A Digital Product Passport is not a form you fill in once — it's a living, signed record built from data that mostly lives with your suppliers. Here is exactly how PassPer gets you from that reality to an audit-ready passport, and what runs underneath.
Upload BOMs, spec sheets, certificates, test reports — PDF, spreadsheet or scan. The AI extraction pipeline reads them, maps every value to the right passport field with a confidence score and a source reference, and detects language (10 languages covered, EU-normalised output). Nothing is auto-published: a human reviews and applies.
The fields you can't extract live up your supply chain. Send suppliers a single tokenised link — no account, no login, mobile-friendly, in their language. Responses flow back into the passport for one-click review-and-apply, auto-chase sequences handle the silence, and verified declarations are reusable across products and buyers.
Every sector runs through the same Regulation Profile engine — the battery profile alone carries 110 fields aligned to DIN DKE SPEC 99100. Rules validate values, the readiness score updates live, and the reviewer/approver workflow signs off before anything goes public. When a delegated act changes, the profile updates as data — you don't redeploy.
Publishing creates a SHA-256 version snapshot and writes a signed, hash-chained event to the passport's audit log — every lifecycle transition is tamper-evident. The passport goes live behind a GS1 Digital Link QR, and the public resolver shows each audience its access-tier-appropriate slice: consumer, professional, authority.
Identifiers are prepared for the EU DPP Registry — the submission pipeline is built and validates today, and connects the day the official API opens. Persistence is designed in: EU-hosted storage plus an independent backup-custody path, because the regulation requires your passport to outlive both the product and, if necessary, you.
Fields, rules, access tiers and legal bases are data, not code. Battery, textiles, electronics, furniture — one engine, zero sector-specific application code, versioned profiles with diff-aware change impact.
Passports resolve at /01/{gtin} and /01/{gtin}/21/{serial} — GTIN-keyed, serial-aware, carrier-agnostic (QR, Data Matrix ISO/IEC 16022, NFC/RFID payloads). Print-safety checks block labels that would point at an unreachable host.
Every field carries its access tier. The same passport serves the public view, the professional view (repairers, recyclers) and the authority view — enforced at the resolver, not painted on in the UI.
Every lifecycle transition writes an HMAC-signed event chained to the previous one; every publish creates a SHA-256 content snapshot. Tampering breaks the chain visibly. eIDAS advanced seals are on the 2026 roadmap.
Passports serialise as W3C JSON-LD with layered context, and project into Asset Administration Shell submodels (application/aas+json) for Industry-4.0 ecosystems. CSV and API access included.
All data on EU infrastructure under EU jurisdiction. Export everything at any time — JSON-LD, CSV, AAS. Your compliance record is yours; we just run it. See standards & sovereignty.
Several platforms will hash, seal and publish whatever data you hand them — and quietly assume you already have it. But the passport fields live with your suppliers, in PDFs, in ten languages, behind email threads. That's the actual work of DPP compliance, and it's the part PassPer is built around: AI extraction, supplier collection, evidence with provenance — and then the sealing and publishing too.