The EU Digital Product Passport is not a future policy proposal. It is law. Regulation (EU) 2024/1781 – the Ecodesign for Sustainable Products Regulation – entered into force in July 2024. The first mandatory deadline arrives on 18 February 2027, when every EV battery and qualifying industrial battery placed on the EU market must carry a DPP accessible via a data carrier – in practice, a QR code. After 2027, textiles, electronics, furniture, and most other product categories sold in the EU follow. If your brand sells into the European market or plans to, understanding the DPP now is not optional. The window to prepare has already started closing.
- The EU Digital Product Passport (DPP) is mandated by ESPR Regulation (EU) 2024/1781, which entered into force July 2024.
- The first hard deadline is 18 February 2027 – EV batteries and qualifying industrial batteries must carry a DPP accessible via QR code.
- Textiles, electronics, and furniture follow from 2028 onwards under the ESPR Working Plan 2025–2030.
- 82% of companies are currently unprepared for DPP requirements (ESPR compliance data, 2026).
- The DPP must be accessible via a physical data carrier on the product or packaging – QR codes are the dominant implementation method, as specified under ESPR Article 10.
- A dynamic QR code is required – DPP data must be updatable throughout the product’s lifecycle; static codes pointing to fixed URLs cannot meet this obligation.
- The DPP’s unique persistent identifier aligns directly with GS1 Digital Link syntax – making GS1 Sunrise 2027 compliance and DPP compliance achievable from a single code.
- Non-compliance means exclusion from the EU market and fines proportionate to global turnover.
- Ready to create your DPP-compliant QR code? Start your free 14-day trial – no credit card required.
- What is the EU Digital Product Passport?
- The DPP Timeline: Deadlines by Product Category
- What Data Must a DPP Contain?
- How QR Codes Enable DPP Compliance
- Why a Dynamic QR Code is Required for DPP
- DPP and GS1 Digital Link: One Code for Everything
- Who Must Comply – and What “Placed on the EU Market” Means
- Your DPP Compliance Checklist
- Frequently Asked Questions
1. What is the EU Digital Product Passport?
The EU Digital Product Passport is a structured, machine-readable digital record linked to a physical product via a data carrier – typically a QR code – that contains verified information about that product’s lifecycle, material composition, carbon footprint, repairability, and end-of-life handling. It is mandated by the EU’s Ecodesign for Sustainable Products Regulation (ESPR), Regulation (EU) 2024/1781.
The simplest way to understand the DPP is through what it is trying to solve. Today, the information a regulator needs to verify a product’s sustainability claims, the data a recycler needs to disassemble it correctly, and the information a consumer needs to make an informed purchase all exist in different places – if they exist at all. The DPP is the infrastructure that consolidates this into a single, verifiable, machine-readable record that any authorised stakeholder can access by scanning the product.
Critically, a DPP is not a PDF document or a web page. It is a federated data record – the product carries a unique persistent identifier (via QR code or equivalent), and that identifier resolves to live, structured data maintained by the manufacturer. The data is not stored in one central EU database. Manufacturers maintain it. The EU DPP Registry links identifiers to manufacturer data endpoints. Different stakeholders – consumers, repair technicians, recyclers, regulators – see different tiers of that data depending on their access rights.
2. The DPP Timeline: Deadlines by Product Category
The DPP rollout is phased by product category, with batteries first and most other consumer product categories following between 2028 and 2030. The phasing is intentional – it allows the technical infrastructure to be stress-tested on batteries before it extends to higher-volume categories like textiles and electronics.
July 2024 – ESPR in Force
Regulation (EU) 2024/1781 officially entered into force on 18 July 2024. The legal framework for DPPs across all product categories is active. Delegated acts for specific product categories began development.
18 February 2027 – Batteries (MANDATORY)
Under Regulation (EU) 2023/1542, all EV batteries, LMT batteries (e-bikes, e-scooters), and industrial batteries above 2 kWh placed on the EU market must carry a fully compliant Digital Battery Passport accessible via QR code. This is the first and most pressing DPP deadline, and the date is confirmed — it will not move. Manufacturers and importers must be registered in the EU DPP Registry and have live data endpoints before this date.
2028 – Textiles and Apparel (expected)
Textiles are the second major category in the ESPR Working Plan 2025–2030. The delegated act defining exact data requirements is expected in 2027, with compliance required shortly after. Brands in apparel and footwear with EU distribution should be preparing data infrastructure now – the data requirements are expected to exceed current legal and voluntary standards. Exact threshold for textile content that triggers inclusion is still to be confirmed by the Commission.
2029 – Electronics and ICT Products (expected)
Consumer electronics, ICT products, and related equipment are in scope under the ESPR Working Plan. Data requirements will include repairability scores, spare part availability timelines, and material composition. Exact deadlines are set by delegated acts still in development.
2030 – Furniture, Construction Products, Other Categories
Furniture, construction products, and most remaining product categories fall under the 2025–2030 ESPR Working Plan. Full DPP implementation across the majority of product categories sold in the EU is targeted by 2030. For brands in these categories, the 2027 battery implementation provides the template for what their own DPP obligation will look like.
3. What Data Must a DPP Contain?
The exact data fields required in a DPP are defined by the delegated act for each product category. However, ESPR Article 8 defines a mandatory baseline data architecture that applies across all categories. Every DPP – regardless of product type – must include these core layers.
Layer 1: Product Identity and Unique Identifier
A persistent, resolvable unique identifier linked to a physical data carrier (the QR code). Must comply with ISO/IEC 15459 standards for global interoperability. The GS1 Digital Link standard is the recommended implementation – it encodes a URL directly into the QR code that resolves to the product’s live data record. Manufacturer name, production facility identifiers, model, batch, and serial number are required.
Layer 2: Material Composition and Supply Chain Data
A complete bill of materials outlining the product’s composition – including percentage content by weight of key materials, origin of critical raw materials, and supply chain identifiers. For batteries, this includes carbon footprint data per lifecycle stage, recycled content percentages, and due diligence declarations for sourcing of cobalt, lithium, nickel, and lead.
Layer 3: Environmental Performance Data
Carbon footprint across the product lifecycle (production, use, end of life), energy consumption data, durability and reliability metrics, repairability score (including spare part availability and expected service life), and environmental compliance certifications.
Layer 4: End-of-Life and Circular Economy Data
Recycling instructions, disassembly guidance, hazardous substance declarations (aligned with REACH requirements), waste classification data, and information on which components can be recovered or reused. This data is specifically tiered for access by recyclers and waste management operators.
Layer 5: Compliance and Certification Records
Conformity assessment declarations, CE marking records, regulatory compliance history, and – for categories subject to third-party verification – audit trail data. Regulators and market surveillance authorities have access to this layer; consumers do not.
4. How QR Codes Enable DPP Compliance
ESPR Article 10 requires that the DPP be accessible via a physical data carrier affixed visibly to the product or its packaging, using open, interoperable formats without vendor lock-in. While the regulation technically permits QR codes, RFID tags, NFC chips, and other carriers, QR codes have become the dominant implementation method across industries for three straightforward reasons:
- Universal readability: Any smartphone scans a QR code without a dedicated app. RFID and NFC require specific reader hardware that most consumers do not have.
- Printable at near-zero incremental cost: A QR code can be added to existing label or packaging artwork without changing the production process. RFID tagging requires a separate physical application step.
- Updatable destination: A dynamic QR code’s redirect destination can be updated at any time, allowing the DPP data endpoint to change or evolve as data requirements are refined – without reprinting the physical packaging.
The QR code on a DPP-compliant product is not a simple marketing link. It carries a unique persistent identifier that resolves to a live, structured data record. The identifier must remain stable for at least 10 years after the product is placed on the market – this is the minimum period manufacturers are legally required to maintain DPP data. A QR code that stops working because a subscription lapses is not DPP-compliant. This is why non-expiring QR codes are not a feature preference for DPP use cases – they are a compliance requirement.
| Data carrier option | Consumer scannable without app | Print-ready (no extra hardware) | Updateable destination | Dominant in DPP implementations |
|---|---|---|---|---|
| QR code | ✅ Yes | ✅ Yes | ✅ With dynamic code | ✅ Yes – majority |
| NFC tag | ⚠️ Only recent phones | ❌ Separate application step | ✅ Yes | ⚠️ Minority – premium products |
| RFID tag | ❌ Requires reader hardware | ❌ Separate application step | ✅ Yes | ⚠️ Supply chain only – not consumer-facing |
| URL / barcode only | ⚠️ Manual entry required | ✅ Yes | ✅ With redirect | ❌ Not accepted as sole carrier |
5. Why a Dynamic QR Code is Required for DPP
The DPP data must be live – updated and accurate throughout the product’s life. This single requirement makes static QR codes structurally incompatible with DPP compliance.
A static QR code encodes a URL directly in the printed pattern. The destination cannot be changed after printing. If the DPP data endpoint changes – because a regulation is updated, a new data field becomes mandatory, or the manufacturer’s infrastructure changes – every unit in market carries a code pointing to the wrong or broken destination. With a 10-year data maintenance obligation, the probability of at least one infrastructure change over the product’s DPP life is effectively certain.
A dynamic QR code solves this structurally. The printed code is permanent. The redirect destination – the URL that resolves to your DPP data endpoint – is controlled in your QR platform dashboard and can be updated at any time without touching the physical product or packaging. When the delegated act for your product category is revised, when your carbon footprint data is recertified, when you migrate your DPP data infrastructure to a new system – none of these events require a reprint. You update the redirect. Every unit in market automatically points to the current, compliant endpoint.
6. DPP and GS1 Digital Link: One Code for Everything
There is a practical and commercially significant overlap between EU DPP requirements and GS1 Sunrise 2027 that most brands are not yet aware of. Both regulations converge on the same technical solution: a QR code built on the GS1 Digital Link standard.
The ESPR regulation and the EU DPP technical framework explicitly recommend GS1 Digital Link as the identifier scheme for the DPP’s unique persistent identifier. The GS1 Digital Link URL structure encodes a GTIN – the same product identifier used at retail checkout – alongside additional GS1 Application Identifiers for batch, serial, and expiry data. This is the same URL structure required for GS1 Sunrise 2027 compliance at retail POS.
The practical implication is significant: a single, properly configured GS1 Digital Link QR code can serve three distinct functions simultaneously.
| Function | Who uses it | What the same code delivers |
|---|---|---|
| Retail checkout scanning | POS scanner | Extracts GTIN, processes sale – GS1 Sunrise 2027 compliance |
| Consumer engagement | Consumer smartphone | Brand landing page, sustainability story, recipes, loyalty programme |
| EU DPP compliance | Consumers, regulators, recyclers | Tiered access to product lifecycle data – ESPR compliance |
For brands managing GS1 Sunrise 2027 preparation and DPP compliance simultaneously – which is the situation facing every brand in a regulated product category that sells through EU retail – this convergence means the two compliance workstreams can be unified into one packaging QR infrastructure project rather than two separate ones. The GS1 Digital Link standard is the bridge.
7. Who Must Comply – and What “Placed on the EU Market” Means
One of the most common misunderstandings about the DPP is that it only applies to EU-based manufacturers. It does not. The obligation applies to any product placed on the EU market – regardless of where it is manufactured or where the manufacturer is headquartered.
Under ESPR, “placed on the EU market” means the first time a product is made available in the EU – when it crosses the border for distribution, not when it is sold to an end consumer. This means:
- A US brand selling through Amazon EU must comply from the point of first import into EU distribution.
- A Chinese manufacturer supplying to EU retailers is responsible for DPP compliance on batteries from 18 February 2027, regardless of whether it has an EU office.
- A UK brand exporting to EU distributors post-Brexit is subject to DPP requirements for covered product categories from their relevant deadlines.
- A Swiss company exporting to the EU is in scope – the DPP obligation follows EU market access, not EU incorporation.
For importers and distributors who source products from non-EU manufacturers, the compliance obligation shifts to the importer if the manufacturer has not established the DPP. The importer becomes legally responsible for ensuring the product carries a compliant data carrier before it enters EU distribution. This has significant implications for private label brands and retailers who source from manufacturers outside the EU.
8. Your DPP Compliance Checklist
Use this checklist to assess your current readiness and identify the gaps that need to close before your relevant DPP deadline. For brands in the battery category, the 18 February 2027 deadline is less than 9 months away from the date of this publication.
- Confirm your product category and deadline: Identify which product categories you sell into the EU and which ESPR delegated act (or Battery Regulation) covers them. Confirm the applicable mandatory date. If your category is batteries, your deadline is 18 February 2027 – now urgent.
- Audit your product data: Inventory the data fields required by your category’s delegated act (or the battery regulation if applicable). Identify where this data currently lives and who owns it. Common gaps: carbon footprint data, supply chain material provenance, recycled content percentages.
- Register in the EU DPP Registry: Manufacturers must register their unique product identifiers in the EU DPP Registry before placing DPP-covered products on the market. Begin the registration process early – registry access may require identity verification and lead time.
- Select a DPP data platform: Choose or build the backend system that will host and serve your structured DPP data via a live API. The system must support tiered access (consumer vs. economic operator vs. regulator), structured data formats, and a minimum 10-year operational commitment.
- Configure GS1 Digital Link identifiers: Ensure your products have 14-digit GTINs and that your QR codes encode the GS1 Digital Link URL syntax. This creates the persistent identifier the ESPR regulation requires and simultaneously prepares your packaging for GS1 Sunrise 2027 compliance.
- Create your DPP-compliant QR codes (dynamic): Generate dynamic QR codes on a platform with a non-expiring guarantee. Static codes are structurally incompatible with DPP’s 10-year data maintenance obligation. Ensure the code resolves to your live DPP data endpoint via your chosen resolver.
- Implement tiered access on your DPP landing experience: Configure what consumers see (sustainability and recycling information), what economic operators see (detailed technical data), and what regulators see (compliance records). A single-level public page does not meet the ESPR access control requirement.
- Test the full data chain: Scan the printed QR code on a physical sample. Verify the identifier resolves correctly. Verify each access tier shows the correct data subset. Test on iOS and Android, and in low-light conditions. Submit to your EU regulatory representative for compliance review if in the battery category.
- Update your packaging artwork: Coordinate with your packaging designer to integrate the DPP QR code. ESPR Article 10 requires it to be affixed visibly to the product or packaging. If you are also achieving GS1 Sunrise 2027 compliance, this may be the same code – confirm placement meets both requirements’ guidelines.
9. Frequently Asked Questions
Is the EU Digital Product Passport the same as GS1 Sunrise 2027?
No – they are separate regulatory requirements, but they converge on the same technical solution. GS1 Sunrise 2027 is an industry-led initiative requiring retail POS systems to scan 2D barcodes by December 31, 2027. The EU DPP is a legally mandated data transparency requirement under ESPR Regulation (EU) 2024/1781, with the first deadline on 18 February 2027 for batteries. The connection is technical: both are best implemented using a QR code built on the GS1 Digital Link standard – which means a single, properly configured code can satisfy both requirements simultaneously.
Do I need a GS1 Digital Link QR code for DPP compliance?
Not strictly required – ESPR Article 10 specifies that the data carrier must use open, interoperable formats without vendor lock-in, and comply with ISO/IEC standards. GS1 Digital Link is explicitly recommended by the ESPR technical framework and by most DPP implementation guidance from industry bodies because it encodes a globally standardised product identifier. If your product also needs to scan at retail checkout (GS1 Sunrise 2027 compliance), then GS1 Digital Link is both the DPP-recommended solution and the retail-required one – making it the single most practical implementation for consumer goods brands.
What is the penalty for non-compliance with the EU DPP?
ESPR non-compliance results in automatic blocking of products at EU borders, fines proportionate to global annual turnover (the EU’s established enforcement model under similar product regulations), and refusal of listing by EU distributors. The enforcement mechanism is market access restriction: a product without a compliant DPP cannot be legally placed on the EU market from its applicable deadline. For brands dependent on EU revenue, this is commercially equivalent to losing the right to sell in Europe.
Does the DPP apply to products already on shelves before the deadline?
Generally, DPP requirements apply to products placed on the EU market – meaning first made available in EU distribution – after the applicable deadline. Products already in inventory before the deadline may benefit from transitional provisions in the specific delegated act. For ongoing sales and new production runs after the deadline, DPP compliance is mandatory. Brands should confirm transitional provisions in the specific delegated act for their category.
Can a small brand use a single QR code for both consumer engagement and DPP compliance?
Yes – and this is the most efficient implementation. A dynamic QR code built on GS1 Digital Link syntax can resolve differently depending on the context of the scan. Consumer smartphones see your brand’s landing page (sustainability story, product information, loyalty programme). Regulatory systems and DPP-aware scanning applications access the structured product data endpoint required by ESPR. This is the same principle that makes GS1 Digital Link valuable for GS1 Sunrise 2027: one code, context-dependent resolution. For small brands, this approach minimises label complexity and avoids placing multiple codes on packaging.
How long does a DPP need to stay active?
ESPR requires manufacturers to maintain DPP data for a minimum of 10 years following a product’s placement on the EU market. If a company ceases operations, the data must be transferred to a central registry maintained by the European Commission. The QR code on the product must resolve to that data for the entire 10-year period. This is why the non-expiring nature of your QR code platform is a direct compliance consideration – any platform that deactivates codes on subscription lapse is structurally incompatible with a 10-year maintenance obligation.
Create Your QR Code Today
OpenQR codes never expire, support GS1 Digital Link syntax, and give you full dynamic redirect control – everything your DPP implementation needs from the data carrier layer. Free 14-day trial, no credit card required.