Multi-Stakeholder System

The DPP Ecosystem: Who Accesses What Data — and Why

Q: How does a circular economy operator get authenticated to access restricted DPP data?

The authentication mechanism for CEOPs is still being defined through CEN/CENELEC technical standards expected by end of 2025. The broad principle is that CEOPs must be identifiable entities — registered repair facilities, licensed recycling operators, or certified remanufacturers — rather than anonymous actors.

Q: Can a brand restrict which data a circular economy operator can write?

Yes. A brand may authorize a repair facility to record repair events and composition changes while restricting it from modifying original production data or certification records. The REO retains control over access rights while ESPR requires that CEOPs have sufficient write access to fulfill their circularity function.

Q: What happens to DPP access rights when a product is sold second-hand?

The DPP stays with the product, not the original buyer. When a product enters the second-hand market, the DPP associated with its unique identifier remains accessible to whoever holds the product. The original brand remains the REO responsible for the DPP record.

Q: Can a regulator access DPP data without scanning the product physically?

Yes. Market surveillance authorities can access DPP data through authenticated digital access using the product's GTIN or unique identifier, without needing the physical product to be present with its QR code intact.

A Digital Product Passport is not a single page that everyone sees in the same way. It is a layered data system in which different stakeholders — consumers, regulators, recyclers, repair services — access different data based on their role, authorization level, and legitimate need. Understanding this ecosystem is essential for designing a compliant DPP.

Assess Your Readiness DPP Architecture Guide

DPP Stakeholders 4 Actors · 3 Access Levels

Consumers → Public data layer

Regulators → Full compliance layer

Recyclers → Circular economy layer

Brands → Full write access

Static vs Dynamic Data →

One QR Code. Multiple Data Views.

When a product's data carrier is scanned, the same QR code serves four fundamentally different audiences — each receiving the data layer appropriate to their role.

This is one of the most commonly misunderstood aspects of DPP architecture. Most brands instinctively think of DPP as a consumer-facing transparency tool — a QR code that links to a product information page. This captures only the smallest layer of what a compliant DPP system must support.

Under the EU's Ecodesign for Sustainable Products Regulation (ESPR), the DPP is a multi-stakeholder data infrastructure in which different actors have different access rights, different data needs, and in some cases different write permissions. The architecture that makes this work — resolver, access control, authentication, role-based data serving — is more complex than a simple QR-to-webpage model allows.

For brands designing their DPP system, understanding who needs what determines the data model, the access control architecture, and the scope of supplier data collection. A DPP designed only with the consumer in mind will fail the regulators and recyclers who are equally entitled to their data layers.

The Four DPP Stakeholder Types

ESPR defines four distinct actor categories, each with a specific role in the DPP ecosystem.

Responsible Economic Operator (REO)

Role: Creator and custodian of the DPP

The brand or retailer that places the product on the EU market. The REO is responsible for creating the DPP, populating it with accurate data, maintaining it throughout the product's lifecycle, and ensuring it meets all ESPR technical and content requirements. The compliance obligation rests here — regardless of which service provider manages the infrastructure.

Access level:

Full read and write access to all DPP data layers
Authority to grant access rights to other stakeholders
Accountability for data accuracy across all layers
Responsibility for data retention and backup arrangements

Key obligations:

Create and maintain the DPP for every in-scope product unit
Ensure data is accessible via compliant resolver infrastructure
Manage access authorization for third-party stakeholders
Maintain a backup copy through a certified provider

Consumers

Role: Public data layer readers

End consumers who scan a product's data carrier to access information about what they are buying or own. Consumers have read-only access to the public data layer — they cannot modify DPP data. Their interaction with the DPP is typically via a mobile device in a retail or post-purchase context.

What consumers can see:

Material composition by component
Country of manufacture and supply chain overview
Active third-party certifications with verification links
Care and washing instructions
Repair guidance and spare parts information
End-of-life guidance and take-back information
Indicative sustainability information (where published)

What consumers cannot see:

Detailed chemical compliance documentation
Full supply chain facility identifiers
Commercially sensitive supplier information
Regulatory compliance declarations

Public Authorities & Market Surveillance

Role: Compliance verification and enforcement

EU customs authorities, national market surveillance bodies, and regulators responsible for ESPR enforcement. These actors need access to the full compliance documentation layer — the data that proves the brand is meeting its regulatory obligations — which is not publicly visible to consumers.

What authorities can access:

Full chemical compliance records (REACH, SVHC declarations)
EU Declaration of Conformity
Detailed supply chain facility identifiers for traceability verification
Conformity assessment documentation
Technical file data relevant to product safety
Audit trails for DPP data changes

How access works:

Authentication via official market surveillance credentials
Access to restricted data layer not visible in public consumer interface
Ability to verify data against brand's DPP record during inspections

Circular Economy Operators (CEOPs)

Role: Circular economy data readers and contributors

Repairers, recyclers, remanufacturers, sorters, and resale platforms — the actors who interact with products after the point of consumer purchase. CEOPs are unique in the DPP ecosystem because they need both read access (to understand what a product is made of) and write access (to record what they have done to a product). This two-way data flow is what makes the DPP a living circular economy tool rather than a static label.

What CEOPs can read:

Component-level material composition (richer than the public consumer view)
Chemical substance locations within the product
Detailed disassembly instructions
Construction method (bonded vs stitched components)
Presence and location of coatings, laminates, or non-fibre elements
Hazardous substance warnings relevant to processing

What CEOPs can write:

Repair events (what was repaired, when, by whom)
Material composition changes after repair
Remanufacturing records
End-of-life processing confirmation
Condition and serviceability updates

The Two-Way Data Flow: Why DPP Is Not Just Broadcasting

Most brands think of DPP as pushing information out to consumers. The ESPR model requires something fundamentally different.

The DPP data flow has two directions. Brands and their suppliers push product data into the DPP at the point of production. Circular economy operators push lifecycle event data into the DPP as they interact with the product over time. Consumers and authorities pull data out of the DPP based on their access rights.

This two-way model has significant implications for system architecture that a one-directional publishing model does not:

Write Access Must Be Controlled

If circular economy operators can write data to a DPP, the system must have robust access controls that verify who is writing, what they are authorized to write, and how their contributions are validated. An unauthenticated repair shop being able to alter a DPP's material composition record is not compliant DPP architecture — it is a data integrity risk. Access control for write permissions is as important as access control for read permissions.

Version Control Is Non-Negotiable

When a repair operator updates a DPP's material composition, the original composition must be preserved as a historical record. When a recycler records an end-of-life event, the pre-processing record must remain accessible. The DPP must maintain a complete version history — so that at any point in the product's lifecycle, the record reflects both what the product is now and what it was at every previous stage.

Third-Party Integration Is Required

Circular economy operators will not access the DPP through the brand's internal platform. They will use their own systems — repair management software, recycling facility processing systems, sorter databases. The DPP infrastructure must expose APIs that third-party systems can integrate with, enabling circular economy operators to read and write DPP data from within their own workflows without manual intervention.

Secondary Use of Data Requires Consent

ESPR specifies that secondary use of DPP data — using it for purposes other than its intended DPP function — requires explicit consent. A recycler who accesses material composition data to sort a garment is using it for its intended purpose. A data broker who aggregates DPP data to sell market intelligence is using it for a secondary purpose that requires separate authorization. This consent framework must be built into the access control architecture.

The DPP Data Access Matrix

Which stakeholder accesses which data — read, write, or none.

Data Category	Consumer	Authority	CEOP	REO (Brand)
Material composition (overview)	Read	Read	Read	Read / Write
Material composition (component-level detail)	—	Read	Read	Read / Write
Care instructions	Read	Read	Read	Read / Write
Country of origin / supply chain overview	Read	Read	Read	Read / Write
Facility-level supply chain identifiers	—	Read	Read	Read / Write
Chemical compliance records (REACH/SVHC)	—	Read	Read (limited)	Read / Write
Certifications	Read	Read	Read	Read / Write
Disassembly & circularity instructions	Read (summary)	Read	Read (full)	Read / Write
Repair history and lifecycle events	Read (summary)	Read	Read / Write	Read / Write
Environmental performance data	Read	Read	Read	Read / Write
Conformity declarations / technical file	—	Read	—	Read / Write

What the Multi-Stakeholder Model Means for Your DPP System

Designing a DPP that serves all four stakeholder types correctly is significantly more demanding than building a consumer-facing product page.

Your Platform Must Support Role-Based Access

The DPP system must authenticate each type of requesting party and serve the appropriate data layer. This is not a cosmetic UI decision — it is a system architecture requirement. Evaluate DPP platforms on their access control implementation, not only their consumer-facing interface design.

You Must Plan for Write Access from Third Parties

Circular economy operators will eventually need to write data to your DPP records. Even if this capability is not yet widely used in practice, your platform must support it architecturally. A DPP system that can only receive data from the brand is not fully compliant with the ESPR model.

Collect All Data; Publish Selectively

Collect the full data set across all nine categories — including data that will be restricted or operator-only. Then configure access controls to publish only the appropriate layer to each stakeholder type. Collecting only consumer-visible data means your DPP will fail the regulatory and circular economy access tests.

Build for the Circular Economy Timeline, Not Just 2028

The circular economy operator data layer becomes more important as circular economy infrastructure matures — take-back schemes scale, repair services formalize, recycling technology improves. A DPP built only for 2028 enforcement will need to be upgraded to serve circular economy operators as they become significant actors in the product lifecycle. Build the infrastructure now that will serve the circular economy use cases of 2030 and beyond.

Frequently Asked Questions

How does a circular economy operator get authenticated to access restricted DPP data?

The precise authentication mechanism for circular economy operators is still being defined through the CEN/CENELEC technical standardization process, with standards expected by end of 2025. The broad principle is that CEOPs must be identifiable entities — registered repair facilities, licensed recycling operators, or certified remanufacturers — rather than anonymous actors. The authentication system will likely involve digital credentials issued under a recognized scheme. Brands selecting DPP platforms should confirm that their provider's authentication infrastructure is designed to be aligned with these forthcoming standards.

Can a brand restrict which data a circular economy operator can write?

Yes — and this is an important data governance decision. A brand may authorize a repair facility to record repair events and material composition changes while restricting it from modifying original production data or certification records. The ESPR framework gives the REO (brand) control over access rights while requiring that circular economy operators have sufficient write access to fulfill their circularity function. The specific boundaries will be further defined in the Delegated Acts.

Does the DPP consumer interface need to show repair history?

A summary of repair history — that a product has been repaired, and the general nature of the repair — may be appropriate in the consumer-facing DPP, particularly for second-hand products where repair history affects value and condition. Detailed repair records (specific materials used, costs, repairer identity) are more likely to sit in the circular economy operator data layer. The exact boundaries between what repair data is public and what is restricted will be specified in the Delegated Acts.

What happens to DPP access rights when a product is sold second-hand?

The DPP stays with the product — not with the original buyer. When a product enters the second-hand market, the DPP associated with its unique identifier remains accessible to whoever holds the product. Consumer access rights apply to the current holder. The original brand remains the REO responsible for the DPP record. Some DPP frameworks anticipate that resale events may be recorded as dynamic data updates, potentially involving the resale platform as a data contributor — but the specific rules for this are still being developed.

Can a regulator access DPP data without scanning the product physically?

Yes. Market surveillance authorities do not need to physically scan a product to access its DPP data. Under ESPR, regulatory access to DPP data is possible through authenticated digital access to the DPP system — for example, during a market surveillance inspection, a regulator can access the DPP record for any product placed on the EU market using the product's GTIN or unique identifier, without needing the physical product to be present with its QR code intact.

Ready to test epassportify with a pilot product line?

Join the pilot for early access, onboarding support, and direct input on feature development.

Join the Pilot Program Request a Demo

Requirements evolve—structured data keeps you upgrade-ready.