A Digital Product Passport is a structured, machine-readable record of what a product is, what it's made of, and where it has been — accessible by scanning a data carrier on the item itself. It is one of the most consequential transparency mandates the EU has produced, and unlike a label, it is designed to follow the product through its entire life, including resale, repair, and recycling.
The framework: ESPR 2024/1781
The legal basis is the Ecodesign for Sustainable Products Regulation — Regulation (EU) 2024/1781, known as ESPR, which entered into force in July 2024. ESPR replaces the old Ecodesign Directive and is far broader: it lets the European Commission set ecodesign and information requirements for almost any physical product placed on the EU market, and it establishes the Digital Product Passport as the mechanism for carrying that information.
Crucially, ESPR is a framework regulation. It does not, by itself, tell a textile manufacturer exactly what their passport must contain. It empowers the Commission to do that, category by category, through delegated acts. Understanding the delegated-act structure is the difference between treating the DPP as one deadline and treating it as the rolling obligation it actually is.
Delegated acts, category by category
The Commission is rolling the DPP out per product group, each with its own delegated act defining the required data and the timeline. Textiles and apparel are first, prioritized in the ESPR working plan alongside iron and steel and several others. Batteries are already covered under their own regulation — Regulation (EU) 2023/1542 — which mandates a battery passport from 18 February 2027 and effectively serves as the DPP pathfinder. Electronics, furniture, tyres, detergents, and more sit in the queue behind them.
For an operator, the practical takeaway is sequencing. You do not need a passport for everything at once; you need to know which delegated act governs your category, what it demands, and when it bites. The structure rewards mapping your portfolio against the working plan now, rather than reacting per act.
What a DPP must contain
The exact fields are set per category, but ESPR establishes the shape of the data. Expect a passport to carry product identity, composition and material content, substances of concern, durability and reparability information, recycled-content figures, and end-of-life guidance. Some data is public to consumers; some is restricted to repairers, recyclers, or market-surveillance authorities. The record must remain available for the product's lifetime, hosted so that it survives the manufacturer's own systems.
The data-carrier requirement
A passport is only useful if you can reach it from the physical object. ESPR requires a data carrier on the product — in practice a QR code, a GS1 Digital Link, or an NFC/RFID tag — that resolves to the passport. The GS1 Digital Link standard is the leading approach: it turns the product identifier into a web-resolvable address, so one scan can return the DPP, the regulated data, and consumer information from a single carrier.
A 2D barcode satisfies the letter of the carrier requirement, and for most categories it will be the baseline. But the carrier is a pointer, not a proof. A printed QR code can be copied onto a counterfeit, which then resolves to the genuine passport — and the passport, dutifully, confirms a real product. The record is authentic; the object wearing it may not be.
Why the physical anchor matters
Here is the principle that operators miss: a passport is only as trustworthy as its link to the item. The DPP itself can be immaculate — accurate, complete, hosted forever — and still mean nothing if the data carrier can be cloned onto a fake. Transparency without authentication produces a credential that counterfeiters can borrow.
Closing that gap requires binding the passport to a carrier that cannot be trivially duplicated — a cryptographic chip identity whose tamper-evidence and one-tap verification confirm the physical unit, not just the number it presents. The reasoning is the same one that undermines a bare QR code; we walk through the mechanics in why a 2D barcode alone can't authenticate a product. This is the role of a physical anchor: the durable, verifiable bridge between an item and its passport, which is the heart of the EU Digital Product Passport approach we build.
The timeline: 2027–2030
The battery passport leads in February 2027. Textiles and the other priority categories follow as their delegated acts are finalized and phase in across the rest of the decade, with the bulk of major product groups expected to carry DPP obligations by 2030. Treat 2027 as the pathfinder, not the finish line — the categories arriving later are watching how the early ones are implemented.
The operators who fare best will not be the ones who scramble per delegated act. They will be the ones who decided early how their products connect to their passports — and made that link one a counterfeit can't borrow.