Digital Product Passport: What SMEs Actually Need to Do Before 2027

When I ask mid-sized manufacturers about the Digital Product Passport, I get one of two reactions.

"We have a workstream for that" — which usually means a PowerPoint deck and one person monitoring EU regulatory updates as 20% of their job.

Or: blank stare, followed by "isn't that a 2027 thing?"

Both responses share the same underlying problem: treating DPP as a compliance project rather than a data infrastructure decision.

What the Digital Product Passport Actually Is

The DPP is a core component of the EU's Ecodesign for Sustainable Products Regulation (ESPR). Every regulated product sold in the EU will need a machine-readable data record covering its environmental footprint, composition, repairability, and end-of-life options.

This data must be accessible via a digital carrier (QR code, RFID) on the physical product, queryable via standardized API, updated throughout the product lifecycle, and linked to a verified economic operator.

Timeline as of early 2026: Delegated acts for first product categories are in progress. Industrial and EV batteries already under the Battery Regulation since 2027. Textiles, electronics, and construction materials rolling out 2027-2030. Check the ESPR delegated acts for your specific product category — timelines vary significantly.

Why Most SME Advice on DPP Is Wrong

The standard advice: build a product database, attach a QR code, done.

This misses the fundamental challenge. DPP is a supply chain data problem, not a product label problem.

The data required for a complete DPP — carbon footprint, material composition, hazardous substances, recycled content percentage — doesn't live in your ERP. It lives partly in your ERP, partly with your Tier-1 suppliers, partly with their suppliers, and partly in third-party certification bodies.

If your Tier-1 suppliers can't provide verified environmental data about their components, your DPP will be incomplete (non-compliant) or based on estimates (legally and commercially risky).

The companies getting ahead of this are not building DPP software. They're having difficult conversations with their supply chain about data standards.

Three Things That Actually Matter Now

1. Identify your first affected product categories.

Don't wait for a universal rollout. The delegated acts are issued by product category. If you're in batteries, textiles, or electronics, the clock is already running.

2. Map where your product data actually lives.

Not where it should live — where it actually lives. Talk to procurement, operations, and R&D. You will find: some data in ERP, some in PDM systems, some in supplier certificates in email attachments, some in spreadsheets, some that doesn't exist yet.

This is a data audit, not a software project. Software comes later.

3. Start the supply chain data conversation early.

Your suppliers — especially smaller ones — may not have the data you'll need. They may not know DPP is coming. They certainly don't have a DPP data team.

The companies building supply chain resilience now are using DPP as the forcing function for supply chain data standardization. It's uncomfortable. It's also unavoidable.

What SMEs Should Not Do Right Now

Don't buy a DPP software platform yet. Standards are still finalizing. Any platform purchased today will need significant modification. The right time to invest is 12-18 months before your first compliance deadline.

Don't start with the QR code. The QR code is the last step. Starting there is like painting the exterior before pouring the foundation.

Don't assume your ERP vendor will handle it. They will build something. It won't cover supply chain data collection, third-party verification, or lifecycle updates. It will be a component, not a solution.

The Opportunity

DPP is one of several EU digital regulations creating a new category of implementation need: someone who understands both the regulatory requirements and the operational reality of a mid-sized manufacturer.

The companies that position as implementation partners in this space — not as software vendors but as translators between regulation and operations — will have significant opportunity in 2026-2028.

---

If you want a structured review of your DPP exposure — product categories, data gaps, and a practical 6-month roadmap — book a call. No pitch. Just a clear-eyed assessment.