By Hitesh Ram | Thu May 14 2026 | 2 min read

Table of Contents

The regulation requires one view of the product. Your data lives in fifteen systems.

The EU Digital Product Passport is built on a simple premise: every product placed on the European market should carry a structured digital record of its lifecycle data, accessible via QR code, covering material composition, substances of concern, carbon footprint, durability, repairability, recycled content, and end-of-life information.

The regulatory premise is simple. The data problem underneath it is not.

A typical manufacturer stores product data across PLM systems, ERP platforms, supplier portals, compliance databases, quality management systems, engineering BOMs, manufacturing BOMs, test report archives, and sustainability reporting tools. Material composition lives in one system. Carbon footprint data lives in another. Supplier declarations sit in email attachments. Recycled content information, if it exists at all, lives in a spreadsheet. No single system holds the complete lifecycle view that the DPP requires.

According to a 2026 KPMG survey of over 70 European companies, 81% lack the structured lifecycle data needed for DPP compliance. The gap isn't regulatory understanding. It's data architecture.

The Ecodesign for Sustainable Products Regulation (ESPR, Regulation 2024/1781) provides the legal framework. The ESPR Working Plan 2025-2030 (adopted April 15, 2025) sets the phased rollout. Delegated acts will define product-specific requirements. And the first mandatory DPPs (battery passports) take effect on February 18, 2027. But none of this matters if the underlying product data is fragmented across disconnected systems that can't produce a unified, structured, auditable digital record.

This article examines why product data fragmentation is the primary barrier to DPP compliance, what the regulation actually requires, and what manufacturers need to build now before the delegated acts start landing.

The ESPR and DPP Framework: What's Defined and What's Still Coming

The legal foundation

The ESPR (Regulation 2024/1781) entered into force in July 2024 as the successor to the original Ecodesign Directive (2009/125/EC). Unlike its predecessor, which focused primarily on energy-related products, the ESPR extends to virtually all physical products placed on the EU market (with specific exclusions for food, feed, and medicinal products).

The DPP is the ESPR's primary transparency mechanism. It is defined as a product-specific digital data container that stores sustainability, circularity, and compliance information. Key structural features:

Decentralised data hosting. Manufacturers, importers, and economic operators are responsible for creating and maintaining DPPs for their products, either directly or through authorised third-party providers. There is no single centralised EU database that holds all product passports.

Central DPP registry. By July 2026, the European Commission will deploy a central registry to support enforcement and enable product lookup. This registry indexes DPPs but does not store the underlying data.

Back-up requirement. Economic operators must provide a back-up copy of each DPP through a certified DPP Services provider to ensure data availability even if the original company ceases operations.

QR code access. Each product (or its packaging or accompanying documentation) must carry a data carrier (expected to be a QR code linked via GS1 Digital Link) providing access to the DPP.

18-month compliance window. Once a delegated act for a specific product group is adopted, companies have approximately 18 months before enforcement begins.

The phased rollout (ESPR Working Plan 2025-2030)

The Commission's Working Plan sets indicative timelines for delegated act adoption by product group. These are adoption dates, not enforcement dates (enforcement follows 18 months after adoption):

2026 (indicative): Iron and steel (focusing on emissions intensity, energy efficiency, and resilience). Destruction of unsold consumer products (implementing act adopted February 9, 2026).

2027 (indicative): Textiles and apparel, tyres, aluminium. These delegated acts are expected to address secondary materials, product lifespans, recyclability, and repairability.

2028 (indicative): Furniture.

2029 (indicative): Mattresses, electronics.

2030: Target for comprehensive coverage across remaining product groups.

Already in force (separate regulation): Battery passports under the EU Battery Regulation (2023/1542), mandatory from February 18, 2027 for EV batteries, industrial batteries (>2 kWh), and LMT batteries. The battery passport serves as the pilot DPP and includes over 100 data attributes.

What data the DPP will require

While product-specific data requirements will be defined in each delegated act, the ESPR framework establishes common data categories:

  • Unique product identifier and product classification
  • Manufacturer and economic operator identification
  • Material composition, including substances of concern
  • Carbon footprint (where applicable)
  • Recycled content percentages
  • Durability, repairability, and recyclability information
  • Performance and efficiency parameters
  • Compliance documentation and conformity declarations
  • End-of-life handling instructions
  • Supply chain traceability data (where applicable)

Why Product Data Fragmentation Is the Core Problem

1. Product data lives in silos that don't communicate

In a typical manufacturing enterprise, material composition data sits in the compliance database (or in IMDS/ChemSHERPA submissions). Engineering specifications live in the PLM. Manufacturing parameters are in the MES. Supplier certifications are in the SRM or in email. Quality test reports are in the QMS. Carbon footprint calculations, if they exist, are in a sustainability tool or a consultant's spreadsheet.

None of these systems share a common product identifier. None of them structure data in the format the DPP will require. And none of them were designed to produce a unified, structured, externally accessible digital record of a product's lifecycle attributes.

The DPP requires pulling data from all of these sources into a single, coherent, machine-readable format, linked to a specific product instance (not just a product model), and maintaining it throughout the product's lifecycle. This is a data integration problem that most manufacturers have never solved, because until the DPP, no regulation required it.

2. Supplier data quality is the upstream bottleneck

The DPP requires data that originates upstream: material composition, substances of concern, recycled content percentages, and (for some product groups) geographic origin of raw materials. This data must come from suppliers, and in many cases from their suppliers.

Most supplier compliance programmes collect declarations, not structured data. A "REACH compliant" certificate does not provide the substance-level composition data a DPP requires. A supplier sustainability report does not provide the recycled content percentage for a specific material in a specific component. The DPP requires granular, product-level, machine-readable data from suppliers who are accustomed to providing generic, company-level, PDF-format declarations.

3. No common data standard exists across product groups (yet)

The ESPR framework specifies that DPP data must be machine-readable and interoperable. The likely technical standards include GS1 Digital Link for product identification, with JSON-LD among the data structuring formats under consideration. But product-specific data schemas have not been finalized for most product groups.

This creates a standards gap: manufacturers know they need to prepare for structured data exchange, but the exact structure will be defined in delegated acts that haven't been adopted yet. Companies that build rigid data architectures around assumed schemas risk having to rebuild when the delegated act specifies something different. Companies that wait for the delegated act risk having only 18 months to build their entire data infrastructure from scratch.

4. Legacy compliance data is unstructured and product-model-level, not instance-level

Most existing compliance data (REACH declarations, RoHS certificates, conflict minerals reports) is structured at the product model level: "this product family is compliant." The DPP, particularly for batteries and electronics, may require instance-level data: "this specific battery, with this serial number, has this carbon footprint, this recycled content, this state of health."

Moving from model-level to instance-level data requires fundamentally different data capture and storage architectures. Manufacturing execution systems can capture instance-level production data, but connecting that data to upstream material composition, supplier declarations, and downstream lifecycle events is an integration challenge that most manufacturers haven't tackled.

5. Data maintenance is a continuous obligation, not a one-time filing

Unlike a CE declaration or a REACH notification, the DPP is a living document. For products with dynamic attributes (like battery state of health), the passport must be updated throughout the product's lifetime. For all products, the DPP must remain accessible for a minimum period after the product is placed on the market (expected to be 10 years for most product groups, matching existing compliance documentation retention requirements).

This means the DPP is not a reporting exercise. It is a data management obligation that persists for the lifetime of the product. Companies accustomed to filing compliance documents and moving on will need to build infrastructure for continuous data maintenance and long-term hosting.

What Manufacturers Need to Build Now

1. Conduct a product data inventory across all systems

Before building DPP infrastructure, map where each category of DPP data currently lives: material composition, substances of concern, carbon footprint, recycled content, durability specs, compliance documentation, and traceability data. Identify which systems hold which data, what format it's in, and whether it can be extracted programmatically.

2. Establish a single product data model that can feed the DPP

Design an internal product data model that aggregates lifecycle attributes from PLM, ERP, compliance, sustainability, and supplier data systems into a unified structure. This model should be flexible enough to accommodate product-specific delegated act requirements as they are published, without requiring a complete rebuild for each product group.

3. Upgrade supplier data collection from declarations to structured data

Shift supplier compliance programmes from collecting PDF certificates to collecting structured, machine-readable data. For material composition, this means substance-level data with CAS numbers and concentrations (which you may already collect through IMDS, ChemSHERPA, or IPC-1752A). For recycled content, this means chain-of-custody documentation with percentage breakdowns per material. For carbon footprint, this means site-specific emissions data from upstream suppliers.

4. Start with the battery passport as your DPP pilot

The battery passport (mandatory February 2027) is the most detailed and earliest DPP implementation. Even if you don't manufacture batteries, studying its data requirements (over 100 attributes covering carbon footprint, material composition, recycled content, performance parameters, state of health, and traceability) provides a template for what product-specific DPPs will look like. If you do manufacture batteries, the passport deadline is on February 18, 2027  and requires BMS integration, PCF calculation, and recycled content tracking infrastructure.

5. Monitor the delegated act pipeline for your product groups

Track the Commission's Working Plan timeline for your industry. When a delegated act is adopted, the 18-month enforcement clock starts. For iron and steel (expected 2026) and textiles (expected 2027), the preparation window is already short. Build awareness of the Commission's regulatory calendar into your compliance programme so delegated act adoption doesn't trigger a scramble.

A Self-Check for DPP Readiness

Six questions to pressure-test your preparedness:

  • Data inventory: Have I mapped where each category of DPP data (material composition, substances of concern, carbon footprint, recycled content, durability, traceability) currently lives across my internal systems?
  • Unified data model: Do I have a product data architecture that can aggregate lifecycle attributes from multiple systems into a single, machine-readable structure?
  • Supplier data quality: Are my suppliers providing structured, product-level data (substance composition, recycled content percentages, emissions data), or generic PDF declarations?
  • Instance-level readiness: Can I link compliance and sustainability data to specific product instances (serial numbers), not just product models?
  • Data maintenance infrastructure: Do I have a plan for hosting, updating, and maintaining DPP data for the required retention period (expected 10+ years)?
  • Delegated act monitoring: Am I tracking the ESPR Working Plan timeline for my product groups, and do I have a response plan for when the delegated act is adopted?

If more than two answers reveal gaps, your DPP compliance timeline is shorter than your data infrastructure can support.

Where Regilient fits in

The DPP is not a compliance document. It is a data infrastructure requirement. The manufacturers who will comply are the ones who treat it as a product data architecture programme, not a reporting task. Regilient's agentic sustainability platform addresses the data fragmentation problem that sits at the core of DPP readiness:

  • Centralised product compliance data architecture that aggregates material composition, substance declarations, carbon footprint, and recycled content data from PLM, ERP, and supplier sources into a unified, DPP-ready structure
  • Supplier structured data collection that replaces PDF-based declarations with machine-readable substance, recycled content, and emissions data collection workflows
  • Regulatory timeline monitoring that tracks ESPR delegated act adoption and calculates 18-month enforcement countdowns for each product group
  • SCIP, REACH, and RoHS data integration that repurposes existing compliance data (substance composition, SVHC declarations, exemption tracking) as DPP building blocks
  • Multi-regulation product data model that structures a single product record to serve DPP, REACH Article 33, SCIP, conflict minerals, and sustainability reporting requirements simultaneously

81% of European companies lack the structured lifecycle data the DPP requires. The regulation doesn't create that data. It requires you to already have it. The companies that spent 2024 and 2025 building unified product data architectures will generate DPPs as a natural output of their existing processes. The companies that treated product data as a collection of disconnected compliance filings will discover that the DPP requires exactly the integration they never built.

Book a Regilient demo to see how agentic product data management turns fragmented compliance data into DPP-ready, structured lifecycle records.

Regilient provides agentic sustainability software for product compliance, supplier engagement, and regulatory intelligence across REACH, RoHS, PFAS, CMRT, SCIP, and global chemical regulations.

Topics

European Union RegulationsBulletinExtended Producer Responsibility

Speak to Our Compliance Experts

Questions about compliance, partnerships, or support? We're here to help.

Share