The Digital Product Passport: what's binding now, what's coming, and which one of yours arrives first.

What a DPP actually is

A Digital Product Passport (DPP) is a structured digital record attached to a specific product, accessible through a data carrier on the product itself — typically a QR (Quick Response) code. It contains information that varies by product category but generally includes: a unique product identifier, materials and substances used, sustainability metrics (carbon footprint, recycled content, durability), repair and disassembly instructions, supplier information, and end-of-life handling guidance. Different stakeholders see different views of the same record — consumers see one layer, recyclers another, market surveillance authorities a third.

DPPs do not exist as a single regulation. They exist as a requirement embedded across multiple EU regulations, each of which mandates a DPP for its own product scope on its own timetable. The thing that makes this confusing is that the framework regulation — ESPR — is not the first one to bind. Other regulations are ahead of it.

The three layers, in the order they bind

There are three layers of DPP law, and they bind in a specific order.

Layer 1: sectoral regulations that already exist and already mandate a DPP. The Battery Regulation, Regulation (EU) 2023/1542, is the obvious one. Article 77 mandates a battery passport for industrial batteries above 2 kWh, electric vehicle (EV) batteries, and light means of transport (LMT) batteries from 18 February 2027. That date is fixed in primary legislation and is not contingent on any further delegated act for its existence — though several delegated acts define the technical detail.

Layer 2: ESPR — the framework. Regulation (EU) 2024/1781, the Ecodesign for Sustainable Products Regulation, entered into force on 18 July 2024. It establishes the legal authority for the Commission to require DPPs across nearly all physical goods placed on the EU market. ESPR itself does not require any specific product to have a DPP. It authorises the Commission to require DPPs through delegated acts, product category by product category. Without those delegated acts, ESPR's DPP provisions have no operational effect.

Layer 3: ESPR delegated acts. Each delegated act picks a product category — iron and steel, textiles, furniture, mattresses — and defines the specific data fields, data carrier, and timeline. The first ESPR Working Plan, adopted on 16 April 2025, sets out which products come first. The first delegated acts are expected from 2026 onward. Each delegated act, once adopted, typically gives industry an 18-to- 24-month preparation window before the DPP requirement applies.

The practical result: in February 2027, the Battery Passport is binding, the ESPR delegated act on iron and steel may be adopted but not yet applying, and most of the other product categories are still in preparatory study. The “DPP for textiles” that gets discussed at every supply chain conference is a real future obligation, but it is not the first one anyone reading this is going to face.

Binding dates, in order

What's in a DPP

For any given product category, the data content is defined by the regulation that mandates it. There is no single canonical content list. But the structural common denominators are:

• Unique product identifier — a serialised, machine-readable ID specific to the individual product (or production batch).
• Data carrier on the product — typically a QR code, sometimes a Near Field Communication (NFC) tag or Radio-Frequency Identification (RFID) tag. The data carrier links to the digital record, it does not contain it.
• Tiered access — different data fields visible to different stakeholder classes. Consumers see less. Recyclers see more. Market surveillance authorities see all of it.
• Persistent record — the DPP must remain accessible for the lifetime of the product, which for a battery is roughly 10–15 years and for a building component can be 50.
• Interoperability — the DPP must be machine-readable in a format that other systems can consume, including EU customs systems and the European Chemicals Agency (ECHA) databases.

For batteries specifically, Annex XIII of Regulation (EU) 2023/1542 lists the required data: chemical composition and origin of raw materials, recycled content, carbon footprint, manufacturing facility, performance characteristics, state of health, and due diligence reporting under Articles 49–52. Public information sits in a basic identification layer; information accessible only to notified bodies, market surveillance authorities, and the Commission is separately listed.

For other product categories, the data content gets defined in each regulation's own annex or in the delegated act when it lands. There is no general-purpose “DPP content list” that covers everything. Plan for the specific list under the regulation that applies to your product.

The key insight from this stack: every DPP requirement you face will trace through this chain. When you ask “do I need a DPP for my product,” the answer is always “find the layer-2 regulation or layer-3 delegated act that applies to your product category.”

The Battery Passport, in detail

Because it binds first, the Battery Passport is the example everyone will eventually learn from. The scope is industrial batteries with capacity greater than 2 kWh, electric vehicle batteries, and LMT batteries — e-bikes, e-scooters, light electric two- and three-wheelers. Portable batteries are not in scope. Stationary battery energy storage systems above 2 kWh are in scope through the industrial battery category.

From 18 February 2027, every covered battery placed on the EU market must carry a QR code that links to a digital battery passport. The passport must contain the data set out in Annex XIII of the Battery Regulation. Carbon footprint declarations, due diligence reports under Articles 49–52, and recycled content data feed into it. The data fields and access rules are partly already defined in the regulation, partly being filled in by Commission delegated acts. The Commission has separately postponed the application of the due-diligence obligations to 18 August 2027, by Regulation (EU) 2025/1561, but the battery passport date itself remains 18 February 2027.

The party legally responsible for the DPP is the operator placing the battery on the EU market — the importer, in most cross-border cases. The importer cannot delegate the obligation. They can buy the data infrastructure, hire a DPP service provider, or build their own; they cannot transfer the legal responsibility.

In practice, by mid-2026, large EV battery makers were the furthest along — most of them have been running pilots for two years through the Battery Pass consortium and similar initiatives. LMT battery suppliers, especially smaller manufacturers in Asia exporting through European distributors, are well behind. The e-bike importer in this article's lede is a real archetype, not a hypothetical.

Standards — and why every DPP looks the same under the hood

The DPP is, technically, a structured data record accessible through a web-resolvable identifier. The European standardisation work that defines how the structured data record actually works lives in CEN-CENELEC JTC 24, a Joint Technical Committee (JTC) established under standardisation request M/582 with a December 2025 deadline for its first round of deliverables. The committee's scope covers unique identifiers, data carriers, access rights management, interoperability (technical, semantic, organisational), data exchange protocols, data formats, data storage and persistence, data authentication, and APIs for product passport lifecycle management.

JTC 24 explicitly does not define the content of any specific DPP — that is the job of each sectoral regulation or ESPR delegated act. JTC 24 defines the framework: identifier formats, data carrier specifications, the registry architecture. The first European standard from this work, prEN 18246 on data authentication, reliability and integrity, was issued for enquiry in August 2025. (prEN denotes a preliminary European standard still in the enquiry stage.)

The practical effect: a properly implemented battery passport in 2027 and a properly implemented textile DPP in 2029 will use the same identifier scheme, the same data carrier, the same registry resolution mechanism, and broadly compatible APIs. Different content, same plumbing. This is the design choice that makes the multi-year, multi-product cascade tractable. An importer who builds DPP infrastructure for the Battery Regulation gets meaningful reuse for everything that follows.

How DPPs overlap with what you already file

The most-asked question about the DPP, from anyone who has read the CBAM article or the EUDR article on this site: do I have to collect this data twice?

In principle, no. The Commission has been explicit since the first ESPR draft that DPP data is intended to be interoperable with EU customs systems, with ECHA chemical inventories, with EU ETS reporting under CBAM, and with EUDR's Due Diligence Statement registry. In practice, the regulations are written separately, by separate Commission services, with separate data formats and separate registries. Real interoperability is years of standards work away.

What this means for any importer who is already preparing for CBAM and EUDR: most of the supplier emissions data you are already collecting for CBAM is the same data you will need for the Battery Passport's carbon footprint field. Most of the supplier-traceability data you are already collecting for EUDR is the same data you will need for the textile DPP's material origin field. The HS code from your customs entry — see the HS classification article on this site — is the unique product class identifier that hangs above the DPP. Build the data infrastructure once, expose it to whichever filing needs it.

The single biggest mistake we see at Bindu is companies treating DPP, CBAM, and EUDR as three separate compliance projects with three separate data pipelines. They are three filings of the same shipment, asking different questions of the same supply chain.

How Bindu handles it

Bindu maintains the ESPR framework, the sectoral DPP regulations (Battery, Toys, Detergents, Construction, Fertilising Products), the published delegated acts, and the JTC 24 standards as a single versioned data layer. The compliance agent reads a product specification, identifies which DPP regulations and which delegated acts apply, checks the binding date against the product's intended placement on the market, and produces the DPP record alongside the CBAM declaration and the EUDR Due Diligence Statement from the same shipment data. The QR code is generated. The registry entry is filed. When the next delegated act lands, the rules file updates and the next product's DPP is generated the same way. If you want to see how it works on a real product line, book a 30-minute demo.

Priya Ramaswamy leads regulations at Bindu. She has now written four articles on the same general theme — the EU is making importers responsible for what their suppliers do — and is increasingly tempted to write the fifth one as a single sentence.