The emergence of the Digital Product Passport (DPP) is part of a broader move toward increased traceability and transparency across the value chain. Closely linked to digital identity, this mechanism could transform the way products are tracked, certified, and authenticated throughout their lifecycle. This topic echoes the news of early October 2025, which highlighted the implementation of the eco-score, particularly in the textile sector.
Digital Identities: Understanding Key Concepts and Management Systems
Read articleBut what exactly is this digital passport? How does it relate to digital identity? How can you turn this regulation into an opportunity for you and your clients? How can the Digital Product Passport, as a product information tool, become a competitive advantage and ensure transparency across the value chain?
In this article, we will explore the challenges, benefits, and also the obstacles related to implementing the DPP.
1. What is the Digital Product Passport?
The Digital Product Passport (DPP) is a set of product-specific data, covering information from its design to its end of life, accessible electronically (e.g., QR codes, RFID chips).
Objectives
The DPP is an essential information tool designed to guarantee transparency, ensure regulatory compliance within the European Union, and promote responsible product management (circular economy). It applies to all products subject to environmental, durability, or traceability regulations, whether produced within or imported into the EU.
Since 2020, the European Commission has launched several initiatives to promote sustainability and transparency in product management, including the Ecodesign for Sustainable Products Regulation (ESPR), which incorporates the DPP.
Current timeline for the implementation of regulations
**Provisional adoption dates taken from the draft Work Plan on Ecodesign for Sustainable Products and Energy Labelling for the period 2025–2030 (dated 16/04/2025).
Product categories originally linked to energy regulations (16 in total) postponed and integrated into the Work Plan on Ecodesign for Sustainable Products and Energy Labelling for the period 2025–2030 (dated 16/04/2025).
Sector-Specific Application Examples
Electric batteries:
In January 2025, the Battery Pass Consortium published the DIN DKE SPEC 99100 standard, which defines both the data that must be recorded in the DPP and the stakeholders involved.
- Data: chemical composition, material sourcing with certificates of origin, manufacturing and processing steps, charge/discharge/maintenance cycles, traceability of repairs or recycling operations, etc.
- Actors authorized to access this data: manufacturers, regulatory authorities, recyclers, end users, or repair technicians.
Electronic products:
For a smartphone, the DPP could include components, compliance with recycling standards, repair history, and instructions for updates or repairs.
Fashion and textiles:
A garment could include a DPP indicating the origin of fibers, dyes used, manufacturing conditions and workshops, recyclability, and traceability of the supply chain.
Automotive vehicles:
The DPP could contain maintenance history, environmental compliance, and traceability of spare parts, making maintenance and end-of-life recycling easier.
At the national level, several European countries have already begun experimenting with or adopting specific regulations to govern the implementation of these digital passports.
| Country | Sectors Concerned | Level of Progress |
|---|---|---|
| France | Fashion, consumer electronics | AGEC Law + sector-specific pilot projects |
| Germany | Automotive, home appliances | Industrial pilot projects |
| Netherlands | Textiles, circular economy | Interoperability experiments |
| Spain | Textiles, electronics | Participation in European programs |
| Italy | Fashion, automotive | Tests within EU-led initiatives |
Regulatory Requirements
Article 10 – Chapter III of the ESPR outlines several expected characteristics of the Digital Product Passport (DPP):
- Compatibility:
The DPP must be compatible with other passports (e.g., for intermediate products such as steel or aluminum) or with information systems to ensure coherence and smooth data management. - Easy and free access:
Access must be simple and free of charge for authorized actors. - Linking versions:
When a new DPP is created for a product that already has one or more existing passports, it must be linked to those versions to ensure traceability. - Data authenticity and integrity:
Authentication, reliability, and integrity of the data must be guaranteed. - Long-term accessibility:
The DPP must remain accessible for a defined period corresponding to the product’s useful lifetime, including in the event of failure of the operator responsible for creating the DPP. - Access rights and updates:
Access-rights management must support limited updates based on roles, with appropriate security and authentication mechanisms. - High level of security and privacy:
Security and privacy protection must be ensured at a high standard.
Sector-Specific Delegated Acts
Delegated acts, adopted by the European Commission for each sector or product type, will further specify or clarify these elements, particularly regarding:
- Specific access rights
- Data retention periods
- The precise structure and content of the DPP
- Management and security rules
As a result, the DPP is expected to include technical data, certifications, provenance information, composition details, and options for repair, disassembly, and recycling of components — all defined in a sector-specific delegated act by the European Commission.
Compliance with the DPP is not only a legal requirement; it is also a strategic issue to preserve credibility and competitiveness in the European market.
Benefits
- Better knowledge of the product, component wear, and the quality of repairs or replacements for all stakeholders (manufacturers, importers, distributors, repairers, recyclers, and consumers).
- Support for consumers in making informed choices.
- More responsible, sustainable, and transparent product management, promoting circularity and regulatory compliance.
Sanctions
Failure to comply with the obligations related to the implementation and use of the DPP may lead to significant financial and administrative penalties, such as:
- Financial fines based on a percentage of annual revenue, with criminal proceedings in cases of proven fraud.
- Progressive penalties depending on the duration of non-compliance.
- Market access restrictions or withdrawal of products already in circulation.
- Public disclosure of non-compliance by authorities, harming the company’s reputation and eroding customer and investor trust.
2. Decentralized Digital Identity: A Response to Key DPP Challenges
The implementation of the Digital Product Passport raises several technical challenges: access, security, interoperability, durability, and data management.
One of the key levers for ensuring the reliability, security, and interoperability of the DPP is the establishment of a robust digital identity framework.
Decentralized Digital Identity: An Innovative Solution
Traditionally, digital identity relies on centralized systems, where a single authority controls and validates identity data. The emergence of decentralized digital identity offers a more secure and privacy-preserving alternative while simplifying authorization processes.
It is based on distributed ledger technologies that allow each actor or product to have a unique, verifiable, and tamper-proof identifier without depending on a central authority. Each entity can manage its own cryptographic keys, control its data, and share only the information necessary — while ensuring its authenticity.
Benefits of Decentralized Digital Identity for the DPP
Integrating decentralized digital identity into the DPP framework creates an ecosystem in which every product and every actor can be reliably authenticated.
By adopting this approach, companies strengthen their credibility and their ability to meet growing expectations around traceability and accountability.
- Enhanced security:
A decentralized ledger reduces points of vulnerability, making falsification or counterfeiting significantly more difficult. - Data control:
Stakeholders retain control over their own data (a key element for protecting manufacturing know-how), while still enabling access to the data required in the DPP according to defined permissions/roles — reinforcing confidentiality and regulatory compliance. - Interoperability:
Compatibility with established standards such as OpenID ensures seamless integration into existing ecosystems. - Verifiability:
The authenticity of identifiers and associated data can be easily checked through cryptographic mechanisms, strengthening trust in the system.
Indeed, various actors (customers, regulatory authorities, suppliers, recycling companies) must be able to access DPP data according to their profile, rights, and responsibilities. Implementing a flexible, secure, and interoperable digital identity system ensures tailored access for each user while guaranteeing confidentiality and the protection of sensitive data.
A Key Step Toward Sustainability and Digital Trust?
The DPP represents a major step forward in improving traceability, transparency, and accountability in product management. By providing deeper insights into product life cycles, it contributes to a more sustainable and responsible economy. Implementing digital identity — particularly decentralized identity — is an essential lever to guarantee the origin, integrity, and security of the DPP, while simplifying rights and permissions management.
Beyond technical, regulatory, and financial challenges, this transition also offers numerous opportunities:
- Strengthening consumer trust and engagement
- Facilitating circularity, repair, and recycling
- Combating counterfeiting
- Increasing competitiveness for companies that anticipate these developments
While awaiting the delegated acts related to your products, it is essential to map your data and value-chain actors in order to anticipate future impacts on your organization.
This article was co-written with Stéphane Lavaux, Senior Manager (Orange Consulting).
Comments (0)
Your email address is only used by Business & Decision, the controller, to process your request and to send any Business & Decision communication related to your request only. Learn more about managing your data and your rights.