The most common fear about the digital product passport can be boiled down to a single sentence: "if I put everything in it, my competitor will copy my recipe, my supplier list and my profit margin." The good news: this is a misunderstanding. The digital product passport is not a public shop window where every piece of data stands bare before everyone. The ESPR builds on layered, role-based access precisely so that transparency and trade secrecy can both be satisfied at once. The question is not "can they see my data," but who sees what, and for how long.
Transparency Is Not Exposure
The EU Ecodesign Regulation (ESPR, (EU) 2024/1781) governs the product passport in its Chapter III, and the underlying principle of access is stated as early as the preamble: the DPP must be designed so that different economic operators and stakeholders hold different access rights, tailored to the context of the particular product and value chain. In other words, the regulation's starting point is not that all data is public, but that data is available on a differentiated, "need-to-know" basis.
This is a crucial distinction. Anyone who thinks the product passport equals a public data sheet behind a QR code is only seeing half the picture. In reality, the QR code (or more precisely the data carrier and the GS1 Digital Link) is merely the entry point: who sees what behind it is decided by the underlying system and the access levels. The consumer gets the public layer; the professional repairer gets more; the market surveillance authority gets the most. Same code, different sets of data.
What is more, the ESPR expressly acknowledges the tension between transparency and intellectual property rights (IPR), trade secrets and confidential business information — and it does not tip the balance one-sidedly in favour of transparency. Under the regulation, freely (publicly) available data may not contain trade secrets or IPR, and delegated acts may not prescribe as public any data that would facilitate product counterfeiting. Transparency, then, is an inherently limited concept within the regulation.
Who Sees Which Layer?
The current industry and legal consensus — taking the four-tier model of the battery passport as a template — distinguishes roughly three to four access circles. Important: the classification below is illustrative; the precise, field-by-field allocation will be set not by the framework regulation but by the product-group-specific delegated acts.
| Actor | Typically sees | Purpose |
|---|---|---|
| The public / consumers | General sustainability and material-composition information; usage, repair and disposal guidance | Informed purchasing decisions, circular use |
| Repairers, refurbishers, recyclers ("legitimate interest" operators) | Detailed disassembly instructions, parts lists, diagnostics, the exact location of substances of concern | Repairability, safe disassembly, material recovery |
| Market surveillance and customs authorities, the Commission | The fullest data set: technical documentation, compliance and regulatory data | Inspection, enforcement, import control |
The circle of authorised parties can be wider still: manufacturers, importers, distributors, resellers, independent operators — and even NGOs and trade unions may appear, each with their own layer. The logic is always the same: the role determines visibility, not mere access to the code.
What Can Stay Secret?
The protection of trade secrets is not a well-meaning promise but a principle woven into the fabric of the regulation. Several mutually reinforcing rules guard it together:
- The public layer is clean: freely available data may not contain trade secrets or intellectual property. Anything sensitive can appear, at most, in a restricted layer, tied to authorisation.
- The self-restraint of the delegated acts: when shaping the product-group rules, it is an explicit principle not to prescribe as public any data that would reveal IPR or trade secrets, or that would facilitate counterfeiting.
- The service-provider data lock: providers that host the DPP may not sell, reuse or process the stored data beyond what is necessary to deliver the service, unless the economic operator placing the product on the market expressly consents. This prevents a platform from monetising your value-chain data.
In practical terms: the full recipe, purchase prices, the terms of supplier contracts or manufacturing know-how do not belong in the public layer. What the regulation intends to be public is typically an appropriate-level description of material composition, durability and repairability, the presence of substances of concern, and circular handling — not confidential business internals.
Who Decides the Level of Each Field?
Here the most important message is patience. The framework regulation lays down only the generic principles: unique identifier, data carrier, machine readability, differentiated access, a central registry and a web portal. Which field is public, which is restricted, and who may enter or update it for a specific product group will be determined, group by group, by the delegated legal acts (delegated acts).
The regulation grants the empowerment mandate in Article 9, while the principle of layered access — which parties have access to which data, and which parties may enter or update data — is set out in Article 10. These are precisely the questions that the product-group acts must answer in concrete terms. The methodology of the EU's research centre (JRC) and the EU-funded CIRPASS projects are preparing exactly this. So it is true, with caution: the final, field-by-field classification for textiles, electronics or furniture is still taking shape. Anyone who claims today to know the final list precisely is promising more than the law currently lays down. The deadlines and rollout schedule reflect this same gradual approach.
The Data Carrier and Access Rights — Technically
A common misconception is that "the QR code filters access." It doesn't. The data carrier (typically a QR code) merely links the DPP to a durable, unique product identifier — and that identifier follows a standard scheme (ISO/IEC 15459 or an equivalent, in practice often a GS1 GTIN plus serial number), encoded into a GS1 Digital Link URI. The filtering itself happens in the underlying system: the registry, the resolver endpoint and the access rights fixed in the delegated act decide who the scanner is and, accordingly, which layer they receive.
The access architecture typically consists of three elements:
| Element | Role | Primarily used by |
|---|---|---|
| Data carrier + unique identifier | Links the physical product to the digital passport; access resolves from here | Anyone who scans it |
| Central EU registry | Stores not the data itself but the identifiers and resolver endpoints | Market surveillance, customs authorities (import control) |
| Public web portal | Makes the public layer searchable and comparable | Consumers, stakeholders |
One principle is set in stone here too: access to the public layer of mandatory DPP data is free of charge — but "free" does not mean "everyone sees everything." The separation of the public and restricted categories is precisely what protects confidential data.
What If Personal Data Ends Up in It?
As a general rule, the DPP is not a store of personal data: it is typically at the product-model or batch level, not the customer level. In certain cases, however — for example with repair or registration data — personal data may still arise. On this the regulation is unequivocal: personal data attributable to a customer may not be stored in the product passport without the customer's explicit consent. The text of the regulation here speaks of the "customer's" consent (ESPR Article 10(1)(e)) — not of some broader "end-user" concept, and it is precisely the legal interpretation of these two terms that is debated in the literature — in line with the legal-basis rules of the GDPR ((EU) 2016/679). Where an authority processes personal data, it must act in accordance with the GDPR, with particular regard to the principle of data protection by design and by default.
The practical conclusion: when designing the product passport, do not include personal data by default. If a process nevertheless requires it (e.g. ownership tracking on the secondary market), keep it separate, consent-based, in a restricted layer — never in the public one.
Practical Advice: What to Make Public, What to Keep Restricted?
Until the delegated acts are finalised, a simple decision logic is a good compass:
- Make public what serves purchasing decisions and circular use: an appropriate-level description of material composition, durability, repairability, care, disposal, and the presence of substances of concern.
- Keep restricted what requires professional authorisation: detailed disassembly instructions, parts and diagnostic data, the exact location of substances of concern — for repairers and recyclers, not for the whole world.
- Put compliance evidence in the authority layer: technical documentation, test results, regulatory references.
- Put raw trade secrets nowhere: purchase prices, contractual terms, full manufacturing know-how. If disclosing a piece of data would give a competitor a copyable advantage, ask: is it really necessary for a field required by law? If not, leave it out.
This disciplined layering not only protects but also creates a competitive advantage: proven — not merely claimed — sustainability carries market value today, while confidential internals stay protected.
Veridyn's Layered Access in Practice
The Veridyn platform is built on precisely this model. You divide the fields of your product passport into access levels: public, restricted (partner/professional) and internal. The same QR code shows the consumer the clean public layer and the authorised partner the broader data set — with field-by-field filtering, so at the level of individual fields rather than whole pages.
Where an authority or a specific partner needs one-off, fuller insight, Veridyn issues expiring token links: a time-limited, targeted access link that opens the specified layer and then lapses on its own. This way sensitive data is never permanently exposed to the public, access is traceable, and confidential internals stay locked — while statutory transparency is fully satisfied.
The classification is not set in stone: as the delegated acts crystallise product group by product group, the layers can be fine-tuned. The goal is always the same — to show exactly as much as the law and trust require, not one field more.
If you're curious how all this looks in your own product category, take a look at the basic product passport guide, our textile-industry solution, or start a trial passport. If you have questions, get in touch — we'll tailor the layering to your value chain together.