On March 30, 2022, the European Commission (EC) unveiled a proposal for a framework eco-design regulation aimed at creating a policy framework for sustainable products. Among the tools proposed by the EC is the EU Digital Product Passport (DPP), a product-specific data set that would apply nearly to all non-food products sold in the EU and would require disclosure of a vast array of information, much of it currently deemed confidential business information. Through DPPs, both competent authorities and users across the supply chain will have access to information including origin, materials, and sustainability and recyclability, via a scannable QR code. DPPs are intended to promote circularity and economic growth, help consumers make sustainable choices, and improve enforcement. If adopted as envisaged in 2024, the DPP framework would likely enter into force in 2027. In addition to environmental and product safety considerations, intellectual property rights, usefulness of the data, privacy and security are all important issues for affected companies to consider.
The DPP framework does not detail DPP requirements for specific products at present; these will be set out at a later stage by delegated regulations. The rules will be used not only in eco-design legislation itself but in other product-specific directives or regulations, e.g., for batteries, toys, detergents. The first proposed DPP, for batteries, was published on September 12, 2022.
The EC is currently working on harmonized standards to implement the DPP regulation. Many aspects of the DPP framework have yet to be finalized, including how DPP data should be collected and stored; safeguarding intellectual property rights; whether the same requirements should apply to all companies producing covered consumer products or vary by size of the company, type of product, etc. Eight key areas need to be standardized, and the EC is seeking feedback from interested stakeholders on the following areas in particular:
Unique identifiers
Data carriers (QR code but several other means also possible)
Links between physical product and digital representation
Access rights management (public data vs. restricted data)
Interoperability (during life cycle, with other databases)
Data storage and data persistence
Data authentication
Data security and privacy
The information envisioned to be provided through a DPP will include safety data and will give any user full access to a manufacturer’s product safety technical dossier to the extent the product is subject to CE marking requirements. Companies may also be required to provide tracking codes, user manuals, and safety and use instructions via a DPP. It is not yet clear whether providing this information solely through the DPP mechanism will be sufficient to meet existing regulations; current U.S. law, for example, requires that tracking labels appear, to the extent feasible, on all children’s products and packaging, and use of a QR code alone on packaging would not satisfy this requirement. Global marketers will therefore need to carefully consider applicable requirements in all jurisdictions, as well as whether, regardless of regulatory requirements, it would be advisable to provide certain information on packaging, product labels, and/or hard copy paper manuals.
An important point for companies to consider now is how the proposal affects their intellectual property and how to safeguard it in a DPP. Mandating that DPPs provide copies of all test reports, for example, seems especially burdensome and implicates sensitive non-public business information. Test reports also typically identify not only the name of the test laboratory but also key individuals responsible for the testing, so disclosure of their identity implicates personal privacy. Responsible authorities would have access to test information as needed, upon a valid request, but companies may wish to weigh in on these and other concerns about the proposal now.
The deadline for comments is September 26, 2023.