Insight


Preparing for ESPR Compliance
The DPP Chicken Race: Key CIO Challenges and Strategic Actions for Digital Product Passports

Introduction:

In July 2024 the European Parliament made a historical decision to approve years of work going into the legislation named “Eco-design for Sustainable Products Regulation” (ESPR). This will have large-scale effects on the requirements put on by companies selling or producing products intended for the European market. One requirement that is part of ESPR is that products should have a so-called Digital Product Passport (DPP). In this viewpoint, we at Opticos describe ESPR, DPP, and the potential challenges it might be to a manufacturing company CIO.

In short, these CIO will enter a waiting game, where they can act as forerunners, risking going wrong or followers risking being late. So, the CIO will find themselves in a DPP Chicken Race.

 

Background on ESPR

The proposed ESPR legislation is a cornerstone in the European Commission’s strategy to establish environmentally sustainable and circular products as the new norm. This will be achieved by requiring companies to provide sustainability and circularity data on their products using a Digital Product Passport (DPP), leading to voluntary data sharing and expansion to other sustainable aspects under Union legislation.

Uncertainties remain about what product groups will initially be prioritized. Some groups are expected to be impacted as early as 2027, identified by the EU identifying as suitable first movers. Most industries and product categories, however, are expected to be subject to regulation by 2030. The legislation will be equally applied to products intended for consumers (B2C) as well as for professional (B2B) markets.

The first delegated act specifying the product groups is expected to come into force soon. These groups will likely include those highlighted in the Circular Economy Action Plan (CEAP), such as electronics and ICT, batteries and vehicles, textiles, plastics, construction, and buildings. Although packaging is mentioned in CEAP, it is not expected to be covered by a separate delegated act.[1]

Furthermore, even though the ESPR is European legislation, it is expected to have a global impact, given the inherently global nature of supply chains, it is also likely that other regions will follow. This is partly due to political ambitions on fighting climate change, but also due to making manufacturing companies competitive. Since European legislation is implemented in a way that if you want to still sell or supply the European market you will need to follow the ESPR. By introducing similar legislation, pressure will be put on manufacturers to level up their game and still be able to export to regions with legislation in place. Of the followers, the expected upcoming US legislation will most likely be the one with biggest impact.

As noted, the ESPR regulation is currently in development, implying several uncertainties such as:

  • Scope: How should requirements vary based on company size, and what is the appropriate level for applying Digital Product Passports?
  • Technology: Questions arise about the storage and management of data, the choice of carriers, and the methods for accessing data
  • Data: What specific information will be required, and to what extent? Additionally, considerations include identifying who will be responsible for collecting, updating, and verifying the data

These aspects are still evolving and will be clarified as the ESPR regulation progresses. This makes it difficult to accurately balance your efforts now. As a CIO it’s essential to be prepared to act and understand potential challenges ahead.

 

Digital Product Passport Overview:

A Digital Product Passport (DPP) serves as a tool to gather and share information about a product throughout its entire lifecycle. It helps identify what product it is and showcases basic information as well as detailed data on sustainability, environmental impact, and recyclability of a product. The DPP records data from the entire supply chain, detailing where the raw materials come from and how the product was made. This information is then shared among different stakeholders, unlocking product insights and highlighting advantages and practical applications.

The data can be shared using different methods such as QR codes, barcodes, or NFC technology. The most likely option initially is using QR codes, given their widespread adoption across diverse industries. This preference is attributed to their common usage, ease of use, strength, and flexibility in connecting with smart devices. QR codes have potential security risks due to its simplistic nature with weblinks that can easily be exchanged by just adding an exchanged QR code on top of the original one, where users end up in fraudulent sites. It is therefore likely that more robust technologies will be developed over time.

All information requirements for a digital product passport should be relevant and serve a purpose. Each piece of information should have a clear scope and provide tangible user benefits throughout the product life cycle. At this stage, there are uncertainties regarding the information required for different industries and product groups. However, the European Commission will further elaborate on this in delegated acts [2], aiming to enhance the following product aspects:

  • Product durability and reliability
  • Product reusability
  • Product upgradability, reparability, maintenance and refurbishment
  • The presence of substances of concern in products
  • Product energy and resource efficiency
  • Recycled content in products
  • Product remanufacturing and recycling
  • The product’s carbon and environmental footprint
  • The product’s expected generation of waste material

On top of this, producers might use the digital product passport for linking to relevant documentation on the products such as user manuals, support pages, software download pages, etc.

 

Challenges for the CIO

In most companies the implications this new legislation will create will not be owned by the CIO or the IT organization. The ownership will likely land in R&D, Product management, Operations or the Legal or Sustainability departments. However, like what happened in the case of the GDPR legislation that was owned by HR and where many of the required actions landed on the IT organization to resolve, it is logical to assume this will be the case also with the ESPR/DPP legislation.

Business requirements on R&D, Operations and Legal will be broken down into IT requirements and will be put towards the IT department as change or transformation requests.

Like other major legislative agendas have done in the past (e.g., GDPR), the ESPR will significantly impact the IT landscape of large companies. It will affect applications that handle product data. In organizations focused on developing, manufacturing, and selling products, experience at Opticos indicates that this typically encompasses 30-40% of their total IT landscape [3]. In large manufacturing companies, this can equate to hundreds of applications. While not all applications will be affected, many may need to be adjusted to contribute data to the Digital Product Passport (DPP).

What kind of changes might be needed in those systems?

  • Product Data Architecture: To keep and publish product data to end consumers as regulated in ESPR and DPP the ability to keep consolidated product data in one place and being able to publish this is essential. When multiple applications handle data to be used in a publication platform like this, establishing a consistent metadata structure and standardizing attributes, both in terms of descriptions and data content, become essential. This can pose a significant challenge for large companies, particularly those with competing silos of product information, often a result from historical factors or mergers
  • Product Data Identifiers: To ensure accurate data retrieval, each product requires unique identifiers, such as model numbers, article numbers, and serial numbers. The combination of these identifiers should be unique within the company and, ideally, globally. Standards exist in this area, such as GTIN from GS1; however, it is worth noting that some of these standards are published by organizations with commercial interests
  • Product Data Quality & Supply: Even after addressing the challenges related to product data architecture and unique product identifiers, the most significant hurdle remains; populating product data with high-quality information for critical attributes. While this may seem straightforward, many of these attributes likely consist of data not directly controlled internally, requiring input from suppliers. Ensuring both the delivery and quality of this data will necessitate updated contracts with suppliers, as obtaining this information can involve substantial efforts on their part. Most manufacturers and their suppliers may even need to trace several steps down in value chain to gather data on metrics such as CO₂ emissions or water usage

Even with strong efforts to address the challenges outlined above, implementation within existing IT systems can still encounter obstacles, particularly with older legacy applications that may be unable to handle necessary changes without disrupting other operational functions. Additionally, there is the question of how much to invest in outdated platforms, especially those that are already past their intended lifecycle.

Many companies will investigate mitigating solutions, building translating and aggregating data lakes / data fabrics instead of fixing the issues in the source systems. This might work for publishing the DPP data to end consumers, however it will introduce other issues. These data lakes / data fabrics might become business critical solutions for other departments that have direct access to the customers like product documentation and aftersales. These departments need to see the same information that the end-consumers see and suddenly, these solutions have become part of the day-to-day operational IT solutions creating transactional data like tickets and spare part sales. Getting these normalized and aggregated solutions to provide data in a non-normalized and de-aggregated structure to these operational solutions might be quite cumbersome. However, for many companies these aggregated solutions built on top of the old backbone will be needed to at all be able to meet the requirements put by DPP in time. When establishing these solutions, it is important to understand the long-term risk in those solutions.

 

Our recommendations for the CIO and initial actions

So how should you as the CIO go about taking on these challenges? Opticos has a 7-step approach that can give you a better understanding of the challenges ahead for your organization. Step 1 is understanding the stakeholder situation and step 2-7 is to understand the magnitude of the data and IT challenges. Even if the ownership of the data challenges most likely resides in the business it’s not likely that the business themselves will have the capability to conduct the analysis required in step 2-7. That’s why it’s likely that the IT department will be involved and as the CIO it is wise being prepared for this.

The 7-step approach:

  1. Investigate how and when ESPR will affect your company. As a CIO this might initially mean understanding who is responsible for this question and how your company’s products are affected.
  2. Get an understanding of what data you need to publish and what potential gaps you have in supplying them
  3. Understand if data is needed on the product model/article level or on the individual product level. The latter increases complexity and demands of traceability quite dramatically and if it’s possible to avoid this then big efforts can be avoided
  4. Understand and set the data architecture needed to achieve the requirements and understand if this architecture can be achieved with existing data sources, modified data sources or new data layers aggregating and transforming the data into the architecture you need
  5. For the data you already have available investigate if the format and granularity are consistent over different data sources and in line with expectations on the ESPR publishing formats
  6. For the data you don’t have available, investigate if this data can be supplied internally by your suppliers and if the latter start discussions and negotiations with them to get that data provided in the future
  7. Secure that the data collected and published is of equivalent quality, since it’s going to be visible to end-consumers and authorities and bad data will lead to a bad market reputation in the same way as bad product quality

The time these challenges will require depends on your as-is situation, as well as the complexity of your PLM/ERP landscape. It is also dependent on how big and complex your product portfolio is and lastly how big your network of component suppliers is. For a large-scale manufacturing company, selling complex and assembled products, we at Opticos estimate that this is years of work rather than months. Therefore, good advice is to start sooner rather than later to meet the regulation timeline.

 

Business Enablement and Risks

The legislators in the EU are mostly motivating this type of legislation with decreasing environmental impact and fighting climate change. However, there is also a competitive advantage for companies to adopt this in a timely and appropriate way. By adopting the legislation companies can protect their products from being banned on the European market. Furthermore, if other less serious competitors’ products are banned then there will be less competition in the market. So, less competition can be expected for those that do this right. Long term when governments or legislating bodies in other parts of the world eventually put similar legislation in place, the companies with this infrastructure in place will have an advantage over those that chose not to make these efforts up front.

The primary risk for companies starting early and attempting to be early adopters is that they might invest in solutions that do not ultimately fulfil the actual requirements, once clarified and formalized. Solutions in this field remain relatively immature, and there are opportunistic players aiming to be first on the market, often without offering effective, comprehensive solutions. Conducting thorough evaluations and relying on neutral, unbiased advice is essential to avoid missteps.

Being an early adopter also means risk overinvesting if legislation in the end has lower requirements than was originally being communicated. However, simply waiting for an industry standard to emerge also carries significant risk, as delays could ultimately lead to products being barred from the European market due to non-compliance. From Opticos we believe that our 7-steps approach as described above is a balanced way of preparing without making unnecessary commitments and investments early on.

 

Conclusion

Aligning with ESPR requirements is crucial for companies aiming for sustainability and market success. CIOs as well as other business leaders should strive to be well prepared for upcoming challenges. ESPR/DPP will for most manufacturing companies require substantial system upgrades or changes and enforced data management. It will also require a completely new level of supplying data from suppliers. Acting proactively as a CIO in accordance with Opticos recommendations in this viewpoint will lead to reduced risk of IT ending up on the critical path for future compliance. A proactive CIO will also gain trust in the business and strengthen the position as a strategic partner.

For CIOs or business owners seeking guidance in streamlining this process, Opticos offers expertise to navigate ESPR compliance effectively. Please reach out to see how we can support your organization in this sustainable production transition.

 

[1] The proposal for the ESPR regulation encompasses all industries except for food, feed, medicinal products, veterinary medicinal products, living plants, animals and micro-organisms, products of human origin, and products of plants and animals directly related to their future reproduction.

[2] Delegated acts are a type of legal instrument that allows the Commission to make specific changes or clarifications to existing legislation without requiring a full legislative process (like passing a new law through the European Parliament and Council each time)

[3] Figures are based on Opticos experience from at least 3 major Swedish companies in the global manufacturing segment. All of those have more than 40 % of applications containing product data. It’s mainly within R&D, Operations/ERP, SCM, Purchase, Sales, e-commerce and Aftersales.

Get Access to More Insights from Opticos

Subscribe

Authors

Hans Bergström, Teodor Danielsson and Nils Andersson

Hans Bergström, is a senior business leader and partner at Opticos. He has been a Developer, Project Manager, IT strategist, Enterprise Architect and is currently associated with Strategic IT capability at Opticos.
Teodor Danielsson is a seasoned business leader and Partner at Opticos. He is also heading the Strategic IT capability.
Nils Andersson, is a senior consultant at Opticos who specializes in sustainability.

You might find this content relevant as well: