Mapping of prEN standard to DPP functional scope

Dec 11, 2025 . Uncategorized

The European Union is introducing Digital Product Passports (DPPs) to improve product traceability, lifecycle data sharing, and compliance with the Ecodesign for Sustainable Products Regulation (ESPR). By March 2026, the prEN 1821x/1822x standards will establish how this data should be formatted, transmitted, and secured. These standards, developed by CEN and CENELEC, will provide legal conformity for businesses under ESPR.

Key points to know:

  • DPP Requirements: ESPR specifies what data is needed (e.g., carbon footprint, durability), while prEN standards define how to manage and share it.
  • prEN Standards: Cover identifiers (e.g., GTIN), data carriers (e.g., QR codes), access rights, data exchange, storage, and APIs.
  • Compliance Deadline: Systems must align with these standards by 31 March 2026.

For businesses, aligning IT systems with these standards ensures readiness for DPP compliance and access to EU markets. DPP Platform service providers like Blippa streamline implementation with features like identifier mapping, DPP link management, secure data exchange, and lifecycle management.

How to Use This Checklist: Mapping prEN Standards to DPP Functions

This checklist takes the prEN standards and translates them into actionable, verifiable system requirements for your Digital Product Passport (DPP). Each standard is broken down into measurable "system must support…" directives that your technical teams can build and auditors can verify. This approach ensures a seamless link between regulatory requirements and your operational systems.

The following sections explain how to put this checklist into action.

Checklist Structure

Each prEN standard is outlined in its own section, paired with specific requirements. For instance, under prEN 18219 (Unique Identifiers), you’ll find mandates like "system must support GTIN assignment at the product level" or "system must verify facility identifiers against GLN databases." This one-standard–one-set-of-requirements format keeps things clear and manageable.

Adapting the Checklist for Local standards

To align with Local standards, adjust the checklist to include local norms: for example in Sweden use SEK for currency, the date format YYYY-MM-DD (e.g., 2026-03-31), commas for decimal points (e.g., 1 234,56 kg), and metric units. Additionally, ensure compliance with Sweden’s national Global Warming Potential (GWP) limits and Environmental Product Declaration (EPD) databases. Sweden’s national EPD databases are publicly accessible and machine-readable, though inconsistencies in naming and classification may need to be resolved. When performing lifecycle assessments, start with European common methods and then incorporate national specifics, such as Sweden’s energy grid mix for energy-related calculations.

Implementing the Checklist with Blippa

Blippa

Blippa’s no-code platform simplifies the process of implementing this checklist. Use it to map identifier fields (like GTIN, GLN, and batch numbers) into your product records. Configure role-based access to manage both public and restricted data as required under prEN 18239. The platform also supports versioned data storage in line with prEN 18221 and enables API-based data exchanges as specified in prEN 18222. With built-in hosting and custom domain options, Blippa facilitates seamless system-to-system data sharing across your supply chain.

prEN Standards Mapped to DPP Functions

8 prEN Standards for Digital Product Passport Compliance by March 2026

8 prEN Standards for Digital Product Passport Compliance by March 2026

This section connects each prEN standard to specific Digital Product Passport (DPP) system requirements. These standards address everything from assigning product identifiers to maintaining data integrity throughout the supply chain.

The standardisation request primarily focuses on IT architecture and protocols, leaving the specifics of data content to be defined in product-specific delegated acts under the ESPR. This means your system infrastructure needs to be versatile enough to adapt to emerging product-specific data requirements.

"The standards are SME-friendly, readable, and enable quick, efficient implementation – without expensive bespoke solutions or complex systems. Any software meeting the standard can deliver legally compliant product passports or act as a data consumer."

Below is a breakdown of the system requirements for each prEN standard.

prEN 18219: Unique Identifiers

This standard outlines how to assign unique identifiers for products, facilities, and economic operators. These identifiers enable traceability, support product claims, and ensure compliance with regulatory reporting. Your DPP must link to unique identifiers for the product, the economic operator, and the manufacturing facility.

Key Requirements:

  • Assign unique product IDs (e.g., GTIN).
  • Verify facility IDs (e.g., GLN).
  • Generate batch and serial numbers with non-repeating sequences.
  • Link economic operator IDs to product records.
  • Create traceability across raw materials, components, and finished goods.
  • Validate identifier formats based on industry standards.
  • Map identifiers for products available in different markets or configurations.

prEN 18220: Data Carriers

This standard defines technical requirements for data carriers like NFC chips, RFID tags, and QR codes, which attach DPPs to physical products. These carriers must reliably link to their data sets and remain durable throughout the product’s lifecycle.

Key Requirements:

  • Generate QR codes with error correction for industrial settings.
  • Support NFC/RFID encoding and ensure proper placement.
  • Test carrier durability under environmental stress.
  • Enable dynamic linking to updated DPP data.
  • Support multiple carrier formats for different use cases (e.g., consumer access vs. logistics).
  • Follow encoding standards like ISO/IEC 18004 for QR codes and ISO/IEC 14443 for NFC.

prEN 18239: Access Rights

This standard establishes a governance model for DPP data access, including role-based permissions and confidentiality rules. It supports both centralised EU registries and decentralised models managed by Responsible Economic Operators (REOs) and certified backup providers.

Key Requirements:

  • Public data layers accessible without authentication (e.g., recycling information).
  • Restricted data layers requiring role-based credentials.
  • Define roles for stakeholders such as distributors and repair centres.
  • Enforce confidentiality for sensitive data.
  • Maintain audit logs of data access and modifications.
  • Manage consent for optional data sharing.
  • Support decentralised control of access permissions.

prEN 18223: System Interoperability

This standard ensures DPP systems can integrate with ERP, PLM, and traceability platforms by adopting standardised data models. It aims to enable seamless data exchange across global supply chains.

Key Requirements:

  • Use standard data schemas (e.g., JSON-LD, XML) for product attributes and lifecycle events.
  • Integrate with ERP systems for production and inventory data.
  • Connect with PLM platforms for design and material information.
  • Share data with supply chain visibility platforms to streamline logistics.
  • Enable semantic interoperability using controlled vocabularies and ontologies.
  • Facilitate cross-border data exchange, accommodating various national systems and languages.
  • Implement version control to handle schema updates without disrupting operations.

prEN 18216: Data Exchange Protocols

This standard specifies secure, structured data exchange protocols using technologies like OAuth 2.0, HTTPS, and Decentralised Identifiers (DIDs).

Key Requirements:

  • Encrypt all data transmissions with HTTPS (e.g., TLS 1.3 or higher).
  • Use OAuth 2.0 for secure API access.
  • Verify data providers’ identities with DIDs.
  • Ensure structured payloads (e.g., JSON or XML) with schema validation.
  • Support machine-to-machine authentication for automated exchanges.

prEN 18221: Data Storage

This standard outlines requirements for data storage, archiving, and accessibility, ensuring long-term retention and backup reliability. DPP records must remain accessible even in cases of insolvency or market withdrawal.

Key Requirements:

  • Comply with minimum retention periods specified by regulations.
  • Automate backups with geographically distributed storage.
  • Archive data in open formats for future readability.
  • Implement versioned storage to preserve historical data snapshots.
  • Maintain immutable logs for auditing data changes and access.
  • Ensure data remains accessible even if a company exits the market.

prEN 18246: Data Authentication

This standard defines measures to verify the authenticity and integrity of DPP data and labels, preventing tampering.

Key Requirements:

  • Use digital signatures and public-key cryptography to verify data origin.
  • Apply tamper-evident measures to data carriers.
  • Perform checksum validation to detect unauthorised changes.
  • Rely on trusted certificate authorities for issuing credentials.
  • Confirm scanned labels link to genuine, unaltered DPPs.

prEN 18222: APIs and Lifecycle Interfaces

This standard specifies lifecycle APIs for managing DPPs, ensuring product data can be created, updated, archived, and searched throughout its lifecycle.

Key Requirements:

  • Create APIs for generating new DPP records at manufacturing.
  • Update APIs for recording lifecycle events like repairs or refurbishments.
  • Archive APIs to mark products as end-of-life while retaining historical data.
  • Provide search APIs for authorised users to query records by identifier or attribute.

Complete DPP Functional Checklist

This checklist brings together the requirements from the eight prEN standards into four main areas. It’s designed to help you evaluate your systems and pinpoint any gaps before the finalisation date of 31 March 2026 .

The CEN/CLC/JTC 24 committee is working on these standards to ensure full interoperability of DPP systems. Once they’re published in the Official Journal of the EU, these harmonised standards will provide legal conformity.

To prepare, make sure your IT systems and data formats align with these upcoming standards. The checklist below breaks the requirements into four key areas:

Identification and Data Carriers

The prEN 18219 and prEN 18220 standards focus on unique product identification and linking this information to data carriers.
Key Steps:

  • Assign unique identifiers to products, facilities, and economic operators as outlined in prEN 18219.
  • Connect these identifiers to data carriers like QR codes or RFID tags, following the guidance in prEN 18220.

Access Control and Security

The prEN 18239, prEN 18216, and prEN 18246 standards cover data access, secure transmission, and authentication.
Key Steps:

  • Set up role-based access controls to separate public and sensitive data.
  • Use secure transmission protocols to safeguard data during transfer.
  • Ensure the authenticity and integrity of data as specified in these standards.

Data Lifecycle and Storage

The prEN 18221 and prEN 18222 standards address how to manage data over its lifecycle, including retention and backups.
Key Steps:

  • Implement storage systems that support long-term data access and lifecycle management, such as creation, updates, and archiving, in line with prEN 18221 and prEN 18222.

Interoperability and Data Models

The prEN 18223 standard ensures DPP systems can work seamlessly with enterprise platforms through standardised data models.
Key Steps:

  • Use standard data schemas to enable consistent data exchange and integration with current platforms.

Meeting DPP Compliance with prEN Standards

The prEN 1821X series forms the backbone of legally compliant Digital Product Passport (DPP) systems. Once these standards are published in the Official Journal of the EU by 31 March 2026, they will hold legal significance and provide a presumption of conformity under the Ecodesign for Sustainable Products Regulation (ESPR). Simply put, the ESPR defines the necessary data, while CEN determines how that data is formatted, transmitted, secured, and made interoperable. These standards are essential to shaping a compliance strategy, outlined in the following steps.

To prepare for compliance, focus on three key areas:

  • Standardising your digital architecture: Ensure secure data exchange, robust access controls, and data persistence.
  • Testing workflows with suppliers: Start with select product lines to pilot supplier onboarding and refine data workflows before scaling up.
  • Staying informed: Keep track of regulatory updates, as the technical specifications will continue to evolve under the CEN and CENELEC mandate M/604.

Blippa’s no-code platform simplifies the compliance process with features like unique identifier generation, QR-code creation, role-based access controls, version management, cloud hosting, and seamless third-party integrations.

As industry experts highlight:

"The DPP is the compliance passport of the future. One identity, one dataset, valid across multiple regulations and product categories."

By aligning your systems with prEN standards, you create a robust infrastructure capable of navigating regulatory complexities while maintaining precise and secure data management.

To meet these requirements by March 2026, conduct a thorough data gap analysis, collaborate with suppliers to structure data effectively, and integrate key systems like PLM, ERP, and ESG. These steps will ensure your organisation is ready to meet prEN standards and regulatory mandates.

FAQs

What are the main requirements for Digital Product Passports according to the prEN standards?

The prEN standards set out several important requirements for Digital Product Passports (DPPs). These include unique identifiers for products, companies, and batches, as specified in prEN 18219. To make this information accessible, data carriers like QR codes or RFID tags are outlined in prEN 18220. Additionally, prEN 18239 establishes clear guidelines for access rights, focusing on confidentiality and security.

Key technical aspects include system interoperability (prEN 18223) to ensure smooth integration across platforms, as well as data exchange protocols (prEN 18216) for secure and consistent communication. Reliable data storage for archiving and backups is covered under prEN 18221. To maintain trust in the data, authentication measures are required to verify its integrity and reliability (prEN 18246). Furthermore, prEN 18222 highlights the need for well-defined APIs to enable seamless interaction between systems.

DPPs are also expected to provide comprehensive product information, including details about origin, materials, environmental impact, and lifecycle data. This information must be securely managed, durable, and interoperable, all tied to a unique product ID for accurate tracking and transparency.

How can businesses prepare to comply with the prEN standards before the 2026 deadline?

To align with the upcoming prEN standards set for 2026, businesses should prioritise creating systems that enable efficient data collection, ensure seamless interoperability, and maintain strong data security. Establishing scalable and secure IT infrastructures that meet the draft requirements is key, while leaving room for adjustments as the standards evolve.

Staying connected with standardisation bodies and regulatory authorities is another crucial step. This proactive approach allows organisations to stay updated and make timely adjustments to their processes. By planning ahead and fostering collaboration, businesses can ensure a smooth transition and be fully compliant when the standards are officially released in early 2026.

How does Blippa support the implementation of prEN standards for Digital Product Passports (DPPs)?

Blippa makes it easier for businesses to adopt the draft prEN standards for Digital Product Passports by offering tools designed for automated data exchange, secure access, and traceability. These capabilities align with the technical guidelines in the draft standards, helping companies stay compliant with EU regulations.

With features like unique identifiers, reliable data storage, and seamless system interoperability, Blippa ensures businesses are ready for the new standards. This means they’ll be prepared for a smooth transition when the standards are officially introduced in early 2026.

Explore More Topics
Uncategorized
FAQ
Integration
Digital Product Passport