HomeKnowledge base › Risk
Risk

What Happens If You Don't Have a Product Passport? — DPP Penalties and Market Surveillance

Fines, product withdrawal, procurement bans — what awaits a company without a Digital Product Passport? The real consequences.

⏱️ 9 min read

Failing to provide a Digital Product Passport doesn't begin with an infringement notice — it begins with a customs officer holding your container, or a market surveillance inspector pulling your product from an online store. The question isn't "whether you'll be penalised," but at which point — at import, on the shelf, or in a public tender — your goods get stuck. Let's look at exactly what happens if you don't have a product passport.

The framework: the ESPR deliberately sets no EU-level fine

Many people are looking for a specific figure: "how much is the DPP fine?" The honest answer is uncomfortable but important: the ESPR — the Ecodesign for Sustainable Products Regulation (EU) 2024/1781 — sets no fixed, EU-level fine amount or upper limit. It is framework legislation: the principle of the penalty is laid down by the regulation itself — in Article 74 — directly at the level of EU law, while setting the actual amounts is left to the Member States.

This is the same regulatory logic we see elsewhere in EU product law: the framework fixes the obligation and the principles, while the numerical penalty comes from national transposition. So if you ever see a fixed, "EU-level" euro range quoted for DPP penalties, treat it with caution — the text of the regulation contains no such thing. What is certain is that the detailed national implementation is still being shaped in Hungary and in most Member States, so the exact fine amounts are not yet final.

Article 74: "effective, proportionate and dissuasive"

The ESPR's penalties are governed by Article 74 of the regulation. It sets the benchmark: Member States must lay down a system of penalties that is "effective, proportionate and dissuasive," and they must notify the European Commission of it. In practice, this three-part formula means the fine must noticeably exceed the advantage gained from non-compliance — in other words, it must not pay to "take the risk."

For setting the penalty, the provision also names a range of factors to be weighed, including aggravating circumstances. The table below summarises the factors compiled from expert sources; the precise legal wording should be checked against the text in force.

Factor to be weighedWhat it means in practice
The nature, gravity and duration of the infringementA long-marketed product line with no passport is more serious than a one-off lapse
Intent or negligenceDeliberate circumvention is an aggravating circumstance
The economic operator's financial positionThe proportionality benchmark scales with turnover and size
The economic benefit derived from the infringementThe fine must absorb the compliance cost that was "saved"
The environmental damage causedThe ESPR is an environmental regulation — the harm feeds into the assessment
Mitigating measures and repetitionVoluntary correction mitigates; recurrence aggravates

Article 74 doesn't stop at monetary fines. The provision explicitly names a second instrument as well: temporary (fixed-term) exclusion from public procurement procedures. We'll come back to this separately, because for many companies it hurts more than the fine itself.

Who is liable? Not just the manufacturer

It's a common misconception that the product passport is "the manufacturer's job." The ESPR extends the obligations across the entire supply chain — the duties of economic operators run through the regulation (from roughly Article 27 onwards, according to expert sources). Liability is layered:

  • The manufacturer bears primary responsibility: the product's design compliance, creating and populating the DPP, the technical documentation, conformity assessment and the CE marking all attach to them.
  • The importer is responsible for not placing a non-compliant product on the EU market — where the manufacturer sits in a third country, the importer effectively becomes the authorities' point of contact within the EU.
  • The distributor owes a duty of due care: they must verify that the product carries the correct labelling and the Digital Product Passport.
  • The circle also includes the authorised representative, fulfilment service providers, and — this is new — online marketplaces and online search engines as well.

The lesson is clear: if, as an importer or distributor, you "merely sell" the product, the missing passport is your risk too. That's why it pays to lock the DPP data-supply obligation into your purchasing contracts — we cover this in more detail in our article on supplier data.

Market surveillance: how a non-compliant product gets caught

A penalty on its own is just paper — it's market surveillance that gives it teeth. The ESPR embeds enforcement into the framework of the EU Market Surveillance Regulation (EU) 2019/1020: it adopts that regulation's concepts (market surveillance, corrective action, recall, withdrawal, customs authorities) and tools, while the actual procedure is carried out by the national market surveillance authorities.

These authorities have serious powers. In practice, they can:

  • Request the technical documentation and the DPP data, and conduct on-site inspections.
  • Test products and take samples.
  • Order corrective action, and restrict or prohibit marketing.
  • Order the product's withdrawal from the market or its recall from consumers.
  • Refuse release for free circulation via the customs authorities — meaning a non-compliant import shipment never even reaches your warehouse.

An important detail: the official DPP registry will be precisely the search and verification tool of the market surveillance and customs authorities, tied to customs checks. If your product's identifier cannot be resolved, or doesn't lead to a valid passport, that's an immediately visible red flag to the authority. Machine readability and the correct identifier are therefore no formality — that's the subject of our article on the QR code and GS1 Digital Link.

Possible legal consequences — in one place

Let's sum up everything a non-compliant operator can face. Some of these are the standard market surveillance tools of Regulation 2019/1020, others are the penalties under Article 74:

ConsequenceWho orders it / where it strikes
National monetary fineUnder Member State law, on the "effective, proportionate, dissuasive" standard
Restriction / prohibition of marketingMarket surveillance authority, as a corrective action
Product withdrawal and recallMarket surveillance authority — from the shelf and from consumers
Refusal of importCustoms authority, by refusing release for free circulation
Removal of online listingsOrder to the online marketplace to act against non-compliant content
Temporary exclusion from public procurementESPR Article 74(3), as a penalty

Notice that the fine is just one item on the list. In commercial terms, product withdrawal (inventory write-downs, logistics, brand damage) and an import ban (committed goods that never even enter the EU) are often far more expensive.

Public procurement: the hidden — and double-edged — risk

Public procurement touches the DPP from two directions. On one hand, the ESPR empowers the Commission to set, through implementing acts, mandatory minimum green public procurement (GPP) requirements for regulated products. These may appear as technical specifications, award criteria, contract performance conditions or targets — meaning the DPP and the data behind it simply become an entry ticket to certain tenders.

On the other hand — as we saw above — temporary exclusion from public procurement itself features in the penalty system of Article 74. For a small or medium-sized business that depends on public contracts, this kind of exclusion is often a heavier blow than any one-off fine: it's not just a single item, but an entire revenue stream that disappears.

The role of online marketplaces and platforms

One of the biggest changes is that liability extends to digital distribution channels. The market surveillance authority can order the online marketplace provider to act against content relating to one or more specific non-compliant products — including by removing them (de-listing).

The practical upshot is unpleasant: even if you "only" sell on the marketplace, a missing or faulty product passport can force the platform to take your listing down. Compliance therefore can't be shifted onto the platform — a non-compliant product simply runs out of digital shelf space too.

How to reduce the risk in time

The good news is that most of the risk can be handled in advance — and it doesn't start with reading legislation, but with the data. Here's a pragmatic order:

  1. Map your exposure. Which of your product groups fall under the DPP obligation, and when? Our article on ESPR deadlines breaks down the sequence and milestones; if you're still at the basics, start with our what is a DPP overview.
  2. Clarify your role. For a given product, are you the manufacturer, the importer or the distributor? That determines what you expect from your supplier and what you have to produce yourself.
  3. Secure the chain data. Most of the data sits deep in the chain (Tier 2–3). Build a DPP data-supply clause into your contracts, and move from static, one-off declarations to living, verifiable data.
  4. Choose the identifier and data carrier well. A correctly encoded unique identifier (typically GTIN + serial number, in a GS1 Digital Link URI) is what the registry and customs can resolve.
  5. Introduce access management. Separating public from restricted data protects trade secrets and satisfies the authorities at the same time — see the access and trade secrets article.
  6. Don't leave it to the last minute. National implementation is taking shape now; whoever gets their data in order early gains a competitive edge along with compliance.

A structured preparation checklist is the fastest way to get practical traction. If you manufacture textile or battery products, take a look at our textile industry solution too, because for these the DPP becomes a live obligation soonest.

Summary: non-compliance costs more than compliance

Failing to meet the product passport obligation isn't a single, neatly bounded fine. It unlocks an entire toolkit in the authority's hands: nationally imposed, "effective, proportionate and dissuasive" fines, marketing restrictions, product withdrawal, import bans, online de-listing and — often most painfully — exclusion from public procurement. Liability runs from the manufacturer through the importer to the distributor, and it doesn't leave the platforms untouched either.

The exact national fine amounts are still evolving, so the responsible strategy isn't to wait for the numbers but to get your data in order. Whoever builds their Digital Product Passport now isn't avoiding a penalty — they're holding on to a market. If you'd like to see what this looks like in practice, start a trial account, take a look at our plans, or request a consultation from our team.

Create your first product passport

In minutes, with no coding — a standardised, multilingual passport and a printable QR code. Free to try.

Start for free →