Repass

ESPR, Product Digital Identity (DPP) and Repass as Integrated Data Platform

Article
10 March, 2026
The Operating Model for DPP at Scale (2026–2029) 

Europe’s Digital Product Passport (DPP) is moving from policy to operating reality on a compressed Q2‑2026 to 2027 timetable. CEN/CENELEC will deliver harmonized system standards in June 2026; an EU DPP Registry test environment is slated for July 2026; delegated acts for iron and steel close by end‑2026; delegated acts for textiles, tires and aluminum land in 2027; European Identity Wallets are expected to handle issuance/verification/amendment from 2027; and the first mandatory DPPs (batteries) take effect in February 2027.

The execution model that scales is decentralized: suppliers provide structured data; the legally obligated operator (e.g., brand/manufacturer) provides and maintains the passport; the EU Registry validates product identifiers and routes requests—it does not host your product data; GS1 Digital Link/EPCIS provide the standards stack; and an integrated product platform like Repass is the operational layer where DPP becomes real across the value chain without centralizing sensitive information.

1) The 2026–2027 Milestones That Matter

  • June 2026 — CEN/CENELEC deliver EU‑harmonized DPP system standards (framework for implementation and processing).
  • July 2026 — Test version of the EU DPP Registry.
  • End of 2026 — Delegated acts finalized for intermediate products: iron and steel.
  • 2027 — Delegated acts for textiles, tires and aluminum; European Identity Wallets expected to support DPP issuing, registration, verification, and amendment.
  • February 2027 — First mandatory DPPs: batteries.

Budget, architecture, and partner choices made in 2026 determine regulatory readiness and the cost basis for lifecycle data services through 2029.


2) Accountability: Who Issues What — and Where Repass Fits

  • Suppliers do not issue DPPs unless a sector‑specific rule explicitly obliges them (e.g., a manufacturer producing mattresses as finished products that later become components). Their responsibility is to provide accurate, structured data in the formats required for the legally obligated operator to create and maintain the passport.
  • The legally obligated operator (typically the brand or manufacturer) is the entity that creates issues and maintains the DPP throughout its lifecycle — including updates, corrections, and amendments.

This distinction prevents fragmentation (every supplier minting “its own passport”) and keeps accountability aligned with where product risk, market access responsibilities, and brand equity sit.

Where Repass fits in this accountability model

Repass sits between suppliers and the obligated operator, functioning as the governed integration layer that makes the model operational without shifting legal responsibility:

  • Repass collects, structures, validates, and governs supplier data, ensuring the obligated operator can use it to maintain the DPP.
  • Repass provides the infrastructure where the operator stores, updates, and exposes its DPP data — fully decentralized and under the operator’s control.
  • Repass ensures GS1‑compliant identifiers, Digital Link generation, EPCIS event data (where required), and lifecycle‑ready documentation, so the operator fulfils its legal role without building complex IT or forcing unrealistic processes on suppliers.

In short: Suppliers provide structured data → Repass operationalizes and governs it → The operator issues and owns the DPP.

3) The EU DPP Registry as a Directory, not a Database — and Where Repass Fits 

The EU DPP Registry validates the Unique Product Identifier (UPI) and then routes the request to the operator’s chosen data source. It does not host or store product passport data. The full dataset remains under the operator’s control, which protects sovereignty, scalability, and the freedom to innovate across systems and markets.

This architecture only works if companies have an infrastructure layer capable of managing decentralised data while remaining standards‑aligned. This is precisely where Repass operates.

Where Repass fits in this architecture 

  • Repass provides the operator’s data source that the EU Registry routes to — a governed, secure, standards‑compliant environment for hosting and exposing DPP data without centralization.
  • Because the data stays with the operator (or their mandated service provider), Repass ensures full decentralization while still enabling interoperability through GS1 Digital Link and EPCIS where required.
  • Repass acts as the policy‑enforced data space: suppliers contribute structured data; operators retain control, and Repass manages access to governance, traceability logic, and lifecycle documentation.
  • This approach converts “data fluency” from a theoretical aspiration into an operational reality — without shifting ownership, without creating a dependency on central platforms, and without exposing proprietary information.

In short: 
The EU Registry points → Repass serves → operator controls. 

  

4) Standards Stack: GS1 Digital Link (and EPCIS Where Required) — and Repass’ Role 

  • GS1 Digital Link converts a product’s identifier (GTIN + optional serial, or any ISO/IEC 15459‑compliant UPI) into a web‑addressable entry point. This allows one 2D code or RFID/DataMatrix to resolve multiple data layers — regulatory disclosures, consumer information, B2B documentation, certificates, service instructions, circularity data, and more.Interoperability is achieved because the architecture is fully standards‑based across the EU. 
  • EPCIS event data is used where lifecycle events and value‑chain transformations must be captured — movements, observations, service interventions, maintenance, part replacements, refurbishment, return logistics, or end‑of‑life routing. EPCIS provides the semantic layer that ties lifecycle events to a unique digital identity.

Where Repass fits in this standards architecture 

Repass operates as the standards‑native execution layer: 

  • Repass generates, manages and governs GS1 Digital Link identifiers so that every product receives a valid, future‑proof entry point that is compatible with the EU DPP Registry and all downstream actors.
  • Repass captures and exposes EPCIS events where required — ensuring transformation, traceability and provenance logic are not theoretical but operational, and can be shared selectively with authorized partners without centralizing data.
  • Repass ensures that all identifiers, events, and data layers live inside a decentralized, operator‑controlled environment, aligning perfectly with the EU’s architecture and GS1’s recommended implementation model.
  • Because Repass supports multi‑layer data retrieval from a single GS1 Digital Link, companies can serve regulated data, voluntary disclosures, manuals, certificates, and circularity services without creating parallel systems or version conflicts.

Bottom line: 

  • GS1 Digital Link is the connective tissue. 
  • EPCIS adds lifecycle semantics. 
  • Repass is the operational layer that binds both into a coherent, compliant, and scalable DPP system.

5) Where does Repass or your solution partner fit into this transition?  

  • Digital IDs and GS1 Integration

Core digital ID management with GS1 Digital Link, ensuring compliant identifiers and data carriers.

  • Material Traceability and BOM Management

Tracks materials, documents, and composite BOMs — securing DPP‑required data completeness.

  • Full Lifecycle Visibility with Deep Integrability

Visualises the product journey end‑to‑end and connects across systems with high‑code/no‑code integrations: Works both upstream (suppliers, production, system partners for LCA, audits, logistics) and downstream (wholesale, retail, claims, repair, spare parts, maintenance, resale, recycling).

  • Scalable, Secure Data Sharing

API‑driven data exchange and workflow automation without data fragmentation or centralisation.

  • Supports controlled sharing between all stakeholders in the value chain.
  • GS1 Digital Link - Epcis Data Protocol Aligned with global identification and data‑sharing standards — essential for cross‑border DPP compliance.

In short: 

Repass or your solution partner must be able to remove the operational friction between compliance requirements and real‑world supply chains. Value generative concepts of business. We work directly inside the DPP architecture. It means:  

  • Decentralised data ownership 
  • Standardised access (GS1 Digital Link) 
  • Lifecycle events (EPCIS where required), and secure, governed data exchange between suppliers and operators.


This is the operating model that scales:

  • No heavy IT reinvention. 
  • No unrealistic expectations are placed on suppliers. 
  • Just a flexible, standards-aligned platform that meets companies where they actually are.

If you are preparing for the 2026–2029 shift, now is the window to build the foundation. Repass is ready to support that journey — from strategic clarity to step-by-step scaling.  


For concrete use-cases, articles and interviews close to your industry segment, check out here: Repass Blog 

For workshops, or simply prototyping and evaluation, contact us here.
 

Refrence Articels:  

GS1-Standards-Enabling-DPP-V2.2.pdf 

GS1-Enabling-DPP-White-Paper-1.pdf 

 

Join the Newsletter

Get the latest news and insights directly in your inbox