A German component manufacturer sells industrial gear units into machines that end up all over Europe. In 2026 a large OEM customer sends a new clause with its purchase order: from a fixed date, every part must arrive with a compliant Digital Product Passport - material composition, substances of concern, recycled content, end-of-life data - readable from a QR code on the part. The Geschäftsführer forwards it to the quality manager, who forwards it to whoever seems least busy, and everyone quietly assumes the answer is to hire a small team to chase this data across a few hundred products and a few dozen suppliers.
That instinct is expensive and wrong. The data the DPP demands already sits inside the company - in the ERP, the PLM, the quality system, the supplier declarations. It is just scattered, inconsistent, and never assembled into one machine-readable record per product. The real task is not collection from scratch. It is aggregation, validation and formatting to a standard, repeated across every product and kept current forever. That is a data-plumbing problem, and standing up a permanent department to solve a data-plumbing problem is how compliance costs quietly become a fixed line on the P&L.
This guide is for the Geschäftsführer, the head of product compliance, or the PLM lead at a manufacturer who has just realised the DPP is coming and is deciding how to meet it. Below is a concrete look at what the ESPR actually requires, why the data - not the QR code - is the hard part, and how a custom AI agent aggregates DPP data across your existing systems into a compliant passport per product, with the 90-day pilot, the compliance reality, and the build-vs-department maths.
TL;DR
The DPP is a data obligation, not a document. Under the ESPR (Reg. (EU) 2024/1781), each product needs a machine-readable record of material composition, substances of concern, durability and end-of-life data, reachable via a QR code.
The data already exists - scattered across ERP, PLM, quality systems and supplier declarations. The work is aggregation and validation, not net-new headcount.
The clock is real: the EU DPP Registry must be live by 19 July 2026, the battery passport is mandatory from 18 February 2027, and textiles are the first ESPR group, with compliance expected around 2028.
A custom AI agent pulls the DPP fields from your existing systems, matches substances of concern against your SCIP declarations, formats to the data model, and keeps every passport current - with a human signing off the liability-bearing fields.
90 days is enough to go from a field-gap report to complete, validated passports for one product group - without building a new department.
The Department You Cannot Afford
When a regulation lands on a manufacturer, the reflex is organisational: name an owner, staff a team, buy a tool. For the Digital Product Passport, that reflex leads straight to a cost centre that never shrinks - because the DPP is not a one-off project, it is a permanent per-product data obligation. The cheaper answer is to treat it as a data problem, not an org-chart problem.
- The data is already inside the company - Material composition, part numbers, recycled content and supplier declarations live in your ERP, PLM and quality system; the DPP mostly re-uses existing data, it does not invent it5.
- The volume kills manual work - A passport per product, per variant, kept current across the lifecycle, is thousands of records that no reasonable headcount can hand-assemble and maintain17.
- The hard field is scattered - Material composition is held across multiple systems, collected inconsistently, and rarely verified, which is exactly why teams underestimate it16.
- Sub-tier data is missing - Full material disclosure needs data from sub-tier suppliers that most firms do not collect systematically today16.
- A department cannot keep pace - Every engineering change, new supplier or reformulation ripples into the passport; a manual team is always behind the change log.
- The liability sits with you - The economic operator placing the product on the market is responsible for the passport, so the answer has to be auditable, not just staffed5.
Key Reframe
The Digital Product Passport is not a document you write once. It is a live, machine-readable data record per product that has to stay accurate across the whole lifecycle and be readable by customs, recyclers, repairers and authorities to defined access rights. You do not solve a continuous data-integration problem by hiring people to copy fields between systems - you solve it by connecting the systems and putting an agent on top.
The pattern is the same one that shows up with every data-heavy regulation: the work is not the judgement, it is the plumbing. An agent does not decide your compliance strategy. It removes the thousands of hours of copying, chasing and reformatting that a new department would otherwise absorb.
| The Instinct | What It Costs | The Data-First Answer |
|---|---|---|
| Hire a compliance team | Permanent fixed headcount cost | Aggregate existing data with an agent |
| Chase suppliers by email | Weeks of follow-up per product | Structured declaration intake and matching |
| Build passports in spreadsheets | Stale the moment a part changes | Passports rebuilt from live source data |
| Buy one more disconnected tool | Yet another silo to keep in sync | Agent reads your existing systems |
| Treat it as a one-off project | Passports rot after go-live | Change-tracking keeps records current |
| Manually format to the standard | Error-prone, per-product effort | Agent formats to the DPP data model |
What a DPP Must Actually Contain
Before you can automate the passport, you have to know what goes in it. The ESPR sets the frame in Articles 9 to 15 and Annex III; the detailed fields come per product group through delegated acts. Across groups, the same families of data recur - and they map cleanly onto systems you already run.
The core data families
- Product identity and identifier - A unique product identifier and a data carrier (QR code or NFC), registered so the EU Registry can resolve it to your data4
- Material composition - A detailed breakdown of materials, including recycled content and any critical raw materials16
- Substances of concern - Name, concentration and location in the product of substances above defined thresholds, tied to the ECHA SCIP database10, 11
- Durability and reparability - Expected lifetime, reparability information, spare-parts availability and disassembly instructions12
- End-of-life handling - Disassembly maps, recyclability assessment and routing instructions for recyclers12
- Compliance and documentation - Links to conformity information and technical documentation to the extent the delegated act requires
Where each field already lives
| DPP Data Family | Where It Already Sits | The Gap to Close |
|---|---|---|
| Product identity | ERP material master | Assign identifier and data carrier |
| Material composition | PLM, bill of materials | Fill sub-tier and recycled-content gaps |
| Substances of concern | SCIP declarations, supplier data | Structure to name, concentration, location |
| Durability / reparability | Technical documentation, service manuals | Extract into structured fields |
| End-of-life | Engineering, disassembly guides | Author recyclability and routing data |
| Conformity links | Quality / document management | Link to the passport per product |
The point of the table is not that the data is easy. It is that the data has a home. The DPP work is closing the gap between a field that exists somewhere and the same field, verified and structured, in a passport a machine can read.
DPP as a Document vs DPP as a Data Record
Treating It Like a Document (Fails)
- ✗ Authored by hand - a PDF per product nobody can keep current
- ✗ Stale on change - a new supplier breaks it silently
- ✗ Not machine-readable - fails the access and data-carrier rules
- ✗ No audit trail - cannot prove where a figure came from
Treating It Like a Data Record (Works)
- ✓ Assembled from source - rebuilt from ERP and PLM on demand
- ✓ Current by design - change in source flows to the passport
- ✓ Machine-readable - formatted to the DPP data model
- ✓ Fully traceable - each field linked to its source and approver
“We’re talking about mostly existing data. We’re talking about a decentralised or distributed approach to the data. It does not have to move from where it’s created.”
- William Neale, Adviser for Circular Economy, European Commission DG Environment5
The ESPR Timeline That Is Already Moving
The DPP does not arrive on one date. It arrives group by group through delegated acts, which is why some manufacturers think they have years and others are already contractually on the hook via their OEM customers. Here is the map that matters in 2026.
The fixed dates
- ESPR in force - Regulation (EU) 2024/1781 entered into force on 18 July 2024, establishing the DPP framework filled in per group by delegated acts1
- Working plan adopted - The Commission adopted the 2025-2030 ESPR working plan on 16 April 2025, naming textiles as a first priority group3, 9
- EU DPP Registry live - Under Article 13, the central Registry of product identifiers must be set up by 19 July 20264
- Battery passport mandatory - From 18 February 2027, EV, light-means-of-transport and industrial batteries above 2 kWh need a battery passport under the Batteries Regulation - the first mandatory DPP6, 7
- Textiles delegated act - Expected around 2027, with compliance roughly 18 months later, around mid-20288
- Electronics, furniture and more - Prioritised in the working plan for the second half of the decade9
Why the OEM clause beats the delegated act
For most Mittelstand suppliers, the binding deadline is not the delegated act - it is the day a large customer makes a DPP a condition of the purchase order. OEMs preparing their own passports push the data requirement straight down the supply chain, often ahead of the legal date.
| Milestone | Date | What It Means for a Manufacturer |
|---|---|---|
| ESPR in force | 18 July 2024 | The framework exists; groups follow |
| Working plan | 16 April 2025 | Textiles named first; order is set |
| DPP Registry | 19 July 2026 | The identifier plumbing goes live |
| Battery passport | 18 February 2027 | First hard mandate; the proof of concept |
| Textiles compliance | ~mid-2028 | First ESPR group must comply |
| OEM contract clause | Now, in practice | The real deadline for most suppliers |
Why the Data, Not the QR Code, Is the Problem
Vendors love to demo the easy 10 percent: printing a QR code and hosting a web page. That part is solved. The hard 90 percent is getting correct, complete, structured data behind the code - and keeping it there. This is where DPP projects actually stall.
The five data problems
- Scatter - The same product’s data lives in ERP, PLM, quality, supplier portals and lab certificates, in different formats and units16.
- Sub-tier blindness - Full material and substance disclosure needs data from suppliers-of-suppliers that most firms never systematically collected16.
- Inconsistency - Fabric or alloy content on one document does not match another; the same field has three values16.
- Verification - Substances of concern need name, concentration and location, tied to SCIP - a step beyond a rough declaration10, 11.
- Drift - A passport is right on launch day and wrong three engineering changes later unless something keeps it current.
Why This Is Timely
KPMG surveyed more than 70 organisations across Europe on DPP readiness and found the recurring gaps are governance, data readiness and supplier engagement - not awareness15. In other words, companies know the DPP is coming; what they lack is a way to get correct, structured product data out of their systems and their supply chain. That is precisely the gap an aggregation agent closes.
Why aggregation is an AI-shaped job
- Many sources, one record - The agent reads ERP, PLM, quality and supplier data and reconciles them into a single passport per product
- Messy inputs - Supplier declarations arrive as PDFs, emails and spreadsheets; extracting structured fields from unstructured documents is exactly what a language-model agent does well
- Matching and normalisation - Aligning material names, CAS numbers and units across sources is repetitive pattern work, not judgement
- Gap detection - The agent flags which DPP fields it cannot source, so humans chase only the true gaps, not everything
- Continuous re-assembly - When a source changes, the agent rebuilds the affected passports instead of waiting for a person to notice
What the AI Agent Actually Does
A DPP agent is not a chatbot bolted onto a product page. It owns a workflow: pull the required fields from your systems, reconcile and validate them, format to the data model, expose them through the identifier and data carrier, and keep them current - escalating the liability calls to a human.
The agent loop for a Digital Product Passport
- Map - Reads the DPP field list for the product group and locates where each field lives across your ERP, PLM, quality and supplier systems.
- Pull - Extracts material composition, part data, recycled content and technical documentation from those systems through approved integrations.
- Ingest declarations - Reads supplier declarations and lab certificates - PDFs, emails, spreadsheets - and extracts the structured fields.
- Reconcile - Normalises material names, CAS numbers and units, and resolves conflicts where a field has more than one value.
- Match substances - Aligns substances of concern to your SCIP declarations and the regulatory thresholds, with name, concentration and location.
- Detect gaps - Flags every DPP field it cannot yet source and routes it to the right owner or supplier to fill.
- Assemble and format - Builds the passport to the DPP data model, attaches the identifier and data carrier, and registers it.
- Validate and sign off - Presents the liability-bearing fields for human approval before the passport goes live.
- Track change - Watches the source systems and rebuilds the affected passports when a part, supplier or formulation changes.
What it does versus what the alternatives do
| Capability | QR/Web DPP Tool | Generic ChatGPT | Custom DPP Agent |
|---|---|---|---|
| Hosts and shows a passport | Yes | No | Yes |
| Reads your ERP and PLM | Manual upload | Only what you paste | Yes (integrations) |
| Extracts from supplier PDFs | No | One at a time | Yes (at scale) |
| Matches substances to SCIP | No | No | Yes |
| Detects missing fields | No | No | Yes (gap report) |
| Keeps passports current | Manual re-entry | No | Yes (change-tracking) |
| Audit trail per field | Limited | Conversation log | Full source-to-approver trail |
| Keeps a human responsible | n/a | Up to you | Yes (sign-off gate) |
The category matters. A QR tool shows a passport but does not build the data behind it. A generic chatbot has no live connection to your systems. A custom agent does the aggregation, keeps a trail, and never publishes a liability-bearing field without a human pressing approve.
The DPP-Agent Architecture
A DPP agent only works if it sits on top of where your product data already lives and never becomes a parallel system of record. The decentralised design of the ESPR is a gift here: you keep your data, and the agent exposes it.
The five layers
- Source systems - ERP (material master, BOM), PLM, quality system, supplier portal and document store stay the source of truth for product facts.
- Aggregation and extraction - The agent reads structured data through integrations and extracts structured fields from unstructured supplier documents.
- Reconciliation and validation - Names, units and CAS numbers are normalised; conflicts are resolved; substances are matched to SCIP and thresholds.
- Passport assembly - The DPP is built to the data model, given its identifier and data carrier, and registered so the EU Registry can resolve it.
- Governance and change - Every field is linked to its source and approver; change-tracking rebuilds passports when the source data moves.
What sits where
| Layer | Stays in Your Systems | Lives in the Agent |
|---|---|---|
| Product master and BOM | Yes (ERP, PLM) | Reads, never overwrites |
| Supplier declarations | Yes (portal, mailbox) | Extracts and structures |
| Substance thresholds and SCIP logic | No | Yes (matching rules) |
| DPP data model and format | No | Yes (assembly) |
| Identifier and data carrier | Registered externally | Yes (managed) |
| Passport hosting | Your DPP host | Assembles the record |
| Field-level audit trail | No | Yes (full trail) |
| Change detection | Source events | Yes (rebuild logic) |
The principle is simple: your systems stay the source of truth for product facts, and the agent is the operator that turns those facts into a compliant, current passport. Any architecture that copies your product master into a parallel store breaks both data governance and the audit trail.
Where the data lives
- Product and supplier data - In your systems, untouched; the agent works through approved integrations
- Agent state - In an EU-resident environment, operated under a DSGVO-compliant Auftragsverarbeitungsvertrag
- LLM inference - Via EU-resident endpoints (Azure OpenAI EU, AWS Bedrock EU, or Mistral) or a private deployment for the most sensitive product data
- Prompt and output retention - Logged for audit, not used for vendor model training - the AVV must say so explicitly
- Passport data - Hosted on your chosen DPP host, with the EU Registry holding only the identifier that resolves to it4, 19
Not sure which DPP fields you can already source?
Henri runs a 30-minute working session on one of your product groups - which passport fields exist in your systems, which are gaps, and whether a 90-day pilot makes sense.

The 90-Day Pilot Playbook
The biggest mistake manufacturers make with the DPP is starting with a company-wide rollout deck. The right path is the opposite: start with one product group, one set of passports, and 90 days.
The phases
- Days 1-15: Field mapping and gap report - Pick one product group, list the DPP fields it needs, and map each field to where it lives in your systems. The output is a gap report showing exactly which fields you cannot yet source.
- Days 16-30: Connect the sources - Integrate the agent with your ERP, PLM, quality system and document store, read-only first. Confirm it can read the product master, BOM and technical documentation.
- Days 31-45: Assemble first passports - The agent aggregates and reconciles the data into draft passports for a sample of products, formatted to the DPP data model.
- Days 46-60: Substances and validation - Add substances-of-concern matching against your SCIP declarations and thresholds, and run the first human validation of the liability-bearing fields.
- Days 61-75: Identifier and carrier - Assign identifiers and data carriers, register with the DPP Registry approach, and confirm a scan resolves to the correct passport.
- Days 76-90: Change-tracking and go/no-go - Turn on change detection so passports stay current, agree the data-quality standard, and decide go or no-go for the next product group.
Checklist before you start
- □ One product group selected as the pilot, with a real DPP deadline (legal or OEM)
- □ The DPP field list for that group agreed from the delegated act or OEM spec
- □ Read access to ERP, PLM, quality system and document store confirmed
- □ AVV in place, EU-resident hosting, no-training clause confirmed
- □ Owner assigned (product compliance, PLM or quality lead) with explicit time budget
- □ Human sign-off process agreed for the liability-bearing fields
- □ A data-quality standard defined (what counts as verified enough to publish)
- □ Success metrics agreed - field coverage, passports assembled, gaps closed
- □ Go/no-go review scheduled for Day 45 and Day 90
What to measure
- Field coverage - Share of required DPP fields the agent can source automatically - target 80 percent or better after the pilot
- Passports assembled - Number of complete, validated passports produced in the pilot group
- Gap-closure time - Time from a flagged missing field to a filled one, versus the manual baseline
- Supplier response - Share of sub-tier gaps closed through structured declaration requests
- Currency - Whether a change in a source system correctly triggers a passport rebuild
Compliance: ESPR, DSGVO and the EU AI Act
Compliance is the make-or-break of DPP work. The technology is the easy part; the responsibility frame is where careless firms get hurt. Three rule sets touch a DPP agent: the ESPR itself, the DSGVO, and the EU AI Act. Each has a concrete answer; none is a blocker.
ESPR - the responsibility rule
The spine of DPP compliance is that the economic operator placing the product on the EU market is legally responsible for the passport. The agent aggregates and formats; a human validates and signs the fields that carry liability. Getting a substances-of-concern declaration wrong is a market-surveillance and market-access risk, not a formatting quibble.
- The operator stays responsible - The agent drafts the passport; a human validates every liability-bearing field before it goes live5
- Substances need precision - Name, concentration and location above threshold, tied to SCIP - the agent structures it, a human confirms it10, 11
- Traceability is the defence - Every field linked to its source document and approver, so a challenged figure is traced in minutes
- Access rights matter - Different roles see different fields; the passport must respect the ESPR access rules, not expose everything to everyone2
- Currency is an obligation - A passport that drifts out of date is non-compliant; change-tracking is not optional
DSGVO - the data side
Most DPP data is product data, not personal data - but supplier contacts, sign-offs and some technical documentation can contain personal data, and the agent processes commercially sensitive information regardless.
- EU-resident processing - Product and supplier data stays in EU data centres, with no transfer to non-EU models without a valid legal basis
- Auftragsverarbeitungsvertrag - An AVV governs the agent provider and the model endpoint, covering purpose limitation and deletion
- No training on your data - The vendor agreement includes an explicit no-training clause for prompts and outputs
- Data minimisation - The agent processes only the product data needed for the passport, not the whole company drive
- Access control and logging - Who read which product or supplier data, and when, is logged - useful for both DSGVO and market-surveillance audits
EU AI Act - the tool you use
Using an AI agent to aggregate and format product data is a low-risk, transparency-level use as long as a human stays responsible for the regulated declarations22.
- Low-risk use - The agent assembles data you already hold; it is not making high-risk decisions about people
- Human responsible - The economic operator signs the liability-bearing fields; the agent never publishes them unchecked
- Article 4 (AI literacy) - Staff who operate the agent receive basic, documented AI literacy23
- Provider obligations - The LLM vendor carries the general-purpose model obligations; your firm is the deployer, not the provider
- Transparency - It is clear internally that the passport draft is machine-assembled and human-approved
Compliance Reality Check
The three frameworks converge on the same operating principles: EU hosting, a named AVV, a no-training clause, a full field-level audit trail, and human sign-off on every liability-bearing field. A correctly built DPP agent satisfies all three at once. A “quick QR-code tool” that hosts a passport nobody can trace back to source, or a consumer chatbot that reformats confidential product data with no audit trail, satisfies none - and leaves the responsible operator exposed on market-surveillance day.
“The Digital Product Passport represents an opportunity to build trust, unlock value and reinforce long-term competitiveness.”
- Mike Hayes, Climate Change and Decarbonization Leader, KPMG International15
Build vs Buy vs New Department
There are three ways to meet the DPP: stand up a compliance department, buy a generic DPP SaaS tool, or build a custom agent on top of your systems. Most manufacturers end up combining, and the right mix depends on how many products and how much data scatter you have.
The three options compared
| Dimension | New Department | Generic DPP SaaS | Custom DPP Agent |
|---|---|---|---|
| Cost model | Permanent headcount | Per-product / per-seat | Fixed build + flat running cost |
| Scales with product count | Needs more people | Cost climbs per SKU | Marginal cost near zero |
| Reads your ERP and PLM | By hand | Manual upload | Yes (integrations) |
| Extracts supplier PDFs | By hand | Rare | Yes (at scale) |
| Keeps passports current | Always behind | Manual re-entry | Change-tracked |
| Judgement and sign-off | Yes (their job) | No | Human-in-the-loop |
| Best for | A one-off niche product | A handful of simple SKUs | A real product portfolio |
The honest combination
- Agent for aggregation at scale - The agent does the pulling, reconciling and formatting across the whole portfolio, where a department would be permanent cost
- People for judgement and suppliers - A small compliance function validates thresholds, sets the data standard, and handles the suppliers who will not declare
- SaaS for hosting, agent for data - A DPP host can serve the passport; the agent is what fills it with correct, current data
- Never the generic tool alone - A QR tool with no live data connection just moves the manual work behind the code
- The maths flips with volume - A single niche product: a person can manage it. A portfolio of hundreds across variants: build the agent
When to Build vs When to Staff a Function
Build the Agent When
- ✓ You have a real product portfolio across many variants
- ✓ Your DPP data is scattered across ERP, PLM and suppliers
- ✓ Passports must stay current as products change
- ✓ You want cost that does not scale with SKU count
A Small Function Is Enough When
- ✗ You have one product and one simple deadline
- ✗ Your data is already clean and in one system
- ✗ The passport rarely changes after launch
- ✗ You need mostly judgement, not aggregation
How Superkind Fits
Superkind builds custom AI agents that sit on top of the systems a manufacturer already uses - ERP, PLM, quality system, supplier portal, document store - without forcing a switch. The deployment model is process-first: we map how your product data flows and where each DPP field lives before we touch a line of code. The agent is built around your product reality, not a generic passport template.
What sits in the Superkind DPP agent
| Capability | New Department | Generic DPP Tool | Superkind Custom Agent |
|---|---|---|---|
| Reads ERP, PLM and quality | Manual | Upload only | Yes (integrations) |
| Extracts supplier declarations | Manual | Rare | Yes (at scale) |
| Matches substances to SCIP | Manual | Limited | Yes |
| Detects and routes gaps | Ad hoc | No | Yes (gap report) |
| Keeps passports current | Always behind | Manual re-entry | Yes (change-tracked) |
| DSGVO-ready hosting | Varies | Varies | Yes (EU, AVV, no training) |
| Field-level audit trail | Partial | Limited | Yes (source to approver) |
| Cost as product count grows | More headcount | Climbs per SKU | Near-flat |
What Superkind brings to DPP work
- Process-first deployment - We map how your product data flows and where each DPP field lives before we build, so the agent fits your reality
- Reads your systems - The agent aggregates from ERP, PLM, quality and supplier data through approved integrations, not a blank upload form
- Unstructured extraction - Supplier declarations and lab certificates in PDFs, emails and spreadsheets are turned into structured DPP fields
- Substances-of-concern matching - Substances aligned to your SCIP declarations and thresholds with name, concentration and location
- Gap detection built in - The agent tells you exactly which fields it cannot source, so your team chases only the true gaps
- Change-tracking by design - When a part, supplier or formulation changes, the affected passports rebuild instead of quietly going stale
- DSGVO-ready compliance - EU hosting, AVV, no-training guarantees, and a full field-level audit trail
- 90-day pilot scope - One product group, a field-gap report, validated passports, written success criteria - go or no-go after 90 days
Superkind: Honest Pros and Cons
Where We Fit
- ✓ Manufacturers with a real portfolio facing a DPP deadline, legal or from an OEM
- ✓ Firms whose product data is scattered across ERP, PLM and suppliers
- ✓ Teams that want aggregation handled, not a new permanent department
- ✓ Firms that want a compliant, auditable setup instead of a QR side-project
Where We Are Not the Fit
- ✗ A single niche product where one person can manage the passport by hand
- ✗ Teams that want a free or under-EUR-500/month tool - we build for value, not lowest price
- ✗ Firms not ready to give read access or assign an internal owner
- ✗ Teams that want to outsource the sign-off - the operator always stays responsible
Decision Framework
Not every manufacturer needs a DPP agent, and not every one is ready. The framework below helps locate which one you are.
Staff a small function for one product if
- You have one product group - A single niche line does not justify a build
- The data is already clean - Everything sits in one system, verified, in one format
- The passport rarely changes - Little engineering change means little drift to manage
- You need judgement, not volume - The task is deciding thresholds, not aggregating thousands of fields
Build a custom agent if
- You have a real portfolio - Hundreds of products across variants generate the aggregation load that produces the ROI
- Your data is scattered - The DPP fields live across ERP, PLM, quality and supplier declarations
- An OEM has set the clock - A customer has made the DPP a condition of the purchase order
- Passports must stay current - Frequent engineering change means drift you cannot manage by hand
- You want flat cost - You do not want a compliance cost that scales with your SKU count
Wait if
- Your product master is a mess - Clean the obvious gaps first; vague source data produces a vague passport
- No internal sponsor - Without an owner in product compliance or PLM, the project stalls
- No budget for the AVV and legal review - The compliance foundation is non-negotiable
- No deadline in sight - If neither a delegated act nor an OEM touches your products yet, map the fields but hold the build
Frequently Asked Questions
A Digital Product Passport (DPP) is a structured, machine-readable record of a product accessed through a data carrier such as a QR code or NFC tag. Under the Ecodesign for Sustainable Products Regulation, Reg. (EU) 2024/1781, it must carry data on material composition, recycled content, substances of concern, durability, reparability, spare parts and end-of-life handling. It is not a marketing page. It is a regulated data set that customs officers, recyclers, repairers and market-surveillance authorities can read to a defined access rule. The economic operator that places the product on the EU market is legally responsible for it.
No, and that is the central point. The instinct is to hire a compliance team to chase material data, substances-of-concern declarations and end-of-life information across every product and supplier. But the data you need already exists inside your ERP, your PLM, your quality system and your supplier declarations. The work is aggregation, validation and formatting to a standard, not net-new headcount. A custom AI agent does that aggregation continuously, which is exactly the shape of work that does not justify a permanent department.
The rollout is staged by product group through delegated acts, not one big-bang date. The EU DPP Registry, the central index of product identifiers, must be set up by 19 July 2026 under ESPR Article 13. The battery passport is the first mandatory DPP, applying from 18 February 2027 for EV, light-means-of-transport and industrial batteries above 2 kWh under the separate Batteries Regulation. Textiles are the first ESPR priority group, with the delegated act expected around 2027 and compliance around mid-2028. Electronics and furniture follow later in the decade.
In a decentralised model, not a single EU database. The economic operator hosts its own DPP data, and the EU Registry only stores the unique product identifiers that resolve to where each passport sits, typically via a GS1 Digital Link. As the European Commission adviser William Neale put it, it is mostly existing data, and it does not have to move from where it is created. That decentralised design is good news for manufacturers: it means the job is connecting and exposing your own systems, not uploading your bill of materials to Brussels.
The material and substances-of-concern data, not the technology. Material composition is spread across ERP, PLM, supplier declarations and lab certificates, collected inconsistently and rarely verified. Full disclosure needs data from sub-tier suppliers that many firms do not collect systematically today. Substances of concern must be identified by name, concentration and location in the product, tied to the ECHA SCIP database. Assembling that per product, per variant, and keeping it current, is the real work an agent removes.
It can assemble and maintain the passport; a human still signs it off. The agent pulls material composition from PLM and ERP, matches substances against your SCIP declarations and regulatory thresholds, gathers durability and repair data from your technical documentation, and formats everything to the DPP data model with the identifier and data carrier. What it does not do is decide, unchecked, that a substance is below threshold or that a recycled-content figure is accurate. The economic operator remains legally responsible, so a human validates the fields that carry liability.
No. The agent sits on top of the systems you already run - SAP, an industry ERP, a PLM like Windchill or Teamcenter, your quality system, your supplier portal and your document store. It reads from them through approved integrations, aggregates the DPP fields, and writes the passport. Nothing is ripped out. The product master data stays where it is; the agent is the operator that turns it into a compliant, current passport per product.
The CE mark asserts conformity; a datasheet is a static document you author. A DPP is a live, structured, machine-readable record tied to a specific product instance or model and reachable by third parties through a data carrier to defined access rights. It has to stay current across the product lifecycle, and different roles - recycler, repairer, customs, authority, consumer - may see different fields. It is a data obligation, not a document, which is why spreadsheets and PDFs do not scale to it.
Incorrect or missing DPP data is a market-surveillance and market-access risk. The passport is checked by authorities, and it gates whether a product can be placed on or kept on the EU market. Because the economic operator is responsible, a wrong substances-of-concern declaration or a missing end-of-life field is your liability, not your supplier is. This is exactly why the agent keeps a full audit trail of where each field came from and who approved it, so a challenged figure can be traced to its source in minutes.
A focused 90-day pilot takes you from one product group to a complete, validated passport. The first two weeks map the DPP fields to where each one lives in your systems. Weeks three to six connect the agent and assemble the first passports. Weeks seven to ten add substances-of-concern matching and human validation. The final weeks set up the registry identifier, the data carrier and the change-tracking so passports stay current. First value - a gap report showing exactly which DPP fields you cannot yet source - appears in the first two weeks.
Using an AI agent to aggregate and format product data is a low-risk, transparency-level use as long as a human stays responsible for the regulated declarations. The agent is a tool that assembles data you already hold; it is not making high-risk decisions about people. You keep a human sign-off on the liability-bearing fields, document basic AI literacy for the staff who operate it under Article 4, and use EU-resident hosting under a DSGVO-compliant contract. None of this is a blocker; it is the same governance any well-built agent needs.
Usually the person who already owns product compliance or product data - a head of product compliance, a PLM or master-data lead, or a quality manager - not a brand-new hire. The agent removes the parts of their job nobody wants: chasing supplier declarations, copying material data between systems, and rebuilding the same substances table per variant. The judgement work - validating a threshold, deciding a data-quality standard, engaging a supplier who will not declare - stays with them and finally gets the time it needs.
Related Articles
- The EU AI Act for the Mittelstand: What German SMEs Actually Have to Do
- AI as a Compliance Assistant: How the Mittelstand Automates Audit Trails, Policies, and Reporting
- Intelligent Document Processing: How the Mittelstand Replaces OCR With AI Agents
- AI in Procurement: How the Mittelstand Tames Suppliers, Prices, and Risk
- AI in Quality Management: How the Mittelstand Cuts Defects and Documentation Load
- AI in Mechanical Engineering: How the Mittelstand Builds Smarter Machines
Sources
- EUR-Lex - Regulation (EU) 2024/1781 (Ecodesign for Sustainable Products Regulation, ESPR)
- European Commission - Implementing the Ecodesign for Sustainable Products Regulation
- European Commission - ESPR 2025-2030 Working Plan (adopted 16 April 2025)
- Traceable Digital - EU Central DPP Registry: What the 19 July 2026 Set-Up Deadline Means
- Circularise - Digital Product Passports (DPP): what, how, and why
- Circularise - EU Battery Passport Regulation Requirements
- Battery Pass - Battery Passport Content Guidance
- Renoon - The Timeline of Digital Product Passport Regulation in the EU (ESPR)
- usetappr - ESPR Working Plan Update (April 2025): Priorities and Dates
- MyProductPassport - ESPR Substance of Concern Tracking and Reporting
- ECHA - SCIP: Substances of Concern In articles as such or in complex objects (Products)
- Intertek - Digital Product Passport (DPP) under ESPR: JRC Methodology Report Insights
- CIRPASS-2 - Preparing the deployment of the Digital Product Passport
- Fraunhofer IZM - CIRPASS-2 project
- KPMG - European Digital Product Passport Readiness Survey
- Seismic - Digital Product Passports: Is Your Data Ready?
- Quality Magazine - Manufacturers Must Unify Data Now to Meet First DPP Deadlines
- Stibo Systems - Digital Product Passports: The Data Management Mandate
- GS1 - Digital Link standard
- European Circular Economy Stakeholder Platform - Digital Product Passport as Enabler for the Circular Economy
- S-GE - EU Digital Product Passport: What It Is, Which Products It Affects, and How to Prepare
- EU AI Act - Implementation Timeline
- EU AI Act - Article 4 (AI Literacy obligation)
- Bitkom - Digital Product Passport (Positionspapier)
Ready to compile your DPP data without a new department?
Henri runs a 30-minute working session on one of your product groups - which passport fields exist in your systems, which are gaps, and whether a 90-day pilot makes sense.
Book a Demo →
