On May 30, 2025, CEN and CENELEC published the first six European Standards for the Digital Product Passport (DPP): EN 18216 through EN 18223. These standards form the technical foundation on which manufacturers, importers, and platform operators must implement the requirements of ESPR Regulation (EU) 2024/1781. This article explains what each standard covers, how it connects to existing regulation, and which architectural decisions companies should be making right now.
Why These Standards Are Appearing Now
The ESPR has been binding EU law since it entered into force in 2024. It requires economic operators to provide a DPP for certain product categories — one that contains "current and accurate information," in the regulation's own words. What that means in technical terms, however, the ESPR left open. CEN and CENELEC are now closing that gap with a package of standards covering data exchange, unique identifiers, data carriers, storage architecture, APIs, and system interoperability.
The timing is no coincidence. The European Commission is simultaneously working on implementing regulations for sector-specific DPP requirements — covering textiles, steel, and electronics, among others. Without harmonized technical standards, those regulations would be nearly impossible to enforce. CEN and CENELEC are providing the foundation on which the delegated acts can build.
The Six Standards at a Glance
EN 18216 – Data Exchange and General Data Model
EN 18216 defines the overarching data model for the DPP: what information classes exist, how they are structured, and the rules governing their exchange. The standard systematically distinguishes between data at the product level (item) and the batch level (lot) — a distinction the JRC already introduced in its steel drafts and one that is critical for dynamic data such as the product-specific carbon footprint under ISO 14067.
EN 18217 – Unique Identifiers
EN 18217 governs how products and product instances are uniquely identified within the DPP ecosystem. The standard is written in a technology-neutral way but explicitly references existing identification systems — including the GTIN from the GS1 standard. For companies already working with GS1 Digital Link, EN 18217 provides legal certainty: the identifiers used there are standard-compliant.
EN 18218 – Data Carriers
EN 18218 specifies which physical and digital data carriers are permitted for the DPP: QR codes, DataMatrix, RFID/NFC, and others. Particularly relevant is the connection to RAIN RFID: TEKLYNX has already updated its CODESOFT software to support GS1 "++" encoding schemes, which allow web URLs to be written directly into RAIN RFID tag memory — a requirement that follows from the combination of EN 18220 and the GS1 Digital Link standard.
EN 18219 – Data Storage and Registry Architecture
EN 18219 is the most architecturally significant standard in the package. It defines how DPP data is stored, versioned, and made discoverable through a registry. The core principle: the registry does not store the actual passport data — only the unique identifier, the resolver endpoint, and the commodity code. The passport data itself remains with the manufacturer or an authorized data trustee.
This decentralized architectural pattern aligns with the draft implementing regulation on the DPP registry, as analyzed on qr3.app. The CIRPASS-2 consortium explicitly recommended in its comments on the registry draft that EN 18219 be incorporated into the implementing regulation as a binding reference — in part to ensure interoperability with GS1 Digital Link. With the standard now published, that recommendation is actionable.
EN 18220 – APIs and Data Access
EN 18220 defines the interfaces through which DPP data can be retrieved programmatically. The standard specifies endpoint structure, authentication requirements, and response formats. For developers, this means: anyone building a compliant DPP platform must implement this API specification. A minimal example of a compliant resolve request might look like this:
GET /dpp/resolve/{identifier}
Accept: application/json
Authorization: Bearer <token>
The standard does not mandate a specific programming language, but it is oriented around RESTful principles and JSON as the primary exchange format.
EN 18223 – System Interoperability
EN 18223 rounds out the package by addressing interoperability between different DPP systems, platforms, and national infrastructures. The standard defines conformance levels and specifies the minimum requirements a system must meet to be considered interoperable. For companies operating across multiple EU member states, EN 18223 is the most directly relevant standard: it prevents national implementations from becoming isolated technical silos.
Connection to the Battery Regulation and Sector-Specific Requirements
This standards package is not sector-isolated. The Battery Regulation (EU) 2023/1542 already implicitly recognizes the lot/item distinction: capacity data that changes through degradation must be kept current. Without a clear storage and resolver architecture — as EN 18219 and EN 18220 now define — that requirement is nearly impossible to fulfill. Manufacturers of industrial batteries and electric vehicle batteries can therefore use the new standards directly as an implementation guide.
The same applies to the steel sector: the JRC draft for steel-specific DPP requirements stipulates that the product-specific carbon footprint be maintained at the batch level and calculated using ISO-14067-compatible methods. EN 18216 provides the data model for this; EN 18219 provides the storage architecture.
What You Should Do Now
Audit Your Identification Infrastructure
The first step is to verify whether your existing product identifiers are compliant with EN 18217. If you're already using GTINs and GS1 Digital Links, you're well positioned. If you rely on proprietary identifiers, you'll need to develop a migration strategy.
Plan Your Resolver Architecture
EN 18219 makes a resolver infrastructure mandatory. You'll need to decide whether to operate your own resolver or use a third-party provider. The critical requirement is that the resolver supports the response formats defined in the standard and can communicate with the central EU DPP registry.
Ensure API Conformance
If you operate your own DPP platform, you must implement the EN 18220 interfaces. For companies without in-house IT capacity, the recommendation is to select a platform early — one that fully supports the standards, not just selected aspects of them.
Looking Ahead: Additional Standards and Delegated Acts
CEN and CENELEC have announced that the standards package will be expanded incrementally. In parallel, the European Commission is working on the sector-specific implementing regulations that will build on these standards. A regulation for textiles is expected before the end of 2025; further steps for electronics and additional product categories will follow through 2027.
Companies that begin implementation now have a structural advantage: they can make architectural decisions without the pressure of imminent deadlines, and they can adapt their systems incrementally to new sector-specific requirements — rather than building monolithic solutions under time pressure that make future changes harder.
The publication of EN 18216 through EN 18223 is not a bureaucratic milestone — it's the starting gun for a concrete implementation phase. If you understand the standards, you can make the right architectural choices today.
