July 2026 · 8 min read

Beyond GS1: Which Product Identifiers Work for a Digital Product Passport

A Digital Product Passport needs a unique, persistent identifier — but the ESPR never says it has to be a GTIN. GS1 Digital Link is the sensible default for most consumer goods, yet MA Code, EPC, UUID and DID are all valid, and intermediate B2B products often can't use a GTIN at all. Here's how to choose, without locking yourself into one scheme.

The DPP is identifier-agnostic

The Ecodesign for Sustainable Products Regulation (ESPR 2024/1781) requires that every passport carry a unique product identifier and a unique operator identifier, reachable through a data carrier. It deliberately does not mandate a single identification system. The new European DPP standards from CEN/CENELEC JTC 24 make the same point: EN 18219 recognises multiple identifier schemes and does not force GTIN on anyone.

That matters because a lot of products either don't have a GTIN or shouldn't have one. A coil of steel, a batch of resin, a machine assembled from 400 components, a serialised industrial pump — these live outside the retail world where GTINs originate.

The one rule that always applies

Whatever scheme you pick, the identifier must be globally unique, persistent for the product's lifetime, and resolvable to the passport. The scheme is your choice; those three properties are not negotiable.

The four identifier families

IdentifierWhat it isBest when
GS1 (GTIN / Digital Link)Retail product number encoded in a resolvable URLConsumer goods, retail POS, EU DPP + US Sunrise 2027
MA CodeChinese "Marking of Article" identifier used across Alibaba, Temu and domestic e-commerceProducts sold into or through the Chinese market
EPCElectronic Product Code, the identity layer behind RFID/GS1 EPCISItem-level RFID tracking, logistics, high-throughput warehousing
UUID128-bit random identifier (RFC 4122), no central registryInternal systems, one-offs, prototypes, anything without a registered prefix
DIDDecentralised Identifier (W3C) tied to Verifiable CredentialsCryptographically verifiable passports and self-sovereign supply-chain data

GS1 Digital Link — the recommended default

For anything that reaches a shelf or a checkout, GS1 Digital Link is the right starting point. It encodes the GTIN inside a web URL, so one QR code works for the EU passport, US retail scanning under GS1 Sunrise 2027, and your existing ERP. We explain the mechanics in GS1 Digital Link Explained. If you already sell in retail, don't reinvent this — use it.

MA Code — the Chinese market

The MA Code is the identifier that Chinese platforms and the domestic "one item, one code" ecosystem understand. If your goods flow through Alibaba, Temu, WeChat commerce or Made-in-China channels, an MA Code can sit alongside — or instead of — a GTIN, and still resolve to the same passport.

EPC — RFID and item-level logistics

EPC is the identity behind RFID tags and GS1's EPCIS event model. Where each physical unit is read dozens of times as it moves through a warehouse, EPC gives you serialised, machine-first identity. It coexists neatly with a GTIN: the GTIN identifies the product, the EPC's serial reference identifies the individual item.

UUID — no registry, no prefix

A UUID is a 128-bit value you can mint yourself with zero coordination. There is no fee, no company prefix, no central authority. That makes it ideal for internal assets, pilots, and products that will never carry a GS1 identifier — the trade-off is that a UUID carries no built-in meaning and no retail interoperability.

DID — verifiable, decentralised identity

A Decentralised Identifier (DID) is the W3C standard that underpins Verifiable Credentials. If your passport is issued as a signed VC — the direction dpp.gs already supports with Ed25519 credentials — a DID lets a recipient verify who issued the data and that it hasn't been altered, without calling a central server.

Intermediate and B2B products: non-GTIN identifiers

Upstream and B2B products are where GTIN-free identification stops being optional. A steel producer doesn't sell a "product" with a barcode — it ships heats, casts and coils. The natural identifiers are already in use on the mill certificate:

These feed a downstream manufacturer's passport by reference: the finished-product DPP points back to the supplier's intermediate passport, keyed on the heat number rather than a GTIN. We cover this lineage in detail in DPP for intermediate & B2B products.

No lock-in to one scheme

The practical takeaway: pick the identifier that fits the product, not the platform. A DPP platform should store whatever scheme you use, let a single product carry more than one identifier (a GTIN and an MA Code, say), and never force you to re-key your catalogue to a system you don't need.

dpp.gs is built this way on purpose — GS1 Digital Link as the default carrier, with MA Code, EPC, UUID and DID all supported alongside it, and non-GTIN identifiers for intermediate goods. It's the same open-standards logic behind why we bet on open standards instead of blockchain: your identifiers stay yours, and your exit cost stays near zero.

Create a passport with the identifier you already use

GS1 Digital Link, MA Code, EPC, UUID or DID — plus non-GTIN identifiers for B2B goods. No lock-in.

Start free — no credit card

Related articles