Commercial · Build vs. buy · Pricing

Turnkey ESPR readiness, without the build.

OpenDPP is a Digital Product Passport Service Provider (DPPSP): connect your ERP/PLM and issue sealed, verification-ready passports in days — instead of spending months turning CEN/CENELEC JTC 24 rules into database schemas.

Why a sovereign node

One URI for auditors, crawlers and consumers — your data stays yours

OpenDPP hosts your passport data; the planned EU registry (ESPR Art.13) is designed to index only identifiers — OpenDPP is registry-ready, with integration pending the live Commission API. You satisfy the data-sovereignty obligation without exposing trade secrets.

The single-URI imperative

HTTP content negotiation serves the same QR (GS1 Digital Link) carrier as machine-readable JSON-LD to crawlers and auditors, and a premium layout to people.

Data sovereignty (EN 18221)

Chemical formulas, material ratios and facility coordinates live in your own PostgreSQL space — the planned EU central registry is designed to hold only Unique Product Identifier pointers.

GS1-compliant paths built in

Native Digital Link gateways (/01/:upi/21/:ufi) for instant mobile sweeps and machine-readable queries — no resolver to build or maintain.

Automatic seal custody

Self-service eIDAS advanced electronic seal key rotation with AES-256-GCM envelope encryption (encrypted vault custody in Postgres) — signing keys never leave the vault in the clear.

Build vs. buy

What building ESPR compliance in-house really costs

Translating JTC 24 rules into schemas, resolvers and trust constructs is hundreds of engineering hours — and an ongoing liability.

High upfront cost

Months mapping CIRPASS-2 semantic-graph parameters and eIDAS trust constructs before you ship a single passport.

Endless DB migrations

Rewriting tables every time sector legislation, chemical thresholds or product schemas change.

Resolver complexity

Building and maintaining robust content negotiation and GS1 Digital Link resolvers natively, forever.

Compliance risk

A single validation miss (formaldehyde ppm, a bad country code) can get a shipment held at the border.

Turnkey OpenDPP nodes

Or connect once and be passport-ready in days

A managed, standards-native node with everything the build column above demands — already built, tested and maintained for you.

Instant infrastructure

Connect your ERP/PLM to /api/v1/passports with built-in validation for all in-scope sectors — go live in days.

Zero-migration Postgres

Relational columns for universal properties + GIN-indexed JSONB for dynamic attributes — schemas evolve without migrations.

Compliance, simplified

Programmatic validation for every sector's thresholds reduces the risk of border delays by catching bad data before you publish.

By sector

Sector-specific compliance, validated out of the box

OpenDPP's schema validation handles the specific physical properties each priority sector's delegated acts demand.

Textiles & Apparel

Wave-1 priority. Fiber compositions must sum to 100%, REACH Entry 72 limits are audited programmatically (formaldehyde ≤75ppm, arylamines ≤30ppm, phthalates ≤0.1%), plus EUDR forest-sourcing coordinates and UFLPA forced-labor bill-of-lading checks.

Batteries

Hard deadline Feb 18 2027 (Reg. EU 2023/1542). Every industrial (>2kWh), EV and LMT battery needs an individually sealed passport: Scope 1/2/3 carbon footprint, recycled-share thresholds (cobalt, lithium, lead, nickel), and durability/SoC lifecycle data.

Electronics & ICT

WEEE circularity: a repairability index (0–10) and durability scorecard surfaced to consumers, standby-power limits enforced in exact W/mW units, and post-consumer recycled-plastic ratios tracked inside casings.

Iron & Steel

Decarbonisation declarations: tensile-class bindings (e.g. S355JR), scrap-metal input ratios, and CO₂e-per-tonne carbon-intensity figures traced through the metallurgy profile. (A steel DPP is expected under a future ESPR delegated act — not yet in force.)

Pricing

Plans that scale with your catalog

Billed monthly on an annual term (1 or 3 years). EU-hosted and eIDAS-signed on every tier — no plan setup fees.

Micro
€99/mo
For your first products getting 2027-ready.
  • Up to 10 product passports
  • eIDAS signing & GS1 Digital Link
  • Public passport pages
  • EU data residency
Scale
€899/mo
For high-volume catalogs.
  • Up to 1,000 product passports
  • Everything in Growth
  • UNTP supply-chain trace
  • Advanced roles & permissions

View all plans, the free pilot & add-ons

Prices ex-VAT. Start with a free 30-day pilot, or talk to our team for higher-volume steps, add-ons, or custom Enterprise terms.

Enterprise security & compliance

The questions procurement and security teams ask

How does OpenDPP secure our proprietary supplier margins and trade secrets?

Unauthenticated public scans automatically mask privileged upstream detail — the facilityDetails object is replaced with "[REDACTED — Privileged Access Required]". EORI numbers, EUDR coordinate polygons and bill-of-lading hashes are revealed in-memory only to parties you (or your authority workflow) have granted access — or to your own operators.

Is OpenDPP compliant with GDPR and EU privacy directives?

Designed for GDPR and privacy-by-default: all data hosting resides exclusively in the EU (Belgium and Germany), access logs anonymise IPs (IPv4 to subnet, IPv6 to /48), built-in data-subject and full-tenant export tooling supports your access/portability duties, and Iubenda auto-blocking consent banners cover GDPR + ePrivacy.

What happens if our brand goes out of business — does our compliance data die?

OpenDPP is built to align with horizontal standard EN 18221 (Data Storage, Archiving & Persistence): passports and transaction proofs are designed to remain archived and resolvable for 15 years (per PASSPORT_RETENTION_YEARS), independent of your operating status, helping reduce residual compliance exposure.

How are eIDAS private keys protected inside the database?

Envelope encryption with aes-256-gcm (encrypted vault custody, software custody — per-tenant, in Postgres): the tenant ECDSA prime256v1 private key is encrypted with a master server key before storage, so even a direct DB compromise cannot leak raw signing credentials. It is decrypted in-memory only to apply the advanced electronic seal, aligned with FprEN 18246 (final draft, at formal vote).

Can our ERP or PLM systems connect to OpenDPP programmatically?

Yes — a developer-first REST API on Fastify. Integrators call POST /api/v1/passports with scoped Bearer keys, and webhook workers push lifecycle events (passport.sealed, passport.recalled) back to SAP / Centric PLM with HMAC-SHA256 signatures.

Stop building compliance. Start shipping passports.

Connect your catalog and issue your first signed Digital Product Passport this week.

Get started
Key takeaways

OpenDPP protects business assets by keeping product metrics local. Key business features include CE marking Declaration of Conformity templates, offline-verifiable ECDSA Merkle-root seals over JSON-LD product data, and compatibility with supply-chain audits. OpenDPP is registry-ready — integration with the future EU registry (ESPR Art.13) is pending the live Commission API.

OpenDPP Business Features & ESPR Readiness · Last reviewed