PassPer / Standards & sovereignty
Standards-native · EU-sovereign · No lock-in

Your compliance record is yours. We just run it.

A Digital Product Passport has to outlive your product, your vendor and possibly your company. That only works if it's built on open standards, hosted under EU jurisdiction, and exportable at any moment. That's how PassPer is built — deliberately.

The standards we implement

Built on the rails the regulation runs on.

Identifiers & resolution

GS1 Digital Link

Passports resolve at GS1 Digital Link URIs — /01/{gtin} with serial-level granularity (/21/{serial}). Carriers: QR, GS1 Data Matrix (real ISO/IEC 16022 ECC 200), NFC/RFID payloads. GTIN check-digit validation on intake.

Live
Data model

W3C JSON-LD

Every passport serialises as JSON-LD with layered context — machine-readable, linked-data-native, and served with content negotiation from the same public URL humans see.

Live
Industry 4.0

Asset Administration Shell (AAS)

One click projects a passport into AAS submodels (application/aas+json) for IDTA / Industry-4.0 ecosystems and dataspace integrations — the lingua franca of industrial digital twins.

Live
Reference architecture

CIRPASS-2 aligned · ESPR 2024/1781

The passport structure, registry pointer records and access model track the CIRPASS-2 reference architecture and ESPR's mandated three-tier access (public / professional / authority), enforced at the resolver.

Live
Integrity

Signed, hash-chained audit trail

HMAC-signed, hash-chained lifecycle events and SHA-256 version snapshots on every publish. PassPer Verify extends the same principle to any compliance document — hashed client-side, publicly re-verifiable.

Live
Trust services

eIDAS advanced seals · UNTP

eIDAS advanced electronic seals on passports and Verify records (targeting the FprEN 18246 construct) and UNTP credential issuance are on the 2026 roadmap — the signing rails exist; the qualified trust layer is next.

2026 roadmap
The no-lock-in pledge

Six commitments we put in writing.

🇪🇺 EU-hosted, EU jurisdictionAll passport data lives on EU infrastructure under EU law. No US cloud dependency in the serving path.
📤 Export anytimeFull export in JSON-LD, CSV and AAS at every tier — including the free pilot. Leaving is a download, not a negotiation.
🔓 Open standards firstIdentifiers, serialisation and interfaces follow GS1, W3C and IDTA standards — your data works in any conformant system.
🗄️ Independent persistenceBackup custody keeps passports reachable for their regulated lifetime — ESPR expects your passport to survive even your vendor.
🔍 Verifiable by anyonePublic verification pages and hash-anchored records — auditors don't need an account or our permission to check integrity.
📖 Honest labelsEverything on this page is marked Live or Roadmap. We sell what's built, and we say what isn't yet.

Standards-native, sovereign — and the best price on the market.

See the numbers side by side, then try it on your own products.

Start free See pricing