The Clock Is Running: Where the DPP Timeline Actually Stands
Two questions arrived this past week, from two different organisations, both actively engaged with their Digital Product Passport readiness. The first: "Do you think there is a reasonable chance the implementation date gets pushed back?" The second, from a different conversation entirely: "It's two years before I need to worry about this."
Both questions are understandable. Neither reflects the situation accurately. Together they point to something worth naming directly: in much of the fashion and textiles industry, the dominant response to the DPP timeline is still a hope that it becomes someone else's problem — later, or not at all.
The timeline is not ambiguous. The Delegated Act setting specific data requirements for textiles is expected by the end of 2026 or early 2027. An enforcement window of approximately 18 months follows. That puts the first compliance obligation somewhere in the 2027 to 2028 window — covering material composition, key manufacturing processes, and core environmental indicators.
That is not two years away. For an organisation that does not yet have the supplier relationships, data governance, or cross-functional alignment that a credible DPP requires, it is closer than it looks.
And 2027 is not the end of the trajectory. A second phase around 2030 deepens the requirements — more granular environmental data, greater supply chain traceability, broader lifecycle coverage. A third phase, oriented toward full circular economy integration, follows by approximately 2033. Each phase builds on what the previous one established. Organisations that treat 2027 as a destination will find themselves rebuilding rather than advancing.
The question about delays deserves a direct answer. Could the timeline slip? Possibly. Regulatory processes are rarely on schedule. But waiting on that possibility before beginning is a significant risk — because the preparation a credible DPP requires cannot be compressed into a shorter window once the deadline is confirmed.
Supplier conversations take time to establish. Data governance decisions take time to work through. Cross-functional alignment — across teams that rarely share systems, definitions, or accountability for product data — does not happen quickly. An organisation that waits for certainty before beginning will not be late by weeks. It will be late by years.
There is a geographic dimension worth understanding. The ESPR applies to products sold in the European market — not only to brands based there. A company headquartered in New York, Istanbul, or Seoul, selling into European retail, faces exactly the same obligation as one based in Milan. Market access is the test, not corporate address.
For internationally distributed brands, the DPP is not a European compliance issue sitting in the Sustainability team's inbox. It is a global operational question with a closing preparation window.
Consider what the first phase actually requires. Verified, product-specific data on material composition — not averaged across a range, but traceable to specific materials from specific sources. Manufacturing process information linked to individual products. Environmental indicators that can be substantiated, not estimated.
In most organisations in this sector that data does not currently exist in the form required. Building it means starting conversations with suppliers now. It means making governance decisions about who owns product data and how it is maintained. It means Finance understanding what the investment case actually covers. It means Legal understanding the evidentiary implications of claims that will persist across a multi-year regulatory horizon. None of that work begins on its own.
Eighteen months from the adoption of the Delegated Act is not eighteen months to build that capability. It is eighteen months after the specific requirements land — by which point organisations that have not yet started will be in genuine difficulty.
There is something in that second question worth sitting with — the framing of the DPP as something to worry about. That framing is telling. It positions the regulation as a threat to be managed rather than a signal to be read.
The organisations paying closest attention have noticed something that the denial response obscures. The data infrastructure a credible DPP requires is the same infrastructure that enables better sourcing decisions, more defensible sustainability claims, and the operational foundations for circular business models. The compliance requirement and the strategic opportunity are not separate tracks. They are the same investment, read from different angles.
That is not a reason to delay worrying. It is a reason to start thinking differently about what the work is for.
Michael Shea is a digital excellence advisor, non-executive director, and leadership coach working with organisations navigating the human and technical dimensions of digital transformation. He hosts The Aeolian Discourse and writes at The Aeolian.