The DPP4EU 2026 conference in Brussels marked a major technical milestone: the European foundational standards for the Digital Product Passport (DPP) are now finalized. Fraunhofer IPK reported on June 1, 2026 that the standards package developed under CEN/CENELEC JTC 24 establishes a coherent, technology-neutral framework for product lifecycle data. With that, the period of uncertainty about core technical principles is over — and the implementation phase has begun.
For companies that have been waiting for final standards, this is not a signal to relax. It's a starting gun.
What CEN/CENELEC JTC 24 Has Established
The JTC 24 standards committee has adopted several interlocking standards that together define the technical architecture of the DPP. Two standards are central:
- EN 18219 establishes the data model and semantic requirements for the DPP. It defines what information a passport must contain, how that information is structured, and how interoperability between different systems is ensured.
- EN 18220 governs the DPP carrier — that is, the physical or digital medium through which the passport is made accessible. It links the passport to the GS1 Digital Link standard, enabling a single URL — encoded as a QR code or RAIN RFID tag, for example — to serve as a universal entry point to all passport information.
The framework is deliberately technology-neutral. It does not mandate any specific database, cloud platform, or proprietary standard. What it does mandate is the structure of the access point and the semantics of the data — the rest is left to implementers.
Why EN 18219 Is Critical for Registry Architecture
The CIRPASS-2 consortium explicitly recommended in its comments on the draft implementing regulation for the DPP Registry that EN 18219 be incorporated as a binding reference. The reason: without that anchor, there is no interoperability bridge between national and sectoral systems.
The registry itself — as the draft implementing regulation makes clear — stores only three data points: the unique identifier, the resolver endpoint, and the commodity code. The actual passport data resides in a decentralized manner with manufacturers or authorized data trustees. EN 18219 ensures that this decentralized data remains machine-readable and interoperable regardless.
The Regulatory Foundation: ESPR and Sectoral Regulations
The technical standards are not an end in themselves. They operationalize requirements that are legally binding under ESPR Regulation (EU) 2024/1781. The ESPR requires that the DPP contain "up-to-date and accurate information" — a requirement that simply cannot be met without a clear data architecture.
This becomes especially apparent with the Battery Regulation (EU) 2023/1542: capacity data that changes over a battery's lifetime due to degradation must be kept continuously current. That requires an infrastructure capable not only of storing static product data, but of managing dynamic updates — at the individual item level, not just at the batch level.
Lot vs. Item: A Distinction with Far-Reaching Consequences
The JRC draft for the steel product group — representative of many other sectors — systematically distinguishes between two levels of data granularity:
- Batch level (Lot): Data that applies to an entire production batch, such as the product-specific carbon footprint (PCF), which must be calculated using ISO 14067-compatible methods and maintained at the lot level.
- Item level: Data that applies to an individual physical unit, such as serial number, repair history, or current state-of-health value for batteries.
This distinction is not an academic nuance. It determines how data storage, access rights, and update processes must be designed. A system that manages only lot IDs cannot meet the item-level requirements of the Battery Regulation. Conversely, a purely item-based system would not be economically scalable for bulk goods such as steel coils.
From Standard to Practice: What Companies Need to Do Now
The adoption of these standards marks the transition from the specification phase to the implementation phase. For companies in affected sectors, this means taking concrete action:
Step 1: Define Your Identifier Strategy
Every DPP requires a globally unique, persistent identifier. EN 18220 and the GS1 Digital Link standard define how that identifier must be structured as a resolvable URL. Companies already using GTINs and GS1 structures have a head start — they simply need to map their existing identifiers into the Digital Link schema.
A compliant GS1 Digital Link for an individual product looks like this:
https://id.example.com/01/04012345678901/21/XYZ-987654
Here, 01 represents the GTIN application identifier and 21 represents the serial number. The resolver behind this URL routes requests to different data views depending on context — consumer, repair shop, customs authority — accordingly.
Step 2: Structure Your Data Model According to EN 18219
The standard defines mandatory fields, optional fields, and permissible data formats. You need to assess which of your existing product data already meets the standard and where gaps exist — for example, in repairability scores, material compositions, or supply chain information.
Step 3: Choose and Implement a Carrier Technology
EN 18220 permits several carrier media: QR code, NFC, RAIN RFID, and others. The choice depends on product type, supply chain characteristics, and customer requirements. For industrial applications, RAIN RFID is gaining traction: TEKLYNX has already updated its CODESOFT software to support GS1 "++" encoding schemes, which allow web URLs to be written directly into RAIN RFID tag memory — a technical requirement that follows directly from the combination of EN 18220 and the GS1 Digital Link standard.
Step 4: Ensure Ongoing Dynamic Data Maintenance
The ESPR requirement for "up-to-date and accurate information" is not a one-time task. You need to establish processes that ensure passport data is updated whenever relevant events occur — repair, component replacement, resale, disposal. This requires clear accountability across the supply chain and technical interfaces between the systems involved.
What's Still Missing: Implementing Regulations and Sectoral Deadlines
The foundational standards are in place — the sector-specific implementing regulations are not yet complete. The European Commission is currently working on delegated acts for the first mandatory product groups. Batteries already have their own legal framework under Battery Regulation (EU) 2023/1542. Textiles, electronics, and steel will follow as part of the ESPR rollout.
For companies, this means: the core technical architecture is established and should be built now. Sector-specific data requirements will be defined in the coming months — but if you wait to begin implementation until all delegated acts are in place, you will find yourself under serious time pressure.
The standards are adopted. The framework is set. The question is no longer whether, but when — and how well-prepared you are when compliance becomes mandatory.
