Digital Product Passport Software: 7 Platforms Compared for ESPR (2026)

This guide compares seven Digital Product Passport (DPP) platforms for EU ESPR and Battery Regulation compliance. We assess each on four things a buyer actually has to deliver: regulatory coverage, third-party verifiability, supply-chain data collection and pricing. The one-line takeaway: pick on verifiability and data collection, because those outlast a changing regulation.

A Digital Product Passport is a structured digital record behind a QR code, holding a product's identity, materials, supply chain and end-of-life data so manufacturers, regulators, recyclers and buyers read the same trusted record. Under the EU's Ecodesign for Sustainable Products Regulation (ESPR) it becomes mandatory category by category, and the EU Battery Regulation fixes the first hard deadline at 18 February 2027.

That deadline is what makes vendor selection a 2026 problem, not a 2028 one.

The legislative detail is worth knowing before you commit. ESPR entered into force on 18 July 2024 as a framework, with concrete rules arriving through delegated acts; the first Working Plan (16 April 2025) prioritised textiles, furniture, tyres, iron and steel, and aluminium, but none of those acts is in force yet, so nothing under ESPR itself is mandatory today. The battery passport is the exception, and Omnibus IV pushed battery due diligence to 18 August 2027 while leaving the 18 February 2027 passport date untouched.

Underneath the deadline sits the harder question this guide turns on: who do you trust to hold the record, and can anyone verify it without trusting you? We include mintBlue, the company I run, with our entry kept as honest as the rest, including where specialists beat us. Our explainer on Digital Product Passports and distributed ledgers goes deeper on the verifiability layer.

The DPP market moves fast and almost nobody publishes pricing, so a clean numeric ranking would be false precision. We assessed each platform against four weighted criteria but did not collapse them into a single score; the verdict lines below are editorial judgements, not numbers.

Coverage carries the heaviest weight because the regulation defines the job; pricing the lightest because the market is sales led. We used only sourced facts and attributed vendor marketing as claims, and reference ABI Research's November 2024 DPP software assessment where relevant; that assessment scored nine vendors, so a platform's absence from it reflects ABI's selection, not a judgement we make.

Circularise (The Hague, founded 2016) is a supply-chain traceability platform built on three pillars: Collect (supplier data, declarations and due-diligence evidence across the n-tier chain), Trace (mass balance and chain of custody, the methods that track how much certified material flows through each step), and Share (passports as permissioned disclosures tied to product identifiers). It runs on a public blockchain plus a patent-pending "Smart Questioning" approach using zero-knowledge proofs, so partners can answer questions about carbon footprint or recycled content without revealing supplier identities or a full bill of materials.

Strengths. This is real privacy-preserving technology, not a plain database with a sustainability label. The deployment list has names attached: a Porsche plastics-traceability pilot with Borealis, Covestro and Domo Chemicals, plus projects with Asahi Kasei, Neste, Mitsubishi Chemical and Marubeni, and a strategic pre-Series B investment from Teijin in November 2024. Coverage spans the EU Battery Regulation, ESPR, the Critical Raw Materials Act and ISCC PLUS flows.

Honest limitations. Circularise is a small company on modest funding: around $11.4M total across eight rounds since 2016, with a Series B anticipated rather than announced as of November 2024, a real longevity question for a ten-year-old scale-up. Most public references are pilots rather than production rollouts. It did not appear in ABI Research's November 2024 ranking, and its DPP landing page was being rebuilt during our research. There is no public pricing.

Best for. Privacy-sensitive material chains in plastics, chemicals and automotive. On our criteria it is the strongest of the seven on supply-chain data collection, and strong on verifiability.

Spherity (Dortmund and Berlin, founded 2017) builds VERA, a DPP product the company describes as aligned with ESPR, REACH and other EU regulations. It is built on Decentralised Identifiers (DIDs) and W3C Verifiable Credentials, a vendor-neutral identity standard so any verifier can check a passport without trusting the issuer's own systems. Spherity states it will register products in the central EU DPP registry once live (expected around mid 2026).

Strengths. Spherity builds the most standards-native verifiability model we found, on DIDs and W3C Verifiable Credentials rather than a proprietary one. It has a genuine public-sector pilot (Berlin transit operator BVG testing digital battery passports for its electric bus fleet, announced April 2026) and is active in the BatteryPass ecosystem.

Honest limitations. Spherity is very small and thinly funded: around $2.7M total across three rounds, the latest a seed round in March 2024, with roughly 31 staff per Tracxn, a real counterparty risk for a multi-year commitment. The evidence concentrates in batteries, with little public proof in textiles, furniture or steel. Spherity also publishes its own "top DPP providers" listicle that ranks itself, so treat its market-position claims as marketing; it was not in the ABI ranking.

Best for. Standards-native battery passports, where verifiable credentials and registry readiness matter more than breadth. On our criteria it is the strongest of the seven on verifiability.

iPoint-systems (Reutlingen, founded 2001) positions its DPP as an extension of an established compliance and sustainability platform: compliance, ESG and material data sit in one system, from which it builds product "digital twins", runs compliance rules and generates LCAs. The heritage is deep in IMDS (the International Material Data System, the automotive material-declaration backbone that iPoint reports is used by 53+ OEMs and 120,000+ suppliers), plus conflict-minerals reporting.

Strengths. Twenty-five years of regulated product-data plumbing (IMDS, REACH, RoHS, conflict minerals) means that for automotive and electronics clients, the compliance data a passport needs is often already inside iPoint's systems, and its KERP acquisition adds recycling and end-of-life expertise.

Honest limitations. On public materials, the DPP offering reads as regulatory content positioned on top of the existing compliance suite rather than a distinct product. The pages we reviewed in June 2026 documented no concrete DPP product: no data carrier handling, resolver, consumer-facing passport view, EU registry connection or verifiable-credentials story, so the verifiability model is unclear. The automotive-centric DNA makes the fit for textiles or consumer brands less obvious, and it was not in the ABI ranking.

Best for. Automotive and electronics manufacturers whose material compliance already lives in IMDS and SAP estates. Strong on data collection there, weak on verifiability.

Eviden is Atos's digital and big-data brand. The Eviden Digital Passport Solution (EDPS), announced in July 2024 with the IOTA Foundation, is a ready-to-use DPP using IOTA as its ledger engine, focused initially on EV batteries and positioned for manufacturing, automotive, fashion and food. A separate sector product, the TruCycle Pharma Passport, carries one of the field's few public per-unit prices: around €50,000 setup and about €0.03 per blister, per Atos's September 2025 deck.

Strengths. Atos brings global systems-integrator weight: integration capacity, a security pedigree and existing enterprise relationships, with a European leader ranking in ISG's 2024 manufacturing services assessment. The pharma deck is one of the only concrete public price points in the field.

Honest limitations. The context is heavy corporate turbulence. Atos went through a French court-supervised accelerated safeguard restructuring, closed in December 2024, with €2.9 billion of debt converted into equity and creditors taking control. The company states no debt matures before the end of 2029, but a buyer weighing a five to ten year commitment has to factor in that history. EDPS itself is young, has no named production customers in public sources, depends on IOTA Foundation technology, and is SI led.

Best for. Large, integration-heavy programmes in batteries and pharma, where SI muscle outweighs the appetite for a lean platform. It scores well on coverage breadth, with corporate stability the main caveat.

SAP does not sell a single dedicated DPP product. The story is assembled from SAP Green Token (chain-of-custody and mass-balance traceability for raw materials), the broader sustainability suite, and a partner ecosystem (Arianee, S1SEVEN, BloqSens and others). SAP's positioning is compliance-first, claiming around 70% of the data a DPP needs already sits in or near the SAP system of record (material masters, BOMs, supplier and production data in S/4HANA).

Strengths. If you already run S/4HANA, much of the source data is in place and the integration-cost argument is structurally strong. Analysts consistently place SAP among the enterprise incumbents.

Honest limitations. There is no single, generally available "SAP DPP" product as of our research date. More important for verifiability: SAP sunset the blockchain component of Green Token in May 2025 and moved it to a native HANA backend. That is a defensible engineering choice, but it leaves the audit trail as a conventional vendor-operated database rather than an independent verification layer, and we found no public evidence of an independent third-party verification mechanism replacing it. The weakest fit is n-tier suppliers who are not SAP shops; SAP's own blog admits adoption lags beyond tier-1 partners.

Best for. S/4HANA enterprises comfortable with a single-vendor record. It is strong on data collection inside the SAP estate and weak on independent verifiability.

Avery Dennison's atma.io is a connected product cloud that assigns unique digital IDs to items. The company states it manages 30+ billion items, including six of the top 20 apparel companies, and has launched "DPP as a Service": consultancy, hardware, labels, software and digital ID end to end. ABI Research ranked atma.io first in its November 2024 DPP software assessment at 80.4 out of 100, citing strong EU compliance support, a mature digital identity platform and fashion and retail leadership.

Strengths. Item-level scale is the headline, and the apparel and retail track record is genuine. The DPPaaS bundle removes much of the integration burden for brands that want one provider for labels, IDs and passport software.

Honest limitations. At its core this is a labels and RFID materials vendor, so DPPaaS bundles its own physical-carrier business, an incentive to sell labels alongside software. The strength is concentrated in apparel and retail, less so in batteries, steel or chemicals, and there is no public pricing.

Best for. Fashion and retail manufacturers at item-level scale who want the physical carrier and the digital passport from one provider. On our criteria it is the strongest of the seven on ESPR coverage in those sectors.

mintBlue builds decentralised data sharing infrastructure: a trusted event-streaming backbone that lets organisations exchange data in real time while keeping ownership, privacy and auditability. The distinctive part is identity. Each event is signed with a legal digital identity (eIDAS-based self-sovereign identity), so a passport entry carries a legally binding signature from the party that made it, on a tamper-evident audit trail that keeps each record private by default. Parties can also prove things to each other (a carbon figure, a recycled-content claim) without sharing the raw data behind them.

Strengths. Verifiability bound to legal identity is the core of what we build: not just that a record is unchanged, but that a regulator, auditor or recycler can attribute each entry to a known author whose signature is legally meaningful, without any single party becoming the gatekeeper of everyone's data. That verified record can also trigger downstream actions, for example releasing a specific field to a regulator on a flagged event, rather than sitting as a passive document.

Honest limitations. We are an infrastructure and verifiability layer, not a turnkey, sector-specific DPP product. We do not ship the ready-made passport templates for textiles or batteries that a specialist like Circularise or Spherity has built around a single category, so a buyer who wants an out-of-the-box battery passport pre-filled will get there faster elsewhere, and our supply-chain data-collection tooling is less packaged. The eIDAS-identity and zero-knowledge layer is built into the architecture rather than fielded as a finished DPP feature with a named deployment, so scope it as integration work, not a switch to flip. Like everyone here we are sales led with no public pricing.

Best for. Regulated, multi-party environments where the hard part is verifiable, shareable data across boundaries rather than one category's template. If your problem is filling in a category's passport fields, a specialist beats us; if it is making a multi-party record verifiable, attributable and shareable without a central gatekeeper, that is our case. On our criteria it is strong on verifiability and lowest of the seven on ready-made sector templates.

The right platform depends more on your sector and trust requirement than on a single score. Each branch adds the one decision driver the table does not already give you.

If your nearest deadline is batteries, the risk is building on a verifiability model the future registry rejects, so a standards-native, credentials-based approach (Spherity, or mintBlue where cross-party attribution is the priority) reduces it; Atos suits a large enough programme to justify SI delivery.

If you are in textiles, furniture or steel, the driver is durability over speed-to-template: the mandated data model is not final, so pick on verifiability and data collection, not on whoever ships a template first.

If you are an enterprise already on SAP, the driver is the verifiability trade-off: keeping the record close to your system of record is a genuine case, but weigh it against the loss of independent verifiability after the Green Token sunset.

If no single party should own everyone's data, the question shifts from whose product to whose trust model. Where competitors and authorities read the same record, a decentralised, verifiable approach fits, which is the case we make for mintBlue; the reasoning is in our piece on verifiable supply-chain data. Beyond DPPs, our CSRD explainer and regulatory compliance overview cover the adjacent mandates pulling on the same value-chain data.

One thing none of these platforms removes: the need for a standards-based data carrier underneath (covered in the FAQ).

What is a digital product passport?
A structured digital record tied to a specific product or batch, reachable through a data carrier such as a QR code. It holds identity, material composition, supply chain origin, repairability and end-of-life information, so manufacturers, regulators, recyclers and buyers all read the same verified data.

How do I choose DPP software for ESPR?
Pick your nearest mandatory category, then shortlist on the two criteria that survive a changing regulation: can an outside party verify the record has not been altered, and can the platform gather the data you do not already hold across your n-tier suppliers. Templates and price matter, but they shift; these two axes are durable.

When do digital product passports become mandatory in the EU?
The first hard deadline is the EU Battery Regulation, which requires a battery passport for every EV, light-means-of-transport and industrial battery above 2 kWh from 18 February 2027. Under ESPR, other categories follow through delegated acts, with textiles, furniture, tyres, steel and aluminium prioritised and compliance widely expected from roughly 2027 to 2030.

Is anything under ESPR mandatory in 2026?
No. ESPR entered into force on 18 July 2024 as a framework, but the product-specific delegated acts that create concrete obligations were not yet in force as of mid 2026. The only near-term hard DPP deadline comes from the Battery Regulation; the EU's central DPP registry is also expected around mid-2026.

Does a digital product passport need blockchain?
No, and platforms differ sharply. Some use verifiable credentials (Spherity), some a public ledger with zero-knowledge proofs (Circularise), and SAP moved away from a distributed ledger to a conventional database in May 2025. ESPR requires a record reachable through a standards-based data carrier; independent, third-party verifiability of that record is a separate design choice.

What is the difference between DPP software and a data carrier like GS1 Digital Link?
GS1 Digital Link puts a resolvable identifier in a QR code and points to information sources; it does not store data, guarantee quality, or provide verifiability or access control. DPP software handles those parts. You need both, and the carrier has to last: a URL printed on a 2028 product must still resolve in 2038.

Whatever you shortlist, run a pilot against your real supply chain, not a demo dataset. The gap between a clean demo and n-tier reality is where most of these platforms are still being tested, and the cheapest place to find out which survives your data.

If verifiable, shareable data across organisations is your core problem, see how the mintBlue platform handles it.