TL;DR. A Digital Product Passport is a machine-readable data record attached to a physical product, accessed through a QR code or NFC tag. It tells regulators, consumers, recyclers, and supply chain partners what the product contains, where it came from, how it was made, and what should happen to it at end of life. Under ESPR, DPPs will become mandatory for almost every category of product sold in the EU. For textiles, expected from 2027 to 2030. This piece explains what DPPs actually are, what they are not, and what brands need to understand before building one.

The simplest definition

A Digital Product Passport is a structured digital record that travels with a physical product. You scan a code on the product or its label. You see (or your systems see) data about the product. That's it.

The "passport" metaphor is not perfect, a physical passport identifies a person, while a DPP describes an object, but the analogy holds in one important way. A passport is recognised across borders by authorities that share a common standard for what's in it. A DPP works the same way: a regulator in Stockholm, a recycler in Lagos, and a customs officer in Frankfurt all need to read the same record and understand the same things from it.

What is actually in a DPP

For textiles, the expected content under the EU's ESPR textile delegated act falls into four broad areas. We organise these at Symolem under what we call the Four I's framework, Identity, Integrity, Intelligence, and Impact.

  • Identity. What the product is, who made it, what it contains. Unique product identifier (typically GS1-compliant), brand, model, materials and their percentages, country of origin for primary materials, supplier identities at relevant tiers, certifications held.
  • Integrity. Whether the data can be trusted. Source of each data point (self-declared, third-party verified, audited), verification status, signing and provenance, audit trail of updates.
  • Intelligence. How the product should be used, cared for, and repaired. Washing instructions, repair guidance, expected lifespan, durability data, spare parts availability where relevant.
  • Impact. The product's environmental and social footprint. Carbon footprint (with methodology disclosed), water use, chemical use, social impact data, recyclability rating, end-of-life routing.

The total field count for a fully populated textile DPP is substantial, our internal register currently holds approximately 814 fields, though not every field is mandatory for every product. The exact mandatory subset will be set by the textile delegated act when it adopts.

What a DPP is not

Three misconceptions are worth clearing up early because they cause brands to build the wrong thing.

A DPP is not a marketing page. It is not a brand storytelling tool. It is a structured data record built for machine readability, with a human-readable view as a secondary feature. Brands that try to design a DPP as a beautiful consumer page first and a data record second will fail their regulatory obligations and then have to rebuild.

A DPP is not a single document. It is not a PDF attached to a product. The data has to be queryable, updatable, and accessible through a standardised protocol, typically UNTP, the UN/CEFACT Transparency Protocol. A static document cannot satisfy this. The DPP needs to live in a system that can be updated when, for example, a supplier certification expires or a repair instruction changes.

A DPP is not just for consumers. The most common framing in trade press is that DPPs help consumers make better choices. That's one use case but it's not the primary one. The main readers of DPPs will be regulators, customs authorities, recyclers, downstream brands sourcing recycled material, and resale and rental platforms. Designing the DPP only for the consumer scan misses the majority of its purpose.

How DPPs work technically (briefly)

A DPP has three components. The data layer, a structured record held by the brand or a service provider, conforming to the UNTP schema and other relevant standards. The identifier layer, a unique product identifier (usually GS1-based) that allows the record to be looked up. The access layer, a QR code, NFC tag, or other physical-to-digital bridge on the product itself.

When someone scans the code, a resolver service looks up the identifier, fetches the data record, and returns either a human-readable view (for consumers and regulators) or a machine-readable response (for downstream systems and other DPPs).

The standards landscape underpinning this is converging on UNTP for the protocol, GS1 Digital Link for the identifier, and W3C Verifiable Credentials for signed and verifiable claims. This convergence is what makes interoperability possible.

Why interoperability matters

A DPP that only works in your brand's app is not a DPP. The whole point is that a recycler in another country, using completely different systems, can read it. This is the requirement that makes DPPs hard.

It is also the reason most early DPP pilots, including most blockchain-based pilots from 2019 to 2023, have been quietly retired. They were built as proprietary systems that did not interoperate with anything else. ESPR effectively rules these out, because the regulation requires conformance to common standards.

The practical implication for brands: avoid any DPP vendor or platform whose data format is not aligned with UNTP. Even if it works today, it will not be ESPR-compliant when the textile delegated act adopts.

Who actually builds the DPP

This is the question that surprises most brands when they first scope a programme.

The brand owns the data. The data has to be collected from suppliers (most brands hold less than 30% of what's needed in-house), structured to the relevant schema, verified to a defensible standard, and kept current. This is mostly a sustainability, sourcing, and product operations job, not an IT job.

The platform infrastructure can be built or bought. Brands with engineering capacity may build their own DPP infrastructure. Most will use a third-party platform, there are several emerging in this space, including our own Symolem capability. The platform handles data hosting, identifier resolution, verification, and the consumer-and-regulator-facing access layer.

The standards alignment must be vendor-checked. Whether you build or buy, the conformance to UNTP, GS1, and Verifiable Credentials standards is the part that future-proofs you. Most "DPP platforms" marketed in 2024 to 2025 do not yet hit these standards. By the time the textile delegated act adopts, those that don't will be unusable.

What to do now

For brands at the start of this journey, three actions cost almost nothing and unlock the timeline.

Map your data sources. For one representative product line, identify where every data point that will be needed for the DPP actually sits, internal systems, direct suppliers, indirect suppliers, third-party certifications. This exposes the data gaps that will take longest to close.

Pressure-test vendor claims. If you are evaluating DPP platforms, ask each vendor to demonstrate UNTP conformance, GS1 Digital Link conformance, and a roadmap to W3C Verifiable Credentials. Vendors that can't answer these in detail are not yet at the level the regulation will require.

Treat it as a programme. A DPP is not a project for the sustainability team. It needs cross-functional ownership across product, sourcing, operations, IT, and legal, with a named programme owner who can resolve the inevitable conflicts between speed, accuracy, and cost.

Get the ESPR scope checker

A seven-page guide that walks you through how ESPR applies to your fashion business, when it takes effect, and what to do now to get ready. Takes ten minutes to read.