Step-by-Step Guide: How to Create Your First EU Digital Product Passport

Creating your first Digital Product Passport (DPP) is not a theoretical exercise—it is a concrete, phased operational project that bridges supply chain management, IT systems integration, regulatory compliance, and physical product labeling. This guide provides a comprehensive, phase-by-phase blueprint for taking a single product line from zero DPP capability to a fully functional, registry-registered, scanner-verifiable digital passport.

The guide is structured around six implementation phases, each with specific objectives, deliverables, common pitfalls, and estimated timelines. The approach is designed for textile and apparel products, but the methodology applies across all ESPR-regulated product categories.

Implementation Overview: The 6-Phase Journey

┌──────────────────────────────────────────────────────────────────────────────────────────────┐
│  MONTHS 1-2          MONTHS 2-4        MONTHS 3-5        MONTHS 5-6        MONTHS 6-8         │
│  ┌─────────┐        ┌─────────┐       ┌─────────┐       ┌─────────┐       ┌─────────┐        │
│  │ PHASE 1 │───────▶│ PHASE 2 │──────▶│ PHASE 3 │──────▶│ PHASE 4 │──────▶│ PHASE 5 │        │
│  │  DATA   │        │ SUPPLY  │       │TECHNICAL│       │REGISTRY │       │ CARRIER │        │
│  │  AUDIT  │        │  CHAIN  │       │  SETUP  │       │  REG.   │       │ DEPLOY  │        │
│  └─────────┘        └─────────┘       └─────────┘       └─────────┘       └─────────┘        │
│                                                                               │               │
│                                                                               ▼               │
│                                                          ┌─────────────────────────┐         │
│                                                          │       PHASE 6           │         │
│                                                          │   PILOT, ITERATE, &     │         │
│                                                          │        SCALE            │         │
│                                                          └─────────────────────────┘         │
│                                                                                               │
│  NOTE: Phases 2 and 3 can (and should) run in parallel where possible                        │
└──────────────────────────────────────────────────────────────────────────────────────────────┘

Phase 1: Data Audit — Know What You Have and What You Need

Duration: 4–8 weeks Objective: Identify all existing product data, catalogue data gaps, and establish data collection protocols.

Step 1.1: Inventory Existing Product Data

Before you can build a DPP, you must understand what data you already possess. Conduct a thorough inventory of all product-related data currently held in your PLM, ERP, supplier documentation, and certification repositories.

Data categories to inventory:

Step 1.2: Map Data Gaps Against DPP Requirements

Cross-reference your existing data inventory against the anticipated DPP data fields. The European Commission has provided substantial guidance on required categories through the ESPR framework text and public consultation documents.

Common data gaps discovered during audit:

Step 1.3: Establish Data Collection Protocols

For each gap identified, create a specific data collection protocol:

• What data is needed (specific field definitions)
• Who provides it (which tier, which supplier)
• How it is verified (self-declaration, third-party audit, digital verification)
• Collection frequency (per batch, quarterly, annually)
• Data format (structured JSON, CSV, API feed)

[!IMPORTANT]

Protocol quality matters more than protocol quantity. A small number of rigorously defined, tested, and enforced data collection protocols will produce better results than dozens of vague or unenforced requirements. Start with the highest-priority, highest-impact data gaps.

Phase 2: Supply Chain Engagement — Onboard Your Suppliers

Duration: 8–16 weeks (this is the longest and most difficult phase) Objective: Engage Tier 1–4 suppliers, establish data-sharing agreements, and implement verification protocols.

Step 2.1: Tier 1 Supplier Onboarding (Cut-and-Sew)

Tier 1 suppliers are typically the easiest to engage because they have direct commercial relationships with your brand.

Onboarding steps:

• Send formal notification of DPP data requirements
• Provide data specification documents (fields, formats, deadlines)
• Deliver training on your data collection platform/portal
• Amend supplier agreements to include DPP data provision obligations
• Establish consequence framework for non-compliance (remediation periods, then commercial penalties)

Step 2.2: Tier 2 Supplier Engagement (Fabric Mills, Dyehouses)

Tier 2 suppliers are the most data-critical tier for textile DPP—they hold chemical input records, water and energy consumption data, and material process information.

Critical data to collect from Tier 2:

• Chemical inventory used in each production run (referenced against ZDHC MRSL)
• Water consumption per kilogram of fabric produced
• Energy mix (grid electricity, coal, natural gas, renewables) per production batch
• Wastewater treatment data (ZDHC Wastewater Guidelines compliance)
• Dyehouse certifications (OEKO-TEX Standard 100, Bluesign, GOTS)

[!WARNING]

Chemical data is the hardest to collect and the most heavily audited. Dyehouses in developing economies often lack digital records of chemical inputs and may be reluctant to share proprietary formulations. Invest in building trust and providing technical assistance—this relationship will determine whether your DPP data passes regulatory scrutiny.

Step 2.3: Tier 3 and 4 Supplier Engagement (Spinners, Fiber Producers)

Tier 3 and 4 suppliers—yarn spinners, ginners, cotton farmers, synthetic fiber extrusion plants—are often small enterprises with minimal digital infrastructure and no prior experience providing structured data to brands.

Practical approach:

• Start with your highest-volume raw material sources (e.g., the top three cotton suppliers)
• Provide simplified data collection templates (paper-based or low-tech mobile forms if necessary)
• Aggregate Tier 3-4 data through your Tier 2 suppliers where direct relationships do not exist
• Use certification bodies (GOTS, Fairtrade, Better Cotton) as data intermediaries where applicable

Step 2.4: Supplier Data-Sharing Agreements

Formalize data provision through updated commercial agreements:

• Data ownership: Clarify who owns the data and usage rights
• Confidentiality: Protect supplier proprietary information (e.g., dye formulations) while ensuring DPP transparency requirements are met
• Liability: Allocate responsibility for data accuracy and penalties for intentional misrepresentation
• Updates: Require notification of material changes (new chemical inputs, supplier substitutions)

Phase 3: Technical Setup — Identifiers, URIs, and Schemas

Duration: 6–12 weeks (can run in parallel with Phase 2) Objective: Establish GS1 identifiers, create JSON-LD schemas, and select/configure your DPP platform.

Step 3.1: GS1 Identifier Registration

Actions:

1. Join GS1 in your country of operation (or the country where you will register products)
2. Obtain a GS1 Company Prefix (GCP)
3. Assign GTINs to every product variant (each SKU, color, and size combination)
4. Document your GTIN assignment logic for consistent future allocation

Example GTIN Structure:
GS1 Company Prefix (7-9 digits) + Item Reference (3-1 digits) + Check Digit (1 digit)
= 13-digit GTIN

For brand with prefix 0950110:
  Product Line 001, Color 01, Size M → GTIN 09501100010015
  Product Line 001, Color 01, Size L → GTIN 09501100010022

Step 3.2: GS1 Digital Link URI Setup

Every GTIN must have a corresponding GS1 Digital Link URI that resolves to the product’s DPP data. This is the web address encoded in your QR code or NFC tag.

Standard format:

https://id.dpptex.example/01/{GTIN}
or
https://dpp.brandname.com/gtin/{GTIN}

The URI must:

• Be permanently maintained (15+ years after product discontinuation)
• Resolve to a machine-readable JSON-LD document (for automated systems)
• Resolve to a human-readable product page (for consumer scanners)
• Support content negotiation (return different formats based on requester type)

Step 3.3: JSON-LD Schema Development

Develop a JSON-LD schema that maps your product data to the GS1 Web Vocabulary and anticipated DPP data fields.

Core schema elements:

{
  "@context": [
    "https://gs1.github.io/gs1Voc/jsonld/gs1Voc.jsonld",
    "https://www.w3.org/2018/credentials/v1"
  ],
  "@type": ["gs1:Product", "VerifiablePresentation"],
  "@id": "https://id.dpptex.example/01/09501100010015",
  "gtin": "09501100010015",
  "productName": "Organic Cotton Classic T-Shirt",
  "brand": {"gs1:brandName": "Your Brand"},
  "materialComposition": [
    {"material": "organicCotton", "percentage": 100, "certification": "GOTS"}
  ],
  "countryOfAssembly": "BD",
  "manufacturer": {
    "@type": "gs1:Organization",
    "gs1:globalLocationNumber": "GLN_of_factory"
  },
  "certification": [
    {"type": "OEKO-TEX_STANDARD_100", "certificateNumber": "XX-XXXXX"},
    {"type": "GOTS", "certificateNumber": "XXXXXX", "scope": "organicCotton"}
  ],
  "chemicalDeclaration": {
    "compliesWith": ["ZDHC_MRSL_V3.1", "REACH_Annex_XVII"],
    "svhcFree": true
  },
  "circularityInformation": {
    "recycledContent": 20,
    "recyclabilityInstructions": "Garment is 100% single-fiber. Remove buttons before recycling.",
    "repairabilityScore": 7,
    "expectedLifetime": "3 years (50 wash cycles)"
  },
  "carbonFootprint": {
    "totalCO2e": 8.5,
    "unit": "kgCO2e",
    "scope": ["Cradle-to-gate"],
    "verifiedBy": "Carbon Trust"
  }
}

Step 3.4: DPP Platform Selection and Configuration

Select a DPP platform (SaaS or custom) that handles:

• JSON-LD schema management and validation
• Data ingestion from PLM/ERP systems
• QR code / data carrier generation
• Registry API integration
• DPP data hosting with 15-year retention
• Analytics and scan tracking

Selection criteria to evaluate:

Phase 4: Registry Registration — Connect to the EU System

Duration: 4–6 weeks Objective: Register with the EU central DPP registry and register your initial products.

Step 4.1: Economic Operator Registration

Before registering products, your company must be registered as an economic operator:

• Identify the legal entity operating in the EU (manufacturer, importer, or authorized representative)
• Register for an Economic Operators Registration and Identification (EORI) number if importing
• Prepare documentation: company registration, VAT number, responsible person designation

Step 4.2: Product Registration in the Central DPP Registry

The EU central DPP registry is scheduled to become operational in July 2026. When available:

1. Access the registry portal (authentication via EU Login or eIDAS)
2. Register each product model with its GTIN and GS1 Digital Link URI
3. Receive the registry-assigned unique identifier for each product
4. Test the registry resolution chain: scan data carrier → registry lookup → resolve to your DPP data endpoint

[!IMPORTANT]

The registry stores routing information, not full DPP data. The central registry maintains the authoritative mapping between data carriers and DPP data endpoints, but the actual passport data remains hosted on your infrastructure or your DPP platform provider’s infrastructure. This is a fundamental design principle of the decentralized DPP architecture.

Phase 5: Data Carrier Deployment — Physical Attachment

Duration: 4–8 weeks (physical design, testing, production integration) Objective: Design, test, and deploy data carriers on your products.

Step 5.1: Carrier Selection per Product Type

Choose the appropriate data carrier based on your product characteristics:

Step 5.2: Physical Attachment Method

The data carrier must be permanently attached and remain readable throughout the product’s expected lifetime, including:

• Manufacturing and finishing processes (dyeing, washing, pressing)
• Transportation and warehousing
• Retail display and handling
• Consumer use (including domestic washing and drying)
• End-of-life collection and sorting

Attachment methods:

• Sewn-in label: Highest durability, integrates with existing care label production
• Heat-transfer print: Directly onto fabric; cost-effective for large volumes
• Woven-in QR: Jacquard-woven into garment; permanent but limited to simple QR patterns
• Embedded NFC/RFID: Sewn into seam allowances or integrated into brand labels

Step 5.3: Durability Testing

Before production deployment, validate data carrier durability under realistic conditions:

Phase 6: Pilot, Iterate, and Scale

Duration: 12–16 weeks (pilot) + ongoing scaling Objective: End-to-end test with one product line, learn, and scale to full catalog.

Step 6.1: Select Pilot Product Line

Choose a product line that:

• Has a relatively simple supply chain (fewer Tier 2+ suppliers)
• Has reasonable data availability (existing certifications, known suppliers)
• Is not critically time-sensitive (not a seasonal item with a hard deadline)
• Has a manageable SKU count (3–10 variants)

Step 6.2: Execute End-to-End Test

Run the complete DPP lifecycle for your pilot products:

1. Data collection: Verify that all required data flows from suppliers through your platform
2. Schema generation: Validate JSON-LD output against schema
3. Registry registration: Confirm successful registration and URI resolution
4. Carrier attachment: Apply data carriers to pilot production run
5. Scan testing: Verify at every touchpoint:

[Factory Floor] → [Packaging/Shipping] → [Customs Simulation] → [Warehouse Receiving]
       ↓                                                                     ↓
[Consumer Smartphone Scan] ← [Retail Point-of-Sale] ← [Distribution Center]
       ↓
[Recycling Sorter Scan (UHF RFID/QR)]

Step 6.3: Identify and Fix Bottlenecks

Document every failure point, data delay, and process friction encountered during the pilot. Common issues include:

• Data latency: Supplier data arrives 2–3 weeks after production, delaying DPP generation
• Schema errors: Missing mandatory fields or invalid data types in JSON-LD
• Carrier readability: QR codes become unreadable after the first wash cycle (insufficient durability)
• Registry connectivity: API timeouts or authentication errors during registration
• Supplier resistance: Tier 3–4 suppliers refuse or delay providing data

[!WARNING]

The pilot will reveal problems you did not anticipate. Plan for at least one full iteration cycle (fix issues, re-test) before declaring the pilot successful. Rushing from pilot directly to full-scale production without a structured fix-and-verify cycle is the most common cause of DPP deployment failures.

Step 6.4: Scale to Full Production

Once the pilot is successful and all issues are resolved:

1. Expand to additional product lines, starting with the next simplest supply chains
2. Integrate DPP generation into your standard product development and production workflows
3. Automate data collection where possible (API integrations replacing manual data entry)
4. Train all relevant teams: product development, sourcing, quality assurance, logistics
5. Establish a DPP operations function responsible for ongoing maintenance

Ongoing Maintenance: The DPP Does Not End at Production

DPP compliance is not a one-time project. Once your passports are live, you must maintain them:

Data Updates

• Update DPP data when: material sources change, certifications expire/renew, chemical inputs change, or new regulation adds required fields
• Maintain an audit trail of all data changes (who changed what, when, and why)

Re-Verification Cycles

• Annual re-verification of supplier data for high-risk categories (chemicals, certifications)
• Bi-annual re-verification for medium-risk categories (country of origin, recycled content)
• On-demand re-verification if a supplier change or material issue is flagged

15-Year Retention Requirement

• Ensure DPP data hosting infrastructure has long-term viability
• Plan for data format migrations (JSON-LD versions, encryption standards)
• Maintain access even if your DPP platform relationship changes (data portability clauses in contracts)

Actionable Takeaways

1. Do not attempt all phases simultaneously. Follow the sequential logic: you cannot build schemas without data, you cannot deploy carriers without registry registration, and you cannot scale without a proven pilot.
2. Start Phase 1 this week. The data audit requires no new technology or supplier engagement—just your existing records and a structured gap analysis. Every day of delay pushes your entire timeline forward.
3. Budget for an 8–10 month end-to-end timeline for your first product passport. The supply chain engagement phase (Phase 2) consistently takes longer than anticipated. Plan accordingly.
4. Select your DPP platform early. Platform selection (Phase 3) determines your technical architecture. Do not wait until all supplier data is collected before choosing a platform—run these phases in parallel.
5. Invest in supplier relationships. Phase 2 (supply chain engagement) is where DPP implementations succeed or fail. Tier 3–4 suppliers need education, support, and clear commercial incentives. Relationship investment today prevents data black holes tomorrow.
6. Treat the DPP as an ongoing operational function, not a one-time project. Budget for permanent staffing, recurring platform costs, and continuous data maintenance from Day 1 of your production deployment.

Related B2B Compliance Intelligence

• Is Your Business Ready for DPP? A 10-Point Compliance Checklist: Practical self-assessment checklist covering data audit, supplier coverage, registry registration, QR/NFC setup, and sys…
• DPP Compliance Cost: What Businesses Should Budget in 2025-2027: Financial breakdown of DPP implementation costs: SMEs €10k-€50k, enterprise €15k+/year ongoing. Platform fees, GS1 costs…
• ESPR Working Plan 2025-2030: Which Products Are Prioritized and When: Full breakdown of the 11 priority categories in the ESPR Working Plan adopted April 2025, with urgency tiers and estimat…

📚 Regulatory & Academic Bibliography

• European Commission - ESPR Guidelines: Official EUR-Lex circular economy directives and delegated acts.
• GS1 Global Standards Registry: Technical specifications for GTIN-14 and resolver architectures.
• W3C Verifiable Credentials Core 2.0: Cryptographic verification protocols and JSON-LD syntax rules.
• ISO Quality Management Systems Catalog: Forensic laboratory and testing competence requirements (ISO 17025).