Unlocking Transparency and Sustainability in Manufacturing, R&D and Supply Chain

Are you ready for the Digital Product Passport?

Imagine a digital ID card for your products that holds a rich, standardised data set of sustainability, compliance, and lifecycle information which is accessible electronically across the supply chain and beyond. The Digital Product Passport (DPP) is already being adopted by pioneering companies to enhance transparency, build trust and drive sustainability.

Rapidly changing regulations and increasing data complexity causes challenges for manufacturers, R&D teams and compliance professionals. The DPP is a key part of the European Ecodesign for Sustainable Products Regulation (ESPR) that has been effective since July 2024. The ESPR requires the data on the DPP to be accurate, complete and up to date.

The Regulatory Timeline and Scope

The rollout of DPPs will be phased and product-specific, with legal and regulatory changes being introduced over the coming years.

The data included in the DDP covers information from technical performance, raw material sourcing, environmental impact, material composition to disposal guidelines. The initial focus will include high-impact products such as batteries, electronics, textiles, furniture, tyres, plastics and construction materials.

Why should your company care?

Beyond regulatory compliance, DPPs offer other benefits and new business models:

• Provides visibility across the entire value chain by simplifying audits, reducing risks and strengthening supplier relationships.
• Enables new models for customer engagement through building trust with customers.
• Improves repair and aftermarket service by providing instant digital access to product history, material composition and repair instructions.
• Unlocks value from retreading and recycling activities by promoting a circular economy which can bring new revenue streams.
• Enhances lifecycle management and lays foundation for future data-driven service offerings such as product-as-a-service.
  
  

Who is affected and should be responsible?

Cyber Resilience Act

There is also a strong complementary aspect of DPP with the Cyber Resilience Act (CRA) that requires all digital products sold in the EU to meet mandatory cybersecurity standards by December 2027. Manufacturers, importers, and distributors must classify their products by risk level and follow tailored compliance pathways – from internal assessments for non-critical products to third-party certification for critical ones. DPP can be an important digital tool supporting the CRA. By providing transparent and interoperable data about product security, lifecycle and sustainability, it covers the same data for CRA compliance. On the other hand, information mandated by CRA, such as technical information, software versions or security maintenance records, can form the basis of the DPP.

With vulnerability reporting due by June 2026 and penalties for non-compliance with CRA, organisations should start assessing their portfolios now and embedding security and sustainability by design into their product development.
 

Challenges and Practical Considerations

Implementing DPPs is not without challenges and requires a certain data maturity. This could need additional efforts in data collection, cleaning and alignment across departments such as supply chain, R&D, manufacturing, and compliance. Furthermore, integration with existing digital systems (e.g., PLM, ERP, CRM) is essential but may require investment.DPP implementation is a business transformation, not just a regulatory fix – it requires strategic commitment to use digital technologies and embed sustainability into core business processes.
 

How Deloitte Can Help

Navigating the complexities of DPP regulatory compliance and harnessing its business potential requires expertise and experience. Deloitte offers tailored workshops designed to assess your organization’s readiness, clarify applicable regulations, identify data maturity, and develop strategic roadmaps for DPP implementation.