Where Things Stand: Three Parallel Tracks
The Digital Product Passport (DPP) is no longer a future project — it is happening now. In spring 2026, three regulatory and normative tracks converged simultaneously, each with direct implications for manufacturers, importers, and system integrators: the EU draft implementing regulation on the central DPP Registry, the publication of the first harmonized European standards, and the establishment of the international standardization committee ISO/IEC JTC 5. Looking at these developments in isolation means missing the bigger picture — they are deeply interconnected.
The DPP Registry: What the April 29, 2026 Draft Requires
Legal Basis and Publication
The ESPR Regulation (EU) 2024/1781 provides the overarching legal framework. It defines ecodesign and sustainability requirements for products and authorizes the Commission to issue product-group-specific delegated acts as well as technical implementing regulations. On this basis, the European Commission published the draft implementing regulation on the DPP Registry on April 29, 2026.
In parallel, the EU notified the draft to the WTO on May 21, 2026, under reference G/TBT/N/EU/1211 — a mandatory step for technical barriers to trade that triggers a 60-day comment period. Third countries and industry associations may submit objections before that deadline expires.
What the Registry Stores — and What It Does Not
On one key point, the draft is deliberately minimalist: the central Registry stores only three data points per entry:
- the product's Unique Identifier (UID),
- the resolver endpoint through which the actual product passport can be retrieved,
- the associated commodity code (e.g., a GS1 GTIN or an equivalent identifier).
The actual product data — material composition, repairability index, carbon footprint — remains decentralized with the manufacturer or a designated data operator. The Registry is therefore not a data store but an address book: it links identifiers to resolver endpoints, enabling machine-readable discovery of the passport. This architectural principle mirrors the GS1 Digital Link model, in which a structured URI points to a resolver that in turn performs context-dependent redirects.
On the technical side, the draft specifies secured APIs and the automatic verification of qualified electronic signatures — indicating that the integrity of Registry entries is to be protected cryptographically, not merely through access controls.
Implications for Market Surveillance
On May 21, 2026, the German Bundestag passed the Ecodesign Act (Ökodesign-Gesetz), modernizing the national implementation of the ESPR. It strengthens market surveillance authorities with expanded sanctioning powers and enshrines the right of access to spare parts for non-commercial repairs. In practice, this means authorities will be able to use the Registry to verify whether a product has a valid, retrievable DPP — without having to contact the manufacturer directly.
Harmonized European Standards: EN 18219, EN 18220, EN 18222
Publication and Scope
On May 28, 2026, national standards bodies — including Belgium's NBN — published the first three harmonized European standards for the DPP, developed by CEN/CENELEC Joint Technical Committee 24 (JTC 24):
| Standard | Title | Core Content |
|---|---|---|
| EN 18219:2026 | Unique Identifiers | Requirements for the uniqueness and structure of product IDs |
| EN 18220:2026 | Data Carriers | Requirements for physical and digital data carriers (QR code, RFID, etc.) |
| EN 18222:2026 | (Data Format / Interoperability) | Structural requirements for interoperable DPP datasets |
These standards are harmonized within the meaning of EU law: once they are referenced in the Official Journal of the EU, they trigger the presumption of conformity. Products certified under these standards are deemed compliant with the corresponding ESPR requirements — with no additional proof of conformity required.
What EN 18220 Means for Data Carriers
EN 18220 is particularly relevant for system integrators. The standard specifies which physical and digital data carriers are permissible for the DPP and sets minimum requirements for readability, durability, and encoding format. QR codes and GS1 DataMatrix are explicitly addressed; RFID implementations — such as those based on the RAIN standard — are also covered.
In this context, the announcement by TEKLYNX on May 28, 2026 is noteworthy: the company extended its CODESOFT labeling software to support GS1's new "++" encoding schemes (EPC++ and ISO BD), which encode web URLs directly into RAIN RFID tag memory. This is no coincidence — it is a direct response to EN 18220 and the GS1 Sunrise 2027 timeline.
ISO/IEC JTC 5: International Standardization Under German Secretariat
Establishment and Mandate
ISO and IEC have officially established the Joint Technical Committee 5 (ISO/IEC JTC 5), dedicated exclusively to the international standardization of the DPP. This is a significant development: until now, DPP standardization was distributed across sector-specific committees covering batteries, textiles, and electronics.
The secretariat is held by the Deutsches Institut für Normung (DIN) — a signal that years of groundwork by German industry circles are now bearing fruit at the international level. Germany was involved early in the technical design of the DPP through DIN and its participation in CEN/CENELEC JTC 24.
Relationship to CEN/CENELEC JTC 24
The relationship between ISO/IEC JTC 5 (global) and CEN/CENELEC JTC 24 (European) follows the Vienna Agreement: standards developed at the European level can, under certain conditions, be adopted as ISO/IEC standards, and vice versa. In practice, this means EN 18219, EN 18220, and EN 18222 could become globally available as ISO/IEC standards in the medium term — which would significantly simplify international trade for DPP-compliant products.
Relevance for Non-EU Markets
For manufacturers exporting to third-country markets, ISO/IEC JTC 5 is strategically more important than CEN/CENELEC JTC 24. When international trading partners — for example in Asia or North America — introduce their own DPP-like requirements, they will most likely align with ISO/IEC standards rather than EU-specific EN standards. The establishment of JTC 5 creates the institutional foundation for exactly that.
Batteries as a Pilot Application: Lessons from Practice
The Battery Regulation (EU) 2023/1542 is the only area where DPP requirements are already legally binding — and therefore the only area where practical experience exists. On May 27, 2026, the European Commission held an implementation webinar for the battery industry, addressing data formats, industry readiness, and SME support.
The insights from this pilot area are feeding directly into the design of the generic DPP Registry draft. In particular, the question of how resolver endpoints can be kept stable over the long term in the event of corporate acquisitions or insolvencies remains unresolved — a well-known issue from the battery DPP context.
What Manufacturers Should Do Now
The regulatory architecture is clearer than ever, but it is not yet finalized. Three concrete areas of action emerge:
Define your identifier strategy: EN 18219:2026 sets out the requirements for Unique Identifiers. If you are not yet using GTIN-based identification, you should now assess whether GS1-compliant identifiers meet the requirements — or whether product-group-specific regulations impose different specifications. The DPP concept on qr3.app explains how UID, resolver, and commodity code work together.
Build your resolver infrastructure: The Registry points to resolver endpoints — these must be stable, secured, and available for the long term. A resolver that goes offline after two years renders the Registry entry worthless. The choice between running your own resolver and using a third-party provider is a strategic decision with lasting consequences.
Use the WTO comment period: Before the 60-day comment window on WTO notification G/TBT/N/EU/1211 closes, associations and companies can submit objections. If you have specific technical or trade-policy concerns, do not let this deadline pass unused.
