--- title: "DPP Data Requirements & Fields (Annex III)" canonical_url: "https://www.sorena.io/artifacts/eu/digital-product-passport/data-requirements-and-fields" source_url: "https://www.sorena.io/artifacts/eu/digital-product-passport/data-requirements-and-fields" author: "Sorena AI" description: "A practitioner guide to EU DPP data requirements under ESPR (Regulation (EU) 2024/1781): what data fields can be required (Annex III)." published_at: "2026-03-04" updated_at: "2026-03-04" keywords: - "DPP data requirements" - "Annex III Digital Product Passport" - "DPP data fields" - "DPP GTIN" - "DPP TARIC code" - "DPP EORI" - "DPP technical documentation" - "DPP declaration of conformity" - "DPP compliance documentation" - "DPP data model" - "DPP data governance" - "Annex III" - "GTIN" - "TARIC" - "EORI" - "technical documentation" - "declaration of conformity" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # DPP Data Requirements & Fields (Annex III) A practitioner guide to EU DPP data requirements under ESPR (Regulation (EU) 2024/1781): what data fields can be required (Annex III). *Artifact Guide* *EU* ## EU Digital Product Passport (DPP) Data Requirements & Fields Build the DPP data model that delegated acts will actually require - without guesswork. Grounded in ESPR Annex III and the DPP operating requirements in Articles 9-11. DPP implementations often fail because the data model is treated as "content". Under ESPR (Regulation (EU) 2024/1781), delegated acts specify which Annex III elements are required for a product group and who can access/update them. Use this page to build a canonical data model, map it to source systems, and set up governance for accuracy, completeness and lifecycle updates. ## Annex III in one view: the DPP data field universe Annex III lists the categories of data that delegated acts can require (or allow) in a DPP. Product-group rules then choose which elements apply and at what level (model/batch/item). A useful way to implement Annex III is to treat each element as a "field family" with: source system, owner, update frequency, and access classification (public vs restricted). - Identity + classification: unique product identifier, commodity codes (e.g., TARIC), and GTIN (ISO/IEC 15459-6 or equivalent) where applicable. - Compliance evidence: declaration of conformity, technical documentation, conformity certificates and other compliance documentation under EU law. - User information: manuals, instructions, warnings and safety information required under EU law. - Operator metadata: manufacturer/operator identifiers, importer info (including EORI), facility identifiers, and DPP service provider back-up reference. ## Field-by-field mapping: what Annex III contains (plain language) Below is a practical mapping of the Annex III items into implementation-ready language. Your product-group delegated act will select from this list. Treat this as your data dictionary baseline. - Other EU-law information requirements: any data required under ESPR information requirements or other EU law applicable to the product group. - Unique product identifier: the core key used by the data carrier to resolve the DPP, at the DPP level (model/batch/item). - GTIN: a globally standard product identifier (where relevant), enabling interoperability across supply chain systems. - Commodity code: classification for trade/customs contexts (supports customs checks when registry is operational). - Compliance documentation: declaration of conformity, technical documentation, and certificates needed for compliance verification. - Manuals and safety info: user manuals, instructions, warnings and safety information where required. - Manufacturer identity: operator identifier + contact information required under ESPR obligations. - Other operator identities: identifiers for other relevant actors (suppliers, authorised representatives, service providers) depending on delegated act design. - Facility identifiers: identifiers for facilities relevant to manufacturing/location metadata. - Importer data: importer identity and EORI number where relevant. - EU responsible operator: the EU-established operator responsible for tasks under market surveillance/product safety frameworks (where applicable). - DPP service provider reference: who hosts the back-up copy of the most up-to-date DPP version. ## Where the data lives: source systems you typically need DPP data is cross-domain: no single system has it all. The practical solution is a canonical DPP data layer fed by authoritative sources. The data carrier/identifier strategy determines how those sources are resolved into a stable DPP view. - PLM/PIM: model identifiers, product specs, BOM/material composition, variants and technical performance data. - ERP/SCM: batch context, facility metadata, supplier/operator references, trade classification inputs. - Compliance repository: declarations of conformity, certificates, test reports, and technical documentation references. - Labeling/packaging systems: carrier generation, placement rules, print files, and linking to unique identifiers. - Service and repair systems: repair logs, spare parts and maintenance instructions where required by product-group rules. ## Granularity changes everything: model vs batch vs item DPP data Delegated acts must specify whether the DPP is at model, batch or item level. Your data architecture must match that. Item-level DPP typically requires event-driven updates; model-level DPP can be release-driven. - Model-level: shared data set; focus on versioning, documentation updates, and consistent pre-purchase access. - Batch-level: add manufacturing and facility context; ensure batch identifiers map correctly to compliance and origin data. - Item-level: manage per-unit identifiers, ownership/service lifecycle, and linking across passport versions. ## Access control and update rights: data governance requirements ESPR requires that actors along the value chain have free and easy access to data based on their access rights, and that rights to modify/update data are restricted by those rights. You need to design public vs restricted data, authentication, and audit logs from the start. - Public data should be accessible without forcing app downloads or personal data collection; restricted data should use secure authentication and least-privilege access. - Implement an update workflow: who can change what, what validation rules apply, and how changes are audited and reversible. - Data quality controls: define SLAs for "accurate, complete, up to date", with monitoring and exception handling. *Recommended next step* *Placement: after the requirement breakdown* ## Operationalize EU Digital Product Passport (DPP) Data Requirements & Fields across ESG workflows ESG Compliance can take EU Digital Product Passport (DPP) Data Requirements & Fields from turning the requirements into assigned actions to a reusable workflow inside Sorena. Teams working on EU Digital Product Passport (DPP) can keep owners, evidence, and next steps aligned without copying this guide into separate documents. - [Open ESG Compliance for EU Digital Product Passport (DPP) Data Requirements & Fields](/solutions/esg-compliance.md): Start from EU Digital Product Passport (DPP) Data Requirements & Fields and manage cross team sustainability work, reporting, and evidence from one workflow. - [Talk through EU Digital Product Passport (DPP)](/contact.md): Review your current process, evidence gaps, and next steps for EU Digital Product Passport (DPP) Data Requirements & Fields. ## Audit-ready DPP data model: the minimum evidence you should store Auditors and authorities care about proof: where data came from, who changed it, and whether it was valid at the time a product was placed on the market. Build evidence into the data model: provenance, timestamps, signatures, and document references. - Provenance: source system and authoritative owner per field; document references for compliance fields. - Change history: timestamps, actors, and reason codes for updates (especially for restricted fields). - Integrity controls: authentication, signatures or hashes where appropriate; version linking when DPP is replaced. - Availability: ensure DPP remains available for the delegated act period, including after operator insolvency (service provider back-up strategy). ## Primary sources - [Regulation (EU) 2024/1781 (ESPR) - Annex III (DPP data elements)](https://eur-lex.europa.eu/eli/reg/2024/1781/oj?ref=sorena.io) - Annex III enumerates the DPP data elements that delegated acts can require (IDs, commodity codes, compliance docs, manuals, operator and facility identifiers, importer EORI, service provider references). - [CEN-CENELEC CWA 18186:2025 - DPP data portal, searchability and governance guidance](https://www.cencenelec.eu/media/CEN-CENELEC/CWAs/RI/2025/cwa18186_2025.pdf?ref=sorena.io) - Practical guidance on portal setup, searchability, access rights, longevity and availability of DPP data access, and security/trust. - [CIRPASS DPP Use Cases Report (D2.2, March 2024) - why certain data matters](https://doi.org/10.5281/zenodo.10974901?ref=sorena.io) - Use cases across batteries, electronics and textiles that highlight the value of DPP data for reuse, refurbishment and recycling outcomes. - [GS1 - Digital Product Passport (standards and emerging regulations)](https://www.gs1.org/standards/standards-emerging-regulations/DPP?ref=sorena.io) - Identifier and data standards landscape relevant for DPP interoperability (e.g., GTIN and related GS1 building blocks). ## Related Topic Guides - [DPP Applicability Test (ESPR Scoping) | EU Digital Product Passport](/artifacts/eu/digital-product-passport/applicability-test.md): A step-by-step applicability test for the EU Digital Product Passport (DPP): whether your product group is covered by an ESPR delegated act. - [DPP Architecture & Integration (Open Standards, Registry, APIs) | EU Digital Product Passport](/artifacts/eu/digital-product-passport/architecture-and-integration.md): An advanced architecture guide for EU Digital Product Passport (DPP): product-centric identifiers and resolvers. - [DPP Data Carriers, Access Control & UX | QR Code, Identifier, Public vs Restricted Views](/artifacts/eu/digital-product-passport/data-carriers-access-control-and-ux.md): A deep guide to DPP data carriers and UX under ESPR 2024/1781: physical data carrier requirements (Article 10), persistent unique product identifiers. - [DPP Data Governance RACI Template | EU Digital Product Passport](/artifacts/eu/digital-product-passport/dpp-data-governance-raci-template.md): Copy/paste-ready governance templates for EU Digital Product Passport (DPP): RACI by Annex III field. - [DPP Governance, Verification & Audit Readiness | EU Digital Product Passport](/artifacts/eu/digital-product-passport/governance-verification-and-audit.md): An audit-readiness guide for EU Digital Product Passport (DPP): how to prove DPP data is accurate, complete and up to date (Article 9). - [DPP Implementation Playbook & Vendor Selection | EU Digital Product Passport](/artifacts/eu/digital-product-passport/implementation-playbook-and-vendor-selection.md): A practical playbook for implementing EU Digital Product Passport (DPP): program steps, roles, supplier onboarding, data model and identifiers. - [DPP QR Code Implementation Guide | Data Carrier + Identifier Design](/artifacts/eu/digital-product-passport/dpp-qr-code-implementation-guide.md): A practical implementation guide for using QR codes (and other data carriers) for EU Digital Product Passports: what ESPR requires (Article 10). - [DPP vs Traditional Product Passports (Labels, PDFs, EPREL) | EU Digital Product Passport](/artifacts/eu/digital-product-passport/dpp-vs-traditional-product-passports.md): A deep comparison of the EU Digital Product Passport (DPP) vs traditional product information approaches: physical labels, PDFs/manuals. - [ESPR / DPP Penalties & Fines | EU Digital Product Passport Enforcement](/artifacts/eu/digital-product-passport/penalties-and-fines.md): How penalties work for EU Digital Product Passport obligations under ESPR (Regulation (EU) 2024/1781): Member States set effective. - [EU Digital Product Passport (DPP) Checklist | Audit-Ready Implementation Steps](/artifacts/eu/digital-product-passport/checklist.md): An audit-ready DPP checklist for ESPR 2024/1781: delegated act scoping, model/batch/item granularity, Annex III data mapping, data carriers (QR/ID). - [EU Digital Product Passport (DPP) Compliance Guide | Implementation Playbook](/artifacts/eu/digital-product-passport/compliance.md): A practical compliance guide for EU Digital Product Passport (DPP) under ESPR 2024/1781: how to scope delegated acts, implement Articles 9-15 requirements. - [EU Digital Product Passport (DPP) Deadlines & Compliance Calendar | ESPR 2024/1781](/artifacts/eu/digital-product-passport/deadlines-and-compliance-calendar.md): A calendar-ready timeline for EU Digital Product Passport (DPP) under ESPR (Regulation (EU) 2024/1781): entry into force (18 Jul 2024). - [EU Digital Product Passport (DPP) FAQ | ESPR 2024/1781](/artifacts/eu/digital-product-passport/faq.md): Answers to the most searched EU DPP questions: is DPP mandatory, which products are in scope, model vs batch vs item, what data is required (Annex III). - [EU Digital Product Passport (DPP) Requirements | ESPR Articles 9-15 + Annex III](/artifacts/eu/digital-product-passport/requirements.md): A detailed, execution-ready breakdown of EU Digital Product Passport (DPP) requirements under ESPR (Regulation (EU) 2024/1781): availability (Article 9). - [What Is a Digital Product Passport (DPP)? | EU ESPR 2024/1781](/artifacts/eu/digital-product-passport/what-is-a-dpp.md): A deep explainer of the EU Digital Product Passport (DPP) under ESPR (Regulation (EU) 2024/1781): definition, who uses it, what data it contains (Annex III). --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/digital-product-passport/data-requirements-and-fields