Compliance & trust

Passenta is an evidence service, not just a data tool. This page transparently shows where we support you in preparing the Digital Product Passport (ESPR), what remains your responsibility, and how anyone — including an authority — can verify a passport.

What Passenta covers — by industry

Fully usable today for textiles and batteries. Further industries are activated once the respective delegated acts define the mandatory fields.

Industry	Status	Regulatory framework	Passenta supports with
Textiles	Usable today	ESPR in force; delegated textile act expected (2027 at the earliest)	ESPR core fields + textile schema, supplier attestations, signed passport, QR/GS1 data carrier, authority access, document anchoring
Batteries	Usable today	Battery Regulation 2023/1542; battery passport duty from 18 Feb 2027 (Annex XIII)	Battery mandatory fields, carbon footprint, recyclate shares, due-diligence report, item-level/serial passports
More (footwear, furniture, steel, tyres …)	In preparation	after publication of the respective delegated acts	Schema system prepared; activated once the mandatory fields are final — no platform switch for you

Passenta provides

Structured capture per the relevant industry schema
Cryptographic signature of every passport (W3C Verifiable Credentials, did:web)
Public, permanently retrievable passport page + QR/GS1 data carrier
Time-limited authority access + authority package export (signed evidence, hash manifest, audit log)
Secure storage in the EU region, backups, account deletion process

Your responsibility

Accuracy and completeness of the product data you enter
Obtaining valid supplier and test evidence (certificates)
Legal assessment of which obligations apply to your product
Updating on product, supply-chain or legal changes

How an authority (or anyone) verifies a passport

1Scan the QR code or open the passport URL → public passport page.
2The signature status is verified live and shown (valid or tampered).
3Machine-readable report at /api/verify/<slug> (JSON) — incl. fingerprint and matches of anchored documents.
4The public verification key is at /.well-known/did.json (did:web) — so the signature can be checked offline and independently of Passenta.
5Authorities receive, on request, time-limited access with additional (non-public) fields and documents.

Security & data

Trust comes from verifiability. The key facts at a glance:

Hosting in the EU region (Frankfurt); migration to certified EU hosting planned when certification requires it.
Encrypted transport (HTTPS); only one technically necessary session cookie (httpOnly), no tracking, no cookie banner needed.
Regular database backups; account deletion with a 30-day grace period. Already published passports remain retrievable for retention reasons.
Data processing agreement (DPA) incl. subprocessors on request.

More detail

Security & vulnerability reporting Subprocessors (EU)Privacy policy Terms

Roadmap to the EU registry

The central EU DPP registry will assign the unique product identifier and register passports. Passenta is prepared for it (registration ID in the data model, GS1 Digital Link, did:web identity) and will connect to the registry once its interface is final.

See what a passport looks like

A complete example product passport — as consumers, retailers and authorities experience it.

View example passport →

Note: This page describes how Passenta works and is not legal advice. Binding obligations arise from the respective EU legal acts; the legal assessment for your specific product is up to you.

← Back to home