The Digital Product Passport Blueprint Has Arrived

Since the Ecodesign for Sustainable Products Regulation (EU) 2024/1781 entered into force in July 2024, the Digital Product Passport has been well-established in policy. What has been missing is the how: the technical specification for what a DPP must actually look like, how it must work, and what any system issuing or hosting one must be capable of.

That changed on 27 May 2026. CEN and CENELEC, the European standardisation bodies, published six draft European Standards under the designation EN 18216 to EN 18223. Produced by CEN/CENELEC JTC 24, the joint technical committee for Digital Product Passports, these proposed standards form the first complete technical blueprint for how a DPP system must be built and operated.

For manufacturers beginning to plan for DPP compliance, this publication is the most useful development since the ESPR itself. The debate is no longer only about whether passports are coming. The draft standards define how they need to work.

Why This Matters for Manufacturers of Premium and Professional Products

The ESPR rolls out product category by product category, over a phased timetable that extends through the late 2020s and into the 2030s. For many manufacturers of premium and professional products, direct compliance obligations are still some years away.

That is not a reason to wait. The draft standards published in May establish the technical architecture that any compliant DPP system will need to meet. Understanding that architecture now, before compliance deadlines arrive, means better infrastructure decisions, fewer surprises, and more time to align supply chain and product data practices with what will eventually be required.

The manufacturers who find DPP compliance straightforward will be those who built the right foundations early.

The Six Draft Standards

The six proposed standards work as a stack. Each addresses a different layer of the DPP architecture; together they describe an end-to-end system.

EN 18216 - Data Exchange Protocols

How systems talk to each other securely to share passport data. This draft standard mandates encrypted communication, standardised data formats, and open authentication protocols. Any compliant DPP platform must be able to exchange product data with any other compliant system, without proprietary lock-in.

EN 18219 - Unique Identifiers

How each product and its manufacturer gets a unique, lasting name. The proposed standard defines permitted identification schemes and requires that identifiers remain resolvable even if the original manufacturer leaves the market, working at model, batch or individual item level.

EN 18220 - Data Carriers

The physical link between a product and its passport: QR codes, NFC tags, RFID and Data Matrix codes. The draft standard sets requirements for encoding, print quality, durability and placement. A key requirement running through the suite: public passport data must be readable by any smartphone, with no app, registration or login required.

EN 18221 - Storage, Archiving and Persistence

Where the data lives, and how it stays available for the full lifetime of a product, including after the manufacturer ceases trading. This proposed standard defines long-term availability obligations and a specific back-up provider role, ensuring passports outlive the companies that issued them.

EN 18222 - APIs for Lifecycle Management and Searchability

The standard interface a passport platform must offer to create, read and update passports. The draft standard specifies the exact API operations required, including registration with the EU DPP registry, with every change logged and archived.

EN 18223 - System Interoperability

How passport data is structured so it is portable and readable across systems, organisations and borders. This proposed standard defines a common data model and requires the use of shared data dictionaries, so that product information means the same thing wherever it is read.

The Common Thread: Open, Durable, No Lock-In

Read across all six proposed standards, three principles recur consistently:

• Open access: Public passport data must be readable by anyone with a smartphone, with no proprietary app or account required. The standards explicitly rule out vendor lock-in at every layer.

• Durability beyond the manufacturer: Identifiers, data storage and back-up obligations are all designed so that a product’s passport remains accessible long after the company that made it has changed, merged or closed.

• Interoperability as a requirement, not a feature: Every layer of the stack is built on established open standards, ISO, GS1, W3C, so that DPP data can move freely between systems without translation or conversion.

For any manufacturer choosing a DPP partner, these principles matter. They mean a compliant system is one that works for the product and its owners over its full lifetime, not just for the platform provider.

What Comes Next

AssetID, TAZAAR’s Product Intelligence platform, is built around the same principles the EN 18216 to EN 18223 suite establishes: item-level identification, persistent lifecycle data, physical data carriers, and structured digital records built to serve a product’s full working life.

We are  publishing a series of articles unpacking what each standard means in practice for manufacturers. Upcoming pieces will look at each standard in turn, explore the open-by-design principles running through the suite, and address what the standards mean for an existing product line.

If you would like to understand where your products and data practices sit relative to the emerging DPP framework, TAZAAR now offers a DPP & Product Data Readiness Assessment which helps manufacturers to understand what Digital Product Passports mean for them, assess current readiness, and receive a practical roadmap for implementation without committing to a DPP service provider at this stage.