[{"data":1,"prerenderedAt":2072},["ShallowReactive",2],{"local-articles":3,"articles":2043},[4,606,810,969,1147,1401,1570,1731,1911],{"id":5,"title":6,"author":7,"body":8,"category":590,"date":591,"description":592,"draft":593,"extension":594,"locale":595,"meta":596,"navigation":597,"path":598,"readingTime":599,"seo":600,"stem":601,"tags":602,"thumbnail":577,"__hash__":605},"articles\u002Farticles\u002Fdpp-software-comparison.md","DPP Software Comparison 2026: PassportLab vs. Enterprise Platforms","PassportLab Team",{"type":9,"value":10,"toc":576},"minimark",[11,15,22,28,31,36,41,47,53,59,65,79,83,88,93,99,104,114,118,123,128,133,138,148,152,157,162,168,173,183,187,192,196,227,233,238,242,521,525,531,537,543,549,555,558,561],[12,13,14],"p",{},"The Digital Product Passport software market has fragmented into two tiers that serve fundamentally different buyers. Understanding which tier you belong to saves months of evaluation time and significant budget.",[12,16,17,21],{},[18,19,20],"strong",{},"Tier 1:"," Enterprise platforms built for Fortune 500 manufacturers with large technical teams, multi-year implementation timelines, and integration budgets in six figures. Built around supply chain data platforms, digital twin frameworks, or identity infrastructure.",[12,23,24,27],{},[18,25,26],{},"Tier 2:"," Platforms built for importers, private-label brands, and SMEs that need to be compliant without a dedicated compliance engineering team. Built around fast setup, self-service data entry, and practical regulatory output.",[12,29,30],{},"PassportLab is explicitly in Tier 2. This comparison is written to help buyers in Tier 2 understand the landscape honestly.",[32,33,35],"h2",{"id":34},"the-platforms","The Platforms",[37,38,40],"h3",{"id":39},"spherity","Spherity",[12,42,43,46],{},[18,44,45],{},"What it is:"," Spherity is a German decentralised identity and verifiable credentials infrastructure company. Their DPP product is built on top of their existing identity stack, with a focus on cryptographic credential management and W3C VC issuance at scale.",[12,48,49,52],{},[18,50,51],{},"Strengths:"," Deep technical standards compliance. W3C VC 2.0 implementation is robust. Strong in battery supply chain use cases where buyers require cryptographic proof of origin. Direct relationships with major German automotive OEMs.",[12,54,55,58],{},[18,56,57],{},"Limitations for SMEs:"," Implementation is primarily professional-services-led. There is no self-service onboarding path for a brand with 50 SKUs. Pricing is enterprise-contracted. Setup timelines are measured in months, not days. If you do not have a development team and an existing identity infrastructure, Spherity is not the right tool.",[12,60,61,64],{},[18,62,63],{},"Standards:"," W3C VC 2.0, DID:Web, eIDAS 2.0. Not currently GS1 Digital Link native.",[12,66,67,70,71,78],{},[18,68,69],{},"Sources:"," ",[72,73,77],"a",{"href":74,"rel":75},"https:\u002F\u002Fspherity.com",[76],"nofollow","spherity.com",", EU Blockchain Observatory reports on digital identity for supply chains.",[37,80,82],{"id":81},"qliktag","Qliktag",[12,84,85,87],{},[18,86,45],{}," Qliktag is a product experience and DPP platform based in Canada, with significant EU market presence through retail partnerships. Their strength is consumer-facing product experience content — the \"digital twin\" of a product from a brand storytelling perspective as well as compliance.",[12,89,90,92],{},[18,91,51],{}," Strong content management capabilities. Good for brands that want to use the DPP as a consumer engagement tool as well as a compliance tool. Retail partnership network for distribution.",[12,94,95,98],{},[18,96,97],{},"Limitations for compliance-first use cases:"," Qliktag's primary positioning is consumer experience rather than regulatory compliance. W3C VC cryptographic signing and EU CIR registration are not core features. For brands that need to pass a market surveillance audit in 2027, the compliance layer is less mature than purpose-built compliance platforms.",[12,100,101,103],{},[18,102,63],{}," GS1 Digital Link supported. W3C VC integration limited. EU CIR registration not confirmed.",[12,105,106,70,108,113],{},[18,107,69],{},[72,109,112],{"href":110,"rel":111},"https:\u002F\u002Fqliktag.com",[76],"qliktag.com",", GS1 DPP Pilot documentation.",[37,115,117],{"id":116},"psqr","PSQR",[12,119,120,122],{},[18,121,45],{}," PSQR is a Netherlands-based platform focused on supply chain transparency and GS1-compatible product data. They have deep GS1 relationships and are active in EU DPP standardisation bodies.",[12,124,125,127],{},[18,126,51],{}," GS1 compliance is very strong. Good for brands already operating in GS1-centric supply chains (major EU retailers). Active in policy and standards — PSQR's work shows up in ESPR technical specifications.",[12,129,130,132],{},[18,131,57],{}," Similar to Spherity, PSQR is primarily enterprise-oriented. The platform is built for supply chain data integration at scale, not self-service DPP creation. SMEs without EDI or GS1 DataKEEP integration will find onboarding complex.",[12,134,135,137],{},[18,136,63],{}," GS1 Digital Link native. W3C VC in development. EU CIR registration supported.",[12,139,140,70,142,147],{},[18,141,69],{},[72,143,146],{"href":144,"rel":145},"https:\u002F\u002Fpsqr.eu",[76],"psqr.eu",", GS1 AISBL Digital Link standard documentation.",[37,149,151],{"id":150},"avery-dennison-atmaio","Avery Dennison atma.io",[12,153,154,156],{},[18,155,45],{}," atma.io is the digital identity platform from Avery Dennison, the label and RFID tag manufacturer. Their DPP offering is built on top of their existing RFID infrastructure and cloud-based product identity platform.",[12,158,159,161],{},[18,160,51],{}," For brands already using Avery Dennison RFID tags (common in fashion and luxury goods), the integration path to a unit-level DPP is relatively straightforward. Physical-to-digital connection is a core strength. Strong in textile and luxury goods sectors.",[12,163,164,167],{},[18,165,166],{},"Limitations for non-Avery Dennison supply chains:"," The platform is most valuable when you are already buying physical labels and tags from Avery Dennison. If you are not, the value proposition weakens. DPP compliance features (W3C VC, EU CIR) are available but not as mature as pure-play compliance platforms. Pricing is tied to label volume, which can make it expensive for low-volume high-value products.",[12,169,170,172],{},[18,171,63],{}," RAIN RFID native. GS1 Digital Link supported. W3C VC available. EU CIR integration in progress.",[12,174,175,70,177,182],{},[18,176,69],{},[72,178,181],{"href":179,"rel":180},"https:\u002F\u002Fwww.averydennison.com\u002Fen\u002Fhome\u002Fproducts-and-solutions\u002Fatma.io.html",[76],"atma.io",", Avery Dennison sustainability reports.",[37,184,186],{"id":185},"passportlab","PassportLab",[12,188,189,191],{},[18,190,45],{}," PassportLab is a purpose-built EU DPP compliance platform for importers and private-label brands. Self-service, EU-hosted (Germany), GS1 Germany partner.",[12,193,194],{},[18,195,51],{},[197,198,199,203,206,209,212,215,218,221,224],"ul",{},[200,201,202],"li",{},"Self-service setup in under 30 minutes for first DPP",[200,204,205],{},"Full W3C VC 2.0 + Ed25519 cryptographic signing",[200,207,208],{},"GS1 Digital Link resolution (GS1 Germany partnership)",[200,210,211],{},"EU CIR registration via CIRPASS-2 format",[200,213,214],{},"SD-JWT selective disclosure for stakeholder access control",[200,216,217],{},"Shopify and WooCommerce sync",[200,219,220],{},"Battery Regulation 2023\u002F1542 Annex XIII schema enforcement",[200,222,223],{},"EU-hosted infrastructure with contractual data portability",[200,225,226],{},"Pricing from €149\u002Fmonth (Starter: 100 DPPs)",[12,228,229,232],{},[18,230,231],{},"Limitations:"," Not designed for Fortune 500 supply chain complexity. No EDI integration. Not a general-purpose supply chain platform. Best fit is importers and brand owners with up to a few thousand SKUs.",[12,234,235,237],{},[18,236,63],{}," W3C VC 2.0, DID:Web, GS1 Digital Link, CIRPASS-2, IDTA AAS submodels, SD-JWT.",[32,239,241],{"id":240},"comparison-table","Comparison Table",[243,244,245,264],"table",{},[246,247,248],"thead",{},[249,250,251,254,256,258,260,262],"tr",{},[252,253],"th",{},[252,255,186],{},[252,257,40],{},[252,259,82],{},[252,261,117],{},[252,263,181],{},[265,266,267,290,311,331,353,373,392,410,428,448,465,483,501],"tbody",{},[249,268,269,275,278,281,284,287],{},[270,271,272],"td",{},[18,273,274],{},"Target buyer",[270,276,277],{},"SME importers, private label",[270,279,280],{},"Enterprise OEM\u002Fsupply chain",[270,282,283],{},"Brand experience + compliance",[270,285,286],{},"Enterprise, GS1-centric",[270,288,289],{},"Avery Dennison customers",[249,291,292,297,300,303,306,308],{},[270,293,294],{},[18,295,296],{},"Self-service setup",[270,298,299],{},"Yes, \u003C 30 min",[270,301,302],{},"No — PS-led",[270,304,305],{},"Limited self-service",[270,307,302],{},[270,309,310],{},"Limited",[249,312,313,318,321,324,326,328],{},[270,314,315],{},[18,316,317],{},"Pricing model",[270,319,320],{},"Monthly SaaS (€149–€499\u002Fmo)",[270,322,323],{},"Enterprise contract",[270,325,323],{},[270,327,323],{},[270,329,330],{},"Per-label volume",[249,332,333,338,341,344,347,350],{},[270,334,335],{},[18,336,337],{},"W3C VC 2.0",[270,339,340],{},"Full (Ed25519)",[270,342,343],{},"Full",[270,345,346],{},"Partial",[270,348,349],{},"In progress",[270,351,352],{},"Available",[249,354,355,360,363,365,368,371],{},[270,356,357],{},[18,358,359],{},"GS1 Digital Link",[270,361,362],{},"Yes (GS1 DE partner)",[270,364,349],{},[270,366,367],{},"Yes",[270,369,370],{},"Yes (core)",[270,372,367],{},[249,374,375,380,383,385,388,390],{},[270,376,377],{},[18,378,379],{},"EU CIR registration",[270,381,382],{},"Yes (CIRPASS-2)",[270,384,349],{},[270,386,387],{},"Not confirmed",[270,389,367],{},[270,391,349],{},[249,393,394,399,401,403,406,408],{},[270,395,396],{},[18,397,398],{},"SD-JWT",[270,400,367],{},[270,402,367],{},[270,404,405],{},"No",[270,407,405],{},[270,409,405],{},[249,411,412,417,420,422,424,426],{},[270,413,414],{},[18,415,416],{},"Battery Annex XIII",[270,418,419],{},"Yes (schema enforcement)",[270,421,367],{},[270,423,405],{},[270,425,346],{},[270,427,405],{},[249,429,430,435,438,440,443,446],{},[270,431,432],{},[18,433,434],{},"EU hosting",[270,436,437],{},"Yes (Germany)",[270,439,437],{},[270,441,442],{},"No (Canada)",[270,444,445],{},"Yes (Netherlands)",[270,447,346],{},[249,449,450,455,457,459,461,463],{},[270,451,452],{},[18,453,454],{},"Shopify\u002FWooCommerce sync",[270,456,367],{},[270,458,405],{},[270,460,367],{},[270,462,405],{},[270,464,405],{},[249,466,467,472,475,477,479,481],{},[270,468,469],{},[18,470,471],{},"IDTA AAS submodels",[270,473,474],{},"Yes (5 submodels)",[270,476,346],{},[270,478,405],{},[270,480,405],{},[270,482,405],{},[249,484,485,490,493,495,497,499],{},[270,486,487],{},[18,488,489],{},"RAIN RFID support",[270,491,492],{},"Yes (EN 18219\u002F18220)",[270,494,405],{},[270,496,405],{},[270,498,405],{},[270,500,370],{},[249,502,503,508,511,514,517,519],{},[270,504,505],{},[18,506,507],{},"Setup timeline",[270,509,510],{},"Hours to days",[270,512,513],{},"Months",[270,515,516],{},"Weeks to months",[270,518,513],{},[270,520,516],{},[32,522,524],{"id":523},"which-platform-is-right-for-you","Which Platform Is Right for You",[12,526,527,530],{},[18,528,529],{},"Choose PassportLab"," if you are an importer or private-label brand with fewer than 10,000 SKUs, need to be compliant before 2027, do not have a dedicated compliance engineering team, and want self-service setup at a predictable monthly cost.",[12,532,533,536],{},[18,534,535],{},"Choose Spherity"," if you are a Tier 1 automotive or industrial supplier, have a development team, and require enterprise-grade cryptographic identity infrastructure with professional services support.",[12,538,539,542],{},[18,540,541],{},"Choose Qliktag"," if consumer-facing product experience content is equally important to you as regulatory compliance, and you want a single platform for both.",[12,544,545,548],{},[18,546,547],{},"Choose PSQR"," if you are deeply embedded in GS1 DataKEEP infrastructure and your buyers require EDI-level supply chain data integration alongside DPP compliance.",[12,550,551,554],{},[18,552,553],{},"Choose atma.io"," if you are already an Avery Dennison customer with RFID-tagged products in fashion or luxury goods, and the unit-level physical-to-digital connection is your primary requirement.",[12,556,557],{},"The honest summary: enterprise platforms exist for enterprise problems. If your problem is \"I need to be ESPR-compliant before the enforcement date, I don't have a compliance engineering team, and I need it to cost less than a mid-level developer salary per year,\" PassportLab is the practical answer.",[559,560],"hr",{},[12,562,563],{},[564,565,566,570,571,575],"em",{},[72,567,569],{"href":568},"\u002Ffree-dpp-generator","Try PassportLab free for your first DPP"," or ",[72,572,574],{"href":573},"\u002Fdemo","book a comparison call"," to walk through your specific requirements.",{"title":577,"searchDepth":578,"depth":578,"links":579},"",2,[580,588,589],{"id":34,"depth":578,"text":35,"children":581},[582,584,585,586,587],{"id":39,"depth":583,"text":40},3,{"id":81,"depth":583,"text":82},{"id":116,"depth":583,"text":117},{"id":150,"depth":583,"text":151},{"id":185,"depth":583,"text":186},{"id":240,"depth":578,"text":241},{"id":523,"depth":578,"text":524},"Guide","2026-03-15","An honest comparison of Digital Product Passport platforms: PassportLab, Spherity, Qliktag, PSQR, and Avery Dennison atma.io. Pricing models, setup time, standards support, and who each tool is actually built for.",false,"md","en",{},true,"\u002Farticles\u002Fdpp-software-comparison",10,{"title":6,"description":592},"articles\u002Fdpp-software-comparison",[603,604,40,82,117],"DPP Software","Comparison","WlvolFWYyrX4pleIsOSPeG3mwCvPOa8MyLqZVl5d400",{"id":607,"title":608,"author":7,"body":609,"category":590,"date":797,"description":798,"draft":593,"extension":594,"locale":595,"meta":799,"navigation":597,"path":800,"readingTime":801,"seo":802,"stem":803,"tags":804,"thumbnail":577,"__hash__":809},"articles\u002Farticles\u002Fdigital-product-passport-decoded-2026.md","Digital Product Passport Decoded: The 2026 Practical Guide for Importers",{"type":9,"value":610,"toc":790},[611,614,618,621,624,627,631,634,645,651,657,663,669,673,679,685,691,697,701,704,730,733,737,740,773,776,778],[12,612,613],{},"The phrase \"Digital Product Passport\" appears in enough regulatory communications that most importers and brand managers have heard of it. Fewer have a concrete understanding of what it actually is, what it must contain, and what happens when an authority checks it at the border. This guide is the practical version.",[32,615,617],{"id":616},"what-a-dpp-is-and-is-not","What a DPP Is (and Is Not)",[12,619,620],{},"A Digital Product Passport is a structured data record attached to a physical product, accessible via a URL encoded in a QR code, barcode, or RFID tag on the product. It is not a document. It is not a certificate. It is not a PDF. It is a live API endpoint that returns machine-readable JSON.",[12,622,623],{},"When a customs officer, market surveillance authority, retailer, or consumer scans the QR code on your product, their device makes an HTTP request to a URL. That URL returns JSON data. The data is verified cryptographically. The result is either a valid, compliant DPP — or it is not.",[12,625,626],{},"The EU Ecodesign for Sustainable Products Regulation (ESPR) mandates DPPs for all product categories covered by ESPR delegated acts. The first mandates affect batteries (February 2027) and will extend to textiles, electronics, iron and steel, and other categories on a rolling schedule through 2030 and beyond.",[32,628,630],{"id":629},"the-anatomy-of-a-compliant-dpp","The Anatomy of a Compliant DPP",[12,632,633],{},"A compliant DPP has five layers:",[12,635,636,639,640,644],{},[18,637,638],{},"Layer 1: The unique identifier."," Every DPP has a unique identifier — either a GS1 GTIN\u002Fserial combination formatted as a Digital Link URL (",[641,642,643],"code",{},"\u002F01\u002F{gtin}\u002F21\u002F{serial}",") or a UUID-based identifier. The identifier is encoded in the physical label (QR code, RFID tag) and registered in the EU Common Information Repository.",[12,646,647,650],{},[18,648,649],{},"Layer 2: The data record."," The product's required fields as specified in the ESPR delegated act for its category. For batteries: carbon footprint per kWh of energy stored, recycled content by battery material, state of health, responsible sourcing documentation. For textiles: fibre composition, country of origin per manufacturing stage, care and repair instructions, recycled content. The delegated act for each category specifies exactly which fields are mandatory.",[12,652,653,656],{},[18,654,655],{},"Layer 3: The verifiable credential."," The data record is wrapped in a W3C Verifiable Credential (VC 2.0), signed by the economic operator's cryptographic key. The key is associated with the operator's legal entity identity via a DID (Decentralised Identifier). Any party can verify the credential without contacting the issuer, by resolving the DID and checking the signature.",[12,658,659,662],{},[18,660,661],{},"Layer 4: The selective disclosure layer."," Some DPP fields are public (accessible to anyone who scans the QR code). Others are restricted — visible to customs authorities but not consumers, or visible to recycling operators but not retailers. Selective Disclosure JWT (SD-JWT) format allows field-level access control without invalidating the credential.",[12,664,665,668],{},[18,666,667],{},"Layer 5: The registry registration."," The DPP identifier and the URL of the data endpoint are registered in the EU Common Information Repository. When an authority scans a product, they can look up the CIR to find the authoritative endpoint, even if the QR code resolves to a different URL.",[32,670,672],{"id":671},"who-checks-your-dpp-and-how","Who Checks Your DPP and How",[12,674,675,678],{},[18,676,677],{},"EU Customs:"," Import declarations for products covered by ESPR mandates will soon include a DPP identifier field. Customs systems will resolve the DPP at the time of import and check required fields against the declared product category. A DPP that is missing required fields, returns an error, or fails cryptographic verification will trigger a hold.",[12,680,681,684],{},[18,682,683],{},"Market Surveillance Authorities (MSAs):"," MSAs in each EU member state conduct post-market checks on products in circulation. They scan QR codes, resolve DPPs, and check compliance with the delegated act for the product category. MSA findings are shared via the ICSMS (Information and Communication System for Market Surveillance) and can result in product recalls, import bans, and financial penalties.",[12,686,687,690],{},[18,688,689],{},"Retailers:"," Large EU retailers are increasingly requiring DPP compliance as a condition of listing. This is a commercial requirement, not a regulatory one, but it has the same practical effect. Retailers running their own compliance checks resolve DPPs programmatically and reject listings where required fields are missing.",[12,692,693,696],{},[18,694,695],{},"Consumers:"," The public-facing layer of the DPP — product composition, care instructions, repairability information, end-of-life guidance — must be accessible to consumers. EU citizens have the right to request DPP data under ESPR. The QR code must resolve to a human-readable display, not just a machine-readable JSON endpoint.",[32,698,700],{"id":699},"what-happens-when-your-dpp-is-wrong","What Happens When Your DPP Is Wrong",[12,702,703],{},"Non-compliance with ESPR DPP requirements can result in:",[197,705,706,712,718,724],{},[200,707,708,711],{},[18,709,710],{},"Import rejection at customs"," — shipments held pending compliance remediation",[200,713,714,717],{},[18,715,716],{},"Market surveillance enforcement action"," — withdrawal from sale, recall obligation, financial penalties",[200,719,720,723],{},[18,721,722],{},"Retailer delisting"," — commercial consequence from buyers requiring DPP compliance",[200,725,726,729],{},[18,727,728],{},"Registry flagging"," — an invalid DPP in the EU CIR creates a permanent compliance record",[12,731,732],{},"The penalties under ESPR are set by member states but must be \"effective, proportionate, and dissuasive.\" France, Germany, and the Netherlands have indicated penalty frameworks of €10,000–€50,000 per non-compliant product category, per enforcement action.",[32,734,736],{"id":735},"getting-your-first-compliant-dpp","Getting Your First Compliant DPP",[12,738,739],{},"The fastest path to a compliant DPP for most importers:",[741,742,743,749,755,761,767],"ol",{},[200,744,745,748],{},[18,746,747],{},"Identify your first product category"," — which of your products will be subject to the earliest ESPR mandate? Batteries first, then textiles.",[200,750,751,754],{},[18,752,753],{},"Collect the required fields"," — use the relevant delegated act field list (or PassportLab's category templates) to identify what supplier data you need.",[200,756,757,760],{},[18,758,759],{},"Generate and sign the DPP"," — a compliant DPP platform creates the W3C VC, registers with the EU CIR, and generates the QR code automatically.",[200,762,763,766],{},[18,764,765],{},"Test the QR code"," — scan it with a DPP verification tool to confirm the endpoint resolves, the data is complete, and the credential verifies.",[200,768,769,772],{},[18,770,771],{},"Distribute to your supply chain"," — update your product labels with the QR code or RFID tag encoding the DPP URL.",[12,774,775],{},"The process does not require a technical team. It requires supplier data and a platform that handles the technical compliance layers.",[559,777],{},[12,779,780],{},[564,781,782,785,786,789],{},[72,783,784],{"href":568},"Generate a compliant DPP for your product now"," — no technical knowledge required. Or ",[72,787,788],{"href":573},"book a compliance walkthrough"," with the PassportLab team.",{"title":577,"searchDepth":578,"depth":578,"links":791},[792,793,794,795,796],{"id":616,"depth":578,"text":617},{"id":629,"depth":578,"text":630},{"id":671,"depth":578,"text":672},{"id":699,"depth":578,"text":700},{"id":735,"depth":578,"text":736},"2026-03-01","What a Digital Product Passport actually is, what data it must contain, who checks it, how it gets verified, and what happens if yours is wrong. Written for importers and private-label brands.",{},"\u002Farticles\u002Fdigital-product-passport-decoded-2026",12,{"title":608,"description":798},"articles\u002Fdigital-product-passport-decoded-2026",[805,806,590,807,808],"DPP","ESPR","Importers","2026","3eHIAXwnmYeZbgKO-H5s-IbyDiDasit8rP4srupvFms",{"id":811,"title":812,"author":7,"body":813,"category":956,"date":957,"description":958,"draft":593,"extension":594,"locale":595,"meta":959,"navigation":597,"path":960,"readingTime":961,"seo":962,"stem":963,"tags":964,"thumbnail":577,"__hash__":968},"articles\u002Farticles\u002Feu-destruction-ban-qr-code-wont-save-your-brand.md","The EU Destruction Ban: Why a QR Code Alone Won't Save Your Brand",{"type":9,"value":814,"toc":950},[815,818,821,825,832,835,849,852,856,859,862,865,869,872,875,901,905,929,932,935,937],[12,816,817],{},"When the EU announced that large enterprises would be prohibited from destroying unsold consumer goods — textiles first, then electronics — many brands responded by accelerating their DPP implementation. Add a QR code to the label, register with a registry, call it done.",[12,819,820],{},"This response misunderstands what the destruction ban actually requires.",[32,822,824],{"id":823},"what-the-regulation-requires","What the Regulation Requires",[12,826,827,828,831],{},"The EU Ecodesign Regulation destruction ban (entering force for large enterprises in 2025, SMEs in 2026) does not just prohibit destruction. It requires economic operators to ",[18,829,830],{},"demonstrate"," that destruction did not occur. This is an evidentiary obligation, not just a prohibition.",[12,833,834],{},"For a fashion brand with 100,000 units of unsold seasonal stock, demonstrating that none of those units was destroyed means having:",[741,836,837,840,843,846],{},[200,838,839],{},"A record of every unit's unique identifier at the time it left your possession",[200,841,842],{},"Documentation of where each unit went (returned to supplier, sold at outlet, donated to charity, recycled)",[200,844,845],{},"For recycled or donated units: documentation from the receiving organisation",[200,847,848],{},"The ability to produce this documentation to a market surveillance authority on demand",[12,850,851],{},"A QR code on a label establishes that the product exists and has a DPP. It does not establish what happened to the product after it left your warehouse.",[32,853,855],{"id":854},"the-unit-level-problem","The Unit-Level Problem",[12,857,858],{},"Most brands track inventory at the SKU level, not the unit level. They know they had 5,000 units of SKU-1234 and sold 3,200. They do not know the individual serial number of each unit, which units went to which retail location, or what happened to the 1,800 units that did not sell.",[12,860,861],{},"The destruction ban requires unit-level accountability for disposal. This requires unit-level serialisation — each physical product has a unique identifier, and its disposition is tracked at the unit level. This is a significant operational change for brands that have never serialised their inventory.",[12,863,864],{},"RAIN RFID (Radio Frequency Identification) is the practical technology for unit-level serialisation of textiles at scale. Each garment gets an RFID tag with a unique TID (Tag Identifier) that cannot be cloned. The TID is registered against the product's DPP. When the garment is disposed of — recycled, donated, or sold — the RFID tag is scanned and the lifecycle status updated.",[32,866,868],{"id":867},"why-existing-erp-systems-are-not-enough","Why Existing ERP Systems Are Not Enough",[12,870,871],{},"Enterprise resource planning systems track inventory at the SKU or batch level for cost accounting purposes. They are not designed for unit-level serialisation with lifecycle status tracking. Adding unit-level destruction compliance to an ERP is possible but requires significant customisation.",[12,873,874],{},"The practical path for most mid-market fashion brands is:",[741,876,877,883,889,895],{},[200,878,879,882],{},[18,880,881],{},"Assign serial identifiers at manufacture"," — either RAIN RFID tags (for high-value items where hardware cost is justified) or QR code labels with unique serial numbers",[200,884,885,888],{},[18,886,887],{},"Register each serial identifier against a DPP record"," in a system that supports lifecycle status updates",[200,890,891,894],{},[18,892,893],{},"Update lifecycle status"," when units are sold (status: active → customer), donated (status: active → donated), recycled (status: active → deactivated with recycling documentation), or returned (status: active → returned)",[200,896,897,900],{},[18,898,899],{},"Retain the lifecycle history"," for the regulatory retention period",[32,902,904],{"id":903},"the-dpp-as-destruction-audit-trail","The DPP as Destruction Audit Trail",[12,906,907,908,911,912,915,916,915,919,915,922,925,926,928],{},"A properly implemented DPP system with unit-level lifecycle tracking is simultaneously a destruction-ban compliance tool. The ",[641,909,910],{},"dppStatus"," field in an ESPR-compliant DPP can hold values: ",[641,913,914],{},"active",", ",[641,917,918],{},"deactivated",[641,920,921],{},"destroyed",[641,923,924],{},"remanufactured",". The ",[641,927,918],{}," status with an accompanying disposal record (recycling certificate, donation confirmation) is the evidentiary basis for demonstrating compliance with the destruction ban.",[12,930,931],{},"Brands that implement DPPs at the unit level — rather than the model level — get the destruction ban audit trail as a side effect of compliance with the DPP mandate. Brands that implement DPPs at the model level (one DPP for all units of a SKU) do not.",[12,933,934],{},"The choice between model-level and unit-level DPP implementation is a strategic compliance decision, not just a technical one.",[559,936],{},[12,938,939],{},[564,940,941,942,570,946,949],{},"PassportLab supports granularity levels: MODEL, BATCH, and ITEM (unit-level). ",[72,943,945],{"href":944},"\u002Ffeatures","See the granularity options",[72,947,948],{"href":573},"talk to our compliance team"," about unit-level implementation for your product range.",{"title":577,"searchDepth":578,"depth":578,"links":951},[952,953,954,955],{"id":823,"depth":578,"text":824},{"id":854,"depth":578,"text":855},{"id":867,"depth":578,"text":868},{"id":903,"depth":578,"text":904},"Compliance","2026-02-20","The EU prohibition on destroying unsold goods requires traceability at the unit level — not just a QR code on the label. Brands without unit-level lifecycle tracking are not compliant.",{},"\u002Farticles\u002Feu-destruction-ban-qr-code-wont-save-your-brand",6,{"title":812,"description":958},"articles\u002Feu-destruction-ban-qr-code-wont-save-your-brand",[965,966,956,967],"Destruction Ban","Textiles","Unit-Level Tracking","MM9vbo-vO0M6oLGMLIUP5bjtpQ5aEW42D5w41teAimk",{"id":970,"title":971,"author":7,"body":972,"category":1134,"date":1135,"description":1136,"draft":593,"extension":594,"locale":595,"meta":1137,"navigation":597,"path":1138,"readingTime":1139,"seo":1140,"stem":1141,"tags":1142,"thumbnail":577,"__hash__":1146},"articles\u002Farticles\u002Fnext-two-years-redefine-fashion-europe.md","The Next Two Years Will Redefine Fashion in Europe",{"type":9,"value":973,"toc":1127},[974,977,980,984,987,990,1034,1037,1041,1044,1047,1053,1057,1060,1063,1067,1070,1073,1077,1080,1083,1109,1112,1114],[12,975,976],{},"The EU Textile Strategy is not a single regulation. It is a layered stack of obligations that will land between 2025 and 2028, each one individually manageable, but collectively transformative for how fashion brands operate in the European market.",[12,978,979],{},"Brands treating these as separate compliance projects — one team on DPPs, another on the destruction ban, a third on EPR — are creating internal fragmentation that will cost them twice over. The data requirements overlap significantly. The infrastructure to satisfy all of them is largely the same.",[32,981,983],{"id":982},"the-textile-dpp-timeline","The Textile DPP Timeline",[12,985,986],{},"Textile products will be among the first non-battery categories required to carry Digital Product Passports under ESPR. The current Commission timeline puts textile DPP mandates between 2026 and 2028, depending on product category (apparel first, then home textiles, then technical textiles).",[12,988,989],{},"The required fields for textile DPPs include:",[197,991,992,998,1004,1010,1016,1022,1028],{},[200,993,994,997],{},[18,995,996],{},"Fibre composition"," by percentage and type, including blends",[200,999,1000,1003],{},[18,1001,1002],{},"Country of origin"," for each major manufacturing stage (weaving, dyeing, finishing, assembly)",[200,1005,1006,1009],{},[18,1007,1008],{},"Chemical treatments"," including REACH-relevant substances",[200,1011,1012,1015],{},[18,1013,1014],{},"Durability indicators",": wash cycles before degradation, repairability rating",[200,1017,1018,1021],{},[18,1019,1020],{},"Care and end-of-life instructions"," in all official EU languages",[200,1023,1024,1027],{},[18,1025,1026],{},"Recycled content"," percentage with supporting documentation",[200,1029,1030,1033],{},[18,1031,1032],{},"Restricted substances"," declaration per REACH Annex XVII",[12,1035,1036],{},"This data does not exist in a single system for most fashion brands. It is distributed across suppliers, technical data sheets, certifications, and ERP records — often in incompatible formats.",[32,1038,1040],{"id":1039},"the-destruction-ban-the-overlooked-deadline","The Destruction Ban: The Overlooked Deadline",[12,1042,1043],{},"The EU prohibition on the destruction of unsold textiles comes into force for large enterprises in 2025 and extends to SMEs in 2026. It requires brands to demonstrate what happened to every unit of unsold stock — return to supplier, donation, recycling, or other approved disposition.",[12,1045,1046],{},"This is a traceability requirement, not just a policy one. Brands need to be able to show, at the unit level, that no textiles were destroyed. The data infrastructure for this overlaps significantly with DPP infrastructure: unique product identifiers, lifecycle status tracking, and chain-of-custody records.",[12,1048,1049,1050,1052],{},"A DPP platform that tracks ",[641,1051,910],{}," (active\u002Fdeactivated\u002Fdestroyed\u002Fremanufactured) at the unit level is simultaneously a destruction-ban compliance tool and a DPP compliance tool. These are not separate systems — they are the same record with different reporting outputs.",[32,1054,1056],{"id":1055},"the-microplastics-dimension","The Microplastics Dimension",[12,1058,1059],{},"Synthetic textiles shed microplastics during washing. The EU is moving toward mandatory pre-wash filtration requirements and labelling obligations for synthetic fibre products. The labelling obligation will require a standardised disclosure on the product — and that disclosure will need to appear in the product's DPP.",[12,1061,1062],{},"For brands selling polyester, nylon, acrylic, or blended synthetics, the microplastics disclosure will add another required field to the DPP. This is not yet in force, but brands setting up their DPP infrastructure now should build for it.",[32,1064,1066],{"id":1065},"extended-producer-responsibility-the-financial-piece","Extended Producer Responsibility: The Financial Piece",[12,1068,1069],{},"EU Extended Producer Responsibility (EPR) for textiles requires brands to fund the collection and recycling of end-of-life textiles. Registration with national EPR schemes and contribution to recycling funds is already mandatory in France (TLC scheme) and expanding to other member states.",[12,1071,1072],{},"EPR contributions are calculated based on products placed on the market — by weight, volume, and category. The data infrastructure for calculating EPR contributions is essentially the same as the data infrastructure for DPPs: product-level records with composition, weight, and category data.",[32,1074,1076],{"id":1075},"the-integrated-data-model","The Integrated Data Model",[12,1078,1079],{},"The common thread across DPP, destruction ban, microplastics disclosure, and EPR is product-level data with lifecycle tracking. Brands that build this infrastructure once — and design it to serve multiple regulatory outputs — will have a significant cost advantage over brands that build four separate compliance systems.",[12,1081,1082],{},"The practical architecture:",[741,1084,1085,1091,1097,1103],{},[200,1086,1087,1090],{},[18,1088,1089],{},"Product master record"," with fibre composition, country of origin, chemical treatments, weight",[200,1092,1093,1096],{},[18,1094,1095],{},"Unit-level tracking"," with unique serial identifiers (GS1 SGTIN or RAIN RFID)",[200,1098,1099,1102],{},[18,1100,1101],{},"Lifecycle status"," (manufactured → sold → returned → recycled\u002Fdonated\u002Fdestroyed)",[200,1104,1105,1108],{},[18,1106,1107],{},"Compliance output layer"," that generates DPP JSON, EPR reports, destruction records, and microplastics disclosures from the same underlying data",[12,1110,1111],{},"This is what \"compliance infrastructure\" means — not four systems, one system with four outputs.",[559,1113],{},[12,1115,1116],{},[564,1117,1118,1119,570,1123,1126],{},"PassportLab supports textile DPP fields, lifecycle status tracking, and EPR-compatible data exports. ",[72,1120,1122],{"href":1121},"\u002Fdigital-product-passport\u002Ftextiles","See the textile DPP requirements",[72,1124,1125],{"href":573},"book a session"," with our compliance team.",{"title":577,"searchDepth":578,"depth":578,"links":1128},[1129,1130,1131,1132,1133],{"id":982,"depth":578,"text":983},{"id":1039,"depth":578,"text":1040},{"id":1055,"depth":578,"text":1056},{"id":1065,"depth":578,"text":1066},{"id":1075,"depth":578,"text":1076},"Industry","2026-02-03","Between the Textile DPP mandate, the destruction ban on unsold goods, and the microplastics regulation, European fashion brands face a structural compliance transformation — not a single deadline.",{},"\u002Farticles\u002Fnext-two-years-redefine-fashion-europe",8,{"title":971,"description":1136},"articles\u002Fnext-two-years-redefine-fashion-europe",[966,1143,806,1144,1145],"Fashion","EU Regulation","Sustainability","j38X_nuZgBNKqqai2jfbKiWJK86AUNd8RCoi9bdjNkU",{"id":1148,"title":1149,"author":7,"body":1150,"category":1388,"date":1389,"description":1390,"draft":593,"extension":594,"locale":595,"meta":1391,"navigation":597,"path":1392,"readingTime":1393,"seo":1394,"stem":1395,"tags":1396,"thumbnail":577,"__hash__":1400},"articles\u002Farticles\u002Fecommerce-stack-best-compliance-tool.md","Your E-Commerce Stack Is Your Best Compliance Tool — If You Wire It Correctly",{"type":9,"value":1151,"toc":1381},[1152,1155,1159,1162,1200,1203,1229,1232,1236,1239,1313,1316,1320,1323,1326,1330,1333,1353,1356,1360,1363,1366,1368],[12,1153,1154],{},"Most e-commerce brands have more of the data required for a Digital Product Passport than they realise. The product name, SKU, materials description, country of origin, and supplier information already live somewhere in their Shopify store, WooCommerce database, or ERP system. The DPP compliance gap is not primarily a data gap — it is a wiring gap.",[32,1156,1158],{"id":1157},"what-your-stack-already-has","What Your Stack Already Has",[12,1160,1161],{},"A typical mid-sized importer running Shopify or WooCommerce with a connected ERP has:",[197,1163,1164,1170,1176,1182,1188,1194],{},[200,1165,1166,1169],{},[18,1167,1168],{},"Product metadata"," (title, description, SKU, variants) — Shopify\u002FWooCommerce",[200,1171,1172,1175],{},[18,1173,1174],{},"Supplier information"," (manufacturer name, country of origin) — usually in the ERP or as product metafields",[200,1177,1178,1181],{},[18,1179,1180],{},"Material composition"," (fabric content, component breakdown) — often in product descriptions or technical sheets, not structured data",[200,1183,1184,1187],{},[18,1185,1186],{},"Product images"," — Shopify CDN \u002F WooCommerce media library",[200,1189,1190,1193],{},[18,1191,1192],{},"Weight and dimensions"," — Shopify\u002FWooCommerce",[200,1195,1196,1199],{},[18,1197,1198],{},"Customs classification"," (HS code) — usually in the ERP for import compliance",[12,1201,1202],{},"What your stack probably does not have, structured:",[197,1204,1205,1211,1217,1223],{},[200,1206,1207,1210],{},[18,1208,1209],{},"Carbon footprint per unit"," — requires calculation, not just storage",[200,1212,1213,1216],{},[18,1214,1215],{},"Recycled material content percentages"," — must come from supplier data, often not digitised",[200,1218,1219,1222],{},[18,1220,1221],{},"End-of-life instructions in machine-readable form"," — usually locked in PDF manuals",[200,1224,1225,1228],{},[18,1226,1227],{},"Repair and spare parts availability"," — may be in a separate system or not tracked at all",[12,1230,1231],{},"The first group — data you already have — can be synced to a DPP platform automatically. The second group requires a deliberate supplier data collection exercise.",[32,1233,1235],{"id":1234},"how-shopify-sync-works-in-practice","How Shopify Sync Works in Practice",[12,1237,1238],{},"PassportLab's Shopify integration pulls products via the Admin API and creates a draft DPP for each variant. The sync maps:",[243,1240,1241,1251],{},[246,1242,1243],{},[249,1244,1245,1248],{},[252,1246,1247],{},"Shopify field",[252,1249,1250],{},"DPP field",[265,1252,1253,1263,1271,1279,1289,1297,1305],{},[249,1254,1255,1258],{},[270,1256,1257],{},"Product title",[270,1259,1260],{},[641,1261,1262],{},"productName",[249,1264,1265,1268],{},[270,1266,1267],{},"Product type",[270,1269,1270],{},"Category (with manual confirmation)",[249,1272,1273,1276],{},[270,1274,1275],{},"Vendor",[270,1277,1278],{},"Manufacturer",[249,1280,1281,1284],{},[270,1282,1283],{},"Country of origin (metafield)",[270,1285,1286],{},[641,1287,1288],{},"originCountry",[249,1290,1291,1294],{},[270,1292,1293],{},"Body HTML (cleaned)",[270,1295,1296],{},"Materials description",[249,1298,1299,1302],{},[270,1300,1301],{},"Weight",[270,1303,1304],{},"Physical dimensions",[249,1306,1307,1310],{},[270,1308,1309],{},"Custom metafields",[270,1311,1312],{},"Any structured DPP field",[12,1314,1315],{},"The sync creates DPPs in draft status. You review and complete the missing fields — primarily the supplier-provided data — before publishing. This approach means you are not starting from a blank form; you are filling gaps in a pre-populated record.",[32,1317,1319],{"id":1318},"the-woocommerce-path","The WooCommerce Path",[12,1321,1322],{},"WooCommerce integration works similarly via the REST API. Because WooCommerce product attributes are more flexible than Shopify metafields, there is more room to pre-populate DPP fields directly from product attributes if your catalogue uses consistent naming.",[12,1324,1325],{},"If you are importing products from a CSV or XML feed, PassportLab also supports direct CSV\u002FXML import with a field mapping UI. This is useful for brands that manage product data in a spreadsheet rather than a live e-commerce platform.",[32,1327,1329],{"id":1328},"what-still-requires-human-input","What Still Requires Human Input",[12,1331,1332],{},"No integration can automate the compliance-critical fields that require supplier documentation:",[197,1334,1335,1341,1347],{},[200,1336,1337,1340],{},[18,1338,1339],{},"Battery regulation fields"," (Annex XIII): carbon footprint per kWh, recycled content percentages, state of health methodology, responsible sourcing certificates",[200,1342,1343,1346],{},[18,1344,1345],{},"Textile fields",": composition by fibre, chemical treatments, restricted substances",[200,1348,1349,1352],{},[18,1350,1351],{},"Electronics fields",": hazardous substance declarations, repair scores, spare parts availability",[12,1354,1355],{},"These fields require a supplier data collection workflow. PassportLab's supplier invite feature lets you send a scoped data request directly to your supplier's contact email. They fill in a structured form — no account required — and the data flows into the DPP. This is the fastest path to getting supplier-provided fields completed without building a custom procurement integration.",[32,1357,1359],{"id":1358},"the-integration-payoff","The Integration Payoff",[12,1361,1362],{},"Once your Shopify or WooCommerce catalogue is synced and your suppliers have submitted their data, generating a compliant DPP becomes a one-click operation per product variant. Updates to existing DPPs (new supplier certifications, material changes) can be pushed from your e-commerce platform via webhook without manual intervention.",[12,1364,1365],{},"The brands that implement this wiring before the 2027 deadline will be able to respond to new regulatory categories by running a sync and completing supplier data requests — rather than rebuilding their compliance infrastructure from scratch.",[559,1367],{},[12,1369,1370],{},[564,1371,1372,1373,570,1377,1380],{},"Connect your Shopify or WooCommerce store in minutes. ",[72,1374,1376],{"href":1375},"\u002Fhow-it-works","See how the integration works",[72,1378,1379],{"href":573},"book a walkthrough",".",{"title":577,"searchDepth":578,"depth":578,"links":1382},[1383,1384,1385,1386,1387],{"id":1157,"depth":578,"text":1158},{"id":1234,"depth":578,"text":1235},{"id":1318,"depth":578,"text":1319},{"id":1328,"depth":578,"text":1329},{"id":1358,"depth":578,"text":1359},"Integration","2026-01-14","Shopify, WooCommerce, and ERP data already contain most of the fields a DPP requires. The compliance gap is not data — it is the wiring between your existing stack and the regulatory output.",{},"\u002Farticles\u002Fecommerce-stack-best-compliance-tool",7,{"title":1149,"description":1390},"articles\u002Fecommerce-stack-best-compliance-tool",[1397,1398,1388,1399,805],"Shopify","WooCommerce","E-Commerce","dA-bfccqS57Bk8q2TLMbKH2x9W_rf4JNIbMmypPqVAI",{"id":1402,"title":1403,"author":7,"body":1404,"category":1559,"date":1560,"description":1561,"draft":593,"extension":594,"locale":595,"meta":1562,"navigation":597,"path":1563,"readingTime":961,"seo":1564,"stem":1565,"tags":1566,"thumbnail":577,"__hash__":1569},"articles\u002Farticles\u002Fdeath-of-the-static-pdf.md","Death of the Static PDF: Why DPPs Cannot Be Documents",{"type":9,"value":1405,"toc":1552},[1406,1409,1412,1416,1419,1430,1433,1437,1440,1443,1447,1450,1472,1475,1479,1482,1491,1497,1503,1508,1514,1518,1521,1535,1538,1540],[12,1407,1408],{},"A significant fraction of the \"DPP solutions\" being marketed to brands in 2025 are, at their core, PDF generators with a QR code on top. The QR code links to a hosted PDF. The PDF contains the product data. Someone, somewhere, reads the PDF and decides whether the product is compliant.",[12,1410,1411],{},"This approach fails at every layer of the ESPR technical specification. Here is why, and what a DPP actually needs to be.",[32,1413,1415],{"id":1414},"the-pdf-cannot-be-verified","The PDF Cannot Be Verified",[12,1417,1418],{},"ESPR requires that DPP data be cryptographically verifiable. Specifically, the data must carry a verifiable credential (W3C Verifiable Credentials 2.0) signed by the economic operator using a key registered under their legal entity identity. A customs officer or market surveillance authority must be able to verify that:",[741,1420,1421,1424,1427],{},[200,1422,1423],{},"The data was issued by the organisation claiming to issue it",[200,1425,1426],{},"The data has not been modified since issuance",[200,1428,1429],{},"The issuing organisation is the legitimate economic operator for this product",[12,1431,1432],{},"A PDF cannot carry a W3C VC. A PDF cannot be verified by an automated system. A PDF requires a human to read it, which does not scale to the volume of products crossing EU borders.",[32,1434,1436],{"id":1435},"the-pdf-cannot-be-queried","The PDF Cannot Be Queried",[12,1438,1439],{},"EU customs pre-filing systems, market surveillance tools, and retail compliance platforms all query DPP data programmatically. They call a REST endpoint, receive JSON, and check specific fields against required values. A PDF has no queryable API. It cannot be integrated into import declaration systems. It cannot be cross-referenced with the EU Common Information Repository.",[12,1441,1442],{},"The ESPR technical specification requires that the DPP endpoint return machine-readable JSON. The GS1 Digital Link standard specifies how the URL should be structured. The CIRPASS-2 interoperability format specifies what the JSON must contain. None of these requirements can be satisfied by a PDF.",[32,1444,1446],{"id":1445},"the-pdf-is-static-dpps-must-be-dynamic","The PDF Is Static — DPPs Must Be Dynamic",[12,1448,1449],{},"A DPP is not a point-in-time document. It is a living record. Under ESPR, the DPP must be updated when:",[197,1451,1452,1458,1463,1466,1469],{},[200,1453,1454,1455,1457],{},"The product is repaired or remanufactured (status changes to ",[641,1456,924],{},")",[200,1459,1460,1461,1457],{},"The product is destroyed (status changes to ",[641,1462,921],{},[200,1464,1465],{},"The product model is discontinued (triggers 10-year retention clock)",[200,1467,1468],{},"Recycled content percentages change due to supply chain adjustments",[200,1470,1471],{},"A conformity certificate is renewed or revoked",[12,1473,1474],{},"None of these updates can be reflected in a static PDF without reissuing the entire document and invalidating all the existing QR codes in the field. A DPP must be a live data record with a stable URL that always returns current data — not a document frozen at issuance time.",[32,1476,1478],{"id":1477},"what-a-compliant-dpp-actually-needs","What a Compliant DPP Actually Needs",[12,1480,1481],{},"A compliant DPP requires:",[12,1483,1484,1487,1488,1490],{},[18,1485,1486],{},"A stable, resolvable URL"," — the GS1 Digital Link format ",[641,1489,643],{}," is the preferred form. The URL must resolve for the lifetime of the product plus 10 years after discontinuation.",[12,1492,1493,1496],{},[18,1494,1495],{},"Machine-readable JSON at that URL"," — conforming to the ESPR delegated act schema for the product category. For batteries, this means Annex XIII fields. For textiles, the relevant delegated act fields.",[12,1498,1499,1502],{},[18,1500,1501],{},"A W3C Verifiable Credential"," — signed by the economic operator's DID (Decentralised Identifier), using Ed25519 or similar algorithm. The credential must be verifiable against the issuer's published DID document.",[12,1504,1505,1507],{},[18,1506,379],{}," — the product's unique identifier must be registered in the EU Common Information Repository so discovery tools can find the authoritative data endpoint.",[12,1509,1510,1513],{},[18,1511,1512],{},"Selective Disclosure capability"," — some fields in the DPP are public (basic product data), others are restricted (B2B supply chain data visible only to authorised parties). SD-JWT format allows field-level access control without invalidating the credential.",[32,1515,1517],{"id":1516},"the-time-to-switch-is-before-enforcement","The Time to Switch Is Before Enforcement",[12,1519,1520],{},"If your current DPP solution produces PDFs, the time to replace it is before the 2027 battery DPP deadline, not after. Migration from a PDF-based approach requires:",[741,1522,1523,1526,1529,1532],{},[200,1524,1525],{},"Re-creating all DPP records in a compliant JSON format",[200,1527,1528],{},"Re-issuing cryptographic credentials for all products",[200,1530,1531],{},"Re-registering all products with the EU CIR",[200,1533,1534],{},"Re-distributing QR codes that resolve to the new endpoints (or setting up redirect infrastructure from old QR codes)",[12,1536,1537],{},"This is significant operational work. It is much less significant if done proactively than if triggered by a customs rejection at the border.",[559,1539],{},[12,1541,1542],{},[564,1543,1544,1545,570,1549,1380],{},"PassportLab generates cryptographically signed, W3C VC 2.0 compliant DPPs with GS1 Digital Link resolution and EU CIR registration. ",[72,1546,1548],{"href":1547},"\u002Fdevelopers","See the technical details",[72,1550,1551],{"href":568},"generate a compliant DPP now",{"title":577,"searchDepth":578,"depth":578,"links":1553},[1554,1555,1556,1557,1558],{"id":1414,"depth":578,"text":1415},{"id":1435,"depth":578,"text":1436},{"id":1445,"depth":578,"text":1446},{"id":1477,"depth":578,"text":1478},{"id":1516,"depth":578,"text":1517},"Technical","2025-12-01","Many brands are treating their Digital Product Passport as a sophisticated PDF. This approach is not just incomplete — it is fundamentally incompatible with how DPP verification actually works.",{},"\u002Farticles\u002Fdeath-of-the-static-pdf",{"title":1403,"description":1561},"articles\u002Fdeath-of-the-static-pdf",[805,1559,1567,1568],"W3C VC","Cryptographic Signing","iy0aTTLKkEyWlIyKnz2pbRxlAg7Er7kVwwXadmw2TKw",{"id":1571,"title":1572,"author":7,"body":1573,"category":1717,"date":1718,"description":1719,"draft":593,"extension":594,"locale":595,"meta":1720,"navigation":597,"path":1721,"readingTime":1722,"seo":1723,"stem":1724,"tags":1725,"thumbnail":577,"__hash__":1730},"articles\u002Farticles\u002Fno-dpp-registry-is-authoritative-yet.md","No DPP Registry Is Authoritative Yet — And That's the Problem",{"type":9,"value":1574,"toc":1711},[1575,1578,1581,1585,1588,1591,1620,1624,1630,1633,1636,1640,1643,1646,1653,1657,1660,1663,1695,1698,1700],[12,1576,1577],{},"If you have been trying to understand where to register your Digital Product Passports, you have probably encountered a confusing landscape: the EU Common Information Repository (EU CIR), GS1 Digital Link, IDTA Asset Administration Shell, CIRPASS-2 interoperability framework, and half a dozen national registry initiatives. Each claims to be the right answer. None is yet the authoritative one.",[12,1579,1580],{},"This matters practically because the DPP you create today needs to be discoverable by EU customs and market surveillance authorities in 2027. If you register in the wrong place — or only one place — you may need to redo the work.",[32,1582,1584],{"id":1583},"the-eu-cir-still-a-pilot","The EU CIR: Still a Pilot",[12,1586,1587],{},"The EU Common Information Repository is the Commission's preferred long-term registry model. It provides a central index of DPP identifiers, so any ESPR-compliant resolver can locate the authoritative data endpoint for a given product. But as of mid-2025, the CIR is still running in pilot phase with selected industry partners. Full production operation is expected in 2026, concurrent with the first battery DPP mandates.",[12,1589,1590],{},"What this means: you can register with the EU CIR now (if you are a pilot participant or use a platform that is), but you cannot rely on CIR registration alone to satisfy the full ESPR discovery requirement. The CIR may also change its API schema between pilot and production.",[12,1592,1593,1594,1597,1598,1601,1602,1605,1606,915,1609,915,1612,1615,1616,1619],{},"The CIRPASS-2 registration format — which PassportLab implements — uses ",[641,1595,1596],{},"POST \u002Fmetadata\u002Fv1\u002FregisterDPP"," with fields including ",[641,1599,1600],{},"upi"," (unique product identifier), ",[641,1603,1604],{},"reoId"," (economic operator EORI), ",[641,1607,1608],{},"liveURL",[641,1610,1611],{},"backupURL",[641,1613,1614],{},"granularityLevel",", and ",[641,1617,1618],{},"facilitiesId",". This format is designed to be forward-compatible with the expected EU CIR production schema.",[32,1621,1623],{"id":1622},"gs1-digital-link-the-de-facto-standard","GS1 Digital Link: The De Facto Standard",[12,1625,1626,1627,1629],{},"GS1 Digital Link is not a registry — it is a URL syntax standard that encodes GTIN, serial number, and other GS1 identifiers into a resolvable URL. The format ",[641,1628,643],{}," is already widely adopted in retail and logistics, and ESPR delegated acts reference it explicitly for physical product identification.",[12,1631,1632],{},"GS1 Germany (a PassportLab partner) operates a resolver infrastructure that can redirect GS1 Digital Link URLs to any registered endpoint. If your product has a GTIN, registering with GS1 is effectively mandatory — not because the regulation says so, but because supply chain partners (retailers, logistics providers, customs pre-filing systems) increasingly expect it.",[12,1634,1635],{},"GS1 Digital Link is the best-supported path to physical product identification today. It is not, however, a full DPP registry. It does not store your DPP data — it resolves to where your data is hosted.",[32,1637,1639],{"id":1638},"idta-aas-the-industrial-track","IDTA AAS: The Industrial Track",[12,1641,1642],{},"The Industrial Digital Twin Association (IDTA) Asset Administration Shell format is primarily used in industrial supply chains — machinery, automotive, industrial electronics. If you supply Tier 1 manufacturers in Germany, France, or Italy, there is a growing expectation that your product DPP will be expressible as an AAS submodel.",[12,1644,1645],{},"The ESPR regulations do not mandate AAS format, but the IDTA has working groups aligning AAS submodels with ESPR data requirements. For industrial product manufacturers, AAS compatibility will likely become a commercial requirement from large buyers before it becomes a regulatory one.",[12,1647,1648,1649,1652],{},"PassportLab generates AAS-compatible JSON at ",[641,1650,1651],{},"GET \u002Fpublic\u002Fdpp\u002F{code}\u002Faas.json"," covering Nameplate, TechnicalData, CarbonFootprint, Circularity, and EnergyConsumption submodels. This is available today for products where the data fields are populated.",[32,1654,1656],{"id":1655},"the-practical-answer-multi-registry-resilience","The Practical Answer: Multi-Registry Resilience",[12,1658,1659],{},"Given the fragmented registry landscape, the pragmatic approach is not to pick one and hope it wins. It is to structure your DPP so it can be registered in multiple places simultaneously without creating conflicting records.",[12,1661,1662],{},"The key requirements for multi-registry registration:",[741,1664,1665,1671,1677,1683,1689],{},[200,1666,1667,1670],{},[18,1668,1669],{},"Stable canonical URL:"," your DPP must have a URL that will not change. This is your primary endpoint. Every registry points here.",[200,1672,1673,1676],{},[18,1674,1675],{},"Backup URL:"," a secondary endpoint that serves identical data if the primary is unreachable. Required by CIRPASS-2, recommended by ESPR.",[200,1678,1679,1682],{},[18,1680,1681],{},"GS1 Digital Link:"," if your product has a GTIN, register the resolver redirect. This is the lowest friction path for supply chain discovery.",[200,1684,1685,1688],{},[18,1686,1687],{},"EU CIR:"," register as soon as the production API is stable, using the CIRPASS-2 format. If you use a platform that already has EU CIR pilot access, register now.",[200,1690,1691,1694],{},[18,1692,1693],{},"AAS endpoint:"," if your supply chain includes industrial buyers, expose the AAS submodels now. Retrofitting this later is expensive.",[12,1696,1697],{},"The question is not \"which registry?\" — it is \"how do I stay registered across all of them as the landscape settles?\"",[559,1699],{},[12,1701,1702],{},[564,1703,1704,1705,570,1708,1380],{},"PassportLab registers DPPs with the EU CIR (CIRPASS-2 format), GS1 Digital Link, and generates AAS submodels automatically. ",[72,1706,1707],{"href":1547},"See our registry documentation",[72,1709,1710],{"href":568},"start with a free DPP",{"title":577,"searchDepth":578,"depth":578,"links":1712},[1713,1714,1715,1716],{"id":1583,"depth":578,"text":1584},{"id":1622,"depth":578,"text":1623},{"id":1638,"depth":578,"text":1639},{"id":1655,"depth":578,"text":1656},"Standards","2025-11-08","The EU Common Information Repository (EU CIR) is still in pilot phase. GS1, IDTA, and CIRPASS-2 each have competing registry models. Where should importers register their DPPs today?",{},"\u002Farticles\u002Fno-dpp-registry-is-authoritative-yet",9,{"title":1572,"description":1719},"articles\u002Fno-dpp-registry-is-authoritative-yet",[1726,1727,1728,1729,1717],"Registry","EU CIR","GS1","CIRPASS-2","7cbTmMxrHuy70lbNfha0Fy1vuMVfjCdgEm9E_fH5gwo",{"id":1732,"title":1733,"author":7,"body":1734,"category":1559,"date":1900,"description":1901,"draft":593,"extension":594,"locale":595,"meta":1902,"navigation":597,"path":1903,"readingTime":1139,"seo":1904,"stem":1905,"tags":1906,"thumbnail":577,"__hash__":1910},"articles\u002Farticles\u002Fdpp-when-the-server-goes-down.md","DPP When the Server Goes Down: Hosting Obligations Under ESPR",{"type":9,"value":1735,"toc":1894},[1736,1743,1746,1750,1753,1767,1770,1774,1777,1780,1806,1810,1813,1835,1838,1842,1845,1877,1880,1882],[12,1737,1738,1739,1742],{},"There is a clause buried in ESPR Article 9(2)(i) that most importers and brands have not fully processed yet: the obligation to guarantee DPP data availability for ",[18,1740,1741],{},"10 years"," after a product model is discontinued.",[12,1744,1745],{},"This is not a soft requirement. It is a hard legal obligation on the economic operator who places the product on the EU market. If the DPP endpoint returns a 404 five years from now — because your SaaS provider was acquired, pivoted, or went bankrupt — you are in breach. Not your provider. You.",[32,1747,1749],{"id":1748},"what-availability-actually-means","What \"Availability\" Actually Means",[12,1751,1752],{},"The ESPR delegated acts are explicit about what availability means in practice. It means:",[197,1754,1755,1758,1761,1764],{},[200,1756,1757],{},"The DPP URL must resolve and return the required data fields",[200,1759,1760],{},"The GS1 Digital Link resolver must point to a live endpoint",[200,1762,1763],{},"The EU Common Information Repository record must be active and current",[200,1765,1766],{},"The cryptographic credential (W3C VC 2.0) must be verifiable against the issuer's DID document",[12,1768,1769],{},"All four of these require active infrastructure. QR codes printed on physical products five years ago must still work. This is a fundamentally different obligation than keeping a PDF in a file drawer.",[32,1771,1773],{"id":1772},"the-saas-vendor-risk-nobody-talks-about","The SaaS Vendor Risk Nobody Talks About",[12,1775,1776],{},"When you choose a DPP platform, you are not just choosing software. You are delegating a 10-year hosting obligation to a third party. That third party has its own venture capital timeline, its own acquisition risk, and its own infrastructure decisions.",[12,1778,1779],{},"The risk questions to ask any DPP vendor:",[741,1781,1782,1788,1794,1800],{},[200,1783,1784,1787],{},[18,1785,1786],{},"Where is the data hosted?"," EU-based servers are required for many product categories under GDPR and emerging ESPR data residency guidance. \"EU region\" on a US cloud provider is different from EU-controlled infrastructure.",[200,1789,1790,1793],{},[18,1791,1792],{},"What is the data export policy?"," Can you export your full DPP dataset in machine-readable form at any time, without losing the cryptographic signatures? Or does export break the chain of custody?",[200,1795,1796,1799],{},[18,1797,1798],{},"What happens to your DPPs if you cancel the contract?"," A 30-day notice period is not compatible with a 10-year hosting obligation. You need contractual continuity provisions.",[200,1801,1802,1805],{},[18,1803,1804],{},"Is there a backup URL?"," CIRPASS-2 interoperability guidance recommends registering a backup resolution URL for every DPP. If your primary provider is unreachable, the backup must serve the same data.",[32,1807,1809],{"id":1808},"the-espr-data-retention-model-in-practice","The ESPR Data Retention Model in Practice",[12,1811,1812],{},"PassportLab implements the 10-year retention model by:",[197,1814,1815,1822,1829,1832],{},[200,1816,1817,1818,1821],{},"Recording the ",[641,1819,1820],{},"discontinuation_date"," at the product model level",[200,1823,1824,1825,1828],{},"Auto-computing ",[641,1826,1827],{},"retention_expires_at"," as discontinuation date + 10 years",[200,1830,1831],{},"Flagging products for archival review when they approach expiry, rather than silently removing them",[200,1833,1834],{},"Supporting backup URL registration in the CIRPASS-2 registry format so a secondary endpoint can serve data if the primary is unavailable",[12,1836,1837],{},"The backup URL field is not optional infrastructure — it is the difference between a compliant DPP lifecycle and an undiscoverable compliance gap five years from now.",[32,1839,1841],{"id":1840},"what-you-should-require-in-your-dpp-contract","What You Should Require in Your DPP Contract",[12,1843,1844],{},"Minimum contractual protections for a 10-year hosting obligation:",[197,1846,1847,1853,1859,1865,1871],{},[200,1848,1849,1852],{},[18,1850,1851],{},"Data portability clause:"," full export within 30 days of request, in ESPR-compliant JSON format with verifiable credentials intact",[200,1854,1855,1858],{},[18,1856,1857],{},"EU data residency clause:"," explicit commitment to EU-based infrastructure for the full retention period",[200,1860,1861,1864],{},[18,1862,1863],{},"Continuity clause:"," obligation to give 180 days notice before service termination, with a defined migration path",[200,1866,1867,1870],{},[18,1868,1869],{},"Backup endpoint clause:"," platform provides a CIRPASS-2-compatible backup URL for each DPP",[200,1872,1873,1876],{},[18,1874,1875],{},"SLA with teeth:"," uptime guarantee of at least 99.9% with financial remedy for breaches",[12,1878,1879],{},"If your current DPP provider cannot meet these terms, that is useful information to have before the 2027 deadline, not after.",[559,1881],{},[12,1883,1884],{},[564,1885,1886,1887,570,1890,1893],{},"PassportLab is EU-hosted (Elsdorf, Germany) with contractual data portability and CIRPASS-2 backup URL support built in. ",[72,1888,1889],{"href":1375},"See how it works",[72,1891,1892],{"href":573},"book a call"," to discuss your specific hosting requirements.",{"title":577,"searchDepth":578,"depth":578,"links":1895},[1896,1897,1898,1899],{"id":1748,"depth":578,"text":1749},{"id":1772,"depth":578,"text":1773},{"id":1808,"depth":578,"text":1809},{"id":1840,"depth":578,"text":1841},"2025-10-02","ESPR Article 9(2)(i) requires DPP data to remain accessible for 10 years after a product model is discontinued. What happens when your DPP provider shuts down or gets acquired?",{},"\u002Farticles\u002Fdpp-when-the-server-goes-down",{"title":1733,"description":1901},"articles\u002Fdpp-when-the-server-goes-down",[806,1907,1908,1909],"Data Hosting","Reliability","EU Compliance","1swcEviH5AErJ3KlCIvakAkk3oct0oscwCUk6rel_tU",{"id":1912,"title":1913,"author":7,"body":1914,"category":956,"date":2034,"description":2035,"draft":593,"extension":594,"locale":595,"meta":2036,"navigation":597,"path":2037,"readingTime":1393,"seo":2038,"stem":2039,"tags":2040,"thumbnail":577,"__hash__":2042},"articles\u002Farticles\u002Fthe-100-day-compliance-cliff.md","The 100-Day Compliance Cliff: Why Importers Are Running Out of Time",{"type":9,"value":1915,"toc":2028},[1916,1919,1922,1926,1929,1961,1964,1968,1971,1974,1978,1981,1984,1988,1994,2000,2006,2012,2015,2017],[12,1917,1918],{},"Most importers think about EU compliance in annual cycles — one audit, one filing season, one scramble per year. The Digital Product Passport changes that model entirely.",[12,1920,1921],{},"Under ESPR (Ecodesign for Sustainable Products Regulation), the DPP is not a report you file once. It is a live data object attached to every product you place on the EU market, available to authorities, customs, market surveillance, and consumers in near-real-time. The clock starts the moment product hits the border.",[32,1923,1925],{"id":1924},"why-100-days-is-the-real-number","Why 100 Days Is the Real Number",[12,1927,1928],{},"The first product categories under the battery regulation become subject to DPP requirements in February 2027. That sounds like a year away. But working backwards through the compliance chain:",[197,1930,1931,1937,1943,1949,1955],{},[200,1932,1933,1936],{},[18,1934,1935],{},"30 days"," to get your DPP hosting infrastructure audited and registered with an EU-recognised registry",[200,1938,1939,1942],{},[18,1940,1941],{},"21 days"," for a typical supplier to gather and transmit the required Annex XIII battery data (carbon footprint, recycled content, state-of-health methodology, responsible sourcing documentation)",[200,1944,1945,1948],{},[18,1946,1947],{},"14 days"," to reconcile data discrepancies and resolve missing fields",[200,1950,1951,1954],{},[18,1952,1953],{},"10 days"," to sign credentials, generate QR codes, and push to your distribution chain",[200,1956,1957,1960],{},[18,1958,1959],{},"5 days"," buffer for regulatory review if your DPP is flagged at customs",[12,1962,1963],{},"That is 80 days of active work, with zero slack for supplier delays, IT integration issues, or legal review.",[32,1965,1967],{"id":1966},"what-regulators-actually-check","What Regulators Actually Check",[12,1969,1970],{},"When an EU Market Surveillance Authority (MSA) or customs officer scans your product QR code, they are not looking at a PDF. They are calling a live API endpoint that returns structured JSON conforming to the ESPR delegated act for your product category. If the endpoint is down, returns incorrect data, or lacks required fields, your shipment is non-compliant — regardless of what your compliance documentation says.",[12,1972,1973],{},"The EU Common Information Repository (EU CIR) cross-references your DPP code against registered economic operators. If your organisation EORI number does not match the registration, the DPP is invalid.",[32,1975,1977],{"id":1976},"the-supplier-data-gap-is-the-real-risk","The Supplier Data Gap Is the Real Risk",[12,1979,1980],{},"Most importers discover during implementation that their suppliers do not have the required data in any structured form. Carbon footprint per kWh is not a number that appears on a bill of materials. Recycled material content percentages require actual material certification, not estimates. Responsible sourcing documentation for battery minerals requires chain-of-custody evidence going back to the mine.",[12,1982,1983],{},"If your supply contract does not require these data points from your supplier, you will be negotiating a new data-sharing arrangement under regulatory deadline pressure — the worst possible negotiating position.",[32,1985,1987],{"id":1986},"what-to-do-in-the-next-100-days","What to Do in the Next 100 Days",[12,1989,1990,1993],{},[18,1991,1992],{},"Week 1–2:"," Map every product SKU to its ESPR category. Batteries and electronics first. Identify which categories have confirmed delegated acts.",[12,1995,1996,1999],{},[18,1997,1998],{},"Week 3–6:"," Audit your supplier contracts for data obligations. Add data-sharing clauses requiring structured DPP-compatible outputs. Give suppliers the field templates they need.",[12,2001,2002,2005],{},[18,2003,2004],{},"Week 7–10:"," Select a DPP platform and register with an EU-recognised registry. Do not wait for perfect supplier data — start with what you have and iterate.",[12,2007,2008,2011],{},[18,2009,2010],{},"Week 11–14:"," Run your first batch of DPPs through market surveillance simulation. Test your QR codes, test the API endpoint, test the fallback resolution path.",[12,2013,2014],{},"If you cannot check that box by day 100, you are not on track. The 2027 deadline is not a soft launch.",[559,2016],{},[12,2018,2019],{},[564,2020,2021,2022,570,2025,1380],{},"Generate a compliant DPP for your product in under 10 minutes — ",[72,2023,2024],{"href":568},"try the PassportLab free generator",[72,2026,2027],{"href":573},"book a compliance review call",{"title":577,"searchDepth":578,"depth":578,"links":2029},[2030,2031,2032,2033],{"id":1924,"depth":578,"text":1925},{"id":1966,"depth":578,"text":1967},{"id":1976,"depth":578,"text":1977},{"id":1986,"depth":578,"text":1987},"2025-09-15","ESPR enforcement is not a distant deadline. For importers relying on supplier data, 100 days is the window between readable compliance and regulatory exposure. Here is what that actually means.",{},"\u002Farticles\u002Fthe-100-day-compliance-cliff",{"title":1913,"description":2035},"articles\u002Fthe-100-day-compliance-cliff",[806,956,807,2041],"Deadlines","_345TB_xXjVfyv4qcgFoPXQYNFFANAqrfbCiOH2c9CM",[2044,2048,2051,2054,2057,2060,2063,2066,2069],{"slug":2045,"title":6,"description":592,"link":598,"pubDate":591,"thumbnail":577,"tags":2046,"source":2047},"dpp-software-comparison",[603,604,40,82,117],"content",{"slug":2049,"title":608,"description":798,"link":800,"pubDate":797,"thumbnail":577,"tags":2050,"source":2047},"digital-product-passport-decoded-2026",[805,806,590,807,808],{"slug":2052,"title":812,"description":958,"link":960,"pubDate":957,"thumbnail":577,"tags":2053,"source":2047},"eu-destruction-ban-qr-code-wont-save-your-brand",[965,966,956,967],{"slug":2055,"title":971,"description":1136,"link":1138,"pubDate":1135,"thumbnail":577,"tags":2056,"source":2047},"next-two-years-redefine-fashion-europe",[966,1143,806,1144,1145],{"slug":2058,"title":1149,"description":1390,"link":1392,"pubDate":1389,"thumbnail":577,"tags":2059,"source":2047},"ecommerce-stack-best-compliance-tool",[1397,1398,1388,1399,805],{"slug":2061,"title":1403,"description":1561,"link":1563,"pubDate":1560,"thumbnail":577,"tags":2062,"source":2047},"death-of-the-static-pdf",[805,1559,1567,1568],{"slug":2064,"title":1572,"description":1719,"link":1721,"pubDate":1718,"thumbnail":577,"tags":2065,"source":2047},"no-dpp-registry-is-authoritative-yet",[1726,1727,1728,1729,1717],{"slug":2067,"title":1733,"description":1901,"link":1903,"pubDate":1900,"thumbnail":577,"tags":2068,"source":2047},"dpp-when-the-server-goes-down",[806,1907,1908,1909],{"slug":2070,"title":1913,"description":2035,"link":2037,"pubDate":2034,"thumbnail":577,"tags":2071,"source":2047},"the-100-day-compliance-cliff",[806,956,807,2041],1781291542797]