From product data to a
legally verifiable EU passport
in under 10 minutes.
No developer required. No compliance consultant required. PassportLab handles the cryptography, the EU data schemas, and the GS1 resolver — you just fill in your products.
Set up your organization
Create your account, add your company profile, and generate your Ed25519 signing key. PassportLab registers your organization's DID on the EU resolver network automatically.
- Add your EORI number for EU customs compatibility
- Ed25519 signing key generated in one click
- DID:Web identity registered — verifiable by any EU system
Import your products
Add products manually, upload via CSV or JSON, sync from Shopify, WooCommerce, or Akeneo, or push in bulk via the REST API. PassportLab pre-loads the correct EU data schema for every product category automatically.
- CSV, JSON and GS1 3.1 / AAS XML file import
- Shopify, WooCommerce and Akeneo integrations built in
- Category-aware: Battery, Textile, Electronics, Iron & Steel schemas
Generate a compliant DPP
PassportLab validates your data with SHACL + Pydantic, applies an Ed25519 signature, and issues both a W3C Verifiable Credential v2.0 and an SD-JWT credential. The DPP is registered in the CIRPASS-2 EU pilot registry and the GS1 Digital Link resolver instantly.
- SHACL + Pydantic schema validation with per-field error reporting
- Battery Regulation 2023/1542 Annex XIII field enforcement
- W3C VC v2.0 + SD-JWT with Ed25519 dual proof — verifiable without PassportLab
Publish and distribute
Every DPP gets a scannable QR code, a GS1 Digital Link URL, and a public page readable from any smartphone. Role-based stakeholder access lets customs, retailers, and consumers each see only the data they're authorised for.
- QR code + GS1 Digital Link — compatible with EU customs scanners
- Role-based access: consumer, retailer, customs, notified body
- Export as AAS submodel, JSON-LD, or SD-JWT credential
Track compliance and update
The compliance dashboard shows the live status of every DPP in your account. Every product change is SHA-256 hashed and chained in an immutable audit log. Generate signed compliance reports for auditors at any time.
- Immutable audit trail — every field change hashed and chained
- Hash-signed compliance reports downloadable for auditors
- ESPR deadline tracking with per-category compliance scoring
Every DPP is machine-verifiable — independent of PassportLab
We don't issue proprietary records. Every passport PassportLab generates can be verified with open-source tooling, EU customs systems, and third-party auditors — no PassportLab API call required.
Every DPP is issued as a W3C Verifiable Credential v2.0 with an Ed25519 proof. Verifiable by any W3C-compliant tool without calling PassportLab.
Product URLs follow the GS1 Digital Link structure (/01//21/) and resolve via the EU Digital Link resolver — compatible with EU customs scanning.
Your organization gets a W3C Decentralized Identifier. Cryptographic proofs link every DPP back to your verified identity — independent of PassportLab's infrastructure.
Data schemas map to ESPR Delegated Acts and EU EPREL registry requirements. Battery DPPs enforce Regulation 2023/1542 Annex XIII field requirements.
DPPs are registered with the CIRPASS-2 EU pilot registry and conform to UNTP v0.6.0. Verifiable by cross-registry discovery without PassportLab.
Every product data change is SHA-256 hashed and chained. DB-level MySQL triggers enforce immutability — no backend code can silently alter the audit history.
What people ask before getting started
No. PassportLab handles the cryptography, the EU data schema enforcement, and the GS1 resolver registration automatically. You need product data — that's it. Most customers issue their first DPP within 10 minutes of signing up.
PassportLab tracks ESPR Delegated Acts and updates its schemas automatically. When a new category schema is published, your account gets notified and affected DPPs are flagged for review. You update the relevant fields and re-issue — no migration project required.
Yes. Every DPP is issued as a W3C Verifiable Credential v2.0 with an Ed25519 signature. Any standards-compliant verifier — including EU customs authority tools — can verify the cryptographic proof directly against your organization's DID:Web identity, which is published at your own domain.
You update the product in your dashboard and PassportLab re-issues the credential. The old version is retained in the immutable audit log with a timestamp. The GS1 Digital Link URL continues to resolve to the latest version automatically.
Suppliers can submit data via a tokenized supplier link — no PassportLab account required. They fill in a form, PassportLab ingests the data, and you review before publishing. API-based supplier integrations are available on Professional and Enterprise plans.
Your first Digital Product Passport is free — no credit card.
Try the demo, then register for a free account. You'll have a live, scannable DPP in under 10 minutes.