What "DPP-Compliant" Actually Means: The Eight EU Standards Explained

 


Topic

Digital Product Passport, Traceability


Solutions

r-pac TRCE


Published

Loading date...
 

For a while, "DPP-compliant" was a phrase anyone could claim. The harmonized standards now being published change that. If you are choosing a platform or a partner, this is the checklist they should map to.

 

The eight standards

Together, the standards cover unique identifiers for products, operators, and facilities (EN 18219); the data carriers and the link between a physical product and its digital record (EN 18220, which recognizes RAIN RFID, NFC, and 2D codes); access rights, security, and data protection; interoperability, in the technical, semantic, and organizational sense; data processing, exchange, and formats; data storage, archiving, and persistence for long-term availability (EN 18221); data authentication, reliability, and integrity; and the APIs for managing a passport across its lifecycle.

The headline for a brand is reassuring: compliance is now a defined target, not a guess, which means you can build and buy against it with confidence.

How the system is built

The DPP is a hybrid. A central EU DPP Registry holds each product's unique identifier and points to where its data lives. The detailed data is stored in a decentralized way, by the brand or a service provider on its behalf, and GS1 Digital Link is the standardized resolution layer that connects an identifier to that data. A public DPP Web Portal lets anyone search and compare products. And because a passport has to outlive the company that made it, the rules require a back-up copy held by a third-party service provider, so the data stays available for the product's full life.

Built for people and for machines

A good DPP serves the same product link two ways: a branded, human-friendly page for consumers, and structured, machine-readable data (JSON-LD) for authorities and systems, with Schema.org markup so search engines and AI assistants can surface it. On privacy, the rules are strict: no personal data by default, privacy by design, with explicit consent the only exception.

Two practical takeaways. Plan for the third-party back-up obligation from day one, because it is easy to miss and required. And insist that your platform is machine-readable and standards-conformant, not just a pretty consumer page, because the authority side of the passport is where compliance is actually judged.

 

Get the complete picture: download the free 2026 Digital Product Passport Starter Kit, the full guide as one PDF, including the timeline, the carrier comparison, the maturity model, and a readiness checklist.

Download the Starter Kit →

Previous
Previous

The Business Case for the Digital Product Passport: Five Ways It Pays Back

Next
Next

QR vs NFC vs RAIN RFID: How to Choose a DPP Data Carrier