On 19 July 2026, the European Commission switches on the Central Digital Product Passport Registry and the Ecodesign for Sustainable Products Regulation reaches full application. Almost nothing happens. No product on any shelf in Europe becomes illegal that morning, no shipment gets turned away at Rotterdam, and most importers of IT hardware will not notice the date passing at all.
That is precisely the problem with it. The regulation that will eventually govern what data must travel with every product sold into Europe arrives quietly, as a framework with no teeth yet, at a moment when nobody in a procurement function has any reason to look up. The teeth come later, and when they arrive they will land somewhere most companies are not expecting: on the importer, not the manufacturer, and first on a piece of equipment almost nobody is watching.
Who Is Responsible for the EU Digital Product Passport: Importer or Manufacturer?
Read the Ecodesign for Sustainable Products Regulation carefully and one thing becomes clear very quickly. The legal responsibility for a Digital Product Passport does not sit with whoever built the product. It sits with the economic operator who places that product on the EU market. For anything manufactured outside Europe, which is to say most IT and data centre hardware, that operator is the importer.
The importer must ensure the passport exists, that its contents are accurate and complete, and that the supporting technical documentation is retained for at least ten years. Not the factory in Shenzhen. Not the vendor’s EMEA sales entity. The party named on the customs entry.
This is a genuinely strange thing to ask of an importer, and it is worth sitting with for a moment. An importer of record has always been accountable for classification, valuation, duty, and licensing: facts about the transaction and the goods at the border. The DPP asks for something else entirely. It asks what the product is made of, how it was made, and what should happen to it when it dies. That is not border data. It is manufacturing data, and the importer usually does not have it.
You cannot solve that by pointing at your supplier. If a supplier will not or cannot produce the data, the importer still carries the liability, and the product simply does not enter the market. Non-compliant goods can be stopped at the border. Penalties can be assessed per unit. And European buyers, who have started asking for DPP roadmaps in procurement processes well before any of this becomes mandatory, will quietly stop shortlisting suppliers who cannot answer.
Nothing is mandatory yet, and that is the trap
Here is the honest position, stated plainly, because a great deal of commentary on this subject is written by people selling DPP software and the urgency is not always proportionate to the facts. It is also worth saying that the Digital Product Passport is not arriving alone: it is one of several EU regimes, alongside the carbon border adjustment mechanism, that are quietly moving the compliance burden onto whoever brings the goods in.
As things stand, no product-specific delegated act under the ESPR has entered into force. The 19 July date switches on the framework and the registry, not an obligation. For electronics and ICT hardware, the delegated act is expected somewhere in the 2028 to 2029 window, and until it publishes, nobody can tell you with certainty what data fields your servers will need to carry. Anyone who claims otherwise is guessing.
So a reasonable executive reads that, concludes this is a 2029 problem, and moves on to something with a nearer deadline. Which would be the correct call, except for one thing that is already fixed in law and is very much not in 2029.
| Date | What happens | Is it binding? |
|---|---|---|
| 19 July 2026 | ESPR reaches full application. EU Central DPP Registry goes live | Framework only. No product obligation |
| 18 February 2027 | Battery passport required for industrial batteries above 2 kWh, including data centre UPS and storage systems | Yes. Fixed in Article 77 of the Battery Regulation |
| 2027 to 2028 | Textiles delegated act expected, then an application window of roughly 18 months | Not yet adopted |
| 2028 to 2029 | Electronics and ICT delegated act expected. Servers, networking and storage in scope | Not yet adopted. Timing indicative |
The first thing that breaks is the battery, not the server
Article 77 of the EU Battery Regulation is not waiting for a delegated act. It is already law, and it sets a hard date: from 18 February 2027, every industrial battery with a capacity above 2 kWh placed on the EU market must carry a battery passport, retrievable by QR code, regardless of where it was made.
Now go and look at what sits in the corner of a data hall. An uninterruptible power supply is not an EV battery, not a portable battery, and not a light means of transport battery. It weighs a great deal more than five kilograms and it is designed for industrial use. Under the regulation’s own definitions, that makes it an industrial battery, and the European Commission has gone further: in written guidance issued in March 2024, it confirmed that an industrial battery used in a stationary application is classified as a stationary battery energy storage system. That is a subcategory of industrial battery, not an exemption from it.
The threshold is 2 kWh. A single rack-level UPS clears it. A data hall UPS clears it several hundred times over. So does every battery energy storage system now being installed alongside them to shave peak load. Nobody in a data centre buildout thinks of the UPS as a regulated product with a lifecycle data obligation attached to it. It is infrastructure. It is the boring thing that keeps the interesting things running. And it is the component that will hit this regime first, roughly seven months from now, while everyone is still watching the servers.
Take a concrete case. A UK systems integrator wins a contract to fit out a colocation facility outside Frankfurt and ships forty UPS cabinets in March 2027, each holding a battery string well above the threshold. The cells were made in Asia. The packs were assembled by a second company. The cabinets were badged and shipped by a third. The integrator has a purchase order, a packing list, and a commercial invoice, which is everything it has ever needed to import hardware into Germany.
From February 2027 that is no longer everything. Each of those battery systems needs a passport, and not one of the data points it requires exists anywhere in the integrator’s paperwork. They exist upstream, with companies the integrator has never spoken to. The party legally answerable for producing them, and for their accuracy, is the entity named as importer on the German entry.
The passport is attached to the battery, not the cabinet, which is a distinction worth getting right. Under Article 77, a module needs its own passport where it can function as a stand-alone unit without further integration and exceeds the 2 kWh threshold. Whether a given UPS carries one passport or several is a question about how the system is built, and it is the sort of question that is far cheaper to answer in 2026 than in the week the freight lands.
What a battery passport actually is, and why it is not a form
It is worth being concrete about the size of the job, because the phrase “digital passport” makes it sound like a document, and it is not a document.
Each battery in scope needs its own unique electronic record, hosted somewhere durable, resolvable by a QR code on the physical unit, built on open standards. Not one record per model. One per battery. Forty cabinets is forty records, and more than forty if the modules inside them individually clear the threshold. The record carries chemistry, capacity, performance and durability data, state of health, the carbon footprint of manufacture, recycled content, due diligence on the cobalt, lithium, nickel and graphite in the cells, and end-of-life handling. And it is not filed once. The economic operator placing the battery on the market must keep the passport information accurate, complete and up to date for as long as it is on the market.
Then there is the detail that turns this from a paperwork problem into a procurement problem. The state of health data does not come from a spreadsheet. It comes from the battery management system inside the unit. A BMS that cannot log state of charge and state of health reliably cannot produce passport-grade data, and no amount of compliance effort downstream will fix a battery that is not instrumented to report on itself. Which means the specification you write into your next UPS tender, the one going out this year for hardware landing in 2027, is the specification that determines whether the passport can be populated at all.
That is the real shape of it. Not a form to fill in during the week the goods ship, but a data pipeline that runs from the cell manufacturer, through a battery management system that has to be capable of the job, into a hosted record that has to stay accurate for years. Companies that treat it as an administrative task in early 2027 will find they needed to make a hardware decision in 2026.
A wrinkle worth knowing about before your supplier finds it
There is a genuine complication buried in the timing, and it has not been resolved publicly. The passport requires a carbon footprint figure. But the obligation to declare a carbon footprint runs on a different clock depending on what kind of battery you have. For rechargeable industrial batteries above 2 kWh, that obligation began in February 2026. For stationary energy storage systems above 2 kWh, which is what the Commission says a UPS is, it is deferred to August 2030.
So the passport is due in February 2027 and one of the data fields it requires is not separately mandated for stationary systems until 2030. Nobody has published authoritative guidance on how those two dates reconcile. It may be resolved in the implementing act. It may be resolved by the market, with buyers demanding the figure regardless of what the deadline says. What it will not do is resolve itself in your favour by being ignored, and a supplier who has spotted the gap may well use it as a reason to give you nothing until 2030. That is a conversation to have now, while it is still a clause, rather than in 2027 when it is a delay.
The fine is not the risk
People ask about penalties first, and the answer is quietly reassuring in a way that is deeply misleading.
There is no EU-wide fine schedule. Article 93 leaves penalties to the member states, requiring only that they be effective, proportionate and dissuasive, which means the number depends on where the goods land. Germany’s implementing law caps fines for failing to keep battery passport information correct, complete and up to date at around EUR 10,000, with higher ceilings for other categories of breach. Other member states pair a modest administrative fine with a daily accrual while the non-compliance persists. On a data centre buildout, none of these figures is going to keep a CFO awake.
Which is exactly why the fine is the wrong thing to be looking at. The consequence that matters is not financial, it is structural. Under Articles 25 and 26, a battery that does not conform may not be placed on the market at all, and market surveillance authorities can order its withdrawal or recall. Without a valid passport, the goods do not enter, and a customs hold on hardware you have already paid for is a very expensive place to begin a conversation about lifecycle data. In some member states the authority can go further and require the return or disposal of non-compliant imported goods at the operator’s own cost.
So price it properly. The exposure is not a EUR 10,000 fine. It is forty UPS cabinets sitting in a bonded warehouse outside Frankfurt while a colocation facility that was contracted to go live in April has no power protection, and while somebody upstream tries to assemble lifecycle data that should have been collected two years earlier. What that costs is different for every buyer, and nobody outside your business can tell you the number. But it is not ten thousand euros, and it is not measured in fines. It is measured in the difference between a data hall that energises on schedule and one that does not.
Do you know which of your EU-bound shipments contain a battery above 2 kWh? Most companies do not, because nobody has ever needed to ask. Carra Globe acts as importer of record for IT, data centre, and telecom hardware across 175+ countries, and our trade compliance team can map the battery passport obligation against your actual bill of materials before it becomes a February 2027 problem.
What this does to the importer of record relationship
For companies importing into the EU through a third-party importer of record, and that is most companies shipping hardware into markets where they hold no legal entity, this changes what they are actually buying.
An importer of record has traditionally been a border function: hold the local entity, file the declaration, pay the duty, carry the customs liability, deliver the goods. The DPP extends that role backwards into the supply chain. The importer named on the entry is the party who must hold the product’s lifecycle data, vouch for its accuracy, and keep it for a decade. That is not a customs job. It is a data governance job that happens to be attached to a customs role.
That is a different service from the one most importers think they are buying, and not every provider is built for it. A firm whose entire model is filing declarations against paperwork handed to them has no infrastructure for collecting lifecycle data from a supply chain it has never touched. The distinction between a provider who processes documents and one who carries genuine compliance capability, which we have written about in the context of paper IOR versus operational IOR, stops being a philosophical point and becomes a commercial one.
What a serious buyer does between now and February 2027
The work is unglamorous, and it is cheap now and expensive later. There are four things worth doing while there is still time for the answers to matter.
Find the batteries you did not know you were importing. Go through the bill of materials on every EU-bound shipment and identify anything above 2 kWh that is not a laptop. This takes an afternoon, and it is the only step that is genuinely urgent, because every other decision depends on knowing the answer.
Ask the supplier, in writing, and time the reply. The question is simple: will you be able to provide battery passport data conforming to Article 77 by February 2027, and can you commit to that in the contract. The silence, where it comes, is the finding. A cell manufacturer who cannot answer that in the second half of 2026 is a manufacturer who will not be selling into Europe in 2027. If they are in your bill of materials, then neither will you, and you will find that out at the border rather than in a meeting.
Put the obligation in the contract while you still have leverage. Once the regulation bites, every buyer in Europe will be asking the same supplier for the same data at the same time, and the ones with a contractual right to it will be served first. A clause requiring passport-conformant data as a condition of supply costs nothing to insert today. In eighteen months it will be a negotiation.
Ask your importer of record what happens when the data does not arrive. This is the question that separates a provider who has read the regulation from one who has not. If the passport is missing or wrong, the entity named on the entry is the one answering for it. Find out now whether your provider understands that they are that entity, whether they have a process for collecting and holding the data, and what they intend to do on the day a shipment arrives without it. A provider who has no answer is not necessarily a bad provider. But they are a provider whose liability, in eighteen months, becomes yours.
Nothing happens on 19 July. That is the most misleading thing about the date. The registry goes live, the framework applies, and the industry carries on exactly as it did the week before. The change is not in the switch being flipped. It is in the fact that from that morning, every subsequent delegated act has somewhere to land, and the first one with a date on it is pointed directly at a piece of equipment that nobody in the room considers their problem.
Carra Globe acts as importer of record for IT, data centre, and telecom hardware across 175+ countries, including every EU market. If you are importing into Europe and want to understand where the Digital Product Passport obligation will fall in your supply chain before it becomes urgent, our trade compliance team can map it against your actual bill of materials.
Disclaimer: This article is for informational purposes only and does not constitute legal, customs, or trade advice. The ESPR delegated acts referred to here had not been adopted at the time of writing, and indicative timelines for electronics and ICT may change. The battery passport requirement under Article 77 of Regulation (EU) 2023/1542 is fixed in law but its detailed implementation continues to develop. Confirm your specific obligations with qualified counsel or the relevant authority before making commercial decisions.