Digital Product Passport: New JRC methodology on data requirements under the ESPR

The European Commission’s Joint Research Centre (JRC) has published a comprehensive methodology for determining the data requirements for the Digital Product Passport (DPP) under the Ecodesign Regulation (EU) 2024/1781 (Ecodesign for Sustainable Products Regulation – ESPR). The report outlines a step-by-step approach designed to determine which data should be included in Digital Product Passports, the level of detail required, and which stakeholders are authorised to enter, update or retrieve data. The methodology is primarily aimed at the study teams developing the substantive basis for product group-specific delegated acts as part of the ESPR preparatory studies and impact assessments. For companies placing products on the EU internal market, it also provides essential guidance on which data requirements and reporting obligations are to be expected in future.

Background and regulatory context

The ESPR entered into force on 18 July 2024 and establishes a horizontal framework for sustainability, circular economy and information requirements for products on the EU market. Unlike the previous Ecodesign Directive, which primarily covered energy-related products and focused on energy efficiency during the use phase, the ESPR extends the scope of regulation to almost all physical goods and covers the entire product life cycle – including aspects such as durability, reparability, recyclability, recycled content, substances of concern and environmental impacts. 

The DPP is being introduced as a key instrument to operationalise the ESPR’s information requirements and enable the transparent exchange of product data along the value chain. However, the obligation to implement a DPP does not arise directly from the ESPR, but only when a product group-specific delegated act provides for this. The European Commission has already published an indicative timetable for the phased introduction: implementation is planned from 2026 for iron and steel, from 2027 for textiles and tyres, from 2028 for furniture, and from 2029 for ICT products. 

In parallel with the ESPR, the DPP concept is being incorporated into sector-specific EU legislation. For instance, the Battery Regulation already provides for a mandatory digital battery passport, the first rules of which will apply from the start of 2027. The Toy Safety Regulation, the Detergents and Surfactants Regulation, the Packaging Regulation and the Construction Products Regulation also contain provisions on DPP-like systems.

An overview of the four-step JRC methodology

The DPP data specification methodology is divided into four main steps (A–D), which are closely interlinked with the process of ESPR preliminary studies and the revised MEErP methodology (Methodology for Ecodesign of Energy-related Products). 

Step A (Scope & Context) defines the product scope and the political and legal context, identifies the relevant stakeholders, reviews existing legal requirements and analyses current data collection practices in the industry to assess feasibility and proportionality. This involves a systematic examination of which data is already being collected by actors in the value chain, at what level of detail, and subject to which constraints – for example, regarding confidentiality, data protection or technical interoperability. 

Step B (Use Cases & Data Needs) identifies and validates politically relevant and operational DPP use cases and translates these into conceptual data requirements, which are prioritised based on relevance, feasibility and benefit to users. The methodology distinguishes between mandatory, strongly recommended and voluntary data elements – a classification underpinned by a transparent cost-benefit and feasibility assessment. 

Step C (Design & Development) translates the conceptual data requirements into an implementable DPP specification by aligning existing vocabularies and ontologies, determining data granularity (model, batch or individual item level), defining role-based access rights and regulating data governance across the entire product lifecycle.

Step D (Validation & Consultation) validates the proposed DPP data specification through internal consistency checks and a structured stakeholder consultation, which is assessed for completeness, coherence, feasibility, proportionality and compatibility with the ESPR requirements. 

Key elements of the DPP: What must be disclosed

Article 9 and Annex III of the ESPR define the categories of information that may be provided via the DPP. These include, first and foremost, product and manufacturer information, including a Unique Product Identifier (UPI), which serves as the primary reference point for linking all DPP-related information to a specific product. In addition, a Unique Operator Identifier (UOI) and a Unique Facility Identifier (UFI) are provided for. 

Furthermore, delegated acts may specify product-specific information requirements to be provided via the DPP. These include, amongst other things, details on durability and reliability, repairability and maintainability, upgradeability, recyclability, recycled content, substances of concern, environmental and carbon footprint, and microplastic release.

Data granularity and access rights

According to the findings of the JRC methodology, the question of data granularity – whether the DPP should be maintained at model, batch or individual item level – represents a significant cost driver in the implementation of digital product information systems. The methodology recommends a differentiated approach: for low-cost mass-produced goods with a short lifespan, a DPP at model level may suffice, whilst for high-value or safety-critical products with variable lifecycle data, an individual-item level may be required. Hybrid approaches – such as static model data combined with dynamic, item-specific usage data – are explicitly recognised as a viable option. 

For access rights, the methodology proposes a tiered model based on the need-to-know principle. Consumers are granted access to general sustainability indicators, material composition and usage instructions. Professional repairers and recyclers receive detailed disassembly instructions, spare parts lists and diagnostic information. Recyclers require precise information on substances of concern and their location within the product. Market surveillance authorities, customs authorities and the European Commission are granted the most comprehensive access, including full technical documentation and conformity assessment records.

The DPP as a dynamic life-cycle document

A key objective of the methodology is to transform the DPP from a static ‘birth certificate’ into a dynamic life-cycle document. The proposed architecture separates the immutable “Core DPP” – the basic data provided by the manufacturer at market launch – from a “Life-cycle Log”, in which subsequent events such as repairs, software updates, changes of ownership and refurbishment measures are added as time-stamped, authenticated entries. Every entry in the Life-cycle Log must be digitally signed and attributable to the responsible party to ensure full traceability and accountability.

The methodology identifies specific trigger events for DPP updates, including professional repair and maintenance, software and firmware updates, refurbishment and preparation for resale, component upgrades, changes of ownership and collection of end-of-life equipment.

Standardisation and technical infrastructure

The technical infrastructure of the DPP is largely shaped by the standardisation work of the CEN/CENELEC Joint Technical Committee 24 (JTC 24), which develops horizontal standards for unique identifiers, data carriers, access rights, interoperability, data formats and APIs. The ESPR also provides for a central EU DPP register (Article 13) and a web portal (Article 14), which enable public access to unrestricted information and role-based access to protected data fields. 

The JRC methodology emphasises the complementary division of roles: whilst standardisation addresses system-level requirements, the methodology translates the ESPR requirements into structured data specifications, which are to be defined at product group level through delegated acts.

Practical implications and need for action

The JRC methodology places particular emphasis on the distinction between data already collected by companies in the course of their normal business activities or to comply with existing legislation, and data that would need to be collected for the first time under a DPP obligation. This distinction is essential for a robust assessment of implementation costs, administrative burden and proportionality during the impact assessment phase.

In the short term, companies should prioritise the following measures in particular:

• Conduct a data inventory: Systematically record which product-related data is already being collected, processed and shared along the value chain – and identify any data gaps with regard to the ESPR requirements. 
• Monitor product group-specific timelines: The European Commission has published indicative timelines for the introduction of the DPP by product group. Companies in the sectors most immediately affected – particularly iron and steel, textiles and tyres – should closely monitor the ongoing preliminary studies and the development of delegated acts. 
• Anticipate data granularity and governance: The decision on DPP granularity (model, batch, individual item) has a direct impact on IT architecture, database systems and process costs. Companies should already be evaluating which level of granularity is realistic and proportionate for their products. 
• Prepare access rights and trade secret protection: The tiered access models require a clear internal classification of sensitive data and a determination of which information should be publicly accessible, which should be accessible only to professional users, and which should be accessible exclusively to public authorities.
• Pursue interoperability and standardisation: The standardisation work of JTC 24 is crucial for the technical implementation of the DPP. Companies should incorporate the expected standards into their IT planning at an early stage to minimise subsequent adaptation costs. 

Conclusion

The JRC methodology forms the methodological framework on the basis of which the specific data requirements for Digital Product Passports will be defined by product group in the coming years. It is deliberately designed as a modular and scalable approach, intended to be further developed as practical experience grows. For companies, the methodology already offers a reliable outlook on the expected requirements. The combination of structured data requirements, differentiated access rights, lifecycle data governance and the interplay between regulatory specifications and technical standardisation will fundamentally change the way product data is collected, structured and shared along the value chain. Companies that align their data architectures, processes and supplier relationships with DPP requirements at an early stage not only secure regulatory compliance but also position themselves as reliable partners in an increasingly transparency-driven circular economy.