There is a particular moment organisations encounter when they move from reading about the Digital Product Passport to actually examining what it would require of them. The regulation, until that point, has been an abstraction — a compliance horizon, a project, a deadline. Then someone asks a specific question: what data do we actually have, for a specific product, that would go into a passport today?

The answer to that question is the mirror. And for most organisations, the reflection is instructive.

Two questions arrived this past week, from two different organisations, both actively engaged with their Digital Product Passport readiness. The first: "Do you think there is a reasonable chance the implementation date gets pushed back?" The second, from a different conversation entirely: "It's two years before I need to worry about this."

Both questions are understandable. Neither reflects the situation accurately.

It is worth being generous about how the Digital Product Passport has been understood — or misunderstood — by many of the organisations now trying to prepare for it. The early conversation around the DPP was dominated by its most visible feature: a data carrier, typically a QR code, attached to a product and scannable by anyone in the value chain.

That reading was not unreasonable given what was publicly visible at the time — but it was the wrong one.