What a Digital Product Passport Actually Is (And What It Isn't)
It is worth being generous about how the Digital Product Passport has been understood — or misunderstood — by many of the organisations now trying to prepare for it. The early conversation around the DPP was dominated by its most visible feature: a data carrier, typically a QR code, attached to a product and scannable by anyone in the value chain. That image lodged early, and it shaped the first wave of organisational responses. If the DPP is essentially a smart label, then DPP readiness is essentially a labelling project — something that sits naturally with marketing, perhaps with sustainability communications, and requires modest investment in the right tagging technology.
That reading was not unreasonable given what was publicly visible at the time — but it was the wrong one. And organisations that built their early DPP thinking around it are now discovering that the foundation needs to be re-examined.
The QR code is real. It will be there, on the product, scannable, pointing to a structured data record. But the QR code is the last thing — the endpoint of a set of organisational capabilities that either exist or don't. What the code points to is a verified, structured, product-specific data record containing information about material composition, manufacturing processes, environmental indicators, chemical compliance, repairability, and end-of-life handling. That information has to be accurate. It has to be verifiable. It has to be linked to a specific product, not averaged across a range. And it has to remain accessible and current across the product's entire lifecycle.
None of that is a labelling problem. It is a data problem, a governance problem, a supplier relationship problem, and an organisational capability problem.
Consider what has to be true for a DPP to contain reliable information about a garment's material composition. Someone has to know what the garment is actually made of — not at the level of a generic bill of materials, but traceable to specific materials from specific sources. That information has to have been collected, verified, and retained in a form that can be linked to that product. It has to have survived the journey from supplier to manufacturer to brand without being lost, averaged, or substituted with an estimate. And it has to be maintained — because if the supplier changes a material mid-season, the passport needs to reflect that.
A credible DPP is not something an organisation produces. It is something an organisation becomes capable of producing — through the decisions it makes about how it manages data, how it structures supplier relationships, how it governs product information across functions, and how it thinks about data not as a byproduct of transactions but as an asset worth maintaining.
This is why the organisations making genuine progress on DPP readiness tend not to be the ones that launched a DPP project. They are the ones that invested in data capability — and found that the passport followed from that investment rather than preceding it.
The distinction matters practically. A DPP project has a scope, a timeline, and a delivery date. It produces an output. An investment in data capability produces an organisation that knows its products — their composition, their provenance, their environmental footprint — well enough that producing a verified digital record is, in the end, not the hard part.
The hard part is building the capability. That means shared data definitions across functions that currently operate with different systems and different understandings of what product data means. It means supplier relationships structured around data quality, not just commercial terms. It means governance — someone, somewhere in the organisation, owning the integrity of product data end to end. None of those are technology decisions. They are organisational ones.
The right mental model for the DPP, then, is not a label, and not a project. It is a signal — one that tells you something about the organisation behind the product. A passport that contains verified, traceable, product-specific data is evidence of an organisation that treats its product knowledge as a managed asset. A passport assembled from estimates and aggregations, structured specifically to satisfy a regulatory requirement, is evidence of an organisation that has understood the letter but not the substance.
Regulators will increasingly be able to tell the difference. So will the auditors, investors, and procurement teams that will use DPP data as a basis for their own decisions.
The question the DPP asks of an organisation is not whether it can produce a QR code. It is whether it is the kind of organisation whose products can honestly have one.
Michael Shea is a digital excellence advisor, non-executive director, and leadership coach working with organisations navigating the human and technical dimensions of digital transformation. He hosts The Aeolian Discourse and writes at The Aeolian.