As the mandatory implementation of Digital Product Passports (DPP) approaches in the European Union, questions from the field are increasing. One of the most frequent and important is: who actually has the right to issue a DPP? Is it the manufacturer? Can a distributor do it? Or is this right reserved solely for certified solution providers (DPPSP – Digital Product Passport Solution Providers)?
The answer isn’t simple – as it involves legal, technical, and operational aspects that depend on the sector, supply chain role, regulatory framework, and technical system capabilities.
According to the current drafts of the EU’s regulatory framework (notably the Ecodesign for Sustainable Products Regulation – ESPR), the manufacturer is typically the primary entity responsible for creating and updating the DPP. This stems from the fact that the manufacturer:
owns the original data about product composition, production, and sustainability
bears legal responsibility for the accuracy of technical and safety information
must ensure transparency towards the end user
However, this doesn’t mean the manufacturer must develop or maintain the technical DPP infrastructure independently. In practice, most manufacturers collaborate with external solution providers (DPPSPs) that enable the technical framework for creating and sharing the passport.
Distributors, resellers, or importers often play a key role in the supply chain, but don’t always have the authority to create a DPP from a regulatory perspective. In some cases, they may be required to:
verify the existence and availability of the DPP
transmit the DPP to the end user
supplement the DPP with additional information (e.g., for local markets, transport, or installation)
However, the creation of a “new” digital passport by a distributor is generally not permitted—unless there is a legal basis (e.g., for products without a clearly defined EU manufacturer).
Digital Product Passport Solution Providers (DPPSPs) are technology partners that provide the software infrastructure to build, manage, and share DPPs. They are:
intermediaries, not data owners
responsible for technical accuracy, but not for legal validity of content
essential for interoperability, ensuring integration with various systems (ERP, PIM, databases)
Ultimately, a DPPSP does not issue a DPP in the legal sense—but enables the manufacturer (or another authorized party) to do so within a compliant, secure, and scalable system.
Based on CIRPASS-2 initiative documents and UNECE/ISO symposium materials, the expected responsibility hierarchy is:
The manufacturer inputs data and creates the DPP within the system
The DPPSP provides the technical platform and ensures semantic and security compliance
EU registries and oversight bodies monitor compliance and availability
Users (distributors, service providers, consumers) access the DPP via QR codes or other identifiers
This model ensures traceability, accountability, and consumer protection.
At NOS, we believe in transparency of responsibility. Our solution enables:
the manufacturer to input and update data independently
the DPPSP platform to ensure compliance with EU norms (RDF, JSON-LD, ESPR)
the end user to easily access information by scanning a QR code
The system is modular, adaptable, and supports typical processes within ERP/PIM integrations—while legal responsibility for data always remains with the product owner.
The right to issue a DPP depends on your role in the supply chain. The manufacturer is responsible for content, the DPPSP for the technical framework, and the distributor for transmission and availability. Clear role separation and technical compliance are essential for building a trustworthy DPP ecosystem.
If you want to assess whether you or your partners are ready for DPP implementation—get in touch with us.
Contact us at: info@nos.hr
