When a manufacturer starts assembling a Digital Product Passport, the instinct is to ask the tier-1 supplier — the company that actually shipped the part — to "send a declaration." A signed letter on letterhead, a filled-in template, a self-declaration of conformity. It feels like the data is now in hand. For a Digital Product Passport it usually isn't, and treating a tier-1 declaration as the answer is one of the most common ways a DPP project quietly ships non-compliant data. Here's why a direct-supplier declaration falls short of what the passport actually needs, and what closes the gap.
What a tier-1 declaration actually is
A tier-1 supplier is your direct supplier — the one you have a contract and a PO with. A declaration from them is an assertion: "this component contains X% recycled content," "this material is REACH-compliant," "no SVHCs above 0.1%." It carries their name and, usually, a signature. That is genuinely useful — it establishes accountability and a paper trail. But a DPP doesn't ask "what does your supplier assert?" It asks "what is true about this product, and can you prove it?" Those are different questions, and the gap between them is where tier-1 declarations fall short.
The three gaps a declaration leaves open
A self-declaration from your direct supplier leaves three specific holes that a Digital Product Passport is built to close.
1. It's an assertion, not evidence
EU Digital Product Passport requirements — across the Battery Regulation, REACH, and the ESPR delegated acts — increasingly call for verifiable evidence, not just stated values. A recycled-content figure should trace to a test report or a mass-balance certificate; a hazardous-substance claim should reference the SDS or a lab result; a carbon footprint should cite the calculation method and dataset. A declaration that says "30% recycled content" with nothing behind it is a value without a source. In the passport, that's the difference between a field that withstands a market-surveillance check and one that doesn't.
2. Your tier-1 doesn't own most of the data
This is the structural problem. Your direct supplier assembled or sold the part — but the data the passport needs usually originates further upstream. For a battery, the cell's chemistry, the cobalt and lithium due-diligence evidence, and the internal-resistance behaviour come from the cell maker and the raw-material suppliers, not the pack assembler you buy from. When your tier-1 signs a declaration covering those fields, they're often passing through what their own supplier told them — or worse, estimating. A declaration that confidently covers fields its signer doesn't control is a chain-of-custody gap dressed up as an answer.
3. It freezes a moment, but the passport is a living record
A declaration is dated and static. A DPP carries data that can change — recycled-content percentages shift batch to batch, a supplier reformulates, an SVHC gets added to the candidate list. A one-time signed letter doesn't track that. The passport needs a data relationship that can be re-queried and re-evidenced, not a PDF in an email from eight months ago.
Why "just get a declaration" is so tempting
The reason this shortcut is everywhere is that it looks like progress and it's cheap. Emailing a template to ten tier-1 suppliers and getting signed PDFs back feels like the data-collection problem is solved. It's only when you try to publish the passport — or when someone audits it — that the gaps surface: the recycled-content number has no test report, the REACH line covers a substance the tier-1 never tested for, the carbon figure has no method. By then the project is "done" on paper and the rework is expensive.
What actually closes the gap
The fix isn't to abandon declarations — they're a fine starting point for accountability. It's to treat them as the top of a chain, not the whole chain, and to attach evidence and depth to every load-bearing field.
- Ask for evidence, not just values. For every regulated field, the request should be "the number AND the document that proves it" — test report, EPD, SDS, mass-balance certificate, due-diligence record. A field with an evidence link is worth ten signed declarations without one.
- Reach the tier that owns the data. For fields the tier-1 doesn't control, the data request has to flow upstream — to the cell maker, the fibre grower, the resin formulator. A supplier portal that lets a tier-1 forward a specific request to its own supplier beats a declaration that launders second-hand data.
- Record provenance per field. The passport should know, for each value, who supplied it, from which document, and when — so a wrong figure is traceable to its source and a stale one can be refreshed. This is exactly what a field-level audit trail is for.
- Validate, don't just store. A declared value that's physically implausible (a recycled-content figure over 100%, a nickel-release rate far outside the regulated band) should be flagged on the way in, not discovered at audit.
The TracePass approach
This is why TracePass treats supplier data as evidence-backed and chain-aware rather than a single declaration. The supplier portal lets a request reach the party that actually holds the data — including a tier-1 forwarding it upstream — and every field carries provenance: who entered it, from which document, when. The AI extraction reads the underlying test reports, SDS files and certificates, so the value in the passport is linked to the document that supports it rather than retyped from a declaration. The point isn't to make suppliers fill in more forms — it's to make the data in the passport true and provable, which is the only version of "collected" that survives a compliance check.
A tier-1 declaration is a reasonable first knock on the door. It just isn't the room. A Digital Product Passport that will hold up needs the evidence behind the claim and the depth to reach the data's real source — and that's a data architecture problem, not a form-filling one.
Frequently asked questions
Is a supplier declaration enough for a Digital Product Passport?
Usually not on its own. A declaration is a stated value with accountability attached, but DPP requirements increasingly call for verifiable evidence (test reports, EPDs, SDS, due-diligence records) and for data that originates upstream of your direct supplier. Treat a declaration as a starting point that needs evidence and chain depth attached, not as the finished data.
Why isn't tier-1 vendor data good enough for a DPP?
Because your tier-1 (direct) supplier often doesn't own the data the passport needs — for a battery, the cell chemistry and raw-material due diligence come from further upstream. A tier-1 declaration covering those fields is passing through second-hand data, and it's an assertion rather than evidence. The economic operator placing the product on the market is responsible for the value being correct, not just for having collected a declaration.
What's the alternative to collecting supplier declarations?
Collect evidence-backed data with provenance: for every regulated field, capture the value and the document that proves it, route requests to the tier that actually owns the data, and record who supplied each value, from which document, and when. That's what makes a passport field withstand a market-surveillance check.
Ready to publish your Digital Product Passports?
TracePass is live. Create an account, upload a product, and ship a compliant passport with a GS1 QR code today.
Get started