EU Commission Publishes Draft DPP Registry Implementing Regulation

Background: Why a Central Registry?

The Digital Product Passport (DPP) is not a monolithic system — it is a decentralized ecosystem: manufacturers store product data on their own servers or those of contracted providers, and consumers and authorities access that data through standardized interfaces. This only works reliably when a neutral authority ensures that every unique product identifier resolves to a valid data point. That is precisely the gap the central DPP Registry is designed to close.

The legal foundation is provided by ESPR Regulation (EU) 2024/1781, which establishes the framework for ecodesign and product sustainability requirements. It mandates that such a registry must be operated — but left the specifics to an implementing regulation. The European Commission published that draft on April 29, 2026.

What the Draft Specifically Requires

A Lean Data Schema — Deliberately Minimalist

The Registry is explicitly not a data silo for product information. According to the draft, it stores only three data points per entry:

the Unique Identifier (UID) of the product,
the resolver endpoint through which the actual product passport can be retrieved,
the associated commodity code (e.g., a GS1 GTIN or an equivalent identifier).

All additional product data — material composition, repairability index, carbon footprint — remains the responsibility of sector-specific regulation. For batteries, the Battery Regulation (EU) 2023/1542 already serves as a precursor with its own DPP requirements; for textiles and electronics, delegated regulations under ESPR will follow.

This separation makes architectural sense: the Registry remains stable and product-category-agnostic, while sector-specific data obligations can be adapted flexibly.

Resolver Logic and GS1 Digital Link

The decision to store only the resolver endpoint in the Registry is no coincidence. It directly corresponds to the GS1 Digital Link standard, which defines URLs as structured product identifiers and enables consistent resolution across different systems. A QR code on a product contains the UID; scanning it leads to the resolver, which in turn redirects to the actual passport data.

For companies that already use dynamic QR codes and manage their destination URLs centrally, this model is essentially the familiar redirect principle — just with regulatorily defined metadata.

Retention Requirement: 10 Years After Placing on the Market

One of the most far-reaching requirements in the draft concerns data maintenance: Registry entries must remain available and up to date for at least 10 years after the last time a product is placed on the market. The phrase "last placing on the market" is significant — it refers not to the end of production, but to the last sale in the EU. For long-lived industrial goods or spare parts, this can effectively mean availability for 15 to 20 years.

This places substantial demands on the system stability of resolver infrastructure. Companies that outsource operations to third-party providers must contractually ensure that resolver endpoints remain accessible over this period — including provisions for corporate acquisitions, insolvencies, or technology migrations.

International Standardization: ISO/IEC JTC 5

In parallel with EU regulation, an important body has been formed at the international level. ISO and IEC have established Joint Technical Committee 5 (ISO/IEC JTC 5), dedicated exclusively to DPP standardization. The secretariat is held by the German Institute for Standardization (DIN) — a signal that years of groundwork by German industry circles is bearing fruit at the international level.

The mandate of ISO/IEC JTC 5 is clearly defined: the committee is to develop international standards that ensure the global interoperability of DPP systems. In doing so, it addresses a structural problem: EU regulation creates a regional framework, but supply chains are global. A battery supplier in South Korea exporting to the EU must provide DPP-compliant data — yet no uniform international standard currently exists for how that data should be formatted and transmitted.

The Relationship Between EU Law and ISO/IEC Standards

ISO/IEC JTC 5 and the EU implementing regulation are not competing systems — they are complementary layers. The EU defines what must be in the Registry and for how long. ISO/IEC JTC 5 will likely standardize how data is structured, exchanged, and validated. In practice, this means that companies building DPP systems today should keep an eye on both tracks of development.

Product Categories in Focus: Batteries, Textiles, Electronics

The draft explicitly names three product categories for which the Registry is to become operational first:

Batteries are already the most thoroughly regulated. The Battery Regulation sets out DPP requirements for industrial batteries, electric vehicle batteries, and starter batteries, with staggered implementation dates starting in 2026.

Textiles are under heightened political pressure from the EU Strategy for Sustainable Textiles. Disclosures on fiber composition, origin, and recyclability are expected here.

Electronics is the most complex category: short product life cycles, global supply chains, and the sheer number of product variants place particular demands on UID assignment and resolver stability.

What the Draft Does Not Cover

It is worth explicitly noting what the draft deliberately leaves open:

Data schema for passport content: Which fields a DPP for a textile product must contain is governed not by the Registry, but by the delegated regulation for textiles.
Data carrier technology: QR code, NFC, RFID, or Data Matrix — the draft is technology-neutral. The choice of physical data carrier is left to manufacturers, as long as the UID is machine-readable.
Access rights: Who may access which passport data (consumers, authorities, repair shops) is governed by the sector-specific regulations.

Next Steps and Timeline

The draft is currently in the public consultation phase. Companies, industry associations, and member states may submit comments until the end of the consultation period. The final implementing regulation is expected to be adopted in 2026, with staggered implementation deadlines depending on the product category.

If you are already building bulk import processes for product data or scaling QR code infrastructure today, it is worth engaging early with the UID requirements and resolver architecture. Relying on proprietary identifiers now risks costly migrations once the implementing regulation enters into force.

The combination of EU regulation (what and for how long) and ISO/IEC standardization (how and in what format) will fundamentally shape the market for DPP infrastructure in the coming years. The April 29, 2026 draft is not the end of a long process — it is the beginning of the operational phase.