DPP readiness is not a switch you flip on a single deadline, but a data and process transformation spanning several months — one best started today. This digital product passport checklist breaks the steps of a DPP rollout down into eight concrete, actionable steps — from surveying your product portfolio to QR-code labelling and ongoing maintenance.
Why start now, in 2026?
The ESPR framework regulation ((EU) 2024/1781) entered into force on 18 July 2024, but the actual obligation is set not by the framework itself but by the per-product-group delegated acts. These arrive one by one, and each grants at least 18 months (in practice often 18-24 months) of transition between entry into force and actual application. If you are not yet sure exactly what this system is, start with the basic guide: What is a DPP. Despite these seemingly distant dates, the slowest element is collecting data from the supply chain — something you cannot make up in a few weeks, which is why it pays to get going now.
Step 1 — Survey your product lines and categories
Build a complete inventory of your product lines and map them to the six priority product groups in the ESPR 2025-2030 working plan (COM(2025) 187 final, adopted on 16 April 2025). The intermediate products are steel and aluminium; the final products are textiles/apparel, furniture, tyres and mattresses. On top of these come horizontal measures (repairability score, electronics recyclability) and a 2028 mid-term review that may bring in new categories.
For the exact timeline, see the ESPR/DPP deadlines article; the table below summarises the current indicative (non-binding) planning figures. Important: as of today, 9 July 2026, not a single product-specific ESPR delegated act has been formally adopted, with steel and textiles still in the preparatory/consultation phase.
| Product group | Legal act (indicative plan) | DPP expected to be mandatory |
|---|---|---|
| Iron and steel | ~2026 | ~2028 |
| Textilees and apparel | ~2027 (some sources late 2026) | ~2028-2029 |
| Tyres | ~2027 | ~2029 |
| Aluminium | ~2027-2028 (sources differ) | ~2029-2030 |
| Furniture | ~2028 | ~2030 |
| Mattresses | ~2029 | ~2030-2031 |
| Batteries — separate regulation, (EU) 2023/1542 | already in force | 18 February 2027 (fixed) |
If you manufacture or distribute textile products, you will find the details in the DPP in the textile industry article and on our textile solution page. For batteries, the battery passport is already on a fixed schedule — more on that below, and at our battery solution.
Step 2 — Determine the date that applies to you
There is no single, EU-wide "DPP start date" — obligations arrive category by category. So for each of your product lines you have to determine the date that applies to you specifically:
- Batteries: the most concrete case. The digital battery passport becomes mandatory from 18 February 2027 for every EV battery, every LMT (light means of transport) battery and every industrial battery above 2 kWh. Note: the 2 kWh threshold applies only to industrial batteries — for EV batteries it is mandatory regardless of capacity. Details: Battery passport.
- ESPR categories: the mandatory date = the entry into force of the relevant delegated act + the minimum 18-month transition. Since no act has been adopted yet, these dates are estimates and, given the slippage observed so far, may well shift later.
Clarify your role, too, with respect to "placing on the market": are you a manufacturer, an importer or an authorised representative? The obligation falls on the responsible economic operator, and it is enforced by market surveillance and customs. The good news: products lawfully placed on the market before the relevant application date generally do not have to be retrofitted with a DPP — but the exact transitional (grandfathering) wording is always set by the specific delegated act.
Step 3 — Audit your existing data
The DPP is all about data. Run a gap analysis: what you have, at what quality, where you store it, and what is missing. The data typically lives scattered across ERP, PLM, quality folders, spreadsheets and supplier emails. The goal is a single, structured, machine-readable source.
| Data field category | Where to look first | Typical gap |
|---|---|---|
| Unique product identifier (GTIN + serial/batch) | ERP, product master data | Batch- and item-level identification |
| Material and chemical composition | PLM, supplier datasheets | Supplier-level detail, SVHC |
| Carbon footprint / environmental impact | LCA report (if any) | Site- and batch-level figures |
| Recycled content | Supplier declaration | Verified, measurable share |
| Repairability, disassembly, care | Technical documentation, design | Consumer- and recycler-facing form |
| Compliance, certificates | Quality assurance | Digital, referenceable format |
For batteries, the set of expected fields is precisely defined (Annex XIII): unique identifier + QR, type/model, material composition, carbon-footprint declaration, recycled content (Li/Co/Ni/Pb), electrochemical performance and durability, State of Health (SoH) and dynamic data, plus due diligence status — with three tiers of access.
Step 4 — A process for requesting supplier data
This is the bottleneck of the project. Much of the data sits not with you but with your suppliers (and their suppliers). Build a repeatable process:
- Map the tiers of the chain (Tier 1, Tier 2…) for every affected product line.
- A standard request template: precisely named fields, expected units and format — not free text, but structured, machine-readable data.
- A contractual anchor: write the data-provision and update obligations into your supplier contracts/framework agreements.
- Deadline and escalation: a realistic response time, a responsible contact person, a reminder cadence.
The earlier you launch this, the greater the chance that missing carbon-footprint or composition data will arrive in time. The battery due-diligence obligations, incidentally, were postponed by the Council to 18 August 2027 ((EU) 2025/1561), but it is worth setting up the data-request process now regardless.
Step 5 — Choose your data model and standard
The DPP works only if systems understand the data in a uniform way. Decision points:
- Unique product identifier: the most widely accepted candidate is the GTIN, often supplemented with a serial and batch number. Under the ESPR, the identifier must comply with the ISO/IEC 15459 standard (or an equivalent).
- Web link: GS1 Digital Link encodes the identifier into a single URL, so one QR both opens the passport for the consumer and makes the GTIN machine-readable. Read more: QR codes and GS1 Digital Link.
- European standards: CEN/CENELEC published six of the eight planned DPP EN standards on 27 May 2026 (EN 18216, 18219, 18220, 18221, 18222, 18223); the remaining two — EN 18239 (access management and security) and EN 18246 (data authentication and integrity) — are, according to reports, still at draft stage (FprEN), with publication expected to slip to September 2026. An important nuance: the standards already published are available and can be implemented, but are not yet harmonised — until a reference appears in the Official Journal of the EU, they do not confer a presumption of conformity.
- Exchange format: the de facto recommended, default exchange format in the EU DPP ecosystem is JSON-LD. An important nuance: this is primarily a recommendation of the CIRPASS-2 reference architecture (D4.1), not a normative requirement of the eight EN standards — but for practical interoperability it is the safest choice today.
Do not build a closed, proprietary QR system: a proprietary solution carries a compliance risk and makes machine reading harder for your partners.
Step 6 — Choose a DPP system and run a pilot
The DPP data model is decentralised: the passport content stays with the economic operator or its DPP service provider, while the EU's central registry (ESPR Article 13) is only an index/directory — it stores the unique identifiers and operator references, not the content itself. The registry is planned to start being set up in the summer of 2026 (secondary sources mention 19 July 2026), but the timing of full operation is uncertain, so treat it with caution.
When choosing a system, look at whether it covers your category, whether it handles role-based access (public / authorised B2B actors / authority-customs), whether it can provide a resolver (redirection) between the persistent identifier and the changing data location, and whether it supports the approved data carriers. Then run a pilot on a single product line: build a few real passports end to end, test QR reading and the supplier data flow before rolling it out across the whole portfolio.
Veridyn is a ready-made platform for exactly this: a schema-driven editor, version history, role-based field filtering and QR generation. With registration you can launch a pilot in minutes; you can check prices on the pricing page.
Step 7 — QR code, data carrier and labelling
The data carrier on the physical product is the entry point. Currently the only approved carrier that opens freely on a consumer's phone is the QR code and the Data Matrix, with a GS1 Digital Link URI. RFID/RAIN RFID is more for industrial, bulk, non-line-of-sight reading; NFC is suitable for consumer access but is not yet a GS1-approved carrier. A single product may even carry several carriers in parallel.
- Choose QR or Data Matrix for consumer access, with GS1 Digital Link syntax.
- Ensure physical durability and good placement — the code must stay readable throughout the product's life.
- For batteries, the QR is mandatory on the physical battery itself.
- A well-encoded symbol is both human- and machine-readable — that is the goal.
Step 8 — Assign an internal owner and maintain it
The DPP is not a one-off project but a living document. Assign an owner or team (typically quality, compliance or product management) to keep the data current. Build in a maintenance routine: update on product changes, new suppliers or regulatory amendments; for batteries, keep the dynamic data and SoH continuously up to date; keep a version history and audit trail of every change. That way the passport stays current and defensible even under a market-surveillance inspection.
The checklist on one page
| # | Task | Expected result |
|---|---|---|
| 1 | Survey product lines and map them to categories | Product-category matrix + list of affected products |
| 2 | Determine your applicable date and role | Per-product deadline + responsible operator |
| 3 | Audit existing data | Gap list per field, with source noted |
| 4 | Set up supplier data requests | Template, contract clause, deadlines |
| 5 | Choose a data model and standard | GTIN + GS1 Digital Link + JSON-LD decision |
| 6 | Choose a DPP system and run a pilot | Working passports on one product line |
| 7 | QR/data carrier and labelling | A readable, durable code on the product |
| 8 | Internal owner + maintenance | Assigned owner + update routine |
Common mistakes to avoid
- "We'll start in 2028." Supplier data collection is the slowest step — that is what justifies starting early.
- A closed, proprietary QR system instead of the standard GS1 Digital Link — a compliance and interoperability risk.
- Treating the indicative dates as fixed law. The per-category years are planning figures; the mandatory date is always set by the specific delegated act.
- Misreading the 2 kWh battery threshold — it applies only to industrial batteries; for EVs it is mandatory regardless of capacity.
Start today
The earlier you start, the cheaper and smoother your DPP readiness will be. You could knock out the first three steps of the checklist above (inventory, date, data audit) as soon as next week. To run a pilot and build your passports, register with Veridyn, check the common questions in the FAQ, or ask for tailored help on the contact page. The digital product passport will not be an option but a condition of market access — and the time to prepare is now.