OpenDPP
Client Console Book a demo
Standards · CEN/CENELEC JTC 24

The European DPP standards, explained.

On 27 May 2026, CEN and CENELEC published the first six European standards for the Digital Product Passport — EN 18216, EN 18219, EN 18220, EN 18221, EN 18222 and EN 18223 — developed by joint technical committee JTC 24 under the European Commission's standardisation request M/604. Two more, FprEN 18239 (access rights) and FprEN 18246 (data authentication), are in the final stages. This page explains what each one covers, why it matters, and where OpenDPP stands against it.

Last updated: · reviewed against CEN/CENELEC and EUR-Lex sources

Talk standards with us Read the breakdown
Legal status

Published — but not yet cited in the Official Journal

Publication by CEN/CENELEC and citation in the Official Journal of the EU are different milestones. The six standards above exist and can be implemented today, but none has been cited in the OJEU yet — once they are cited, conformity with them will ground a presumption of conformity with the corresponding ESPR requirements. Until then, building to the standards is sound engineering and sensible de-risking, not a legal shortcut.

If a vendor tells you their system "is certified against the DPP standards", ask which standard, which clause, and by whom — as of June 2026 there is no OJEU citation and no harmonised certification scheme to certify against.

— A useful question for procurement
EN 18216:2026 · published 27 May 2026

EN 18216:2026 — Data exchange protocols

EN 18216:2026 specifies the protocols used to exchange Digital Product Passport data between systems — how passport data moves between economic operators, service providers, authorities and other participants.

Why it matters. Exchange is where vendor lock-in usually hides. A standard wire protocol means a passport created in one system can be consumed by another without a bespoke integration per counterparty.

Where OpenDPP stands. OpenDPP serves passports over open, content-negotiated HTTP (HTML, W3C JSON-LD, AAS) so any standards-aware consumer can read them.

EN 18219:2026 · published 27 May 2026

EN 18219:2026 — Unique identifiers

EN 18219:2026 specifies the unique identifiers at the heart of every Digital Product Passport: the Unique Product Identifier (UPI), the Unique Operator Identifier (UOI) and the Unique Facility Identifier (UFI), and the rules for constructing and resolving them.

Why it matters. The identifier is the passport's primary key for the next 15+ years — it is what the EU registry will index and what every QR code ultimately resolves.

Where OpenDPP stands. OpenDPP issues GS1-based identifiers (GTIN/GRAI product keys, GLN facility identifiers with mod-10 validation) and resolves them through GS1 Digital Link URIs.

EN 18220:2026 · published 27 May 2026

EN 18220:2026 — Data carriers

EN 18220:2026 specifies the physical data carriers that link a product to its passport — scannable QR / 2D data-matrix codes, NFC and RFID — and how a carrier encodes the unique identifier.

Why it matters. The carrier is the only part of the passport a consumer ever touches: one scan must open the right record for the right unit, even after years in service.

Where OpenDPP stands. OpenDPP generates print-grade GS1 Digital Link QR codes (PNG/SVG), including per-unit codes carrying the real serial in GS1 AI 21. NFC and RFID carriers are in the standard's scope but not implemented by OpenDPP.

EN 18221:2026 · published 27 May 2026

EN 18221:2026 — Data storage, archiving & persistence

EN 18221:2026 specifies how Digital Product Passport data is stored, archived and kept available — including the expectation that a passport remains resolvable for a long horizon (on the order of 15 years) after the product is placed on the market, independent of the issuing company's fate.

Why it matters. It answers the “digital death” problem: a passport that disappears when its issuer is acquired, migrates systems or goes bankrupt fails the persistence duty.

Where OpenDPP stands. OpenDPP keeps passports publicly resolvable through archival: operators and workspaces are soft-deleted, passports are retained for the configured retention window (15 years by default), and hard deletion is refused before the retention deadline.

EN 18222:2026 · published 27 May 2026

EN 18222:2026 — APIs for lifecycle management & searchability

EN 18222:2026 specifies application programming interfaces for managing a Digital Product Passport through its lifecycle — creation, updates, status changes — and for searching passport data.

Why it matters. It turns the DPP from a static web page into infrastructure: ERP/PLM systems, marketplaces and recyclers need machine APIs, not portals.

Where OpenDPP stands. OpenDPP exposes a REST API for passport creation, lifecycle status changes (active, recalled, decommissioned), per-unit telemetry and webhook notifications.

EN 18223:2026 · published 27 May 2026

EN 18223:2026 — System interoperability

EN 18223:2026 specifies the interoperability requirements between Digital Product Passport systems — shared data formats and semantics so passports from different providers can be read with one toolchain.

Why it matters. Interoperability is the regulation's answer to fragmentation: thousands of issuers, one consumer experience.

Where OpenDPP stands. OpenDPP emits W3C JSON-LD with shared ontologies and an Asset Administration Shell (AAS v3.0) representation of the same passport.

Still in the pipeline

The two standards to watch next

  • FprEN 18239 — Access rights managementFinal draft — publication expected around September 2026. Defines how access to restricted passport data is managed — which roles (authorities, repairers, recyclers, persons with a legitimate interest) may read which data tiers, and how that is enforced and documented. OpenDPP's role-based access controls and legitimate-interest grant flow are built along the draft's tiering model.
  • FprEN 18246 — Data authentication & integrityFinal draft, at formal vote. Defines how passport data is authenticated — Electronically Signed Data Constructs (ESDC) so any party can verify that a passport genuinely came from the declared operator and has not been altered. OpenDPP seals passports with eIDAS advanced electronic seals along the final draft's model; any verifier can check a seal offline.
Primary sources

Where these facts come from

Standards status: CEN/CENELEC (JTC 24 publications, 27 May 2026). Regulatory basis: Regulation (EU) 2024/1781 (ESPR) and the European Commission's ESPR implementation hub. For the rollout schedule, see our ESPR timeline; for the registry, see the EU DPP Registry explainer.

Build on the standards without reading all eight.

OpenDPP tracks the EN 182xx series and turns it into a guided workflow — see a sealed, standards-aligned passport in minutes.

Book a demo
Key takeaways

On 27 May 2026, CEN and CENELEC published the first six European Digital Product Passport standards, developed by joint technical committee JTC 24 under the European Commission’s standardisation request M/604: EN 18216 (data exchange protocols), EN 18219 (unique identifiers), EN 18220 (data carriers), EN 18221 (data storage, archiving and persistence), EN 18222 (APIs for lifecycle management and searchability) and EN 18223 (system interoperability). Two more are in the pipeline: FprEN 18239 (access rights management) and FprEN 18246 (data authentication and integrity). None is yet cited in the Official Journal of the EU, so no presumption of conformity exists today.

The European DPP standards (EN 182xx) · Last reviewed