EU Digital Product Passport QR Code: Manufacturer Guide
EU Digital Product Passport requires a GS1 Digital Link QR code on every product sold in the EU. Deadlines, data requirements, and what to get right now.

This article was written by the QR Nova team. We build QR code software, which may inform our perspective.
Most guides on the EU Digital Product Passport either wave at "sustainability regulations coming soon" or drop a wall of regulatory text with no practical takeaways. Neither version tells you what you actually need to change, by when, or what breaks if you get the QR code part wrong.
Here's what matters. The EU Digital Product Passport (DPP), mandated under ESPR (EU Regulation 2024/1781), requires a physical QR code on every in-scope product — and that QR code must use GS1 Digital Link format, not a generic short URL from whatever platform you happen to use. Get the format wrong, and your product fails EU market access requirements.
TL;DR
- ESPR (EU 2024/1781) requires a machine-readable QR code on every in-scope product sold in the EU, linking to standardized sustainability and supply chain data.
- The QR code must use GS1 Digital Link format (ISO/IEC 18004 compliant) — proprietary short URLs do not meet the interoperability requirement under Article 10.
- Battery passports are mandatory from 18 February 2027; textiles follow mid-2027; electronics and ICT in 2028–2029.
- The QR code must remain scannable for the entire lifetime of the product — vendor lock-in via a QR platform's own redirect domain is a compliance risk, not a minor technical detail.
- Non-EU manufacturers are not exempt: any company placing products on the EU market must comply, with an EU-based authorized representative.
What the EU Digital Product Passport Actually Is
Create your first QR code — free
Get startedThe Digital Product Passport is a standardized digital record attached to a physical product. It must include data on the product's materials, environmental performance, repairability, and supply chain provenance — and it must be machine-readable by regulators, retailers, recyclers, and consumers alike.
The legal basis is ESPR — the Ecodesign for Sustainable Products Regulation, EU Regulation 2024/1781 — which entered into force on 18 July 2024. Article 9 of ESPR establishes the DPP framework. Article 10 defines the technical requirements for the data carrier: it must comply with ISO/IEC international standards, use open and interoperable formats, and contain no vendor lock-in. The DPP is not optional guidance; it is a market access requirement.
The regulation covers any product sold in the EU market. That includes products manufactured outside the EU. A clothing brand headquartered in Vietnam, a battery manufacturer in South Korea, an electronics company in Taiwan — all must comply if their products are sold in EU member states.
What data goes in the DPP
The specific data requirements are set by delegated acts published for each product category. But the core elements that appear across categories are:
- Unique product identifier — GTIN (Global Trade Item Number), batch number, serial number
- Material composition — substances, proportions, presence of hazardous materials
- Environmental performance metrics — carbon footprint, energy efficiency class
- Durability and repairability data — product lifetime rating, availability of spare parts, repair instructions
- End-of-life guidance — recycling instructions, waste classification, disassembly sequence
- Compliance certificates — CE marking, test results, conformity declarations
- Origin and supply chain — manufacturing country, supplier identifiers
Not all categories require all fields. But the data structure must be machine-readable (JSON-LD is specified), hosted on the EU Central DPP Registry or a compliant private registry, and accessible via the QR code on the product.
Why the QR Code Format Is Not a Minor Technical Detail
ESPR Article 10 requires that the data carrier be "compliant with international standards, physically present on the product or its packaging, using open and interoperable formats without vendor lock-in." A standard short URL from a QR code platform fails two of these three conditions simultaneously.
Here's the specific technical requirement: the QR code must encode a GS1 Digital Link URL — a structured web address that embeds the product's GTIN and optional qualifiers (batch number, serial number) in a standardized path format. The basic structure looks like this:
https://yourdomain.com/01/09506000134352/21/ABC123
In this URL, /01/ is the GS1 Application Identifier for a GTIN, followed by the 14-digit GTIN itself. /21/ is the AI for serial number, followed by the serial. This isn't a convention — it is the GS1 Digital Link standard, which is itself built on ISO/IEC 15459 (product identification) and ISO/IEC 18004 (QR code symbology).
You can read more about the underlying QR code standard in our guide to ISO 18004 and what it actually specifies.
What a GS1 Digital Link QR code gives you that a short URL doesn't
First, dual-use compatibility. A GS1 Digital Link QR code carries the same GTIN as a traditional barcode. Retail POS systems can extract the GTIN for checkout without visiting the web page at all. A plain short URL forces a system to fetch the page to extract any product data — retail scanners don't do that.
Second, item-level granularity. The URL structure supports model-level, batch-level, and unit-level identification in the same code. A pharmaceutical serialization code looks different from a fashion batch code, but both can be expressed in GS1 Digital Link syntax.
Third, interoperability. Any system that implements GS1 Digital Link can parse the URL and extract the GTIN without calling your server. This is what ESPR means by "open and interoperable formats."
Product Category Timelines: What's Mandatory and When
The DPP rollout is phased by product category. As of May 2026, the specific delegated acts are still being finalized for most categories, but the enforcement timeline is published and binding.
EU Central DPP Registry — 19 July 2026
The foundational infrastructure launches first. The EU Central DPP Registry goes live on 19 July 2026. This is the backbone system that stores or links to DPP records. Products can begin using the registry before their specific mandatory date, and early registrations are encouraged for testing purposes.
Batteries — 18 February 2027
This is the most specific and earliest hard deadline. From 18 February 2027, every electric vehicle battery, industrial battery, and light means of transport battery with a capacity above 2 kWh placed on the EU market must carry a Battery Passport accessible through a QR code. The Battery Regulation (EU 2023/1542) specifies the data requirements in detail: capacity, energy density, performance ratings, hazardous substance content, carbon footprint, and supply chain due diligence data for lithium, cobalt, nickel, and natural graphite.
Battery manufacturers have the least runway of any category. If you are in the EV battery or industrial battery supply chain and you have not started your DPP implementation, February 2027 is 9 months away.
Textiles — Expected Mid-2027
The textile and apparel delegated act is being finalized as of mid-2026. The current schedule puts mandatory DPP requirements for textiles in mid-2027. Every garment sold in the EU will need a data carrier — which in practice means a QR code on the care label, hangtag, or garment tag — linking to fiber composition, country of origin, manufacturer identity, repairability rating, and recycling guidance.
Fast fashion brands face the greatest operational burden here. A brand running 200+ SKUs per season with suppliers across 15 countries needs to collect and standardize DPP data for every product — and update it when formulations or suppliers change.
Electronics and ICT Products — 2028–2029
Consumer electronics (smartphones, laptops, tablets), white goods (washing machines, refrigerators), and ICT equipment are targeted for DPP requirements in the 2028–2029 window, with specific delegated acts expected in 2026–2027. Electronics DPPs will require repairability scores, spare parts availability, software update commitments, and end-of-life recycling pathways.
Furniture and Other Categories — 2027–2030
Furniture and mattresses are on the 2027 schedule. Tyres, detergents, and construction products follow later. By 2030, nearly all product categories above minimum thresholds will require a DPP.
The Vendor Lock-In Problem No One Is Talking About
Here's the compliance risk that most DPP implementation guides skip entirely: the QR code you print on a product label is permanent, but the platform routing that QR code's destination is not.
If you generate DPP QR codes using a platform that routes through its own domain — qr.platform.io/abc123 — your product's compliance depends on that platform staying operational, maintaining that redirect, and not changing its URL structure for the entire commercial lifetime of the product. A phone sold in 2027 might still be in active use in 2034. A car battery installed in 2027 might be in service until 2040.
Under ESPR Article 10, the data carrier must use "open and interoperable formats without vendor lock-in." A QR code whose destination URL is controlled by a third-party platform is, by definition, in vendor lock-in territory. If that platform raises prices, changes its structure, gets acquired, or shuts down, your printed codes go dead — on products you can no longer recall from the market.
The technical answer: custom domain + permanent redirect architecture
The correct approach is to use a custom domain you control — dpp.yourbrand.com/01/GTIN — and generate QR codes that encode your own domain. You own the domain. You own the redirect logic. If you change hosting, data structure, or registry providers, you update the redirect at your domain and every printed QR code continues to work without reprinting.
This is what permanent QR codes with custom domain support solve for compliance scenarios. The QR code on a product label needs to outlive your subscription to any particular platform.
QR Nova generates permanent dynamic QR codes with custom domain support — meaning the QR code image never depends on QR Nova's infrastructure to resolve. If you bring your own domain, you own the redirect. That's the architecture ESPR's interoperability requirement was written to demand.
What GS1 Membership Means for Your DPP
To create a valid GS1 Digital Link URL, you need a GTIN — a Global Trade Item Number issued by GS1. If your company already uses standard barcodes on products, you likely have GTINs. If you don't, obtaining GS1 membership and a company prefix is the first step in DPP implementation.
GTINs exist at several levels: the GTIN-12 (used in North American UPC barcodes), the GTIN-13 (EAN barcodes used in Europe), and the GTIN-14 (logistical units). For DPP purposes, any valid GTIN can be embedded in a GS1 Digital Link URL.
Note that GS1 Digital Link supports multiple levels of product granularity within the same URL structure. The model-level GTIN identifies the product type. The batch number qualifier (/10/) identifies a production run. The serial number qualifier (/21/) identifies a specific unit. For recall scenarios or warranty tracking, unit-level serialization is significantly more useful than model-level identification alone.
For a deeper breakdown of how QR codes handle traceability data across supply chains, see our guide on QR code supply chain traceability and GS1 Digital Link.
What Happens When You Get It Wrong
Non-compliance with ESPR market surveillance requirements results in market access denial — the product cannot legally be placed on the EU market. EU member state market surveillance authorities are responsible for enforcement. Fines vary by jurisdiction, but the practical consequence of a missing or non-compliant DPP is that shipments can be stopped at customs and existing inventory can be ordered removed from sale.
There are also secondary effects. Major EU retailers — including several large German and French retail groups — have indicated they will require DPP compliance from suppliers before their category deadlines, not on them. If your retailer requires DPP data by late 2026 to prepare their own systems, the regulatory deadline is not your actual operational deadline.
The three most common implementation mistakes
1. Using a non-GS1 QR code. Generating a QR code that links to a product page or a PDF instead of a GS1 Digital Link URL. It scans, but it doesn't satisfy Article 10's interoperability requirement because retail infrastructure can't extract the GTIN programmatically.
2. Routing through a third-party platform domain. Printing a QR code that redirects through a SaaS platform's domain. The code works today. It breaks if the platform changes anything. The product is already in market.
3. Treating DPP as a one-time data entry task. The DPP data for a product must be updated when regulations change (new required fields added), when the product formulation changes, or when the supply chain changes. A static approach to a dynamic data requirement creates compounding maintenance debt.
How to Prepare: A Practical Starting Framework
The implementation path varies by company size and product category. But the sequence is consistent:
- Confirm your product categories — identify which product lines fall under which delegated act, and what the applicable timeline is. Battery manufacturers should treat this as urgent; textile brands have slightly more runway but less than they think.
- Obtain GTINs if you don't have them — GS1 membership and a company prefix are prerequisites for valid DPP QR codes.
- Audit your data supply chain — identify where each DPP-required data element currently lives (or doesn't). Material composition data often sits with suppliers in unstructured formats. Carbon footprint data may not exist at all.
- Choose a registry approach — EU Central DPP Registry vs. accredited private registry. Both are legally valid. The private registry path gives more control over data presentation but requires more infrastructure work.
- Implement GS1 Digital Link QR code generation — using your own domain as the base URL, not a platform's redirect domain. This is the step where QR code platform choice matters for long-term compliance.
- Test with market surveillance tools — GS1 provides Digital Link validation tools. Test that your QR codes resolve correctly and that the linked DPP record returns valid structured data.
When the DPP QR Code Requirement Doesn't Apply
ESPR scope has important carve-outs. Products not regulated are: food, feed, medicinal products for human use, veterinary medicinal products, and living plants and animals. Defense and security equipment is also excluded.
Small and micro enterprises (fewer than 10 employees, less than €2 million turnover) may have simplified or delayed requirements under specific delegated acts, but this is category-dependent — battery regulations, for example, apply regardless of company size if the product is placed on the EU market.
ESPR also does not apply to products already placed on the market before the relevant delegated act enters into force. But given long product development cycles, "already in market" offers no practical comfort for anything currently in design or production.
How QR Nova Approaches the DPP Problem
The compliance challenge is not generating a QR code — that's the easy part. The challenge is generating a QR code that encodes a GS1 Digital Link URL, routes through a domain you control, remains permanently resolvable without depending on any QR platform's infrastructure, and can have its destination updated without reprinting the physical label.
QR Nova generates dynamic QR codes with custom domain support. When you configure your own domain as the redirect base, the QR code image is independent of QR Nova's servers. You own the code. You control the destination. If your DPP registry URL changes, you update the redirect — not the printed label. For a compliance requirement tied to the physical lifetime of a product, that independence is not a nice-to-have.
We don't manufacture GTINs or provide GS1 registry services — that's GS1's domain. What we provide is the permanent QR code infrastructure that makes GS1 Digital Link URLs work reliably on labels that will still be in use a decade from now.
Create a permanent QR code at QR Nova's generator — no sign-up required for basic generation, with custom domain support available on paid plans.
Frequently asked questions
What is the EU Digital Product Passport?
The EU Digital Product Passport (DPP) is a mandatory digital record of a product's sustainability data, materials, repairability, and supply chain information. It is required under ESPR (EU Regulation 2024/1781) and must be accessible via a QR code physically attached to the product or its packaging.
When does the EU Digital Product Passport become mandatory?
The EU central DPP registry launches on 19 July 2026. Battery passports for EV and industrial batteries above 2 kWh become mandatory from 18 February 2027. Textiles are expected in mid-2027. Electronics and ICT products follow in 2028–2029. By 2030, most high-impact categories will be in scope.
What QR code format does the EU Digital Product Passport require?
ESPR Article 10 requires the data carrier to comply with international standards and use open, interoperable formats without vendor lock-in. GS1 Digital Link — a URL-based encoding of the product GTIN conforming to ISO/IEC 18004 — is the standard that satisfies all these conditions. Proprietary QR formats do not comply.
Does the EU Digital Product Passport apply to companies outside the EU?
Yes. Any company that places products on the EU market must comply, regardless of where manufacturing happens. Non-EU manufacturers must appoint an EU-based authorized representative who holds legal responsibility for DPP compliance.
What data must the Digital Product Passport contain?
Required data varies by product category but typically includes: unique product identifier (GTIN, batch, serial), material composition and proportions, carbon footprint and energy efficiency metrics, durability and repairability scores, end-of-life recycling instructions, compliance certifications, and origin and manufacturing location details.
Can I use a static QR code for the EU Digital Product Passport?
No. The DPP QR code must remain valid for the lifetime of the product and link to data that can be updated as regulations evolve. A static QR code encodes a fixed URL; if the underlying data or hosting changes, the code is broken. Dynamic QR codes with a stable custom domain are the correct approach.
What happens if my QR code platform shuts down or changes its URL structure?
This is the core vendor lock-in risk: if the QR code platform you use redirects through their domain, any service disruption or pricing change makes your compliance code dead — on products already in the market. Using a custom domain with a permanent redirect architecture removes that dependency entirely.
Does the GS1 Digital Link format replace barcodes?
GS1 Digital Link QR codes carry the same GTIN as the traditional barcode, so retail POS scanners can extract the GTIN for checkout without visiting the web page. The QR code and the barcode can coexist on the same label, or the QR code can replace the barcode entirely for retailers whose infrastructure supports it.
Related articles
QR Code Supply Chain Traceability: GS1, DSCSA, Failures
QR code supply chain traceability explained — GS1 Digital Link, DSCSA, EU DPP, lot tracking, and why platform-dependent codes fail. No sign-up required.
QR Code Anti-Counterfeiting Serialization: Technical Guide
QR code anti-counterfeiting serialization explained: how serialized codes work, EU FMD, US DSCSA, GS1 Digital Link, NFC hybrids, and how to spot a fake.
QR Code Accessibility: WCAG 2.2 & ADA Guide (2026)
QR code accessibility WCAG 2.2 & ADA: alt text, contrast ratios, alternative paths, and screen reader fixes. Practical guide for developers.
Create your first QR code — free
Get started