The European Commision (DG GROW) has confirmed the publication schedule for the eight harmonised European standards that will define how Digital Product Passports (DPPs) become interoperable in the frame of the European DPP System Framework. The first six standards passed the voting process beginning of April and are set for publication at the end of May 2026, with the remaining two following in Q3 2026. For operators preparing for DPP obligations, this is a critical milestone.

The Standards That Will Define DPP Compliance

The Digital Product Passport is the central instrument of the EU's Ecodesign for Sustainable Products Regulation (ESPR), which came into force in July 2024. Under ESPR, a wide range of products on the EU market will require a DPP. Mandatory requirements begin on 18 February 2027 for batteries demanded by the EU Battery Regulation that enforces interoperability with the EU DPP System Framework. Other product sectors like iron and steel, packaging, and construction materials following in 2028, and ICT products, tyres, aluminium, and textiles in 2029.

ESPR creates the legal obligation to issue a DPP. JTC 24's standards define how DPPs become interoperable in the DPP System Framework, not what data it must contain, which will be defined be corresponding delegated acts to come. The EU DPP System Framework defines the technical architecture through which that data is structured, stored, accessed, and verified. These standards will be the baseline against which system design is assessed. The eight standards cover the full technical architecture of a compliant DPP system:

• Unique Identifiers: Each product must be linked to its digital record through a standardised identifier that is persistent, traceable, and universally recognisable across systems and borders.

• Data Carriers: The physical or digital mechanisms that connect a product to its DPP (e.g. QR codes) must conform to agreed schemes to ensure consistent readability at every point in the value chain.

• Access Rights and Confidentiality: Not all DPP data is public. The standards define tiered access: what consumers can see, what regulators can access, and what remains confidential and only accessible by so called persons of legitimate interest.

• Interoperability: The DPP system is explicitly designed to be technology-neutral and vendor-independent. A DPP built on one platform must be fully readable and operable by any other compliant system.

• Data Authentication, Integrity and Reliability: Data within a DPP must be verifiable and tamper-evident. The standards address establishing authenticity and maintaining the integrity of information across a product's lifetime.

• APIs and Lifecycle Management: Standardised interfaces ensure DPPs can be searched, retrieved, updated, and transferred as a product changes hands, from manufacture through to end-of-life.

• Data Storage and Persistence: DPP data must remain accessible and unaltered over long timeframes, with defined requirements for archiving, backup, and data continuity.

• Trust, Security and Sovereignty: Underpinning the entire system is a framework governing how actors are credentialled, how data sources are authenticated, and how the system maintains integrity at scale across a distributed, multi-stakeholder environment.

What's Coming Next: A Calendar of Confirmed Milestones

The publication of the CEN/CENELEC (JTC 24) standards is only one piece of a rapidly accelerating regulatory programme. Based on the latest guidance from DG GROW, the confirmed timeline now extends well into the end of the decade:

Looking further ahead, a new technical committee, ISO/IEC JTC 5 Digital Product Passport, is scheduled to begin work in September 2026 that shall standardise cross sectoral and cross system interoperability of DPPs at the international level, a framework with potential to be a global benchmark.

The Battery Passport: No Extensions, No Exceptions

The first hard deadline remains 18 February 2027, when the Battery Passport becomes mandatory under the EU Battery Regulation. Some companies still assume a delay or grace period; the Commission has been explicit there will be none. Some technical points; battery carbon footprint, recycled content, and certain methodological elements, will need further clarification through additional standardisation and secondary legislation, but the core obligation is fixed.

A wider body of secondary legislation is also taking shape, with delegated and implementing acts in development covering service provider rules and certification, battery passport access rights, recognition of due diligence schemes, industrial battery carbon footprint methodology, EV battery carbon footprint label classes, and recycled content calculation and verification. For battery manufacturers and their supply chains, every one of these instruments will shape day-to-day compliance.

Who Needs to Pay Attention and Why Third- party backup matters

The scope is broad. Millions of European companies are expected to be required to issue Digital Product Passports in the coming years, spanning automotive and energy storage to fashion, consumer electronics, and construction. For manufacturers with supply chains across multiple tiers and geographies, the time required to gather, verify, and structure primary upstream data means preparation cannot wait.

The publication of the JTC 24 standards is the moment ambiguity ends. The technical specification is being fixed, and infrastructure that does not align with it will need to be rebuilt. It is not enough to collect sustainability data and attach it to a product identifier, that data must be structured, authenticated, stored with defined persistence, and accessible through compliant APIs.

One requirement deserves particular attention. The standards make explicit that every DPP must be backed up through a certified, independent third-party provider. This is not an optional safeguard, it is a structural feature of the system, designed to ensure DPPs remain accessible for the full lifetime of a product, even if the original economic operator ceases to exist. For manufacturers, the practical implication is direct: in-house infrastructure alone will not satisfy the requirement. Choosing a proven, compliant DPP partner is now part of the regulation, not a commercial preference.

Circulor: Contributing to the Standards, Designed Around Them

At Circulor, our regulatory team has been closely following JTC 24's work since the committee's inception in December 2023 and contributing by reviewing during public consultations across the full stack of standards. As technical lead for the Battery Pass Consortium and a recognised contributor to the JTC 24 enquiry process, we have helped shape the regulatory framework now reflected in the engineering of our platform. The standards have not required Circulor to change course, because the course was set with these requirements in mind.

The Window for Getting This Right Is Narrowing

The JTC 24 publication schedule is a signal, not a starting pistol. The companies best positioned for compliance are those already building the supply chain relationships, data processes, and technical infrastructure a credible, standards-aligned DPP requires. Regulatory deadlines are fixed. The standards are imminent. The DPP Registry will go live in July. The question for every manufacturer in scope is no longer what will be required, but whether their current approach will meet it.