The European Union is closing in on its 2027 compliance deadlines for the Digital Product Passport, with automotive supply chains facing the most complex set of data obligations yet-spanning battery traceability, vehicle software transparency, and mandatory third-party data access under the EU Data Act.
Background
The DPP framework is anchored in the Ecodesign for Sustainable Products Regulation (EU) 2024/1781 (ESPR), which entered into force in July 2024. Under ESPR, product-specific delegated acts define what lifecycle information must be captured, in what format, and by when. The automotive sector's first hard deadline arrives via a separate instrument: the EU Battery Regulation (EU) 2023/1542, which mandates a Digital Battery Passport for all electric vehicle batteries, industrial batteries above 2 kWh, and light transport batteries from 18 February 2027.
In parallel, the EU Data Act (Regulation (EU) 2023/2854) entered into application on 12 September 2025, imposing data-sharing and portability obligations on all connected products, including vehicles. According to European Commission guidance published on 12 September 2025, connected vehicles are explicitly classified as "connected products" under the Act. OEMs must make vehicle-generated data accessible to users and their chosen third parties under fair, reasonable, and non-discriminatory terms.
The proposed End-of-Life Vehicle Regulation also includes a dedicated DPP requirement for vehicles, extending the data transparency mandate beyond batteries to whole-vehicle lifecycle records, including component-level software versioning and repair data.
Details
The Battery Passport represents the most immediate and prescriptive obligation facing automotive OEMs and their supply chains. The passport must include material composition with geographic origin for conflict minerals, carbon footprint broken down by lifecycle stage, recycled-content data, and state-of-health performance metrics. It must be accessible via a QR code linked to a secure online database, enabling regulators, recyclers, and independent repair operators to retrieve verified data.
The supply chain data burden is substantial. According to Informatica, 60-80% of the data required for DPP compliance comes from suppliers across multiple tiers, many of which have differing technical capabilities. For automotive OEMs, this means pulling verified data from battery cell manufacturers, Tier 1 component suppliers, and raw material sources simultaneously. Industry experts estimate that a realistic implementation timeline for DPP compliance is 12 to 18 months.
The EU Data Act compounds this by adding vehicle software and operational data to the compliance perimeter. Design obligations under the Data Act take effect on 12 September 2026, requiring connected products-including vehicles-to be designed so that users can directly access data. The Commission's automotive-sector guidance specifies that this includes OTA update history, vehicle operational status data, and in-vehicle software service records. According to law firm Bird & Bird, OEMs "must design and manufacture vehicles in such manner that relevant data is, by default, available to EU users"-including independent repair networks and aftermarket service providers.
Cybersecurity obligations intersect directly with data portability requirements. OEMs managing OTA software deployments must comply with both UNECE UN R155 (cybersecurity) and UN R156 (software update management), which govern the secure issuance of remote updates. These regulations require a certified Cyber Security Management System (CSMS) and Software Update Management System (SUMS), creating a governance layer that must be reconciled with the Data Act's open-access mandates.
The EU Central DPP Registry is scheduled to go live on 19 July 2026, providing the central infrastructure through which product identifiers will be issued, passports stored, and enforcement checks by customs and market surveillance authorities conducted.
As of April 2026, no product-specific ESPR delegated act has entered into force-only the working plan and preparatory documents are in place. Product-level data requirements for whole vehicles under ESPR therefore remain subject to final rulemaking, while the Battery Passport and Data Act obligations are already binding.
Outlook
The convergence of battery passport requirements, the EU Data Act's vehicle data obligations, and the proposed ELV Regulation creates a compressed, multi-regulation compliance window for automotive OEMs and Tier 1 suppliers. The Commission's battery due-diligence guidelines are expected by 26 July 2026, adding a further specification layer for the responsible-sourcing data required in every Battery Passport. Smaller suppliers-many of which lack the data infrastructure to meet multi-tier traceability demands-face particular risk of becoming bottlenecks as deadlines approach. Industry analysts and standards bodies including CEN/CENELEC are developing harmonized interoperability standards, with eight harmonised DPP data standards expected to be completed by 2026, but with delegated acts for vehicles still pending, the full scope of OEM data obligations for non-battery vehicle components beyond 2027 remains subject to regulatory confirmation.
