The Regulatory Framework Is Tightening
Summer 2026 marks a turning point in European product regulation. The ESPR Regulation (EU) 2024/1781 has been binding EU law since its adoption — and the first product-specific implementing regulations are now taking concrete shape. At the same time, on June 9, 2026, the European Commission opened infringement proceedings against 20 member states that had failed to transpose the Directive Empowering Consumers for the Green Transition (EU) 2024/825 (EmpCo) into national law on time. Greenwashing prohibitions and obligations to communicate durability and repairability are no longer merely political declarations of intent — they are being enforced.
For companies placing physical products on the EU market, this creates a complex set of obligations. This article brings together the key developments of recent weeks and places them within the overall architecture of the Digital Product Passport (DPP).
The DPP Registry: A Directory, Not a Data Store
What the Implementing Regulation Establishes
The draft implementing regulation on the DPP Registry, published by the European Commission at the end of May, resolves a central architectural question: the central registry stores only the unique product identifier, the resolver endpoint, and the commodity code — not the actual passport data. The model follows a DNS-like directory principle: anyone wanting to retrieve a DPP queries the registry for the responsible resolver, which in turn points to the manufacturer's own data systems or an accredited data space.
This decision has far-reaching consequences for system architecture. Manufacturers must ensure — either directly or through certified service providers — that their data infrastructure is accessible, up to date, and standards-compliant. The ESPR does not prescribe an explicit update frequency, but it does expressly require that the DPP must contain "current and accurate information." For products with dynamic characteristics — such as batteries whose capacity decreases through degradation — this is no trivial requirement.
CIRPASS-2 Calls for EN 18219 as a Mandatory Standard
The EU-funded CIRPASS-2 consortium has formally recommended in its response to the registry draft that the EN 18219 standard be incorporated into the implementing regulation as a binding reference. The rationale: without a standardized interface between the registry, resolver, and data storage system, a patchwork of proprietary implementations risks undermining cross-border interoperability. EN 18219 defines the data model for the DPP itself; the complementary EN 18220 governs the carrier layer — that is, how the identifier is physically attached to the product, for example via GS1 Digital Link or RAIN-RFID.
Whether the Commission will follow this recommendation remains to be seen. The consultation period is still open; a final version is expected in Q4 2026.
Sector-Specific Requirements: Steel and Batteries as the Blueprint
JRC Draft for Steel Semi-Finished Products
On June 6, 2026, the Joint Research Centre (JRC) of the European Commission published a draft on DPP data requirements for steel semi-finished products. The document is significant for two reasons.
First, it systematically introduces the distinction between the lot level and the item level. Static properties such as alloy composition or place of manufacture are maintained at the product level; dynamic or batch-related data — in particular the product-specific carbon footprint (PCF) — are tracked at the lot level. The PCF must be calculated using ISO-14067-compatible methods. This granularity distinction is not specific to steel: it is expected to become the standard pattern in upcoming sector implementing regulations.
Second, the draft illustrates how closely DPP obligations are linked to existing reporting requirements. Companies already collecting PCF data under the Carbon Border Adjustment Mechanism (CBAM) can structurally reuse that data — provided their data infrastructure ensures the required granularity and currency.
Battery Regulation: First BESS Pilot Completed
The Battery Regulation (EU) 2023/1542 is the first regulation to make a full DPP mandatory for a specific product category. On June 5, 2026, Circulor, REPT Battero, and TÜV Rheinland announced the completion of the first Battery Energy Storage System (BESS) battery passport based on independently verified third-party data. The pilot demonstrates that the regulation's data requirements are achievable even for large-scale grid batteries — a signal to industry that the implementation hurdles are surmountable, though far from trivial.
The Battery Regulation makes the architectural choice between lot and item level particularly vivid: capacity data that changes through degradation must be kept current. A static, one-time-issued passport is not sufficient. Without a clear system architecture and automated data flows, meeting this requirement at scale is barely feasible.
Carrier Technology: Getting the Identifier onto the Product
GS1 Digital Link and RAIN-RFID
The question of how a DPP identifier is physically attached to a product has not yet been definitively answered in regulatory terms — but the market is converging in practice on two carrier technologies: 2D barcodes (particularly QR codes with GS1 Digital Link structure) and RAIN-RFID. TEKLYNX has updated its CODESOFT software to support GS1 "++" encoding schemes, enabling web URLs to be written directly into RAIN-RFID tag memory — a requirement that follows from the combination of EN 18220 and the GS1 Digital Link standard.
On the pilot side, Antares Vision Group and Driscoll's announced a large-scale traceability pilot at GS1 Connect 2026, covering more than one billion pounds of fresh berries annually — based on 2D barcodes and GS1 Digital Link at the item level. This is not a DPP pilot in the ESPR sense, but it demonstrates that the infrastructure for item-level identification in food logistics already exists and can be scaled.
Blockchain as a Trust Anchor: Merck and The Hashgraph Group Hedera Pilot
On June 9, 2026, The Hashgraph Group and Merck announced a collaboration to launch an EU DPP on the Hedera network. Merck contributes its M-Trust technology for physical security features; The Hashgraph Group provides the DLT-based traceability infrastructure. The model targets regulated supply chains where anti-counterfeiting and auditability are especially critical — such as pharmaceuticals or specialty chemicals.
Technically, the approach is compatible with the registry architecture: the Hedera ledger acts as an immutable log of state changes, while the actual DPP dataset remains retrievable via a standards-compliant resolver. Whether DLT-based approaches will be explicitly addressed in the final implementing regulation is unclear; the ESPR itself is written in a technology-neutral manner.
Action Required for Manufacturers and Retailers
The Retail Perspective: Ecommerce Europe
On June 8, 2026, Ecommerce Europe published a position paper on DPP implementation. Its core demands: flexible data granularity, phased rollout, and voluntary "partial DPPs" for used products. The latter addresses a real problem: the ESPR primarily obligates the manufacturer to create the DPP; what applies when used products are resold has not yet been conclusively regulated.
For retailers, this creates a monitoring obligation: once the sector-specific implementing regulations enter into force, importers — and in certain constellations, retailers — will also bear obligations. Those who do not build data infrastructure today will find themselves under severe time pressure when the rules take effect.
Three Concrete Preparation Steps
Regardless of sector, three operational priorities can be derived from the current state of regulation:
Define your identifier strategy: GTIN-based GS1 Digital Link structures are currently the most likely path to standards compliance. Companies without an existing GS1 membership should initiate membership and prefix assignment now.
Clarify data granularity: The lot/item distinction from the JRC steel draft will become the sector standard. If you currently maintain product data only at the SKU level, you will need to restructure your data infrastructure.
Build or commission resolver infrastructure: The registry only points to the resolver — the actual data storage sits with the manufacturer or a service provider. This endpoint must be permanently accessible, versioned, and auditable.
The regulatory pace will continue to accelerate in the coming months. With the expected final version of the registry implementing regulation in Q4 2026 and the first mandatory sector implementing regulations from 2027 onward, the preparation window is narrow.
