The Standards Framework Is in Place — What CEN/CENELEC JTC 24 Has Adopted
At the end of May 2026, CEN and CENELEC published the first harmonized European standards for the Digital Product Passport. The EN 18216–EN 18223 series defines the core technical infrastructure: unique identifiers, data carriers, APIs, and the interoperability framework. The standards were developed under CEN/CENELEC JTC 24, the Joint Technical Committee that the Commission established in 2022 specifically for ESPR-related work.
At the DPP4EU 2026 Conference, held in Brussels in early June, the standards were presented publicly for the first time — alongside open-source test environments intended to enable conformance testing of implementations. Fraunhofer IPK, which participated in the standardization work, summed up the message concisely: the standards are here; now industry needs to bring them to life.
What the Standards Actually Cover
The series is modular. At a high level, three layers can be distinguished:
| Standard | Subject | Relevance for Implementers |
|---|---|---|
| EN 18216 | Framework and terminology | Required reading for architecture decisions |
| EN 18219 | Data model and attribute semantics | Basis for database schema and API design |
| EN 18220 | Data carriers (QR, RFID, DataMatrix) | Determines which physical carriers are permitted |
| EN 18221–18223 | Resolver, registry connection, APIs | Interfaces to the central EU registry |
For companies already working with GS1 Digital Link, EN 18220 is particularly relevant: the standard references GS1 Digital Link as the preferred carrier format for QR codes and Data Matrix symbols. This comes as no surprise, but it does represent a binding requirement where previously only a recommendation existed.
The JRC Steel Draft as a Blueprint for Other Sectors
In parallel with the standards publication, the Commission's Joint Research Centre released a draft DPP for semi-finished iron and steel products. The draft is significant beyond the steel industry because it is the first to systematically distinguish between two data-management levels:
Batch level (lot number):
- Recycled content share
- Alloy composition
- Product-specific carbon footprint (PCF)
Product level (serial number):
- Dimensions and geometric characteristics
- Certifications and test reports
- Declarations of conformity
This distinction is non-trivial from a database architecture perspective. A product can carry a unique serial number while still inheriting attributes maintained at the batch level — for example, the PCF, which under the draft must be calculated using rules compatible with ISO 14067.
Comparison with the Battery Regulation
The Battery Regulation (EU) 2023/1542 — currently the only binding sector act with its own DPP obligations — implicitly recognizes this distinction. Battery cells are serialized at the cell level, but capacity data is reported at the module level. The JRC steel draft formalizes this pattern explicitly, setting a precedent: future implementing regulations for other product groups (textiles, electronics, furniture) will likely adopt the same schema.
For implementers, this means that an identifier strategy based solely on serial numbers will not be sufficient for batch-level attributes. If you are designing a DPP database architecture today, you should plan for the batch → product → component hierarchy from the outset.
CIRPASS-2: Criticism of Governance and Interoperability
The CIRPASS-2 consortium, funded by the Commission and bringing together stakeholders from industry, research, and civil society, has submitted its position on the draft implementing regulation for the central DPP registry. The key points of criticism:
1. Registry governance: The draft leaves open which body will operate the registry in the long term and under what rules access rights will be granted. CIRPASS-2 calls for a clear separation between technical operations and regulatory oversight.
2. Data sovereignty in cross-border supply chains: If a manufacturer in Vietnam supplies semi-finished goods to a German processor who then exports to the EU — who bears the data obligation, and which law governs the information stored in the passport? The draft does not provide a satisfactory answer.
3. Interoperability with existing systems: The consortium explicitly recommends that EN 18219 be cited as a reference directly in the implementing regulation. Without that anchor, there is a risk that national implementations will develop their own data models that are incompatible with the EU framework.
The registry itself will — as analyses of the Commission's published documentation have clarified — store only unique identifiers and resolver URLs. The actual passport data remains decentralized with manufacturers or the service providers they appoint. This reduces the technical burden on the Commission, but shifts full responsibility for data availability and integrity to industry.
Peripheral Developments: REACH Microplastics and RFID Encoding
Two further developments from May/June 2026 are relevant for DPP practitioners, even if they appear peripheral at first glance.
ECHA Guidance on Synthetic Polymer Microparticles
In May 2026, ECHA published guidance on REACH reporting obligations for synthetic polymer microparticles. The first reporting deadline for manufacturers and industrial downstream users of polymer pellets, flakes, and powders has now taken effect. The direct DPP connection: once the implementing regulation for plastic products enters into force, microplastic content will very likely appear as a mandatory passport attribute — analogous to the recycled content share in the steel draft. Structuring your REACH data now gives you a head start.
TEKLYNX CODESOFT and GS1 "++" Encoding
TEKLYNX has updated its CODESOFT labeling software to support GS1 "++" encoding schemes (EPC++ and ISO BD). This allows web URLs to be written directly into RAIN RFID tag memory — a requirement that follows from the combination of EN 18220 and the GS1 Digital Link standard. This is not a niche topic: RFID is the preferred data carrier for many product groups (textiles, logistics units, industrial components), and the ability to encode a complete Digital Link URI in the tag is a prerequisite for a compliant DPP implementation.
What to Do Now
The ESPR Regulation (EU) 2024/1781 has been binding EU law since its adoption. The technical standards have been published. The first sector-specific draft (steel) is on the table. For companies, this translates into a clear course of action:
Define your identifier strategy: Serial number, lot number, or both? The answer depends on your product type, but the decision should be made now — not when the implementing regulation for your product group enters into force.
Align your data model with EN 18219: If you are adapting an ERP or PLM system today, use the standard's attribute semantics as your reference rather than proprietary schemas.
Review your resolver infrastructure: The registry stores only URLs. The availability of the resolver — and therefore of the entire passport — is the manufacturer's responsibility. SLA requirements and backup strategies are not IT details; they are regulatory obligations.
Structure your REACH data: If you process polymers or plastic components, use the new ECHA guidance as groundwork for future DPP attributes.
The open questions — registry governance, data sovereignty, interoperability with non-EU systems — will shape the comment period for the implementing regulation. The CIRPASS-2 position paper shows that industry is taking these questions seriously. Companies that want to engage in this process still have a window of opportunity before the implementing regulation is finalized.
