full access including supply-chain due-diligence evidence). Confidential business information goes in the restricted or authority tiers; consumer-relevant fields (composition, repairability, end-of-life) are public.

If you sell anything physical into the EU, the phrase 'Digital Product Passport' is going to land in your inbox sometime in the next two years. Mostly the explanations you'll get are either too vague (it's basically a QR code) or too jargon-loaded (a structured data instance under Article 9 of Regulation (EU) 2024/1781). This post is the one I wish someone had handed me on day one — what a DPP actually is, what it isn't, and how to know whether you have to care about it.

The plain-language definition

A Digital Product Passport (DPP) is a structured set of data about a specific physical product, accessible to anyone who scans a QR code (or taps an NFC tag) on the product itself. It includes things like what the product is made of, where the materials came from, how energy-efficient it is, how to repair or recycle it, and who's responsible for it on the EU market.

The legal grounding sits in the Ecodesign for Sustainable Products Regulation (ESPR — Regulation (EU) 2024/1781), which entered force in July 2024 and rolls out per product category on a staggered timeline. ESPR is the umbrella; underneath it sit category-specific regulations like the EU Battery Regulation (2023/1542), the Construction Products Regulation (2024/3110), the Packaging and Packaging Waste Regulation (2025/40), and others. Each of these adds its own field set, deadline, and enforcement mechanism — but the data model is shared across all of them, accessed through the same QR code.

Why does the EU mandate one

Three reasons stack on top of each other. First, sustainability: the European Green Deal needs concrete enforcement mechanics, and the DPP is the data layer that makes claims like 'recycled content of 30%' verifiable instead of marketing. Second, circular economy: products that include disassembly instructions, parts availability windows, and material composition can actually be repaired and recycled instead of landfilled. Third, market surveillance: customs officers, market-surveillance authorities, and recyclers all need the same machine-readable data, and asking each of them to maintain a separate database collapses under its own weight. The DPP is the EU's bet on a single shared layer for all three.

Which products need a DPP, and when

ESPR's first delegated acts cover specific categories. Below is the rollout that's been announced or formally scheduled, in the order it lands. Categories not listed here are still in the pipeline — the long-term scope reaches roughly 30 product groups by the end of the decade.

Batteries (EV, industrial >2 kWh, LMT) — Feb 2027 under EU Reg 2023/1542. SLI starter batteries from Aug 2025 (partial).
Iron & steel — 2027–2028 under ESPR + CBAM.
Textiles & footwear — 2028–2029 under ESPR.
Electronics (smartphones, tablets, displays, white goods, servers) — 2028–2029 under ESPR + EPREL.
Construction products — phased from 2026 under EU Reg 2024/3110 (CPR).
Packaging — Aug 2026 (recyclability A/B/C classes) and 2030 (full DPP) under PPWR 2025/40.
Tyres — under EU Reg 2020/740 + ESPR.
Furniture & mattresses — under ESPR + EUDR (timber traceability).
Chemicals (paints, detergents, adhesives) — under ESPR + REACH + CLP.
Toys — under the revised Toy Safety Regulation + ESPR.
FMCG — under ESPR + FIC for food labelling.
Jewellery — under ESPR + RJC + Kimberley Process.

What information actually goes IN a DPP

Field counts vary per category — a battery passport carries 91 mandatory fields, electronics goes up to 166 (because per-product-type extras for smartphones / washing machines / refrigerators / servers stack in the same template), textiles is 61, packaging is 66. But the structure is the same across categories, organised into a few consistent groups:

Identity: GTIN, model number, manufacturer name, batch / serial number — anchors the passport to a specific physical unit.
Materials & composition: substances, recycled content percentages, critical raw materials, hazardous substance disclosures (REACH SVHC, RoHS, POPs).
Performance: energy efficiency, durability test results, expected lifetime, repairability score (where applicable).
Carbon footprint: a PEF (Product Environmental Footprint) declaration covering each lifecycle stage from raw materials to end-of-life.
Supply chain due diligence: country-of-origin disclosures for risk-flagged inputs (cobalt, lithium, conflict minerals, deforestation-risk timber).
End-of-life: removability, dismantling, recyclability classes, sorting / disposal instructions.
Compliance metadata: CE marking reference, conformity-assessment-body details, declaration-of-conformity number.

What a DPP is NOT

Half the confusion in the market comes from people defaulting to a thing they already know — a barcode, an ESG report, a marketing landing page — and squinting until the DPP fits. It usually doesn't. To save you a meeting:

It is NOT a barcode. A barcode encodes a product identifier. A DPP is a structured dataset that the GS1 Digital Link QR code resolves to. The QR is the door; the DPP is the room behind it.
It is NOT a marketing datasheet. The fields are mandated by regulation, formats are prescribed (often per Annex of a specific regulation), and authorities — not your marketing team — define what's accurate.
It is NOT an ESG report. An ESG report is annual, company-level, qualitative-leaning. A DPP is per-product, machine-readable, and updated whenever the underlying product or its supply chain changes.
It is NOT a QR code that links to your product page. Linking the QR to a marketing landing page would render the whole regulation unenforceable. The DPP is hosted at a regulated endpoint with tiered access — public, restricted (partners), and authority (regulators / recyclers).
It is NOT a replacement for your ERP, PIM, or PLM. Those stay your source of truth internally; the DPP is the public-facing structured projection of a slice of that data, kept in sync.
It is NOT the same as France's Triman, the EU Energy Label, or the REACH SVHC list. Those are individual labelling / disclosure schemes, some of which feed INTO the DPP — but the DPP is a wider data instance that subsumes them.
It is NOT optional after the deadline for your category. There's no transition period beyond what the implementing acts spell out — products without a passport cannot legally be placed on the EU market.

Want a concrete example? Here's the 91-field battery passport

Free 26-page PDF: every field of the battery passport with its regulation reference and where to find the value in your supplier docs. The category with the soonest deadline (Feb 2027) and the most concrete data model — useful even if your product is in a different category, since the patterns repeat.

Download the battery guide

Who is responsible for filing it

The economic operator placing the product on the EU market — manufacturer, importer, or authorised representative. Not the cell supplier in Korea, not the contract assembler in Vietnam, not the EU distributor reselling already-passported units. The first party that brings the finished product across the EU border is the legal owner of the passport, accountable for accuracy, completeness, and ongoing maintenance for the product's full lifetime. If you import EV batteries from a non-EU manufacturer, you (the importer) are the economic operator, even though you didn't make the cells.

How is a DPP technically delivered

A QR code on the product (sometimes also an NFC tag) encodes a GS1 Digital Link URI — a structured URL that contains the product's GTIN and serial number. Scanning the code resolves to a regulated host, which serves the structured passport data via three access tiers: public (consumer view), restricted (business partners with tokens), and authority (regulators, recyclers, market surveillance — full access including supply-chain due-diligence evidence). The same passport, three audiences, three different views. The hosting endpoint can be the manufacturer's own infrastructure or a SaaS platform; either way it must remain accessible for the product's full lifetime.

How to know if you're affected — quick check

Three yes/no questions. If you answer yes to all three, you have a DPP project on your hands and the deadline is closer than it feels.

Do you place a physical product on the EU market — meaning you (or your importer) bring it across the border to be sold to an EU customer? Yes / no.
Does that product fall in one of the 12 categories above (or a related one in the ESPR pipeline)? Yes / no.
Is the deadline for your category in the next 24 months? Yes / no.

First steps if it does affect you

Pick the relevant category guide and read the field list end-to-end. The free PDFs above (battery, textile, electronics, packaging) cover the four highest-priority categories. Other categories follow the same shape.
Map every field to a likely source: internal (your QC + product data), supplier-provided (datasheets, SDS, test reports, EPDs), or external (PEF assessor, certification body, public registry).
Flag every field where 'we don't have this data' is the honest answer. Those are your project blockers — they need either a supplier ask or a third-party study, and both take 4–12 weeks.
Decide who owns the passport internally — usually a compliance / regulatory affairs lead, working with R&D and supply-chain. The decision is who's accountable when an authority asks; not who fills in the cells.
Pick a hosting strategy: build vs SaaS. The data layer is regulated; the UI presenting it is your call. Most teams pick SaaS for the first DPP rollout because building a multi-tenant passport host with three access tiers is 6+ months of engineering they don't need to repeat.