Here is the most uncomfortable truth about the Digital Product Passport: most of the data it contains isn't produced by you. Material composition, origin, carbon footprint and recycled content all arise deep in the supply chain — often with Tier 2-3 players the brand has never spoken to directly. That is why DPP compliance is not primarily an IT task, but a procurement and relationship one. Recognise this too late, and you'll be wrestling with a hundred different Excel formats and silent suppliers right before the deadline.
Why the Supply Chain Is the Real Test of DPP
When a company first confronts the requirements of the product passport, it tends to treat them as a software problem: you need a database, a QR code, a public page. The technology layer does matter, but this isn't where projects get stuck. They get stuck on the fact that most of the mandatory fields have to be filled in — and the answers sit with other companies. Textilee, electronics and furniture supply chains are typically multi-tiered: you deal with your Tier 1 manufacturer, who deals with their fabric or component maker, who in turn deals with the spinning mill or the raw-material extractor. The deeper you have to go for the data, the less direct visibility and leverage you have.
Practical research and EU-funded pilot projects consistently identify three main pain points: data fragmentation (every player stores information differently, in a different system), the lack of supplier transparency and their resistance, and weak interoperability between systems. Legacy ERP and siloed systems were never designed for lifecycle data, and brands often have no direct visibility into Tier 2-3 at all. This playbook describes the process for slicing that structural disadvantage into a manageable task.
Which Data Originates Where?
The first sensible step is to recognise that each data category is created at a different point in the chain. This determines who you need to approach and how deep you have to go. The table below maps the most common categories to their likely source — the specific fields are ultimately decided by product group, in the delegated acts, but the logic is similar regardless of category.
| Data category | Where it originates | Typical source |
|---|---|---|
| Material composition, material ratios | Spinning, weaving, casting, raw-material production | Tier 2-3 material producer |
| Provenance / origin | Raw-material extraction, primary processing | Tier 3-4 raw-material supplier |
| Carbon footprint (product-level CO₂) | Every manufacturing and logistics step | The entire chain, aggregated |
| Recycled content | Material production, then certification | Material producer + independent audit |
| Substances of concern / hazardous substances | Chemical and additive supply | Tier 2-3 chemical supplier |
| Repairability, parts list | Product design, assembly | In-house development / Tier 1 manufacturer |
The Five-Step Playbook
1. Assess What Data Your Category Requires
Don't look for a supplier first — look for a field list. The ESPR framework regulation sets out only the general principles; exactly which data has to be disclosed, and in what detail, depends on your product group's delegated act. The list for textiles will differ from the one for a battery. Build a table in which every mandatory field (and every commercially valuable voluntary one) is a row. Note next to each whether the data is static (e.g. material composition) or dynamic, tied to the lifecycle (e.g. repair history) — because this will later determine the update logic. The textile-industry and other sector guides are a good starting point, but the final list has to be tailored to your own category.
2. Identify Which Supplier Provides It
Pull out the bill of materials (BOM) and assign a data owner to every field: which supplier, at which tier, which contact. This is where the blind spots surface. Many fields are available at Tier 1, but provenance and material ratios often live two or three levels down. Where you have no direct contractual relationship with the actual data owner, you have to ask your Tier 1 supplier to pass the request further down their own chain. Prioritise: start with your highest-volume products and the most critical mandatory fields — don't try to cover the entire portfolio at once.
3. Structured Data Requests — Format Is Half the Battle
The most common mistake is the scattered, free-text request: bespoke Excel sheets and emails sent to a few hundred suppliers. This produces a high error rate, low response rates and quickly outdated data. Instead, use standardised fields and a single template, with predefined units and value sets, so you don't have to "translate" twenty different incoming formats after the fact. Wherever possible, link the physical product to the digital record with a QR or GS1 Digital Link identifier. Best of all is when the supplier doesn't send a file but fills in the fields on a portal — so the data arrives already validated and comparable at the point of request.
4. Data Quality, Verification and Proof
Collected data is only worth something if it's reliable. Build in validation (range, mandatory status, unit of measure) and ask for evidence behind sensitive claims: a certificate for recycled content, a test report for material values, the calculation basis for the carbon footprint. Regulators and the market alike are increasingly rejecting the one-off, static declaration — data has to be traceable and verifiable. Where accurate primary data isn't yet available, you can work with flagged secondary (average) data, but always mark what is a measured value and what is an estimate. This layer is what gives the product passport its real value: proof instead of mere assertion.
5. Updates and Maintenance
A DPP is not a one-time form but a living record. If a supplier switches materials, if a new production site comes online, if the carbon-footprint calculation is updated, the data has to follow. Version it, maintain an audit trail, and schedule periodic re-requests for the dynamic fields. A good practice is for the supplier to flag the change themselves on the portal, and for you simply to approve it — so maintenance doesn't become the endless manual work of a single internal team.
A Short Self-Check Checklist
| Step | The key question | The expected outcome |
|---|---|---|
| 1. Data need | Which fields are mandatory in my category? | A complete field list, marked static/dynamic |
| 2. Source | Who owns the field's data, and at which tier? | A field–supplier–contact map |
| 3. Request | Am I requesting it in a structured way, with standard fields? | A single template or portal, not free text |
| 4. Quality | Is there evidence and validation? | Proven, verified, source-tagged data |
| 5. Maintenance | Does the data update when things change? | A versioned, periodically reviewed record |
Common Obstacles — and How to Handle Them
Most sticking points follow a recurring pattern. It's worth preparing for them in advance, because fixing them mid-course is far more expensive.
| Obstacle | Symptom | How to handle it |
|---|---|---|
| Uncooperative supplier | No response, or only partial completion | A contractual data-provision obligation, a supplier code of conduct, jointly agreed priorities |
| Missing data | The supplier doesn't measure, e.g., its carbon footprint | Provide a template and guidance, use flagged temporary secondary data, raise expectations gradually |
| Format chaos | Twenty suppliers send twenty different spreadsheets | Standard fields, a central portal, input validation |
| Static, one-off declaration | The data quickly goes out of date | Dynamic updates, versioning, change notifications at the source |
| SME supplier constraints | No IT capacity or expertise | A simple request interface, shared resources and knowledge from the larger chain player |
The last row matters especially: the limited IT resources of small and medium-sized suppliers are one of the biggest adoption risks for the DPP. Best practice here isn't applying pressure but having the larger chain player share resources and expertise — easing the small supplier's burden in exchange for complete data.
A Question of Trust: The Supplier Fears for Its Data
Resistance is often driven not by bad faith but by fear: the supplier worries that the trade secret of a material composition or a recipe will leak. A good answer is to understand — and explain — the product passport's layered access model: not all data will be public. Sensitive, confidential fields are visible only to authorised parties — authorities and designated partners — and the regulation explicitly protects trade secrets and intellectual property. Clarify this at the point of request, and your partners will open up far more readily.
Tips Worth Institutionalising
- Start early. Collecting chain data is a process measured in months, not a weekly sprint. As soon as you know your preparation deadlines, kick off the supplier round.
- Standardise. A shared, standardised set of fields is the single biggest efficiency gain — use it with every supplier, for every product.
- Build it into procurement. Make DPP data provision a contractual condition and part of your supplier code of conduct. For new supplier contracts it should be a baseline requirement, not an afterthought.
- Treat the supplier as a partner. Someone who feels like a mere data provider drags their feet; someone who feels like a partner cooperates. Communicating the shared goal (compliance, market advantage) is worth more than a threat.
- Automate where you can. Instead of manual entry, aim for ERP, SCM or sensor-data integration at the source, so the data passes through fewer hands.
That this works in practice and not just in theory: the EU-funded CIRPASS-2 programme — with 49 partners and 13 flagship pilots across four value chains (textiles, electronics, tyres and construction materials) — is demonstrating precisely the feasibility of large-scale, cross-sector supplier data collection and sharing between 2024 and 2027.
How Veridyn Helps with Supplier Data Collection
Veridyn was built for exactly this pain point: it's not just a passport editor but also a supplier data-request tool and portal. In the system you can assemble a request by field category, which your supplier fills in directly, in a uniform and validated form — no more twenty flavours of Excel. Layered access ensures that confidential data is seen only by those authorised to see it, while versioning and change tracking make ongoing maintenance manageable. The goal is for supplier data to be not a bottleneck but a structured, auditable process.
If supplier data collection is the biggest question mark in your project too, take a look at our solution tailored to your category, start a trial account, or let's talk through how the process fits into your existing procurement systems. The earlier you start, the less firefighting awaits you as the deadline approaches.