EU Digital Product Passport Explained: Requirements, Timeline and Business Impact

Last August, Italy’s competition authority fined Shein €1 million for claiming its clothes were recyclable when they were not. Weeks earlier, France had hit the fast-fashion giant with a €40 million penalty for systematically faking discount prices and making unsubstantiated green claims. A Paris court ordered TotalEnergies to pay €10,000 a day until it removed carbon-neutrality messaging that did not match its business reality. When France’s consumer protection agency inspected 3,000 businesses for misleading environmental claims in 2023 and 2024, it found 15% in serious breach and opened more than 70 fines or criminal proceedings. These are not isolated enforcement actions. They are symptoms of a product transparency gap that the European Union has now decided to close by force. The EU Digital Product Passport, mandated under the Ecodesign for Sustainable Products Regulation (ESPR) that took effect in July 2024, will require companies to back up environmental claims with verifiable, machine-readable product data, or face being locked out of a market worth nearly €500 billion a year in the first wave of regulated goods alone.

What the EU Digital Product Passport Actually Requires

A digital product passport is a structured, machine-readable dataset linked to a unique product identifier and accessible via a QR code, NFC chip or RFID tag on the product, its packaging or accompanying documentation. The legal basis is Regulation (EU) 2024/1781, which repeals the 2009 Ecodesign Directive and vastly expands its scope. Where the old directive covered roughly 30 categories of energy-related products, the ESPR extends to nearly all physical goods on the EU market, excepting food, feed and medicinal products.

The precise data fields will be defined through product-specific delegated acts, but the ESPR establishes the categories every passport must address: material composition and sourcing, substances of concern (aligned with REACH), lifecycle carbon footprint data, durability and repairability metrics, recycled content percentages, and end-of-life instructions for disassembly, recycling and disposal. Data must be structured around GS1 Digital Link for product identification and JSON-LD for encoding.

The regulation introduces a tiered access model. Consumers see headline sustainability information. Repair professionals access disassembly and spare-parts data. Customs and market surveillance authorities get the full dataset, including commercially sensitive information shielded from public view. The economic operator placing a product on the EU market bears legal responsibility for ensuring the passport is accurate at point of sale.

EU Digital Product Passport Timeline: When Each Sector Must Comply

The rollout follows a phased approach governed by the ESPR Working Plan 2025 to 2030, adopted by the Commission on 15 April 2025. The rationale is stark: according to Eurostat, only 12.2% of material used in the EU economy in 2024 was recycled, well short of the bloc’s 23.4% target for 2030. Brussels has concluded that without product-level data, that gap will not close. The regulated product groups represent approximately 31% of the climate change impact of overall EU consumption.

The first hard deadline belongs to batteries. Under the EU Battery Regulation (2023/1542), industrial and electric vehicle batteries above 2 kWh must carry a digital passport from February 2027. This regulation predates the ESPR and serves as a live pilot, requiring disclosure of carbon footprint declarations, recycled content figures and supply chain due diligence evidence.

For products regulated under the ESPR itself, the sequence runs as follows. Iron and steel delegated acts have an indicative adoption date of 2026, making them the first ESPR category to move. Textiles (with a focus on apparel), aluminium and tyres follow, with delegated act adoption expected around 2027. Furniture requirements come in 2028, and mattresses and electronics in 2029. Once a delegated act is adopted, businesses are given approximately 18 months before enforcement begins, meaning the first ESPR-based passports are likely to become mandatory around late 2027 or early 2028.

Underpinning all of this is the EU Central DPP Registry, scheduled to go live on 19 July 2026 alongside the ESPR’s full application date. This registry will give customs authorities and market surveillance bodies a centralised system to verify product compliance at the border.

How the EU Digital Product Passport Reshapes Supply Chain Transparency

The most consequential feature of the DPP is the structural demand it places on supply chain visibility. A garment sold in Berlin might contain cotton from Uzbekistan, spun into yarn in Bangladesh, dyed in Vietnam and assembled in Turkey. According to McKinsey’s 2025 Supply Chain Risk Pulse survey, 95% of companies now have visibility into tier-one supplier risks, but only 42% can see into tier two or beyond.

The EU Digital Product Passport makes that model untenable. To disclose material origins, substances of concern and lifecycle carbon footprint data, a manufacturer must collect verified information from suppliers at tiers two, three and sometimes four. For the textile sector, the EU’s Joint Research Centre has stressed that the DPP will require traceability at the fibre, fabric and material level, not merely at the finished-garment level. For batteries, the passport demands evidence of responsible sourcing for cobalt, lithium and nickel, reaching deep into mining operations in the Democratic Republic of Congo and processing facilities in Chile and China.

This is a step-change. Supplier contracts will need explicit data-sharing provisions. Procurement teams will need to treat data quality as a sourcing criterion alongside price and lead time.

The technical plumbing is still being built. The EU-funded CIRPASS-2 consortium delivered the DPP Core Ontology requirements in March 2025, now the de facto interoperability reference for sector pilots. CEN and CENELEC have eight standards in the EN 1821x series expected for publication in 2026. And ISO/IEC Joint Technical Committee 5 on Digital Product Passports, announced in April 2026, signals the framework is being designed for global adoption from 2028.

The Wider Regulatory Landscape

The DPP does not exist in isolation. Much of the upstream data it demands overlaps with Scope 3 reporting under the CSRD. CBAM creates parallel requirements for embedded emissions on imports of steel, aluminium and cement. The Green Claims Directive will prohibit vague environmental marketing unless substantiated with verifiable data, and the DPP is designed as a primary source of that verification.

For ESG teams, this convergence is both burden and opportunity. A well-designed DPP infrastructure can serve as a single data backbone feeding CSRD reports, CBAM declarations and green claims substantiation, rather than treating each as a siloed exercise.

Preparing for Compliance: What to Do Now

The regulation applies to every covered product placed on the EU market, regardless of where it was manufactured. A Vietnamese textile exporter, a Chinese battery cell producer and a Swiss furniture maker all face the same obligation. There is no SME exemption. The ESPR empowers member states to set penalties for non-compliance, and the closely related CSDDD allows fines of up to 5% of global net turnover. Products without a valid passport risk being blocked at the border.

The practical starting point is a data gap analysis. Companies already hold fragments of the required information: material percentages under the Textile Labelling Regulation, hazardous substance declarations under REACH, CE marking documentation. What most lack is machine-readable material breakdowns, verified product-level carbon footprint calculations and structured recycling guidance. Closing those gaps demands investment in PLM and ERP systems alongside sustained supplier engagement.

Interoperability is the second priority. Proprietary data systems that cannot communicate with the EU Central DPP Registry will become liabilities. GS1 Digital Link, with the GTIN as unique identifier, is now explicitly recognised under the ESPR, and early alignment is advisable.

What Comes Next

Brussels has form exporting regulatory standards. GDPR became the global benchmark for data protection. The CSRD is reshaping sustainability reporting well beyond Europe. The EU Digital Product Passport looks destined for the same path. South Korea, China and several US states are exploring comparable frameworks, and ISO/IEC JTC 5 signals the standards community views the DPP as a global inevitability.

The Central Registry launches in July 2026. Battery passports become mandatory in February 2027. Iron and steel delegated acts are imminent. Shein learned what it costs to make environmental claims you cannot substantiate. The DPP is designed to ensure that every company selling into Europe learns the same lesson, only this time the burden of proof is built into the product itself.