On April 2, 2026, the responsible technical committee CEN/CENELEC JTC 24 voted positively on six harmonized standards for the Digital Product Passport (DPP). The European Commission confirmed this in an official parliamentary response — a milestone on the path toward mandatory implementation of the ESPR Regulation (EU) 2024/1781. The remaining two standards in the package are still going through the voting process.
What Was Voted On — and What Is Still Pending?
The Six Adopted Standards
CEN/CENELEC JTC 24 is the European standardization body tasked by the Commission with developing harmonized standards for the DPP. According to the Commission's parliamentary response, the six positively voted standards cover three core technical areas:
- Unique Identifiers: Unambiguous product identification ensuring that every product passport can be mapped to exactly one physical object.
- Data Carriers: Physical carriers of digital information — including QR codes, RFID tags, and barcodes that provide access to the passport.
- APIs: Machine-readable interfaces for standardized data exchange between manufacturers, authorities, and consumers.
These three areas are not arbitrary technical details. They form the backbone of any DPP implementation: without unique identifiers there is no traceability, without standardized data carriers there is no scan-to-access, and without uniform APIs there is no interoperability between different systems and actors along the supply chain.
The Two Pending Standards
The Commission has not published any substantive details about the two standards still awaiting a vote. It is reasonable to assume they address complementary aspects — such as data protection requirements or sector-specific extensions. No final voting date has been announced so far.
Context: Where Do We Stand in the DPP Regulatory Process?
The ESPR as the Framework Regulation
The ESPR Regulation (EU) 2024/1781 defines the overarching requirements for ecodesign and product sustainability. It is the framework regulation that legally anchors the DPP — but does not itself specify technical requirements. That task falls to delegated acts and the harmonized standards developed by CEN/CENELEC.
The positive vote of April 2026 is therefore not an end in itself, but a prerequisite for the Commission to reference the standards in the Official Journal of the EU. Only once that reference is published do the standards acquire the legal status of harmonized standards — and with it the so-called presumption of conformity: products that comply with these standards are deemed to be ESPR-compliant.
The DPP Registry as Complementary Infrastructure
In parallel with the standards, the Commission published a draft for the central DPP Registry on April 29, 2026. According to the draft, this registry will store only three data points per entry: the product's Unique Identifier (UID), the resolver endpoint through which the actual product passport can be retrieved, and the associated commodity code — such as a GS1 GTIN or an equivalent identifier. qr3.app has covered the details in a separate article on the EU DPP Registry draft.
The standards and the registry are interdependent: the Unique Identifiers standard defines the format of UIDs, while the registry ensures those UIDs are centrally resolvable. A product without a standards-compliant identifier cannot be correctly registered in the registry — and conversely, a registry entry without a standardized resolver endpoint is unusable by third parties.
Batteries as a Forerunner
For batteries, the Battery Regulation (EU) 2023/1542 already serves as a sector-specific precursor with its own DPP requirements. The lessons learned there — particularly around implementing QR codes as data carriers and connecting to resolver services — are feeding into the general CEN/CENELEC standards. Manufacturers already implementing battery DPPs are likely to benefit from the technical compatibility.
International Standardization: ISO/IEC JTC 5
DIN Takes on the Secretariat
European standardization work is embedded in a broader international context. ISO and IEC have established Joint Technical Committee 5 (ISO/IEC JTC 5), dedicated exclusively to the global standardization of the DPP. The secretariat is taken on by the German Institute for Standardization (DIN) — a signal that years of preparatory work by German industry circles is bearing fruit at the international level, as the IEC e-tech Magazine also reports.
The Relationship Between CEN/CENELEC and ISO/IEC
CEN/CENELEC and ISO/IEC collaborate closely through the Vienna and Frankfurt Agreements to avoid duplication of effort. In practice, this means European standards from CEN/CENELEC can be adopted as ISO/IEC standards and vice versa. For manufacturers operating globally, this is significant: compliance with the CEN/CENELEC standards for the EU DPP will likely satisfy the requirements of a future ISO/IEC standard to a large extent — provided coordination between the two bodies proceeds as planned.
What Does This Mean for Manufacturers and Implementers?
Act Now, Don't Wait
The positive vote of April 2026 is not a conclusion — it's a starting gun. There is still an implementation window before the official publication in the EU Official Journal and the first product-specific delegated acts, but that window is shorter than it appears. Experience from the Battery Regulation shows that companies that start technical implementation early face significantly less rework than late adopters.
Concretely, the following approach is recommended:
- Define your identifier strategy: Which UID format will you use? GS1 GTINs are the natural choice for many product categories, as they already exist in current systems and are compatible with the GS1 Digital Link standard.
- Choose your data carrier: QR codes are currently the dominant standard for consumer-facing products. The CEN/CENELEC standards are likely to permit multiple formats, but the QR code's practical market penetration is a strong argument in its favor.
- Check API compatibility: Existing PIM or ERP systems need to verify whether their export interfaces support the standardized API formats or whether middleware will be required.
- Anticipate registry requirements: The DPP Registry draft of April 29, 2026 is not yet final, but the three core data points (UID, resolver endpoint, commodity code) are already known and can be factored into your system architecture.
Technical Minimum Requirements at a Glance
Even though the standards have not yet been referenced in the Official Journal, the course of the standardization work and the registry draft allow a minimum technical profile to be derived:
| Requirement | Technical Approach | Relevant Standard |
|---|---|---|
| Unique product identifier | GS1 GTIN, UUID, or equivalent | CEN/CENELEC JTC 24 – Unique Identifiers |
| Physical data access | QR code (ISO 18004), RFID, barcode | CEN/CENELEC JTC 24 – Data Carriers |
| Machine-readable data | REST API, structured JSON/XML | CEN/CENELEC JTC 24 – APIs |
| Central resolution | Resolver endpoint in EU Registry | EU DPP Registry draft (April 2026) |
Outlook: Timeline and Open Questions
The Commission has not published a binding timeline for the Official Journal referencing of the six standards. Based on past experience, this process typically takes between six and eighteen months after a positive vote — depending on formal reviews, translations, and the Commission's internal approval procedures.
In parallel, work continues on the product-specific delegated acts that will determine which product categories need a DPP and when. Textiles, electronics, and furniture are considered priority categories, but concrete deadlines remain open.
For companies that begin DPP implementation now, the message is clear: the technical foundations have largely been established with the April vote. Investing in system architecture today means building on a solid foundation — even if the final regulatory details are still pending.
