May 2026: A Turning Point for the Digital Product Passport
Rarely do regulatory and standards developments converge as rapidly as they did in the early summer of 2026. Within just a few weeks, CEN and CENELEC published the first harmonized European standards for the Digital Product Passport (DPP), the European Commission released a draft for the central DPP Registry, the Joint Research Centre (JRC) published data requirements for steel products, and the international DPP4EU conference kicked off in Brussels. For manufacturers, importers, and system integrators, the message is clear: the implementation phase has begun — not at some point in the future, but right now.
The legal foundation for all of these developments is the ESPR Regulation (EU) 2024/1781, which establishes ecodesign requirements and product sustainability as binding obligations. Sector-specific delegated and implementing acts spell out those obligations product group by product group — and it is precisely those concrete rules that are now gaining momentum.
The First Harmonized Standards: What EN 18219 through EN 18223 Require
The CEN/CENELEC JTC 24 Standards Package
At the end of May 2026, CEN and CENELEC published the first set of harmonized European standards defining the technical infrastructure of the DPP. The core standards include:
- EN 18219:2026 — Unique Identifiers: syntax, registration rules, and minimum requirements for uniqueness across the entire product lifecycle.
- EN 18220:2026 — Data carriers: which physical or digital carriers (QR code, RFID, DataMatrix) are permitted and how they must be encoded.
- EN 18222:2026 — APIs and data exchange protocols between passport systems and the central Registry.
In addition, EN 18216, EN 18217, EN 18218, EN 18221, and EN 18223 were officially published through national standards bodies, including Belgium's NBN. Together, the package covers the entire technical chain: from the unique identifier to the physical data carrier to the machine-readable interface.
Practical Implications for Data Carriers
EN 18220 is relevant to anyone already using QR codes or RFID tags on products. The standard specifies how a data carrier must be structured to qualify as a DPP-compliant carrier. If you rely on GS1 Digital Link — encoding GTINs as URIs — you are structurally well positioned, but you will still need to verify that your specific encoding syntax complies with EN 18220.
Here is an example of a compliant GS1 Digital Link URI that can serve as the basis for a DPP QR code:
https://id.gs1.org/01/04012345678901/21/ABC123
Here, /01/ encodes the GTIN application identifier and /21/ encodes the serial number. Resolver services then redirect the scan endpoint to the actual product passport.
TEKLYNX has already responded: its updated CODESOFT software supports GS1 "++" encoding schemes (EPC++ and ISO BD), which allow web URLs to be written directly into RAIN RFID tag memory — a clear signal that software vendors are treating the new standards as a binding specification.
The EU DPP Registry: What the Commission Draft Actually Proposes
Three Data Points — Nothing More
On April 29, 2026, the European Commission published the draft implementing regulation for the central DPP Registry. A widespread misconception in the industry is that the Registry stores the product passport itself. That is not the case.
According to the draft, each Registry entry contains only three data points:
- The product's Unique Identifier (UID)
- The resolver endpoint through which the actual product passport can be retrieved
- The associated commodity code (e.g., GTIN or equivalent identifier)
The actual passport data — material composition, repairability index, carbon footprint — remains decentralized with the manufacturer or a designated data trustee. The Registry is therefore a directory, not a data store. This has far-reaching implications: long-term data availability, server outages, and data migration during corporate transfers remain the manufacturer's responsibility.
CIRPASS-2 Consultation: Technical Recommendations
The EU-funded CIRPASS-2 consortium has submitted its response to the draft. The core recommendations address interoperability between national resolver infrastructures, minimum uptime requirements for decentralized passport endpoints, and clear rules for corporate insolvency scenarios. The Commission has since closed the consultation period; the final text is expected in fall 2026.
Sector Developments: Steel, Batteries, and Microplastics
Steel: The JRC Publishes Data Requirements
The Commission's Joint Research Centre has released a draft DPP for semi-finished iron and steel products. The draft defines specific data requirements, granularity levels, and calculation rules — including those for the product-specific carbon footprint (PCF), recycled content shares, and alloy compositions.
Particularly noteworthy: the JRC draft distinguishes between data that must be maintained at the product level (by serial number) and data that must be maintained at the batch level (by lot number). For steel manufacturers with high production volumes, this means that a DPP system capable of bulk imports is virtually indispensable — manual data entry is simply not feasible when you are dealing with thousands of coils or sheets per week.
Batteries: Commission Hosts Practical Webinar
The Battery Regulation (EU) 2023/1542 is the first binding sector act with its own DPP obligations. In May 2026, the Commission (DG GROW) held an implementation webinar for the battery industry, addressing specific data requirements, deadlines, and SME support measures. The message was unambiguous: the transition period for industrial batteries is running, and the technical infrastructure must be built in parallel with the ongoing standardization work.
REACH and Microplastics: First Reporting Deadline Has Passed
Less prominently covered but operationally significant: ECHA has published guidance on REACH reporting obligations for synthetic polymer microparticles. The first reporting deadline for manufacturers and industrial downstream users of polymer pellets, flakes, and powders took effect in May 2026. While this is not formally a DPP issue, it points in the same direction: regulatory reporting obligations for material compositions are becoming binding across product groups — and the DPP will, in the medium term, be the vehicle through which that data flows.
ISO/IEC JTC 5: International Standardization Takes Shape
Alongside the European standardization work, ISO and IEC have established Joint Technical Committee 5 (ISO/IEC JTC 5), dedicated exclusively to the international standardization of the DPP. The secretariat is held by the Deutsches Institut für Normung (DIN) — a signal that years of groundwork by German industry circles are now paying off at the international level.
The establishment of JTC 5 is strategically significant: it prevents Europe and other major trading powers (the US, Japan, South Korea) from developing parallel, incompatible DPP standards. For globally active manufacturers, a single international standard is essential — a Chinese supplier expected to feed data into a European DPP system needs the same protocols as a Bavarian Tier 1 supplier.
What Manufacturers Should Do Right Now
The developments of recent weeks can be distilled into three areas of action:
1. Conduct a standards gap analysis EN 18219 and EN 18220 are published. If you already use QR codes or RFID tags, you should verify whether your identifier structures and data carrier encodings are standards-compliant. This applies in particular to the syntax of the Unique Identifier and the resolver logic.
2. Develop a data governance concept The Registry does not store passport data. Manufacturers must either provide their own permanently available infrastructure for the actual DPP data or engage a certified data trustee. Availability, data migration, and insolvency scenarios must all be addressed contractually.
3. Keep sector-specific deadlines on your radar Batteries already have binding deadlines. Steel, textiles, and electronics will follow. The JRC drafts are public consultation documents — if you want to influence the final data requirements, you need to submit your comments now.
The DPP4EU conference in Brussels made one thing abundantly clear: the Digital Product Passport is no longer a future project. The standards exist, the Registry architecture has been outlined, and the first sectors are facing binding implementation obligations. The question is no longer whether companies will need to adapt their systems, but how quickly.
Sources
- Regulation (EU) 2024/1781 of the European Parliament and of the Council of 13 June 2024 establishing a framework for the setting of ecodesign requirements for sustainable products
- CEN/CENELEC: First European Standards for the Digital Product Passport Published (EN 18219–18223, May 2026)
- TEKLYNX: New CODESOFT RAIN RFID Improvements (GS1 "++" encoding support, EPC++ and ISO BD)
- COMMISSION IMPLEMENTING REGULATION (EU) …/... laying down the implementation arrangements for the digital product passport registry set up under Regulation (EU) 2024/1781 of the European Parliament and of the Council
- EU Draft DPP Registry Regulation: What Manufacturers Need to Know Now (qr3.app, 2026)
- Response to EC consultation on Draft EU DPP Registry Implementing Regulation - Zenodo
- Study on DPP content for iron and steel products under ESPR — Joint Research Centre (JRC), European Commission
- Regulation (EU) 2023/1542 of the European Parliament and of the Council of 12 July 2023 on batteries and waste batteries
- ECHA: REACH Microplastics Reporting — Guidance on reporting obligations for synthetic polymer microparticles (2026)
- German efforts on DPP pay off — IEC e-tech (2026-03)
