A Practical DPP Framework for Manufacturers

When the European Commission's Joint Research Centre published JRC145830 in March 2026, it answered the question manufacturers have been waiting on: how will the content of Digital Product Passports be determined?

The answer is a structured, phased methodology that study teams will use to define what data is mandatory, who can access it, who keeps it updated, and how it must be structured. It is not sector-specific, it is the process manual behind every product group that will require a DPP under the Ecodesign for Sustainable Products Regulation (ESPR).

At TAZAAR, we've worked through the full report. What follows is a practical framework for manufacturers: what DPP readiness actually means, what you need to have in place, and what to prioritise now.

What DPP Readiness Actually Means

DPP readiness is not the same as DPP compliance. Compliance requires a published delegated act for your product group. Readiness is what you do now, while delegated acts are still being drafted, so that compliance is achievable within the 18-month window after adoption rather than requiring a costly scramble from a standing start.

The JRC methodology makes this distinction practical. It categorises all potential data requirements by how likely they are to be mandated and how hard they are to implement:

• Category A requirements (data that is already widely collected, often at model level) will form the compliance baseline for most product groups. 

• Category B requirements (high policy value but not yet standard practice)  are where the real preparation work lies.

Understanding which category your existing data falls into is the first step to a credible readiness plan.

The Six-Point Readiness Framework

Based on the JRC methodology and the structural requirements of the ESPR, here is a practical framework for assessing and building DPP readiness.

1.  Audit your current data landscape

The methodology explicitly builds from existing industry practices. The first question is not 'what will we need to collect?' but 'what do we already collect, and where does it live?'

Work through the full list of ESPR Annex I parameters systematically:

• Durability and technical lifetime

• Repairability and spare parts availability

• Recyclability and material composition

• Carbon and environmental footprint

• Energy and water use across life-cycle stages

For each parameter: do you have the data? At what level; model, batch or unit? In which system? Gaps at this stage are informative, not alarming. The audit creates the map.

2.  Understand your serialisation capability

One of the JRC methodology's most significant technical contributions is its detailed treatment of data granularity. DPPs can be established at model level (one record per product design), batch level (one per production run), or item level (one per individual unit). The delegated act for each product group will specify which applies.

The methodology is direct about the cost implications: granularity is a key cost driver in DPP implementation. Requirements that diverge from existing industry practices, such as moving from model-level to item-level where item-level tracking is not already in place, significantly increase implementation complexity.

For products that accumulate unique data over their working life (repair history, ownership transfers, firmware updates)  item-level is the only option that fully serves the regulation's circular economy objectives. For manufacturers who don't currently serialise at unit level, this is the most operationally significant readiness step.

3.  Know your substances of concern

Article 7(5) of the ESPR requires disclosure of substances of concern (SoC) across all regulated product groups. The required information goes beyond a simple chemical name, it includes CAS and EC numbers, trade names, location within the product, concentration levels (at component or spare parts level), and safe use and end-of-life handling instructions.

SoC disclosure is not optional and it is not something that can be generated retroactively at scale without a structured product data process. Building that process now, starting with the products most likely to fall in the earliest delegated act cohorts, is a meaningful head start.

4.  Map your supply chain data flows

A European DPP Readiness Survey conducted by KPMG in late 2025 identified supplier data collection as the single biggest challenge for organisations preparing for DPP compliance, cited by 31% of respondents.

The ESPR's data requirements extend upstream. Carbon footprint must be calculated on a life-cycle basis. Material composition and substances of concern require component-level data from suppliers. The DPP's Tier 4 (supply chain and B2B data) includes disaggregated environmental footprint data that suppliers will need to provide.

Assessing what supplier data you can currently obtain, and where the gaps are early in the process allows time to engage suppliers before compliance becomes urgent.

5.  Plan for lifecycle data governance

A DPP is not a static document filed at point of sale. The ESPR framework divides DPP data into two distinct types:  

• Core DPP - the manufacturer's declared data at market placement, which is immutable

• Lifecycle Log - a dynamic record updated by different authorised actors throughout the product's working life

Defined trigger events requiring DPP updates include:

• Repair or maintenance performed

• Firmware or software update

• Refurbishment or remanufacturing

• Component replacement or upgrade

• Change of ownership

• End-of-life collection or recycling

Every entry in the lifecycle log must be authenticated and traceable to the actor who created it. The infrastructure to support this (authenticated write permissions, standardised event formats, role-based access) needs to be in place before product DPPs go live, not after.

6.  Decide on your DPP infrastructure approach

The same KPMG survey found that 61% of organisations are still undecided on whether to build DPP infrastructure in-house or work with an external provider. The JRC methodology resolves this at a structural level: DPP service providers are formally defined in the ESPR framework as independent third parties authorised to process DPP data and make it available to entitled actors.

For most manufacturers, particularly those without existing item-level tracking infrastructure, working with a specialist DPP service provider is the practical path. The infrastructure requirements are substantial, and the regulatory deadline does not move.

The Access Rights Question

One concern manufacturers frequently raise is the potential exposure of commercially sensitive data. The JRC methodology addresses this directly through a five-tier access model.

• Tier 1 - Public-facing data: High-level performance scores, energy efficiency class, recycled content percentages, warranty information and end-of-life guidance. 

• Tier 2: Detailed disassembly instructions and schematics are accessible only to professional repair operators.

• Tier 3: Material composition at substance level goes to recyclers and waste managers. 

• Tier 4: Disaggregated supply chain and footprint data flows only to B2B actors in the supply chain. 

• Tier 5: Full unrestricted access is reserved for regulatory and enforcement authorities.

Proprietary formulations, supplier identities and detailed manufacturing process data are not part of the public DPP record. Compliance and commercial sensitivity are not inherently in conflict.

Timeline - What Matters Right Now

The EU DPP Registry must be operational by 19 July 2026. That is not a compliance date for manufacturers; it is the infrastructure milestone that makes compliance possible.

Delegated acts for energy-related products and textiles are expected from 2027, with ICT products following from 2029. From the date a delegated act is adopted, manufacturers have 18 months before mandatory DPP compliance.

The 18-month window is for implementation, not for starting the data audit, the serialisation assessment, or the supplier engagement that precedes it. Manufacturers who have done the groundwork will use those 18 months to build. Those who haven't will use them to catch up.

Where TAZAAR Fits

TAZAAR's AssetID platform is built around the principles that the JRC methodology now formalises: item-level product identification, persistent lifecycle data, physical data carriers embedded in or attached to products, and structured digital records that travel with a product through its working life.

The team at TAZAAR works with manufacturers on how to leverage Digital Product Passports beyond compliance, including warranty management, customer lifecycle journeys, and even physical asset tracking.

Most manufacturers we speak to share the same starting point: awareness that DPP is coming, but uncertainty about what it means for their specific products, data, and operations. 

Our engagements begin with a structured discovery phase - typically an onsite visit - where we map the product data landscape, systems, and cross-functional responsibilities together with the people who own them. This consistently surfaces a picture that has not previously existed in joined-up form: where DPP-relevant data already lives, where the gaps are, and what the realistic path from current state to compliance looks like. 

From there, we design a phased rollout that delivers commercial value from the first stage, whether that is customer registration, warranty management, or maintenance traceability, while building toward full DPP readiness progressively. We have found that DPP implementation is roughly 80% organisational and data work and 20% technical, which is why our role is as much consultative as it is platform delivery. 

Whether you manufacture catalogue products or bespoke configured units, the approach is the same: understand your operation first, then build. If you are assessing where your business stands against the framework above, a conversation with the team is a practical first step - contact us at tazaar.io.