🏗️ Why DPP matters for Steel, Iron & Aluminium

Metals supply chains face a unique combination of compliance pressure and complexity:

• Multi-site, multi-operator reality: ores, scrap, alloying, casting, rolling, finishing, and distribution are often handled by different facilities and legal entities.
• High reuse and recycling potential: circular economy outcomes depend on reliable composition, sorting, and safe handling information.
• Long lifecycles and secondary markets: metals often circulate through multiple owners and applications, increasing the need for persistent identifiers and durable data access.
• Proof and provenance expectations: regulators, customers, and market surveillance increasingly expect traceable, verifiable information—not PDFs scattered across systems.

A well-implemented DPP supports trusted disclosure, reduces friction in downstream requests, and helps create a repeatable compliance process for different product families and markets.

📦 What goes into a Metals DPP? (ESPR-aligned data blocks)

While delegated acts define the product-specific final requirements, the ESPR outlines core DPP attribute categories that are highly relevant to metals.

🆔 1) Identification & accountability (economic operator + origin)

DPPs commonly include:

• Name, contact details, and unique operator identifier of the economic operator established in the EU
• Importer information (including EORI number) where applicable
• Unique facility identifiers for production sites
• Additional operator identifiers (beyond manufacturer) where relevant

This block matters for metals because customers and authorities often need facility-level provenance and a clear accountable operator for data maintenance.

📘 2) Product & compliance documentation pointers

Typical items include:

• Manuals/instructions/warnings/safety information as required
• References to compliance documentation (e.g., declarations, certificates, technical documentation pointers)
• Relevant commodity codes (e.g., TARIC code)
• Global Trade Identification Number (GTIN) (ISO/IEC 15459-6 or equivalent) where used
• The unique product identifier at the level required by the delegated act (model/batch/item)

For metals, the operational reality is that “product” may be defined as a batch/coil/lot or another traceable unit, and DPP architecture must support that level cleanly.

🛠️ 3) Lifetime & sustainability (durability, repair, circularity)

Required categories can include:

• Durability/reliability information (where meaningful)
• Ease of repair/maintenance and upgrading (especially relevant when metals are part of complex assemblies)
• Guidance to minimize environmental impact during use
• Return/disposal instructions and recycling quality/ease

🧪 4) Materials & substances of concern

The ESPR highlights:

• Names of substances of concern
• Their location within the product
• Concentration / max concentration / concentration range
• Safe use instructions and disassembly information

For metals, this data block is critical for sorting, safe processing, and avoiding contamination in recycling streams.

🌿 5) Environmental impact & efficiency (where required)

Potential attributes include:

• Energy/resource use or efficiency
• Recycled content and recovery potential
• Waste generation and packaging metrics
• Environmental footprint / carbon footprint fields (where required)

Even where not strictly mandated at first, many organizations prepare these fields early because customers increasingly request them.

🏷️ Product UID + data carrier: making metals scannable and durable

ESPR requires a persistent unique product identifier and a machine-readable data carrier.

The carrier must be physically attached to the product, packaging, or accompanying documentation (as specified by the delegated act).

Common options:

• QR code (low cost, broad compatibility)
• RFID/e-tags (useful for industrial logistics and automated handling)

Key requirements typically include durability/readability over the lifecycle, storage capacity, data protection, and environmental impact.

For metal products, durability and placement become practical design decisions (e.g., labels on coils, plates, bundles, or shipping documents).

Online sales requirement: where metals are sold via digital catalogs or marketplaces, DPP access must remain possible (often via a clickable link or digital version of the carrier).

👥 Who is responsible? The Responsible Economic Operator (REO)

Under ESPR, the Responsible Economic Operator (REO) can be a manufacturer, authorized representative, importer, distributor, dealer, or fulfillment service provider.

REO responsibilities typically include:

• Ensuring a Product UID exists and is attached via the data carrier
• Ensuring mandatory DPP information is uploaded and accessible
• Managing lifecycle updates (where required), including complex scenarios such as refurbishment/remanufacture, where responsibility may shift if the product is considered “new” under delegated act rules
• Managing access so authorized parties can add entries (e.g., repair events) without breaking governance

🔐 Access levels: transparency without giving away sensitive know-how

DPPs are designed with access control, not a single “public everything” model.

The ESPR describes tiers such as:

• Public model-level information: identification, safe-use guidance, key sustainability attributes
• Legitimate-interest access: higher sensitivity information that could reveal know-how (e.g., detailed composition or disassembly guidance)
• Authority/notified body access: restricted compliance evidence, including test report results where applicable
• Individual product information for legitimate-interest actors (controlled access for specific purposes)

This structure is essential for metals where commercial sensitivity (recipes, supplier relationships, process parameters) must be protected while still meeting transparency requirements.

🔎 How DPP works in practice (scan → resolve → access)

In an HTTP-based implementation, the typical flow is:

1- Product carries a data carrier with a Product UID

2- A scanner (camera app, industrial reader) extracts the UID

3- If needed, UID → URI transformation occurs (to create a resolvable, canonical identifier)

4- A resolver routes the request to the correct data location (often a decentralized repository)

5- A Policy Decision Point (PDP) enforces role-based access and usage policies

6- Data is retrieved from Decentralized DPP Data Repositories (DDR), with continuity ensured via backup providers and an archive as a “service of last resort”

The EU Registry is positioned as the central reference point for essential identifiers (Product UID, Facility ID, REO/operator identifiers, and resolver references) and may interface with the EU Customs Single Window (CERTEX).

🧭 Architecture options: HTTP URIs vs DIDs (and why metals may use both)

🔗 HTTP URI-based architecture

• Uses standard web protocols (HTTP/HTTPS, TLS) and resolvers
• Supports GTIN-to-URI approaches (e.g., GS1 Digital Link)
• Fits well with existing enterprise and retail ecosystems

🪪 DID-based architecture (Decentralized Identifiers)

• A DID is a URI that resolves to a DID Document, containing verification methods and service endpoints
• Data access can be strengthened using Verifiable Credentials (VCs) and actor identities
• DID Documents are recorded in a Verifiable Data Registry (VDR) (e.g., web-based or ledger-based approaches such as EBSI-aligned methods)

This option is often evaluated for resilience (reduced dependence on DNS/domain ownership) and stronger identity/access patterns.

It is also important to avoid over-reliance on any single solution and to keep the ecosystem open—consistent with ESPR’s interoperability objectives and the principle of avoiding vendor lock-in.

✅ Data quality and compliance controls: RDF knowledge graphs + SHACL

CIRPASS-oriented thinking treats the DPP conceptually as a knowledge graph (RDF), enabling semantic interoperability across industries and systems.

To make this operational, SHACL (Shapes Constraint Language) can be used as a validation and control engine:

• Regulators translate delegated-act requirements into SHACL shapes
• REOs use templates to pre-validate DPP data before submission
• Market authorities can run consistent automated checks during surveillance
• Validation can be continuous: pre-registration, during registration, and post-registration updates

For metals—where data is often split across ERP, quality systems, lab reports, supplier declarations, and logistics—SHACL-style validation reduces missing fields, inconsistent units, and incomplete disclosures.

🔌 Integration reality: ERP / PLM / PIM (and the “metal data trail”)

A metals DPP program succeeds when it connects to existing systems that already hold “product truth,” such as:

• ERP (orders, batches, operator and facility records, commodity codes)
• PLM (specs, change history)
• PIM (customer-facing attributes)
• Quality/lab systems and document repositories (test evidence and controlled documents)

Because DPP is product-centric and often decentralized, the practical goal is not to move everything into one database, but to create a governed layer that can map, curate, validate, and publish required fields in interoperable formats.

🤝 How ComplyMarket delivers Digital Product Passport for Steel, Iron & Aluminium

ComplyMarket delivers a dedicated Digital Product Passport service for Steel, Iron & Aluminium through its integrated Compliance Management Platform, helping organizations turn fragmented product and compliance data into a structured, scalable, audit-ready DPP.

Because DPP success depends on more than a QR code, ComplyMarket supports:

• Scope and data mapping aligned to ESPR attribute blocks (model/batch/item)
• Identifier and data-carrier rollout (Product UID, Facility/Operator IDs, QR/RFID)
• Role-based access governance (public vs legitimate-interest vs authorities)
• ERP/PLM/PIM + document integration to pull from systems of record
• Validation and data quality controls consistent with SHACL/knowledge-graph concepts
• Continuity planning (decentralized compatibility, backup/archival approach)

For metals companies seeking DPP compliance with strong governance, controlled access, and audit readiness, ComplyMarket helps make DPP operational without unnecessary lock-in.