First European Standards for the Digital Product Passport Published

CEN and CENELEC have published six harmonized standards (EN 18216–18223) for the EU Digital Product Passport. What they require — and what that means in practice.

af QR3 Redaktion

First European Standards for the Digital Product Passport Published

CEN and CENELEC published the first six harmonized European standards for the Digital Product Passport (DPP) in late May 2026. The EN 18216 to EN 18223 series defines the core technical architecture, unique identifiers, data carriers, and APIs — establishing, for the first time, a binding, standardized foundation beneath the legislative regulation level.

What the New Standards Cover

The six standards complement the legal framework set by the ESPR Regulation (EU) 2024/1781 and product-specific legislation such as the Battery Regulation (EU) 2023/1542. While the regulations define the what — which data a product passport must contain — EN 18216 to EN 18223 define the how: data models, communication protocols, and physical data carriers.

Six Standards, One Coherent System

The standard series is organized into thematic blocks:

  • EN 18216 establishes the overarching framework and terminology.
  • EN 18217 specifies the data model and semantic structure of DPP entries.
  • EN 18218 governs the assignment and management of unique product identifiers.
  • EN 18219 defines permissible physical data carriers — including QR codes based on the GS1 Digital Link standard.
  • EN 18220 describes the API interfaces for retrieving and updating passport data.
  • EN 18221–18223 address security requirements, access control, and trust infrastructure.

EN 18219 is particularly relevant for implementation: the standard mandates that physical products must carry machine-readable data carriers that point to a persistent digital twin. QR codes conforming to the GS1 Digital Link schema are explicitly listed as a compliant solution.

Context: What the Regulations Already Require

These standards don't exist in a vacuum. The ESPR Regulation obliges manufacturers and importers to provide digital product passports for a growing number of product categories. The battery sector leads the way: starting February 18, 2027, industrial batteries, traction batteries for electric vehicles, and stationary storage systems with a capacity of 2 kWh or more must be equipped with a Digital Battery Passport (DBP).

The content of that passport is precisely defined by law. It includes, among other things:

  • The product-specific carbon footprint (PCF) at batch level, calculated using ISO-14067-compatible methods. According to the JRC draft from the European Commission, PCF figures may not be aggregated at the model level — they must be genuinely batch-specific.
  • State data such as State of Health (SoH) and State of Charge (SoC) for reused batteries in the second-life market.
  • Material composition, supply chain documentation, and recycling information.

The new CEN/CENELEC standards now provide the technical infrastructure to deliver this legally required data in an interoperable, tamper-resistant, and machine-readable way.

Structural Challenges in Practice

Despite this normative progress, the Minespider Implementation Report 2026 shows that many companies still have significant gaps in their compliance readiness. The report identifies two structural problems that run across the entire value chain:

Problem 1: Data Fragmentation

Relevant product data is held by different actors along the supply chain — raw material suppliers, component manufacturers, logistics providers — in a variety of formats and systems. A consolidated, standards-compliant data foundation does not yet exist for most companies. The new standards define the target data model, but they do not solve the organizational challenge of data collection.

Problem 2: Dynamic Data Updates

A DPP is not a static document. State data such as SoH changes over the product lifecycle. EN 18220 addresses this through API specifications for live updates — but it presupposes that companies have the necessary backend systems and data pipelines in place to deliver those updates reliably.

Ecosystem: Who Can Help with Implementation?

Alongside the publication of the standards, an ecosystem of service providers and initiatives has emerged to support companies in their implementation efforts.

BatteryPass Ready Test Environment: On June 24, 2026, the BatteryPass Ready project launches its public test environment. Companies can use it to validate their DPP solutions against EU requirements — in a neutral, standards-based setting with no vendor lock-in. This is especially valuable given that the standards have been published but conformity assessment procedures are still being established.

Bureau Veritas & Circulor: The two companies have announced a strategic partnership that combines testing, inspection, and certification expertise with a digital traceability platform. The model directly addresses the data fragmentation problem: verification and data collection are brought together in a single process.

Securikett Codikett 2.0: Securikett presented a tamper-evident labeling solution directly linked to DPP data management — an approach that connects physical anti-counterfeiting (addressed in EN 18221–18223) with the digital product passport.

What Companies Should Do Right Now

The publication of these standards marks a turning point: companies can now align their technical architectures with a stable standard rather than waiting for final specifications.

In practice, the following steps are recommended:

  1. Define your identifier strategy: EN 18218 requires unique product identifiers. Companies already using GTINs and GS1 Digital Link-compliant QR codes have an advantage here — that structure is directly standards-compliant.

  2. Map your data model against EN 18217: Existing product data structures should be reviewed for gaps relative to the normative data model — particularly for batch-specific attributes such as the PCF.

  3. Assess your API readiness: EN 18220 requires readable and updatable interfaces. If you are currently representing Digital Product Passports through static data sheets or PDF documents, you will need to upgrade.

  4. Use the test environment: The BatteryPass Ready platform, available from June 2026, offers a free option for early validation — far less costly than making corrections right before the February 2027 deadline.

  5. Start supplier communication now: Since batch-specific PCF data must come from upstream suppliers, data collection is a long-term project. Companies that begin engaging their suppliers today will have a structural advantage.

Assessment: What the Standards Deliver — and What They Don't

It would be a mistake to interpret the publication of these standards as the conclusion of the regulatory process. EN 18216 to EN 18223 are a technical foundation, not a complete compliance solution. Product-specific delegated acts under the ESPR — covering textiles, furniture, electronics, and other categories — will follow incrementally, each bringing its own data requirements.

What the standards do deliver is interoperability. A DPP structured according to EN 18217 and delivered via EN 18220-compliant APIs can be read by any authorized system — regardless of which software vendor is behind it. That is the real value: not a proprietary data silo format, but an open, Europe-wide technical vocabulary.

For companies with the February 2027 deadline in sight, the message is clear: the technical homework is now defined. The time for waiting is over.