Digital Product Passport (DPP): How ISBE Facilitates Compliance with the EU Circular Economy

The European Union has made the Digital Product Passport a cornerstone of its circular economy agenda. The DPP (Digital Product Passport) will become mandatory for a growing number of products placed on the European market from 2027 onwards, requiring manufacturers, importers and distributors to provide structured information on composition, sustainability, safety and traceability throughout the entire product lifecycle.

Spanish companies that market products in the EU face a rapidly advancing timeline and affected sectors that extend far beyond electric vehicle batteries. Before the mandatory date, every company will need to clarify what data it collects, within what timeframes, and with what technological infrastructure.

The Digital Product Passport is a digital record uniquely linked to a product or model, collecting data on its identity, sustainability, safety and traceability. Its function is to accompany the product throughout its entire lifecycle and facilitate informed decisions for consumers, economic operators and market surveillance authorities.

The Ecodesign for Sustainable Products Regulation, known as the ESPR (Regulation (EU) 2024/1781), defines the DPP in Article 2.1(28) as a set of specific data accessible by electronic means via a data carrier. That data covers composition, environmental impact, repairability and recycling options, amongst other parameters.

At the horizontal level, the ESPR enables the European Commission to define, through delegated acts, which product groups will require a DPP and what data they must include. At the sectoral level, regulations such as the Batteries Regulation (EU) 2023/1542 already introduce specific passports with their own timetables. Without a compliant DPP, a product cannot be placed on the EU market.

The Legal Framework

The DPP rests on several layers of European regulation that operate in a coordinated manner. The ESPR, the Batteries Regulation and cross-cutting frameworks such as eIDAS2 and the General Data Protection Regulation (GDPR) constitute a regulatory ecosystem that reinforces the requirements for trust, access and data protection associated with the digital passport.

The ESPR entered into force on 18 July 2024 and replaces the previous Ecodesign Directive 2009/125/EC. Its scope extends to almost all physical goods placed on the EU market, with exceptions for food and medicinal products. Articles 4, 9, 10 and 13 define the pillars of the DPP system, including ecodesign requirements, minimum information structure, passport registration and a publicly accessible web portal.

The Batteries Regulation (EU) 2023/1542 introduces the first mandatory sectoral passport. From 18 February 2027, industrial batteries of more than 2 kWh, electric vehicle batteries and light means of transport batteries must have a digital passport including data on identification, carbon footprint, composition and supply chain due diligence.

The European Commission is also advancing work on sustainable textiles, construction products and digital identity under the eIDAS2 framework. eIDAS2 provides the trust services necessary to guarantee the legal validity of data recorded in each passport.

What Information Must a Digital Product Passport Contain?

Each DPP will include data on product identity, regulatory compliance, environmental parameters and instructions for repair, reuse and recycling. The specific data sets will be defined through delegated acts for each product group, following the methodology published by the Joint Research Centre (JRC) of the European Commission.

The identity section includes the unique identifier, commercial designation and design version. Compliance covers the EU declaration, applied standards and risk analyses. Environmental parameters form the most extensive block, encompassing carbon footprint, energy efficiency, recycled material content, durability and repairability. The final block, dedicated to circular use, provides maintenance instructions, spare parts availability and disassembly guides.

The JRC145830 report, published in March 2026, proposes the official methodology for determining which data DPPs must include. Each element is classified as essential, recommended or voluntary through a value-effort analysis that takes into account existing industrial practices and technical feasibility.

The battery passport illustrates the volume of data that may be required. Identification, safety, performance, carbon footprint, materials, due diligence and circularity together make up a catalogue that may involve dozens of mandatory attributes per product, some of which are updatable throughout its useful life.

Batteries, textiles, electronics, steel, aluminium, tyres, furniture and packaging lead the European DPP roadmap. The first obligations begin in 2027 with the battery passport and will extend progressively to other industrial sectors through to the end of the decade.

The European Commission and the JRC have published indicative timetables for the adoption of delegated acts incorporating DPP requirements.

Product Group

Anticipated Start of Delegated Acts

Iron and Steel

2026

Batteries (Batteries Reg.)

2027

Textiles

2027

Tyres

2027

Aluminium

2027

Furniture

2028

Packaging

2028

Electronics / ICT

2029

These dates derive from institutional communications and roadmaps, not from consolidated legal texts. Delegated acts typically provide a period of 18 months from adoption to effective application, affording industry time to adapt.

Affected companies already face changes to product design, with quantifiable durability and repairability requirements. They will also need to strengthen systems to manage information at model, batch or unit level and integrate them with DPP platforms. Some companies are also exploring circular models such as product-as-a-service or industrial leasing, leveraging the traceability afforded by the digital passport.

Blockchain can reinforce DPP integrity by offering immutable records, transversal traceability across multiple actors in the value chain and decentralised governance models. The ESPR does not mandate this technology, but several European projects already demonstrate its viability for guaranteeing trust in passport data.

Immutability makes manipulation of data on composition or certifications more difficult and reduces the risks of greenwashing. Blockchain-based traceability allows materials and components to be tracked throughout the supply chain without relying on a single central database. In public-permissioned networks, different Member States, authorities and companies share infrastructure under clear rules of participation.

Projects such as PRIMUS and Circularise employ blockchain-based DPPs to track plastics throughout their lifecycle. The European Blockchain Services Infrastructure (EBSI) has also explored distributed ledger networks (DLT) for product passports aligned with the circular economy.

Even with successful examples, integrating blockchain into the DPP carries technical and legal challenges. Immutability must be reconciled with GDPR's right to erasure, which makes it advisable to keep personal data off-chain. Energy consumption is managed through efficient mechanisms such as Proof of Authority. Interoperability requires shared standards such as GS1 Digital Link to prevent fragmentation of the ecosystem.

ISBE offers Spanish companies and public administrations a national, public-permissioned, Europe-interoperable blockchain infrastructure that enables DPP solutions to be deployed with integrated regulatory compliance and without the need to build proprietary infrastructure. Industrial SMEs can rely on this shared infrastructure instead of bearing the cost and complexity of managing private blockchains.

ISBE's design incorporates GDPR and eIDAS2 compliance by design, both at the technical and governance levels. Requirements from other regulations such as MiCA (crypto-assets), DORA (digital operational resilience), the Data Act, LSMV (securities markets), ENS (national security scheme) and NIS2 (cybersecurity) have also been integrated into its architecture. In the context of the DPP, that regulatory coverage matters because the ESPR requires the legal validity of recorded data and the protection of personal data.

Its interoperability with EBSI means that digital passports issued in Spain can be validated in other Member States — a decisive condition for pan-European supply chains. Spanish companies that integrate into an infrastructure aligned with the most advanced European regulation can demonstrate to clients and partners a measurable commitment to traceability and the circular economy.

Does your company manufacture, import or distribute products in the European market? Discover how ISBE can help you comply with the Digital Product Passport requirements with legal validity and without technical complexity.

When does the Digital Product Passport become mandatory?

The Digital Product Passport becomes mandatory in a phased manner. The battery passport will be mandatory from 18 February 2027 for industrial batteries of more than 2 kWh, electric vehicles and light means of transport. Delegated acts for steel arrive in 2026. Those for textiles, tyres and aluminium are anticipated in 2027, and those for furniture, packaging and electronics between 2028 and 2029.

What is the difference between a DPP and a traditional QR code label?

The difference between a DPP and a traditional QR code label lies in what is behind the code. The QR is merely a data carrier — the gateway to the passport. A conventional QR label redirects to a static URL with no guarantees of structure or authenticity. The DPP, by contrast, is a regulated system with information organised according to European standards, layered access and institutional oversight. On its own, the QR code does not meet the requirements of the ESPR.

Is the Digital Product Passport compatible with the GDPR?

The Digital Product Passport is compatible with the GDPR. Article 10.1(e) of the ESPR prohibits storing customers' personal data without explicit consent. The vast majority of data required by the passport is technical and environmental in nature. The ESPR provides for three levels of access to balance transparency and data protection. Recommended architectures keep personal data off-chain when blockchain is used.

Do SMEs need to use their own blockchain network for the DPP?

SMEs are not required to use their own blockchain network for the DPP. Neither the ESPR nor the Batteries Regulation mandates blockchain for implementing the passport. They may rely on certified digital passport service providers, shared infrastructures such as ISBE, or solutions based on traditional databases, provided they meet the interoperability, security and layered access requirements defined by the European Commission.