The Regulatory Framework Is Tightening
Since the entry into force of ESPR Regulation (EU) 2024/1781, the Digital Product Passport (DPP) is binding EU law — not a pilot project, not a recommendation. What has changed in recent weeks is the level of specificity: sector-specific drafts, industry association position papers, and the first completed pilot projects are now showing what the abstract regulatory texts will look like in practice.
Three threads dominate the current landscape: the architectural choice between batch and item level, the question of data currency, and the role of registries and resolver infrastructure. All three are non-optional under the regulations.
Data Granularity: Lot or Item — an Architectural Decision with Legal Consequences
What the JRC Steel Draft Requires
In June 2026, the Joint Research Centre of the European Commission published a draft on DPP content requirements for steel intermediate products. The draft systematically distinguishes between two levels of data granularity: batch level (lot) and item level.
For the product-specific carbon footprint (PCF), the rule is: maintain data at lot level, calculate using ISO-14067-compatible methods. That sounds manageable — but only if your IT architecture can actually represent that granularity. If you currently assign a single static QR code per product type, you have a structural problem.
In parallel, the European Commission has opened a public consultation on ecodesign requirements for iron and steel products. Stakeholders can submit comments until the consultation deadline closes — a window companies should use to flag practicability gaps in the draft.
The Battery Regulation as a Blueprint
The Battery Regulation (EU) 2023/1542 shows where things are heading. Capacity data that changes through degradation must be kept current. That is not a one-time data entry task — it is a continuous process that is nearly impossible to fulfill without a clear system architecture.
In June 2026, Circulor, REPT Battero, and TÜV Rheinland presented the first completed Battery Passport pilot for a Battery Energy Storage System (BESS) — with independently verified third-party data. The conclusion: the requirements of the EU Battery Regulation are technically achievable, but only with an infrastructure that integrates live data, verification chains, and resolver endpoints from the outset.
Registry Architecture: What Gets Stored — and What Doesn't
The Decentralized Model of the DPP Registry
The draft implementing regulation on the DPP Registry sets an important precedent: the Registry stores only the unique identifier, the resolver endpoint, and the commodity code — not the actual passport data. This is a deliberate architectural decision in favor of a decentralized model.
The implication for companies: the actual data storage remains the responsibility of the economic operator. The Registry is not a data silo — it is a directory. If you think DPP compliance means entering data into a central database, you have misunderstood the model.
The CIRPASS-2 consortium, in its comments on the Registry draft, recommended that standard EN 18219 be included as a mandatory reference in the implementing regulation — in part to ensure interoperability with GS1 Digital Link. Whether the Commission will follow that recommendation remains to be seen.
GS1 Digital Link as the De Facto Standard
Regardless of its normative status, GS1 Digital Link is establishing itself in practice. At GS1 Connect 2026, Driscoll's announced it had serialized over one billion berry packages and is currently migrating to fully GS1 Digital Link-compliant QR codes. The project enables item-level traceability from the field to the consumer.
TEKLYNX has updated its CODESOFT software to support GS1 "++" encoding schemes, which allow web URLs to be written directly into RAIN RFID tag memory. This is a direct response to the combined requirements of EN 18220 and GS1 Digital Link.
Data Currency: What "Current and Accurate" Means in Regulatory Terms
The ESPR requires that the DPP contain "current and accurate information" — without specifying an explicit update frequency. That may sound like room for interpretation, but it is in fact a system architecture requirement: a static QR code pointing to a one-time-populated PDF page does not meet this requirement as soon as relevant product data changes.
In practice, this means resolver endpoints must point to systems that deliver updatable records. The question is not whether a product carries a QR code, but whether that code points to a living data source.
Greenwashing Risk from Outdated Data
In June 2026, the European Commission initiated infringement proceedings against 20 member states that had failed to transpose the Directive Empowering Consumers for the Green Transition (2024/825) on time. The directive targets greenwashing and requires clear disclosures on durability and repairability.
The link to the DPP is direct: if you display sustainability data in a product passport that no longer reflects reality, you risk not only regulatory sanctions under the ESPR but also violations of the Empowering Consumers Directive. Data currency is therefore not a technical quality criterion — it is a compliance requirement with liability implications.
Industry and Association Positions: Where the Consensus Lies
Ecommerce Europe Calls for Flexibility
In June 2026, Ecommerce Europe published a position paper on DPP implementation. The core demands: flexible data granularity, phased rollout, and voluntary "partial DPPs" for used products. The association explicitly warns against requirements that replace existing business processes without a transition period.
This is not a rejection of the DPP concept — it is a practicability warning. The Commission faces a genuine trade-off: too much flexibility undermines the comparability of passport data; too little flexibility generates compliance costs that will overwhelm SMEs in particular.
Blockchain as Trust Infrastructure?
The Hashgraph Group and Merck have announced an EU DPP on the Hedera blockchain that combines Merck's physical security markers with cryptographic traceability. The project targets ESPR and EUDR compliance in regulated supply chains.
Blockchain-based DPP implementations solve a specific problem: the immutability of verification records. They do not, however, solve the data granularity problem, and they do not replace registry infrastructure as defined by the implementing regulation model. Both approaches — decentralized registries and distributed ledgers — can coexist, but they address different layers of requirements.
What Companies Need to Do Right Now
The regulatory picture points to a clear set of actions:
Clarify data granularity: Which product data changes over the lifecycle? That data must be maintained at lot or item level — not at product-type level.
Build resolver infrastructure: The DPP identifier must point to an updatable endpoint. Static landing pages are not a compliant solution.
Evaluate GS1 Digital Link: For products with physical carriers (QR code, RFID), GS1 Digital Link is the emerging interoperability standard. Investing in compliant encoding systems now pays off before sector-specific implementing regulations make the requirements mandatory.
Use consultation windows: Both the JRC steel draft and the ongoing ecodesign consultation give companies the opportunity to flag practicability gaps — before the requirements become legally binding.
Minimize greenwashing risk through data maintenance: Outdated sustainability data in a DPP is not a technical error — it is a compliance risk under multiple pieces of legislation simultaneously.
The increasing specificity of regulatory guidance in recent weeks makes one thing clear: the question is no longer whether the DPP is coming, but how well prepared you are for the specific requirements when the sector-specific implementing regulations take effect.
