Request a Demo
Implementation Roadmap

From Traceability to DPP: The Complete Roadmap

A Digital Product Passport cannot be more accurate than the supply chain data behind it. Traceability is the foundation. Every brand's path to DPP compliance starts with understanding where its products come from — and builds up from there. Here is the complete roadmap, from supply chain mapping to fully compliant DPP.

Map Your Starting Point Full Readiness Assessment
The Roadmap Traceability → Data → DPP
Phase 1: Supply chain mapping
Phase 2: Data collection & structure
Phase 3: Infrastructure & identifiers
Phase 4: Pilot, validate & scale
Where Are You Now? →

Why Traceability Must Come Before Everything Else

The instinct for most brands approaching DPP is to start with the technology — select a platform, generate a QR code, build a consumer-facing interface. This instinct inverts the correct sequence.

A DPP platform is a container. Supply chain data is what fills it. A technically perfect DPP system populated with incomplete, inaccurate, or unverified supply chain data is not a compliant DPP — it is a compliance-shaped structure with a credibility problem.

The data that makes a DPP meaningful — where the product was made, what it is made of, who processed each material, what country the raw materials came from — all originates in the supply chain. Getting that data requires supply chain visibility. Supply chain visibility requires traceability infrastructure. Traceability infrastructure takes time to build.

This is why traceability is not a phase of DPP preparation that follows platform selection — it is the phase that precedes everything else. Brands that recognize this sequence reach 2028 with rich, accurate DPP data. Brands that sequence it differently reach 2028 with functional systems and empty data fields.

The most effective investment a brand can make today for DPP readiness is not selecting a DPP platform — it is mapping its supply chain below Tier 1 and establishing structured data-sharing relationships with the facilities that make up that map.

Where Most Brands Are Today

Understanding the typical starting point helps identify what the roadmap actually requires for your specific situation.

What Most Brands Already Have

  • Complete Tier 1 factory list (CMT facilities)
  • Overall garment fibre composition (for care labels)
  • REACH compliance records for some or all products
  • Active certifications (GOTS, OEKO-TEX, etc.)
  • Care instruction content for all products
  • Country of manufacture data

What Most Brands Partially Have

  • Tier 2 supplier data (fabric mills, dyehouses) — partial
  • Supplier data in structured digital format — often fragmented
  • Component-level fibre composition — often only overall
  • Certification data linked to specific products — often at brand level
  • Chemical compliance records in machine-readable format — often PDFs

What Most Brands Are Missing

  • Tier 3+ supply chain data (yarn spinners, raw material origins)
  • Standardized facility identifiers for all supply chain actors
  • Serialized unique identifiers for individual product units
  • API-accessible product data endpoint
  • Component-level composition by component (not just overall)
  • Environmental performance data with confirmed methodology

The Four-Phase Roadmap

From where most brands are today to a fully compliant, operational DPP by 2028.

Phase 1 — Start Now

Supply Chain Mapping & Data Foundation

The first phase is about establishing visibility — knowing who is in your supply chain and what you currently hold about each actor. This is groundwork, not DPP delivery. But without it, nothing that follows is possible.

Traceability actions:

  • Complete your Tier 1 supplier registry. Ensure every CMT factory is documented with a consistent name, full address, country, and — where available — a standardized facility identifier. This is your traceability baseline.
  • Request Tier 2 disclosure from Tier 1 suppliers. For every Tier 1 factory, ask them to identify the fabric mills, dyehouses, and finishing facilities they use for your products. Frame it as a regulatory compliance requirement — because it is.
  • Document country of origin of raw materials. For each primary material in your product range, identify the country where the fibre was grown or produced. This is a mandatory DPP data field and is distinct from country of manufacture.
  • Identify your certification landscape. Compile all active certifications — GOTS, OEKO-TEX, GRS, EU Ecolabel — with certificate numbers, issuing bodies, scope, and validity dates. Link each to the products it covers.

Data foundation actions:

  • Audit existing data holdings across PLM, ERP, compliance systems, and shared drives
  • Establish a master product identifier to link data across systems
  • Digitize paper-based REACH compliance records and link to products
  • Request component-level material composition from key suppliers
  • Structure care instruction content as machine-readable data fields
Deliverable: A structured, product-linked data inventory covering Categories 1–4 and 6–7 of the DPP protocol, with documented gaps for follow-up collection.
Phase 2 — 2025

Data Deepening & Platform Selection

The second phase converts the data inventory into a structured, platform-hosted data set — and extends traceability to the supply chain tiers where gaps were identified in Phase 1.

Traceability deepening:

  • Extend Tier 2 collection to full coverage. Follow up on any Tier 2 facilities not yet disclosed in Phase 1. For strategic suppliers, consider formalizing data disclosure as a contractual requirement in renewed or renegotiated supplier agreements.
  • Begin Tier 3 data collection for high-priority materials. For your highest-volume materials, start collecting origin data at the raw material level — country of cotton cultivation, country of synthetic fibre production. Use certified chain-of-custody schemes (GRS, GOTS) where available as a traceability shortcut for specific material streams.
  • Standardize supplier naming across all systems. Resolve the inconsistent naming problem — ensure each supplier appears identically in PLM, ERP, compliance systems, and the DPP data platform. This is unglamorous but foundational.

Platform and infrastructure:

  • Select a DPP service provider with confirmed standards alignment and appropriate data governance credentials
  • Begin loading structured data from Phase 1 into the DPP platform
  • Set up GS1 Digital Link identifier scheme — register with GS1, establish serialization approach
  • Assess PLM and ERP integration options to automate data flow into the DPP platform
  • Collect underlying data for methodology-dependent fields (supplier energy records, transport distances) while awaiting PEF methodology confirmation
Deliverable: A DPP-platform-hosted data set with near-complete coverage of Categories 1–7, a working identifier scheme, and documented preparation for Category 8–9 data pending Delegated Act confirmation.
Phase 3 — 2026

Infrastructure Build & Serialized Label Rollout

Following confirmation of the Delegated Acts (expected end of 2025), Phase 3 converts the data and platform foundation into a fully operational DPP system — including the serialized identifier infrastructure that makes the DPP physically accessible on products.

Identifier and label actions:

  • Finalize serialization approach. Confirm the serialized GTIN format, confirm variable data printing capability with label suppliers and CMT factories, and establish the production workflow for correct label-to-unit matching.
  • Run a serialized label pilot. Select one or two products and one CMT factory for a production trial with serialized DPP labels. Validate that the QR code scans correctly, the resolver routes to the correct data, and the consumer interface displays accurate information.
  • Brief and onboard CMT factories. Roll out the serialized label production briefing across your CMT factory base — explaining the requirement, the process change, and the quality control steps needed to ensure correct label-to-unit matching.

Data and methodology actions:

  • Finalize DPP data model against confirmed Delegated Act specifications
  • Recalculate environmental performance metrics using confirmed PEF methodology
  • Commission third-party verification for any environmental performance claims to be published in consumer interface
  • Complete Category 8 (Circularity) and Category 9 (Sustainability) data for pilot product range
  • Launch consumer-facing DPP interface for pilot products
Deliverable: A fully operational DPP system for a pilot product subset — all three layers functioning (data, identifier, IT system), consumer interface live, regulatory and CEOP data layers in place.
Phase 4 — 2027 → 2028

Scale, Validate & Maintain

The final phase scales the pilot-proven system across the full in-scope product range — completing the rollout before the 2028 enforcement date and establishing the ongoing operational processes that keep the DPP system compliant beyond enforcement.

Scale actions:

  • Roll out serialized labels to all CMT factories producing EU-destined goods
  • Extend DPP data coverage to all in-scope product categories
  • Complete supplier data collection for full product range (not just pilot products)
  • Validate data completeness against Delegated Act mandatory field requirements

Validation actions:

  • Conduct internal DPP compliance audit against Delegated Act requirements
  • Test regulatory access layer with market surveillance contact
  • Validate resolver routing and backup infrastructure
  • Confirm circular economy operator write access is functional

Ongoing maintenance:

  • Establish seasonal data onboarding process for new products
  • Set up certification expiry monitoring and DPP update process
  • Define process for receiving and validating dynamic updates from CEOPs
  • Schedule annual DPP data quality reviews
Deliverable: Full compliance across all in-scope products by the 2028 enforcement date, with operational processes in place for ongoing data maintenance and dynamic updates.

Prioritizing Traceability by Material

Not all materials have the same traceability challenge. Focus effort where the DPP data gaps are largest and the supply chain risk is highest.

Cotton

Country of origin is the priority data point — where the cotton was grown. Certified cotton (Better Cotton, GOTS, OCS) provides a chain-of-custody mechanism that simplifies origin verification. Without certification, origin must be traced through the spinning and ginning chain, which requires active supplier engagement.

Synthetic Fibres (Polyester, Nylon)

Country of production of the polymer and the fibre are the key data points. GRS (Global Recycled Standard) certification provides verified chain of custody for recycled content claims. Primary (virgin) synthetic fibre origin tracing requires engagement with fibre producers — often accessible through yarn suppliers.

Wool

Country of farm origin is the highest-value traceability data point, but the most difficult to obtain for undifferentiated commodity wool. Certified wool (RWS — Responsible Wool Standard, ZQ Merino) provides verified origin documentation. For non-certified wool, country of origin data typically requires direct engagement with wool brokers or yarn producers.

Dyed and Finished Fabrics

The dyehouse and finishing facility are critical DPP data points — they are where the most significant chemical processing occurs and where REACH compliance data originates. This is typically a Tier 2 data point: the CMT factory knows which fabric mill supplied the fabric, and the fabric mill knows which dyehouse processed it. Two supplier conversations get you to dyehouse identification for most products.

Formalizing Traceability in Supplier Relationships

Voluntary supplier data sharing works for some suppliers some of the time. For DPP compliance, you need reliable data from all relevant suppliers consistently. That requires formalization.

Purchase Order Conditions

The most immediate lever: add DPP data provision as a condition of purchase orders. Suppliers who want the order agree to provide the required data in the required format. This does not require renegotiating long-term contracts — it takes effect immediately through the standard PO process.

Supplier Code of Conduct Updates

Include DPP data provision obligations in your supplier code of conduct — creating a contractual baseline that applies to all suppliers regardless of individual PO terms. This is particularly useful for establishing obligations with suppliers across a complex, multi-tier supply chain.

Standardized Data Collection Formats

Provide suppliers with a standardized data submission format — a portal, a structured form, or a defined API — rather than requesting data in an open format. Standardized collection produces consistent, machine-readable data. Open-format requests produce inconsistent responses that require manual processing. The investment in building a structured collection format pays back immediately in reduced data processing cost.

Supplier Education and Incentives

Suppliers who understand why DPP data is needed — and who see that providing it strengthens rather than threatens the commercial relationship — are more consistent data providers than those who experience it as an administrative burden imposed from above. Explain the regulatory context. Share how the data will be used. Where possible, give suppliers visibility of their own data in the DPP — the traceability story works in both directions.

Frequently Asked Questions

How deep does traceability need to go for DPP compliance?
The ESPR Delegated Acts for textiles will specify the exact supply chain data fields required at enforcement. Based on current preparatory studies, the DPP requires: country of origin of raw materials (Tier 3+), names and locations of key processing facilities (Tier 2), and CMT factory details (Tier 1). Full end-to-end traceability to the farm level is not explicitly required for initial DPP compliance, but country of raw material origin is — which requires traceability at least to the point where that can be verified. Brands should plan for Tier 1 and Tier 2 full coverage, with Tier 3 data at country level as the initial target for primary raw materials.
What if suppliers refuse to disclose their upstream sub-suppliers?
Document the refusal. A structured record showing that the brand requested upstream supply chain data and that the supplier declined to provide it is itself compliance evidence — it demonstrates active effort and identifies where the gap sits. In the longer term, a supplier that systematically refuses to disclose sub-suppliers is a supply chain risk beyond DPP compliance alone. The DPP obligation gives brands a regulatory basis to escalate these conversations that voluntary sustainability requests historically lacked. Continued refusal after formal contractual obligation to disclose may ultimately be grounds for supplier development or replacement.
Can we use blockchain for supply chain traceability in a DPP context?
Blockchain-based traceability systems can provide an immutable record of supply chain events and data submissions — useful for audit trail purposes. However, blockchain does not solve the underlying data collection problem: the data that goes onto a blockchain still needs to originate from suppliers, and the accuracy of blockchain records is entirely dependent on the accuracy of the data submitted. ESPR does not mandate blockchain as a traceability mechanism, and it does not confer any special compliance status. If a supplier traceability system your brand already uses is blockchain-based, the data it holds may be usable for DPP purposes — but the blockchain itself is not a compliance requirement.
How does the traceability roadmap interact with CSDDD due diligence requirements?
The EU Corporate Sustainability Due Diligence Directive (CSDDD) requires in-scope companies to conduct and document due diligence on human rights and environmental risks in their supply chains. This requires knowing who is in the supply chain — precisely the same data that DPP supply chain traceability requires. The supplier mapping, facility registry, and data collection processes built for DPP compliance form the factual foundation of CSDDD due diligence documentation. Brands investing in traceability infrastructure for DPP will find that the same investment supports CSDDD, Green Claims substantiation, buyer transparency requests, and EPR data requirements simultaneously. Traceability is not a single-regulation investment — it is a cross-regulatory data infrastructure.

Ready to test epassportify with a pilot product line?

Join the pilot for early access, onboarding support, and direct input on feature development.

Join the Pilot Program Request a Demo

Requirements evolve—structured data keeps you upgrade-ready.

Explore epassportify

Free Tools

DPP Data Checklist Material Calculator QR Code Preview Compliance Timeline Fibre Standardizer Country of Origin Checker DPP ROI Calculator

Industries

Apparel Workwear & PPE Home Textiles Sportswear Denim Luxury Fashion Fast Fashion Footwear Leather Goods Technical Textiles Corporate Wear

Compare

epassportify vs Manual Textiles vs Batteries vs Electronics EU ESPR vs French AGEC