SIST EN 18216:2026
(Main)Digital product passport - Data exchange protocols
Digital product passport - Data exchange protocols
This document defines a standard for secure and efficient data exchange protocols and data formats to be used for the digital product passport. Data exchange protocols establish the rules and procedures that systems follow when communicating and exchanging information. Data formats define the structure and presentation of that information so it can be understood and processed correctly by the involved systems. Together, protocols and formats ensure that data can be exchanged in a manner that is secure, interoperable, reliable, and compatible across various platforms and sectors.
This will guarantee that data are human and machine-readable, structured, searchable, and transferable through an open, interoperable network without vendor lock-in.
a) Secure communication:
This document defines protocols that ensure secure and authenticated data exchange between systems, ensuring that data are protected against unauthorised access and, when necessary, only authorized entities can access the information.
b) Interoperability for data exchange:
The protocols and data formats defined in this document support easy integration with existing data exchange systems, ensure compatibility of protocols and formats across various sectors and supporting a wide range of applications and use cases.
c) Ease of use and integration:
Ensure that the identified protocols and formats can be implemented easily, especially for mobile devices, and are user-friendly in order to facilitate widespread adoption.
d) Data integrity:
The protocols and data formats defined in this document ensure the integrity of information linked to physical objects and electronic data throughout the entire value chain, extending to the product's or asset's end-of-life.
e) Documentation and discoverability:
The protocols and formats are available to individuals without specialized knowledge, enabling broader adoption across sectors.
In order to promote interoperability, reduce costs for businesses, and align with existing European regulations and initiatives, this document considers the data exchange protocols and data formats already in use in other legislations. Relevant existing standards are integrated into the development process to ensure consistency and coherence with industry practices and regulatory frameworks.
Digitaler Produktpass - Protokolle zum Datenaustausch
Dieses Dokument beschreibt eine Norm für sichere und effiziente Datenaustauschprotokolle und Datenformate, die für den digitalen Produktpass zu verwenden sind. Datenaustauschprotokolle legen die Regeln und Verfahren fest, die Systeme bei der Kommunikation und dem Austausch von Informationen befolgen. Datenformate definieren die Struktur und Darstellung dieser Informationen, damit sie von den beteiligten Systemen verstanden und korrekt verarbeitet werden können. Protokolle und Formate stellen gemeinsam sicher, dass Daten sicher, zuverlässig und kompatibel über verschiedene Plattformen und Sektoren hinweg ausgetauscht werden können.
Dadurch wird sichergestellt, dass die Daten maschinenlesbar, strukturiert, durchsuchbar und über ein offenes, interoperables Netzwerk ohne Vendor Lock in übertragbar sind.
a) Sichere Kommunikation:
Diese Norm legt Protokolle fest, die einen sicheren und authentifizierten Datenaustausch zwischen Systemen sicherstellen, wobei sie sicherstellen, dass die Daten vor unbefugtem Zugriff geschützt sind und nur befugte Stellen auf die Informationen zugreifen können.
b) Interoperabilität für den Datenaustausch:
Die in dieser Norm festgelegten Protokolle und Datenformate ermöglichen eine einfache Integration in bestehende Datenaustauschsysteme, stellen die Kompatibilität von Protokollen und Formaten in verschiedenen Sektoren sicher und unterstützen eine Vielzahl von Anwendungen und Anwendungsfällen.
c) Benutzerfreundlichkeit und Integration:
Es wird sichergestellt, dass die ermittelten Protokolle und Formate leicht implementiert werden können, insbesondere für mobile Geräte, und dass sie benutzerfreundlich sind, um eine flächendeckende Anwendung zu erleichtern.
d) Datenintegrität:
Die in diesem Dokument festgelegten Protokolle und Datenformate stellen die Integrität von Informationen, die mit physikalischen Objekten und elektronischen Daten verknüpft sind, in der gesamten Wertschöpfungskette bis hin zum Ende der Nutzungsdauer des Produkts oder der Anlage sicher.
e) Dokumentation und Auffindbarkeit:
Die Protokolle und Formate sind auch für Einzelpersonen ohne Fachwissen zugänglich, wodurch eine breitere sektorübergreifende Anwendung ermöglicht wird.
Um die Interoperabilität zu fördern, die Kosten für Unternehmen zu senken und sich an bestehende europäische Verordnungen und Initiativen anzupassen, berücksichtigt dieses Dokument die Datenaustauschprotokolle und Datenformate, die bereits in anderen Gesetzgebungen verwendet werden. Maßgebliche bestehende Normen werden in den Entwicklungsprozess integriert, um Konsistenz und Kohärenz mit den Praktiken der Industrie und den rechtlichen Rahmenbedingungen sicherzustellen.
Passeport numérique des produits - Protocoles d'échange de données
Le présent document définit une norme pour les protocoles d'échange de données et les formats de données sécurisés et efficaces à utiliser pour le passeport numérique des produits. Les protocoles d'échange de données établissent les règles et procédures que suivent les systèmes lorsqu'ils communiquent et échangent des informations. Les formats de données définissent la structure et la présentation de ces informations de sorte qu'elles puissent être comprises et traitées correctement par les systèmes concernés. Ensemble, les protocoles et les formats garantissent que les données peuvent être échangées d'une manière sécurisée, interopérable, fiable et compatible entre différentes plates-formes et différents secteurs.
Cela garantira que les données sont lisibles par l'homme et par machine, structurées, interrogeables et transférables par l'intermédiaire d'un réseau ouvert et interopérable sans verrouillage du fournisseur.
a) Communication sécurisée:
Le présent document définit des protocoles qui garantissent un échange de données sécurisé et authentifié entre systèmes, garantissant que les données sont protégées contre un accès non autorisé et, lorsque cela est nécessaire, que seules les entités autorisées peuvent accéder aux informations.
b) Interopérabilité pour l'échange de données:
Les protocoles et formats de données définis dans le présent document permettent une intégration facile dans les systèmes d'échange de données existants, garantissent la compatibilité des protocoles et des formats dans différents secteurs et prennent en charge un large éventail d'applications et de cas d'utilisation.
c) Facilité d'utilisation et d'intégration:
S'assurer que les protocoles et formats identifiés peuvent être mis en œuvre facilement, en particulier pour les appareils mobiles, et qu'ils sont conviviaux afin de faciliter une adoption généralisée.
d) Intégrité des données:
Les protocoles et formats de données définis dans le présent document garantissent l'intégrité des informations liées aux objets physiques et des données électroniques tout au long de la chaîne de valeur, s'étendant jusqu'à la fin de vie du produit ou de l'actif.
e) Documentation et découvrabilité:
Les protocoles et formats sont mis à la disposition des individus sans connaissances spécialisées, ce qui permet une adoption généralisée dans tous les secteurs.
Afin de promouvoir l'interopérabilité, de réduire les coûts pour les entreprises et de s'aligner sur les réglementations et initiatives européennes existantes, le présent document prend en compte les protocoles d'échange de données et les formats de données déjà utilisés dans d'autres législations. Les normes existantes pertinentes sont intégrées dans le processus de développement afin d'assurer la cohérence avec les pratiques de l'industrie et les cadres réglementaires.
Digitalni potni list izdelka - Protokoli za izmenjavo podatkov
Ta dokument opredeljuje standard za varne in učinkovite protokole za izmenjavo podatkov in podatkovne formate, ki se uporabljajo za digitalni produktni potni list. Protokoli za izmenjavo podatkov določajo pravila in postopke, ki jih sistemi upoštevajo pri komunikaciji in izmenjavi informacij. Podatkovni formati določajo strukturo in predstavitev teh informacij, tako da jih lahko vključeni sistemi pravilno razumejo in obdelajo. Skupaj protokoli in formati zagotavljajo, da se podatki lahko izmenjujejo na način, ki je varen, interoperabilen, zanesljiv in združljiv na različnih platformah in v različnih sektorjih.
To bo zagotovilo, da so podatki berljivi za ljudi in stroje, strukturirani, iskalni in prenosljivi prek odprtega, interoperabilnega omrežja brez vezave na določenega ponudnika.
a) Varna komunikacija:
Ta dokument opredeljuje protokole, ki zagotavljajo varno in avtenticirano izmenjavo podatkov med sistemi, s čimer zagotavljajo, da so podatki zaščiteni pred nepooblaščenim dostopom in, kadar je to potrebno, da lahko do informacij dostopajo le pooblaščeni subjekti.
b) Interoperabilnost za izmenjavo podatkov:
Protokoli in podatkovni formati, opredeljeni v tem dokumentu, podpirajo enostavno integracijo z obstoječimi sistemi za izmenjavo podatkov, zagotavljajo združljivost protokolov in formatov v različnih sektorjih ter podpirajo širok spekter aplikacij in primerov uporabe.
c) Enostavnost uporabe in integracije:
Zagotavljanje, da se lahko identificirani protokoli in formati enostavno implementirajo, zlasti za mobilne naprave, in so uporabniku prijazni, da se olajša njihova široka uporaba.
d) Celovitost podatkov:
Protokoli in podatkovni formati, opredeljeni v tem dokumentu, zagotavljajo celovitost informacij, povezanih s fizičnimi objekti in elektronskimi podatki skozi celotno vrednostno verigo, vse do konca življenjske dobe izdelka ali sredstva.
e) Dokumentacija in odkrivanje:
Protokoli in formati so dostopni posameznikom brez specializiranega znanja, kar omogoča širšo uporabo v različnih sektorjih.
Da bi spodbujali interoperabilnost, zmanjšali stroške za podjetja in se uskladili z obstoječimi evropskimi predpisi in pobudami, ta dokument upošteva protokole za izmenjavo podatkov in podatkovne formate, ki so že v uporabi v drugih zakonodajah. Ustrezni obstoječi standardi so vključeni v razvojni proces, da se zagotovi skladnost in koherentnost z industrijskimi praksami in regulativnimi okviri.
General Information
- Status
- Published
- Public Enquiry End Date
- 18-Sep-2025
- Publication Date
- 15-Jun-2026
- Technical Committee
- DPP - Digital Product Passport
- Current Stage
- 6060 - National Implementation/Publication (Adopted Project)
- Start Date
- 05-Jun-2026
- Due Date
- 10-Aug-2026
- Completion Date
- 16-Jun-2026
Overview
SIST EN 18216:2026 – Digital Product Passport: Data Exchange Protocols is a key European standard developed to define secure and efficient data exchange protocols and data formats for digital product passports (DPP). Published by SIST, this standard is crucial for enabling safe, interoperable, and reliable sharing of product data throughout the lifecycle of goods. The requirements outlined ensure data is structured, searchable, human and machine-readable, and transferable across diverse platforms and stakeholders without vendor lock-in.
The standard builds on established web protocols and incorporates security, ease of adoption, and transparent integration, promoting compatibility with existing workflows and regulatory frameworks. By harmonizing data exchange processes, SIST EN 18216:2026 supports organizations in meeting regulatory requirements, such as EU ecodesign directives, and enabling a sustainable, circular economy.
Key Topics
Secure Communication
The standard mandates the use of secure protocols, such as HTTPS (HTTP over TLS), ensuring that data transfer between systems is encrypted, authenticated, and protected against unauthorized access.Interoperability
SIST EN 18216:2026 supports easy integration with existing IT solutions and promotes compatibility across sectors and platforms. This facilitates a wide scope of use and helps organizations avoid vendor lock-in.User-Friendly Implementation
Special emphasis is placed on ease of use for various endpoints, including mobile devices. Open, well-documented protocols and formats enable rapid integration and broad adoption, even by organizations without extensive IT resources.Data Integrity
The protocols ensure that digital product passport data remains intact and trustworthy throughout its lifecycle, from production to end-of-life. Integrity checks and secure mechanisms prevent tampering and data corruption.Documentation and Discoverability
By providing clear, accessible definitions and support for widely-used data formats, the standard ensures documentation is comprehensible even to non-specialists, enabling cross-sector adoption.
Applications
Implementation of SIST EN 18216:2026 benefits a broad range of industries and use cases, particularly in the context of the European Green Deal and new requirements for product transparency:
- Supply Chain Management
- Manufacturers, suppliers, and retailers can exchange product information swiftly and securely, improving traceability and compliance.
- Regulatory Compliance
- Organizations can demonstrate conformity with EU ecodesign and sustainability requirements, helping to meet reporting and audit needs.
- Circular Economy Services
- Repairers, recyclers, and waste management entities gain access to accurate product data, supporting reuse, remanufacturing, and responsible end-of-life practices.
- Consumer Engagement
- Stakeholders, including consumers, can access trustworthy product data for informed purchasing and repair decisions via web and mobile interfaces.
- Integration with Business IT
- SMEs and large enterprises alike can embed DPP functionality into existing digital systems by leveraging RESTful APIs, JSON, XML, and HTML, as specified in the standard.
Related Standards
SIST EN 18216:2026 is designed to work in harmony with both European and international frameworks to maximize interoperability and consistency. Key references include:
- HTTP over TLS (HTTPS): Ensures secure data transmission between clients and servers.
- RESTful APIs: Provide a flexible architecture for integrating DPP data exchange in modern web environments.
- Data Formats: Mandates the use of JSON, XML, and JSON-LD for machine and human readability, ensuring compatibility with diverse IT systems.
- Authentication and Authorization: References widely adopted frameworks such as OAuth 2.0, OpenID Connect, and CEF eID for secure, role-based access.
- Supporting Systems: Compatible with technologies like the Asset Administration Shell (AAS), AS4 Profile of ebMS 3.0, and Electronic Data Interchange (EDI) standards.
By aligning with established international standards and EU regulatory frameworks, SIST EN 18216:2026 helps organizations ensure secure, interoperable, and future-proof product data exchange. This is foundational for digital product passport adoption and the broader movement toward digitalization and product transparency in the European market.
Get Certified
Connect with accredited certification bodies for this standard
BSI Group
BSI (British Standards Institution) is the business standards company that helps organizations make excellence a habit.
Bureau Veritas
Bureau Veritas is a world leader in laboratory testing, inspection and certification services.
DNV
DNV is an independent assurance and risk management provider.
Sponsored listings
Frequently Asked Questions
SIST EN 18216:2026 is a standard published by the Slovenian Institute for Standardization (SIST). Its full title is "Digital product passport - Data exchange protocols". This standard covers: This document defines a standard for secure and efficient data exchange protocols and data formats to be used for the digital product passport. Data exchange protocols establish the rules and procedures that systems follow when communicating and exchanging information. Data formats define the structure and presentation of that information so it can be understood and processed correctly by the involved systems. Together, protocols and formats ensure that data can be exchanged in a manner that is secure, interoperable, reliable, and compatible across various platforms and sectors. This will guarantee that data are human and machine-readable, structured, searchable, and transferable through an open, interoperable network without vendor lock-in. a) Secure communication: This document defines protocols that ensure secure and authenticated data exchange between systems, ensuring that data are protected against unauthorised access and, when necessary, only authorized entities can access the information. b) Interoperability for data exchange: The protocols and data formats defined in this document support easy integration with existing data exchange systems, ensure compatibility of protocols and formats across various sectors and supporting a wide range of applications and use cases. c) Ease of use and integration: Ensure that the identified protocols and formats can be implemented easily, especially for mobile devices, and are user-friendly in order to facilitate widespread adoption. d) Data integrity: The protocols and data formats defined in this document ensure the integrity of information linked to physical objects and electronic data throughout the entire value chain, extending to the product's or asset's end-of-life. e) Documentation and discoverability: The protocols and formats are available to individuals without specialized knowledge, enabling broader adoption across sectors. In order to promote interoperability, reduce costs for businesses, and align with existing European regulations and initiatives, this document considers the data exchange protocols and data formats already in use in other legislations. Relevant existing standards are integrated into the development process to ensure consistency and coherence with industry practices and regulatory frameworks.
This document defines a standard for secure and efficient data exchange protocols and data formats to be used for the digital product passport. Data exchange protocols establish the rules and procedures that systems follow when communicating and exchanging information. Data formats define the structure and presentation of that information so it can be understood and processed correctly by the involved systems. Together, protocols and formats ensure that data can be exchanged in a manner that is secure, interoperable, reliable, and compatible across various platforms and sectors. This will guarantee that data are human and machine-readable, structured, searchable, and transferable through an open, interoperable network without vendor lock-in. a) Secure communication: This document defines protocols that ensure secure and authenticated data exchange between systems, ensuring that data are protected against unauthorised access and, when necessary, only authorized entities can access the information. b) Interoperability for data exchange: The protocols and data formats defined in this document support easy integration with existing data exchange systems, ensure compatibility of protocols and formats across various sectors and supporting a wide range of applications and use cases. c) Ease of use and integration: Ensure that the identified protocols and formats can be implemented easily, especially for mobile devices, and are user-friendly in order to facilitate widespread adoption. d) Data integrity: The protocols and data formats defined in this document ensure the integrity of information linked to physical objects and electronic data throughout the entire value chain, extending to the product's or asset's end-of-life. e) Documentation and discoverability: The protocols and formats are available to individuals without specialized knowledge, enabling broader adoption across sectors. In order to promote interoperability, reduce costs for businesses, and align with existing European regulations and initiatives, this document considers the data exchange protocols and data formats already in use in other legislations. Relevant existing standards are integrated into the development process to ensure consistency and coherence with industry practices and regulatory frameworks.
SIST EN 18216:2026 is classified under the following ICS (International Classification for Standards) categories: 13.020.20 - Environmental economics. Sustainability; 35.240.63 - IT applications in trade. The ICS classification helps identify the subject area and facilitates finding related standards.
SIST EN 18216:2026 is associated with the following European legislation: EU Directives/Regulations: 2024/1781, (EU) 2024/1781; Standardization Mandates: M/604, M/604 AMD 1. When a standard is cited in the Official Journal of the European Union, products manufactured in conformity with it benefit from a presumption of conformity with the essential requirements of the corresponding EU directive or regulation.
SIST EN 18216:2026 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.
Standards Content (Sample)
SLOVENSKI STANDARD
01-julij-2026
Digitalni potni list izdelka - Protokoli izmenjave podatkov
Digital product passport - Data exchange protocols
Digitaler Produktpass - Protokolle zum Datenaustausch
Passeport numérique des produits - Protocoles d'échange de données
Ta slovenski standard je istoveten z: EN 18216:2026
ICS:
13.020.20 Okoljska ekonomija. Environmental economics.
Trajnostnost Sustainability
35.240.63 Uporabniške rešitve IT v IT applications in trade
trgovini
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD EN 18216
NORME EUROPÉENNE
EUROPÄISCHE NORM
May 2026
ICS 35.240.63
English version
Digital product passport - Data exchange protocols
Passeport numérique des produits - Protocoles Digitaler Produktpass - Protokolle zum
d'échange de données Datenaustausch
This European Standard was approved by CEN on 3 May 2026.
CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.
CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.
CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2026 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. EN 18216:2026 E
reserved worldwide for CEN national Members and for
CENELEC Members.
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 6
4 Data exchange protocols for technical interoperability . 7
5 Data formats . 7
Annex A (informative) Data exchange protocol requirements . 9
Annex B (informative) Data exchange .10
Annex C (informative) Secure communication .13
Annex D (informative) Examples of systems adaptable to data exchange protocols .15
Annex ZA (informative) Relationship between this European Standard and the essential
requirements of (EU) Regulation 2024/1781 aimed to be covered .16
Bibliography .17
European foreword
This document (EN 18216:2026) has been prepared by Technical Committee CEN/CLC/JTC 24 “Digital
Product Passport - Framework and System”, the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by November 2026, and conflicting national standards shall
be withdrawn at the latest by November 2026.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a standardization request addressed to CEN by the European
Commission. The Standing Committee of the EFTA States subsequently approves these requests for its
Member States.
For the relationship with EU Legislation, see informative Annex ZA, which is an integral part of this
document.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
According to the CEN-CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia,
Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland,
Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North
Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the United
Kingdom.
Introduction
0.1 Background
A digital product passport (DPP) is a key enabling mechanism to make product information traceable and
accessible across value chains - supporting economic operators, manufacturers, distributors, repairers,
recyclers and consumers to make informed decisions and to support a circular economy. The
implementation of digital product passports will be carried out progressively. Sector-specific initiatives
will determine the precise DPP content and requirements for individual product groups.
To support the implementation of DPPs, 8 standards have been developed so far:
— EN 18219:2026 – Digital product passport – Unique identifiers
— EN 18220:2026 – Digital product passport – Data carriers
— EN 18216:2026 – Digital product passport – Data exchange protocols (this document)
— EN 18222:2026 – Digital Product Passport – Application Programming Interfaces (APIs) for the
product passport lifecycle management and searchability
— EN 18223:2026 – Digital Product Passport – System interoperability
— EN 18221:2026 – Digital product passport – data storage, archiving, and data persistence
— EN 18239:— – Digital Product Passport – access rights management, information system security,
and business confidentiality
— EN 18246:— – Digital Product Passport – Data authentication, reliability and integrity
0.2 Overview
A digital product passport (DPP) is a dynamic digital record that contains information about a product
throughout its lifecycle. For DPPs to be effective and universally accessible, standardized data exchange
protocols and frameworks need to be in place. Standardization and harmonization of these protocols
ensure that actors of the DPP - such as manufacturers, suppliers, retailers, consumers, repairers, waste
treatment facilities, and regulatory authorities - can access, extract, utilize, and update the shared product
passport information seamlessly depending on actors’ information needs and authorization. The
subsequent sections of this document outline the standardization for data exchange protocols and data
formats.
In addition, this document includes informative annexes to support practical understanding and
implementation:
— Annex A: Data exchange protocol requirements;
— Annex B: Data exchange;
— Annex C: Secure communication;
— Annex D: Examples of systems adaptable to data exchange protocols.
Under preparation. Stage at the time of publication: prEN 18239:2025.
Under preparation. Stage at the time of publication: prEN 18246:2025.
1 Scope
This document defines a standard for secure and efficient data exchange protocols and data formats to
be used for the digital product passport. Data exchange protocols establish the rules and procedures that
systems follow when communicating and exchanging information. Data formats define the structure and
presentation of that information so it can be understood and processed correctly by the involved systems.
Together, protocols and formats ensure that data can be exchanged in a manner that is secure,
interoperable, reliable, and compatible across various platforms and sectors.
This will guarantee that data are human and machine-readable, structured, searchable, and transferable
through an open, interoperable network without vendor lock-in.
a) Secure communication:
This document defines protocols that ensure secure and authenticated data exchange between
systems, ensuring that data are protected against unauthorised access and, when necessary, only
authorized entities can access the information.
b) Interoperability for data exchange:
The protocols and data formats defined in this document support easy integration with existing data
exchange systems, ensure compatibility of protocols and formats across various sectors and
supporting a wide range of applications and use cases.
c) Ease of use and integration:
Ensure that the identified protocols and formats can be implemented easily, especially for mobile
devices, and are user-friendly in order to facilitate widespread adoption.
d) Data integrity:
The protocols and data formats defined in this document ensure the integrity of information linked
to physical objects and electronic data throughout the entire value chain, extending to the product's
or asset's end-of-life.
e) Documentation and discoverability:
The protocols and formats are available to individuals without specialized knowledge, enabling
broader adoption across sectors.
In order to promote interoperability, reduce costs for businesses, and align with existing European
regulations and initiatives, this document considers the data exchange protocols and data formats
already in use in other legislations. Relevant existing standards are integrated into the development
process to ensure consistency and coherence with industry practices and regulatory frameworks.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 21778:2017, Information technology — The JSON data interchange syntax
EN 301549:2021, Accessibility requirements for ICT products and services
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at http://www.iso.org/obp
— IEC Electropedia: available at http://www.electropedia.org/
3.1
identifier
digital identifier
sequence of characters associated with digital, non-digital, or abstract entities, such as books, images,
reports, metadata records or events
[SOURCE: ISO 24619 [1], 3.2.1]
3.2
data exchange
storing, accessing, transferring, and archiving of data
[SOURCE: ISO 15531-43 [2], 3.1.5]
3.3
identification
process of recognizing an object in a particular domain as distinct from other objects
[SOURCE: EN ISO/IEC 24760-1 [3], 3.2.1]
3.4
authentication
verification that a claimed identity is correct
[SOURCE: ISO/IEC/IEEE 8802-1AR [4], 3.2]
3.5
data integrity
property that data has not been altered or destroyed in an unauthorised manner
Note 1 to entry: In the context of secure communication, data integrity ensures that data transmitted between
parties remains unaltered and intact from the moment it leaves the sender to the moment it reaches the receiver.
This means that the data has not been tampered with, modified, or corrupted during transmission – whether
accidentally or through malicious actions.
[SOURCE: ISO 7498-2:1989, 3.3.21, modified - note to entry added [5]]
3.6
secure communication
mechanism of transmitting data between systems in a way that ensures its confidentiality, integrity and
authenticity
3.7
digital product passport
DPP
digital record of product characteristics throughout its lifecycle
Note 1 to entry: Example characteristics include environmental sustainability, environmental impact, and
recyclability
3.8
controlled DPP data
information on digital product passport whose access is controlled based on the user's access rights
Note 1 to entry: User: person who interacts with a system, product or service [SOURCE: ISO 26800:2011, 2.10;
modified, Notes changed]
4 Data exchange protocols for technical interoperability
The data exchange protocols specified in this clause shall be used for standardized DPP access.
The data exchange protocols shall maintain confidentiality and integrity of DPP data.
HTTP over TLS (HTTPS)
Protocol: HTTPS (Hypertext Transfer Protocol Secure) is the secure version of HTTP [6], used for secure
communication over a computer network.
Standards:
— TLS (Transport Layer Security): TLS 1.2 (e.g. defined by [7]) shall be the minimum version supported.
The use of TLS 1.3 (e.g. defined by [8]) or later is strongly recommended. Use of older versions
(TLS 1.0, 1.1, and all SSL versions) is prohibited.
— HTTP/2 shall be the minimum version supported. The use of HTTP/3 [9] is recommended. Older
versions than HTTP/2 shall not be used.
The API specification based on the data exchange protocol should follow the architectural style of
RESTful.
EN 18222 [14] specifies the HTTPS interaction with the API.
5 Data formats
The data format listed below shall be used for syntactic interoperability.
a) JSON (JavaScript Object Notation, ISO/IEC 21778:2017) is a human and machine)readable data-
interchange format used to transmit data between a server and a client.
In addition to the abovementioned, any of the following message formats may be used based on http
content negotiation [10]:
b) XML (eXtensible Markup Language) [11] is a markup language and file format for storing,
transmitting and reconstructing arbitrary data. It defines a set of rules for encoding documents in a
format that is both human-readable and machine-readable.
c) JSON-LD (JavaScript Object Notation for Linked Data) [12] is a human-readable data format that
provides context and links
...