EU Digital Product Passport: What the New Standards and Registry Rules Mean

The Regulatory Framework Is Taking Shape

Since the adoption of ESPR Regulation (EU) 2024/1781, the Digital Product Passport (DPP) is no longer a future project — it is binding EU law. The regulation establishes ecodesign requirements and sustainability obligations for products, creating the framework legislation on which sector-specific implementing regulations will be based. In May and June 2026, implementation progress advanced significantly in a short period of time: technical standards were adopted, a draft for a central registry has been published, and the Joint Research Centre has released initial content requirements for steel products.

If you are a manufacturer, importer, or software provider following these developments, you are facing an unusually dense stream of news. This post puts the most important developments in context.

CEN/CENELEC Publishes the First Harmonized DPP Standards

What Standards EN 18216 through EN 18223 Cover

On May 27, 2026, CEN and CENELEC published the first six harmonized European standards for the DPP. Developed by Joint Technical Committee JTC 24, they define the foundational technical infrastructure:

Standard	Subject
EN 18216	General framework and terminology
EN 18219:2026	Unique Identifiers
EN 18220:2026	Data Carriers
EN 18222	API protocols and resolver interfaces
EN 18223	Core data model

The standards specify which identifiers are permissible, how data carriers — QR codes, GS1 DataMatrix, or RFID tags — must be technically implemented, and which API interfaces a resolver endpoint must provide. Together, they establish the conditions under which scanning a product code actually leads to a machine-readable, interoperable product passport.

What This Means in Practice

The standards are not legally binding in the way a statute is, but they will be referenced as technical benchmarks in the delegated acts under the ESPR Regulation. Compliance with the standards allows you to invoke the presumption of conformity. For software providers and system integrators, this means the standards are effectively the mandatory specification.

At the DPP4EU 2026 Conference, held in Brussels in early June, the standards were presented publicly for the first time — along with open-source test environments intended to enable conformity testing of implementations.

The Central DPP Registry: Three Data Points, Decentralized Data Storage

What the Commission Draft Proposes

On April 29, 2026, the European Commission published the draft implementing regulation for the central DPP Registry. The core principle is radically lean: the Registry stores only three data points per entry:

The Unique Identifier (UID) of the product
The resolver endpoint through which the actual product passport can be retrieved
The associated commodity code (e.g., GTIN or equivalent identifier)

The actual product data — CO₂ footprint, material composition, repairability — remains with the manufacturer or a data storage provider of their choosing. The Registry is therefore not a central data repository but a directory service: it ensures that an identifier points globally and unambiguously to a resolver, which in turn delivers the product passport.

For a detailed analysis of this draft, see the qr3.app blog for posts on the EU DPP Registry.

Response from the CIRPASS-2 Consortium

The EU-funded CIRPASS-2 Consortium has submitted its position on the draft. The main points of criticism concern the Registry's governance structure, the question of data sovereignty in cross-border supply chains, and interoperability with existing identification systems such as GS1 Digital Link. Among other things, the consortium recommends that standard EN 18219 be explicitly referenced in the implementing regulation.

JRC Draft for Steel: Granularity as the Key Issue

The Commission's Joint Research Centre has published a draft DPP for semi-finished iron and steel products. It is significant for several reasons — and not only for the steel industry.

Product Level vs. Batch Level

The JRC draft systematically distinguishes between data that must be maintained at the product level (by serial number) and data that must be maintained at the batch level (by lot number). This distinction is critical for database architecture and identifier strategy:

Batch level: recycled content, alloy composition, product-specific carbon footprint (PCF)
Product level: dimensions, certifications, declarations of conformity

Under the draft, the product-specific carbon footprint is calculated using recognized calculation rules — specifically, methods compatible with the ISO 14067 standard are referenced. For steel manufacturers that have so far only captured aggregated Scope 3 data, this represents a significant effort in data collection across melting and rolling processes.

Implications for Other Sectors

The steel draft is the first JRC proposal to address the granularity question so explicitly. It is reasonable to expect that similar structures will be adopted in the DPP drafts for textiles, electronics, and batteries. The Battery Regulation (EU) 2023/1542 — currently the only binding sector act with its own DPP obligations — already implies this distinction, though without formalizing it as clearly.

REACH Microplastics: First Reporting Deadline Now in Effect

In parallel with DPP developments, ECHA published guidance in May 2026 on the REACH reporting obligation for synthetic polymer microparticles. The first reporting deadline for manufacturers and industrial downstream users of polymer pellets, flakes, and powders took effect in May 2026.

This obligation is initially separate from the DPP regime, but the substantive overlap is clear: data on microplastic emissions and polymer content will in the future also be subject to reporting requirements under the DPP — particularly for packaging and textiles. Companies that build REACH-compliant data structures now are creating a foundation that can later be transferred into the DPP.

Software and Infrastructure: Industry Responds

The adoption of the standards is having a measurable impact on the software landscape. TEKLYNX has updated its CODESOFT software and now supports GS1 "++" encoding schemes (EPC++ and ISO BD), enabling web URLs to be written directly into RAIN RFID tag memory — a requirement that follows from the combination of EN 18220 (Data Carriers) and the GS1 Digital Link standard.

This is not an isolated case: several labeling and serialization software vendors have announced updates in recent weeks that explicitly reference the new EN standards. The industry's interpretation is unambiguous — the standards are being treated as a mandatory specification, even though they formally have the status of harmonized standards.

Timeline and Next Steps

The consultation period for the Registry draft closed on May 27, 2026. In parallel, the Commission is working on delegated acts for the first product groups — textiles and batteries are considered priorities. JRC drafts for additional sectors are expected in the coming months.

For companies that are now building or evaluating systems, three concrete areas for action emerge:

Identifier strategy: Which UIDs will you use, and are they EN 18219-compliant? GTINs with GS1 Digital Link are a well-established starting point.
Resolver architecture: Your own resolver endpoint must be permanently reachable and EN 18222-compatible. Data storage remains with the manufacturer — not with the EU Registry.
Data granularity: You should already be checking whether your internal systems can distinguish between batch level and product level — the JRC draft for steel shows where things are headed.

Regulatory density will continue to increase over the next twelve months. Building a scalable data infrastructure now means avoiding costly migrations later.