Built on open EU standards — and audited infrastructure

A Digital Product Passport is only as trustworthy as what it stands on. dpp.gs is built on the first European DPP standards (EN 18216–18223), GS1 Digital Link, JSON-LD and signed W3C Verifiable Credentials — and operated on certified, EU-hosted infrastructure by the Smart DRS / Sensoneo group.

Start free — 2 GTINs Glossary →

Built on the official EU DPP baseline

Your passports stand on the first European DPP standards (CEN/CENELEC JTC 24, published May 2026) — not a proprietary format. Each standard governs one layer, and dpp.gs implements all of them:

Standard	Concern	How dpp.gs implements it
EN 18219	Unique identifiers	GS1 Digital Link — every passport is a resolvable `https://dpp.gs/01/{GTIN}` URI.
EN 18220	Data carriers	QR code (full Digital Link URL) and GS1 DataMatrix with FNC1 — generated for every product.
EN 18216	Data exchange	Plain HTTPS with content negotiation: a phone gets HTML, a system gets JSON-LD from the same URL.
EN 18222	Lifecycle & search APIs	A versioned `/dpp/v1` API: search, retrieve and query passport lifecycle.
EN 18223	Interoperability	JSON-LD on schema.org + GS1 vocabulary + a dpp: namespace — a machine-readable semantic graph.
prEN 18246	Authentication & integrity	Passports issuable as W3C Verifiable Credentials, signed with Ed25519 (vc+jwt), verifiable offline.

Read the full standards mapping →

Certifications & assurances

GS1 Digital Link — conformance-tested

Our resolver passes the official GS1 Digital Link Conformance Test Suite. The same identifier works as a consumer QR and a GS1 DataMatrix.

ISO 9001 · 14001 · 27001

Quality, environmental and information-security management across the Sensoneo group that operates the platform.

SOC 2 · Sensoneo group

Independent controls assurance through our parent group, which runs EU-wide deposit-return IT at national scale.

EU hosting · Germany 🇩🇪

All product data is stored in the EU (Germany). EU jurisdiction, GDPR-compliant — data never leaves the EU.

Signed, not chained

Verifiable Credentials use open Ed25519 cryptography — verify authenticity offline against our public key. No blockchain, no token, no wallet.

MIT-licensed open schemas

Our JSON schemas and OpenAPI 3.1 spec are public and MIT-licensed. Export everything as CSV/JSON-LD — no vendor lock-in.

Honest status note: the EN 18216–18223 series is new (May 2026) and prEN 18246 is still a draft; a formal DPP certification scheme does not yet exist for anyone. What we can show is a platform built on the same open standards the EN series is based on — GS1 Digital Link, JSON-LD, W3C Verifiable Credentials and OpenAPI — operated under ISO/SOC 2-assured processes. We track the standards as they finalise.

Security & data residency

EU data residency — product data is stored in the EU (Germany); it never leaves the EU. GDPR-compliant.
Tamper-evidence — passports can be issued as Ed25519-signed Verifiable Credentials, verifiable offline against our public key.
No lock-in — open MIT-licensed schemas, OpenAPI 3.1, and CSV / JSON-LD export of everything you put in.
Operated at scale — by the Sensoneo group, which runs national deposit-return system IT across multiple EU countries.

Issue a standards-aligned passport

GS1 Digital Link, JSON-LD, signed credentials and a search API — free for your first 2 GTINs.

Start free →