What Is the Digital Product Passport Registry?

The Digital Product Passport registry is the EU information system intended to securely store key registration data for digital product passports, including unique identifiers and other information required under relevant EU legislation.

The draft implementing rules describe the registry as more than a database. It would include a secure website, an API, user verification tools, a semantic repository, a log system, and identification and authorisation schemes for registry users.

In practical terms, the registry is expected to help connect product compliance data with market surveillance, customs controls and traceability requirements across the EU.

Who Should Pay Attention?

The draft rules are relevant for businesses and actors involved in products that require a digital product passport under EU law. This includes products covered by delegated acts under Regulation (EU) 2024/1781 and other legislation that refers to the DPP registry.

The draft text specifically refers to product areas such as:

Businesses should not wait until their product group is fully regulated before preparing. DPP readiness requires structured data, supplier evidence, system integration and internal ownership.

Key Business Obligations in the Draft Rules

The draft regulation introduces several operational expectations for economic operators and other value chain actors.

1. Only Verified Economic Operators Can Register DPPs

Economic operators would need to complete an identity verification process before they can register digital product passports in the registry.

The draft rules distinguish between natural persons, legal persons, EU-established actors and non-EU actors. Depending on the case, verification may require qualified electronic signatures, qualified electronic seals, electronic identification, or electronic attestations of attributes under EU law.

Once verified, an economic operator would be able to register DPPs and correct existing registrations. The verified status would last until the electronic identification means expire, but no longer than three years.

2. Value Chain Actors May Also Need Verification

The draft rules also address other value chain actors, such as repairers, refurbishers, remanufacturers or recyclers, where they need access to the registry or need to update DPP information.

This means companies should think beyond the manufacturer. DPP compliance may involve a wider network of authorised actors, each with defined roles, access rights and responsibilities.

3. Product Passports Must Be Registered at the Correct Level

The draft regulation refers to DPP registration at model, batch or item level, depending on the applicable EU law.

Where a DPP is created at item level, batch and model identifiers should also be linked where they exist. Where a DPP is created at batch level, the model identifier should be linked where a model design exists.

This makes product data architecture essential. Companies will need to understand how their internal product structures, SKUs, batches, serial numbers and compliance records connect to DPP registration requirements.

What Data Will the Registry Check?

According to the draft rules, the Commission would automatically verify submitted registration data before a DPP is accepted into the registry.

The checks may include:

• Existence and semantic conformity of mandatory data
• Correct granularity level, such as model, batch or item
• Valid commodity code, where relevant
• Link to a backup hosted by a DPP service provider, where relevant
• Use of a qualified electronic signature or qualified electronic seal

After successful verification, the registry would generate and store a unique and persistent registration identifier.

For businesses, this means DPP data cannot be treated as unstructured documentation. It needs to be complete, technically valid, semantically aligned and supported by appropriate digital trust mechanisms.

Why the Semantic Repository Matters

One of the most important elements in the draft regulation is the semantic repository.

The semantic repository would act as an authoritative, machine-readable source for DPP data models, semantic definitions and vocabularies across product groups. It would define the meaning of data attributes, the structure of data models, metadata, roles and multilingual labels for mandatory attributes.

For businesses, this has a practical impact. Product data must not only exist; it must be structured in a way that EU systems can understand.

A company may already have product data in ERP systems, supplier declarations, technical files, spreadsheets, lifecycle assessment tools or compliance platforms. The challenge will be aligning this information with the required data models and semantic definitions.

Proof of Registration: Evidence for Compliance

The draft rules would allow an economic operator or relevant actor to generate proof of registration for one or more digital product passports.

This proof would serve as evidence that the registration obligation has been fulfilled. It would include key information such as the unique registration identifier, commodity code, name and identity of the verified economic operator, registration date and time, and a hash of the DPP version.

The proof of registration would be generated as a secure electronic document and made available through the registry interface or API. According to the draft, it would remain available for 90 calendar days from the date of generation.

This creates a clear compliance evidence trail. Businesses should consider how proof of registration will be stored internally and linked to product compliance records.

Data Accuracy, Updates and Retention

The draft regulation places responsibility on the verified economic operator to provide accurate and complete information and to keep registry data up to date.

The registry would support versioning, meaning each new DPP version would be linked to the original registration identifier and time-stamped. Changes such as creation, modification and deletion would be logged.

Where EU law does not specify a specific availability period, DPP registration data would be deleted automatically 10 years after registration. Where another EU law sets a specific period, the retention period would follow that requirement.

For compliance teams, this means DPP management should be treated as a living process, not a one-time upload.

Security and Accountability Requirements

The draft rules place strong emphasis on security, logging and accountability.

The registry would include a log system covering access and authentication, data modifications, administrative actions and data exchanges. The Commission would maintain the registry and implement measures to protect data integrity, confidentiality and availability.

Economic operators and other verified value chain actors would also have responsibilities. They would need to implement appropriate technical and organisational measures to protect their IT systems and credentials used to access the registry.

This is important because the verified economic operator remains responsible even where a third party is authorised to perform registration actions on its behalf.

What Businesses Should Do Now

Companies preparing for DPP requirements should start by building a practical readiness roadmap.

The companies that prepare early will be better positioned to reduce disruption, avoid incomplete submissions and manage DPP compliance efficiently.

Why DPP Readiness Is a Competitive Advantage

Digital Product Passports are designed to improve transparency, traceability and product information across the value chain. For businesses, this can also create operational benefits.

A well-prepared DPP approach can help companies:

• Improve product data quality
• Reduce supplier information gaps
• Support customs and market surveillance readiness
• Strengthen sustainability and circular economy reporting
• Build trust with customers and business partners
• Reduce manual compliance work over time

DPP compliance should therefore be viewed as part of a broader product compliance and sustainability transformation.

How ComplyMarket Can Support Your DPP Readiness

ComplyMarket helps businesses manage product compliance, material compliance, ESG requirements, supplier documentation and Digital Product Passport preparation in one structured compliance environment.

For companies affected by the Digital Product Passport registry, ComplyMarket can support by helping teams:

• Organise product and material compliance data
• Collect supplier declarations and supporting evidence
• Manage documentation needed for product compliance workflows
• Prepare structured information for Digital Product Passport requirements
• Improve visibility across product, supplier and regulatory data
• Support compliance teams with expert guidance and digital tools

As DPP rules continue to develop, businesses need more than a document archive. They need a reliable system for managing data, evidence, supplier communication and regulatory change.

ComplyMarket supports companies in building that foundation, helping compliance, sustainability, procurement and product teams move from fragmented data to a more controlled and audit-ready compliance process.

Conclusion

The draft EU rules for the Digital Product Passport registry show how DPP compliance is becoming operational. Verification, structured data, semantic interoperability, registry registration, proof of registration, security and accountability will all matter.

Businesses that place products on the EU market should start preparing now by reviewing their product data, supplier evidence, compliance systems and internal responsibilities.

Digital Product Passport readiness is not only about meeting a future requirement. It is about building a stronger, more transparent and more resilient product compliance process.