iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

prEN 18216

(Main)

Digital product passport - Data exchange protocols

Digital product passport - Data exchange protocols

This document defines a standard for secure and efficient data exchange protocols and data formats to be used for the digital product passport. Data exchange protocols establish the rules and procedures that systems follow when communicating and exchanging information. Data formats define the structure and presentation of that information so it can be understood and processed correctly by the involved systems. Together, protocols and formats ensure that data can be exchanged in a manner that is secure, reliable, and compatible across various platforms and sectors.
This will guarantee that data is machine-readable, structured, searchable, and transferable through an open, interoperable network without vendor lock-in.
a)   Secure communication:
this standard defines protocols that ensure secure and authenticated data exchange between systems, ensuring that data is protected against unauthorised access and that only authorised entities can access the information.
b)   Interoperability for data exchange:
The protocols and data formats defined in this standard allow for easy integration with existing data exchange systems, ensure compatibility of protocols and formats across various sectors and supporting a wide range of applications and use cases.
c)   Ease of use and integration:
Ensure that the identified protocols and formats can be implemented easily, especially for mobile devices, and are user-friendly in order to facilitate widespread adoption.
d)   Data integrity:
The protocols and data formats defined in this document ensure the integrity of information linked to physical objects and electronic data throughout the entire value chain, extending to the product's or asset's end-of-life end-of-life.
e)   Documentation and Discoverability:
The protocols and formats are available to individuals without specialised knowledge, enabling broader adoption across sectors
In order to promote interoperability, reduce costs for businesses, and align with existing European regulations and initiatives, this document considers the data exchange protocols and data formats already in use in other legislations. Relevant existing standards are integrated into the development process to ensure consistency and coherence with industry practices and regulatory frameworks.

Digitaler Produktpass - Protokolle zum Datenaustausch

Dieses Dokument beschreibt eine Norm für sichere und effiziente Datenaustauschprotokolle und Datenformate, die für den digitalen Produktpass zu verwenden sind. Datenaustauschprotokolle legen die Regeln und Verfahren fest, die Systeme bei der Kommunikation und dem Austausch von Informationen befolgen. Datenformate definieren die Struktur und Darstellung dieser Informationen, damit sie von den beteiligten Systemen verstanden und korrekt verarbeitet werden können. Protokolle und Formate stellen gemeinsam sicher, dass Daten sicher, zuverlässig und kompatibel über verschiedene Plattformen und Sektoren hinweg ausgetauscht werden können.
Dadurch wird sichergestellt, dass die Daten maschinenlesbar, strukturiert, durchsuchbar und über ein offenes, interoperables Netzwerk ohne Vendor Lock in übertragbar sind.
a)   Sichere Kommunikation:
Diese Norm legt Protokolle fest, die einen sicheren und authentifizierten Datenaustausch zwischen Systemen sicherstellen, wobei sie sicherstellen, dass die Daten vor unbefugtem Zugriff geschützt sind und nur befugte Stellen auf die Informationen zugreifen können.
b)   Interoperabilität für den Datenaustausch:
Die in dieser Norm festgelegten Protokolle und Datenformate ermöglichen eine einfache Integration in bestehende Datenaustauschsysteme, stellen die Kompatibilität von Protokollen und Formaten in verschiedenen Sektoren sicher und unterstützen eine Vielzahl von Anwendungen und Anwendungsfällen.
c)   Benutzerfreundlichkeit und Integration:
Es wird sichergestellt, dass die ermittelten Protokolle und Formate leicht implementiert werden können, insbesondere für mobile Geräte, und dass sie benutzerfreundlich sind, um eine flächendeckende Anwendung zu erleichtern.
d)   Datenintegrität:
Die in diesem Dokument festgelegten Protokolle und Datenformate stellen die Integrität von Informationen, die mit physikalischen Objekten und elektronischen Daten verknüpft sind, in der gesamten Wertschöpfungskette bis hin zum Ende der Nutzungsdauer des Produkts oder der Anlage sicher.
e)   Dokumentation und Auffindbarkeit:
Die Protokolle und Formate sind auch für Einzelpersonen ohne Fachwissen zugänglich, wodurch eine breitere sektorübergreifende Anwendung ermöglicht wird.
Um die Interoperabilität zu fördern, die Kosten für Unternehmen zu senken und sich an bestehende europäische Verordnungen und Initiativen anzupassen, berücksichtigt dieses Dokument die Datenaustauschprotokolle und Datenformate, die bereits in anderen Gesetzgebungen verwendet werden. Maßgebliche bestehende Normen werden in den Entwicklungsprozess integriert, um Konsistenz und Kohärenz mit den Praktiken der Industrie und den rechtlichen Rahmenbedingungen sicherzustellen.

Passeport numérique des produits - Protocoles d'échange de données

Le présent document définit une norme pour les protocoles d'échange de données et les formats de données sécurisés et efficaces à utiliser pour le passeport numérique des produits. Les protocoles d'échange de données établissent les règles et procédures que suivent les systèmes lorsqu'ils communiquent et échangent des informations. Les formats de données définissent la structure et la présentation de ces informations de sorte qu'elles puissent être comprises et traitées correctement par les systèmes concernés. Ensemble, les protocoles et les formats garantissent que les données peuvent être échangées d'une manière sécurisée, fiable et compatible entre différentes plateformes et différents secteurs.
Cela garantira que les données sont lisibles par machine, structurées, interrogeables et transférables par l'intermédiaire d'un réseau ouvert et interopérable sans verrouillage du fournisseur.
a)   Communication sécurisée :
La présente norme définit des protocoles qui garantissent un échange de données sécurisé et authentifié entre systèmes, garantissant que les données sont protégées contre un accès non autorisé et que seules les entités autorisées peuvent accéder aux informations.
b)   Interopérabilité pour l'échange de données :
Les protocoles et formats de données définis dans la présente norme permettent une intégration facile dans les systèmes d'échange de données existants, garantissent la compatibilité des protocoles et des formats dans différents secteurs et prennent en charge un large éventail d'applications et de cas d'utilisation.
c)   Facilité d'utilisation et d'intégration :
S'assurer que les protocoles et formats identifiés peuvent être mis en œuvre facilement, en particulier pour les appareils mobiles, et qu'ils sont conviviaux afin de faciliter une adoption généralisée.
d)   Intégrité des données :
Les protocoles et formats de données définis dans le présent document garantissent l'intégrité des informations liées aux objets physiques et des données électroniques tout au long de la chaîne de valeur, s'étendant jusqu'à la fin de vie du produit ou de l'actif.
e)   Documentation et découvrabilité :
Les protocoles et formats sont mis à la disposition des individus sans connaissances spécialisées, ce qui permet une adoption généralisée dans tous les secteurs.
Afin de promouvoir l'interopérabilité, de réduire les coûts pour les entreprises et de s'aligner sur les réglementations et initiatives européennes existantes, le présent document prend en compte les protocoles d'échange de données et les formats de données déjà utilisés dans d'autres législations. Les normes existantes pertinentes sont intégrées dans le processus de développement afin d'assurer la cohérence avec les pratiques de l'industrie et les cadres réglementaires.

Digitalni potni list za proizvode - Protokoli izmenjave podatkov

General Information

Status
Not Published
Publication Date
21-May-2026
ICS
35.240.63 - IT applications in trade
Technical Committee
JTC 24 - Digital Product Passport (DPP)
Drafting Committee
WG 4 - Interoperability framework
Current Stage
4020 - Submission to enquiry - Enquiry
Start Date
26-Jun-2025
Due Date
27-Jun-2025
Completion Date
26-Jun-2025
Mandate
M/604 - Digital Product Passport
Ref Project
oSIST prEN 18216:2025 - Digital product passport - Data exchange protocols

Buy Standard

prEN 18216:2025prEN 18216:2025
PreviousNext
Draft
prEN 18216:2025
English language
17 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-september-2025
Digitalni potni list za proizvode - Protokoli izmenjave podatkov
Digital product passport - Data exchange protocols
Digitaler Produktpass - Protokolle zum Datenaustausch
Passeport numérique des produits - Protocoles d'échange de données
Ta slovenski standard je istoveten z: prEN 18216
ICS:
35.240.63 Uporabniške rešitve IT v IT applications in trade
trgovini
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD DRAFT
NORME EUROPÉENNE
EUROPÄISCHE NORM
June 2025
ICS 35.240.63
English version
Digital product passport - Data exchange protocols
Passeport numérique des produits - Protocoles Digitaler Produktpass - Protokolle zum
d'échange de données Datenaustausch
This draft European Standard is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee
CEN/CLC/JTC 24.
If this draft becomes a European Standard, CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal
Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any
alteration.
This draft European Standard was established by CEN and CENELEC in three official versions (English, French, German). A
version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language
and notified to the CEN-CENELEC Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.Recipients of this draft are invited to submit, with their comments, notification
of any relevant patent rights of which they are aware and to provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without
notice and shall not be referred to as a European Standard.

CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2025 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. prEN 18216:2025 E
reserved worldwide for CEN national Members and for
CENELEC Members.
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 5
4 Data exchange protocols . 6
5 Data formats . 7
6 Data exchange protocol requirements . 7
6.1 General introduction to data exchange protocols . 7
6.2 Secure data exchange . 7
6.3 Data confidentiality and integrity for data exchange . 8
6.4 Secure data transmission . 8
6.5 Non-repudiation . 8
6.6 Data transfer protocols . 8
7 Data exchange . 9
7.1 Security and access control . 9
7.2 Ease of use and integration . 9
7.3 Data integrity . 9
7.3.1 General . 9
7.3.2 HTTP over TLS . 10
7.3.3 RESTful APIs . 10
8 Secure communication . 11
8.1 General . 11
8.2 How HTTPS and RESTful APIs satisfy secure communication . 11
8.2.1 HTTPS (using TLS 1.2 or 1.3) . 11
8.2.2 RESTful APIs . 11
8.3 Identification, authentication, and authorization . 11
8.3.1 9.2.1 OAuth 2.0 . 12
8.3.2 OpenID Connect (OIDC) . 12
8.3.3 CEF eID . 12
8.3.4 Decentralised identifiers (DIDs) . 13
Annex A (informative) Systems compatible with data exchange protocols . 14
Annex ZA (informative) Relationship between this European Standard and the ecodesign
requirements of Commission Regulation (EU) No 2024/1781 aimed to be covered . 15
Bibliography . 17
European foreword
This document (prEN 18216:2025) has been prepared by Technical Committee CEN/CENELEC JTC 24
"Digital Product Passport - Framework and System", the secretariat of which is held by DIN.
This document is currently submitted to the CEN Enquiry.
This document has been prepared under a standardization request addressed to CEN by the European
Commission. The Standing Committee of the EFTA States subsequently approves these requests for its
Member States.
For the relationship with EU Legislation, see informative Annex ZA, which is an integral part of this
document.
Introduction
This proposal is in response to the Standardization Request from the European Comission for the digital
product passport, as seen in “Commision Implementing Decision of 31.7.2024 on a standardization
request to the European Committee for Standardisation, the European Committee for Electrotechnical
Standardisation, and the European Telecommunications Standards Institute as regards digital product
passports in support of Union policy on ecodesign requirements for sustainable products and on
batteries and waste batteries” (C(2024) 5423 final). As specified in the Annex I, module 5, requesting a
standard on “data processing, data exchange protocols and data formats”.
A digital product passport (DPP) is a dynamic digital record that contains information about a product
throughout its life cycle. For DPPs to be effective and universally accessible, standardized data exchange
protocols and frameworks need to be in place. Standardization and harmonisation of these protocols
ensure that all actors of the DPP - such as manufacturers, suppliers, retailers, consumers, repairers,
waste treatments facilities, and regulatory authorities - can access, extract, utilise, and update the shared
product passport information seamlessly. The subsequent sections of this document outline the
standardization for data exchange protocols.
1 Scope
This document defines a standard for secure and efficient data exchange protocols and data formats to
be used for the digital product passport. Data exchange protocols establish the rules and procedures
that systems follow when communicating and exchanging information. Data formats define the
structure and presentation of that information so it can be understood and processed correctly by the
involved systems. Together, protocols and formats ensure that data can be exchanged in a manner that
is secure, reliable, and compatible across various platforms and sectors.
This will guarantee that data is machine-readable, structured, searchable, and transferable through an
open, interoperable network without vendor lock-in.
a) Secure communication:
this standard defines protocols that ensure secure and authenticated data exchange between
systems, ensuring that data is protected against unauthorised access and that only authorised
entities can access the information.
b) Interoperability for data exchange:
The protocols and data formats defined in this standard allow for easy integration with existing
data exchange systems, ensure compatibility of protocols and formats across various sectors and
supporting a wide range of applications and use cases.
c) Ease of use and integration:
Ensure that the identified protocols and formats can be implemented easily, especially for mobile
devices, and are user-friendly in order to facilitate widespread adoption.
d) Data integrity:
The protocols and data formats defined in this document ensure the integrity of information linked
to physical objects and electronic data throughout the entire value chain, extending to the product's
or asset's end-of-life end-of-life.
e) Documentation and Discoverability:
The protocols and formats are available to individuals without specialised knowledge, enabling
broader adoption across sectors
In order to promote interoperability, reduce costs for businesses, and align with existing European
regulations and initiatives, this document considers the data exchange protocols and data formats
already in use in other legislations. Relevant existing standards are integrated into the development
process to ensure consistency and coherence with industry practices and regulatory frameworks.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
a) ISO Online browsing platform: available at http://www.iso.org/obp
b) IEC Electropedia: available at http://www.electropedia.org/
3.1
identifier
digital identifier
sequence of characters associated with digital, non-digital, or abstract entities, such as books, images,
reports, metadata records or events
[SOURCE: [1], 3.2.1]
3.2
data exchange
storing, accessing, transferring, and archiving of data
[SOURCE: [2], 3.1.5]
3.3
identification
process of recognizing an object in a particular domain as distinct from other objects
[SOURCE: [3], 3.2.1]
3.4
authentication
verification that a claimed identity is correct
[SOURCE: [4], 3.2]
3.5
data integrity
property that data has not been altered or destroyed in an unauthorized manner
Note 1 to entry: In the context of secure communication, data integrity ensures that data transmitted between
parties remains unaltered and intact from the moment it leaves the sender to the moment it reaches the receiver.
This means that the data has not been tampered with, modified, or corrupted during transmission – whether
accidentally or through malicious actions.
[SOURCE: [5]]
3.6
secure communication
mechanism of transmitting data between systems in a way that ensures its confidentiality, intergrity
and authenticity
4 Data exchange protocols
The data exchange protocols listed below shall be used.
a) RESTful APIs are built upon the HTTP (Hypertext Transfer Protocol) standard. While REST
(Representational State Transfer) itself is an architectural style rather than a formal standard, it
leverages the existing standards and capabilities of HTTP to perform operations on web resources.
b) HTTP over TLS (HTTPS)
Protocol: HTTPS (HyperText Transfer Protocol Secure) is the secure version of
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
prEN 18220(Main)
Digital product passport - Data carriers
oSIST prEN 18220:2025

This document defines requirements for data carriers used in a digital product passport system. This covers: symbology characteristics, format, error correction codes, encoding methods, printing and production quality, and durability.
This document also defines requirements on graphical or other indicators for easy recognition of DPP data carriers and the indication on the data carrier placement, machine readability, quality checking, links between physical product and digital representation.
The following aspects are out of scope: Architecture and use cases, Secure elements and any other cryptographic security features.

  • Draft
    46 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
prEN 18223(Main)
Digital Product Passport - System interoperability
oSIST prEN 18223:2025

The scope of this document includes:
—   the semantic description of a product, including its properties where relevant and the semantic aspects to represent the product lifecycle;
—   a common information model allowing for the implementation of data dictionary systems;
—   metadata models and formats to be used in exchange and representation, allowing for the integration of dictionaries;
—   rules on how to systematically use such metadata models when developing product group specific data models and dictionaries;
—   technical and organizational interoperability.
This document follows the approach of standard interoperability layers and proposes the following aspects in this regard.

  • Draft
    19 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
prEN 18221(Main)
Digital product passport - data storage, archiving, and data persistence
oSIST prEN 18221:2025

This document specifies requirements for decentralized data storage, archiving and data persistence of digital product passports. The archiving service securely stores historical passport data, preserving a comprehensive record of past information. This feature is particularly relevant for market surveillance purposes. Persistence is required to make sure that data included in the digital product passports remains available even when the economic operator creating the digital product passport is no longer active.
This document also specifies requirements for the replication between economic operators and back-up operators as well as rules for data lifetime definition.

  • Draft
    8 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
prEN 18219(Main)
Digital product passport - Unique identifiers
oSIST prEN 18219:2025

This document defines the principles and specifies the requirements and guidelines for unique product identifiers, unique economic operator identifiers, and unique facility identifiers used in digital product passports. It covers the following areas:
a)   global uniqueness;
b)   persistence;
c)   syntax;
d)   semantics;
e)   interoperability;
f)   openness.
This document accommodates unique product identifiers at three granularity levels of specificity: model, batch, or individual item, to support various operational needs.
This document describes identification (ID) schemes that use issuing agencies, self-issuing systems, or a combination of both.

  • Draft
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
prEN 18222(Main)
Digital Product Passport - Application Programming Interfaces (APIs) for the product passport lifecycle management and searchability
oSIST prEN 18222:2025

This document aims to standardize the specifications for the API of the Digital Product Passport (DPP) as mandated by the ESPR of the European Commission. The purpose of this API is to facilitate the searchability of DPPs, as well as to provide the necessary means for interactions throughout the lifecycle of a product's DPP.

  • Draft
    17 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 17011-3:2024(Main)
Electronic Public Procurement - Architecture - Part 3: Customisation Guideline
SIST-TS CEN/TS 17011-3:2025

This document describes:
-   the rationale for building customisation supporting business cases that are specific to their business environment while maintaining organisational and semantic interoperability with the TC 440 specifications;
-   the difference between Usage specification and Extension specification;
-   a methodology on how to define customisations on:
-   BII Transaction specification,
-   Business rules,
-   Code lists;
-   how to claim compliance or conformance to a customisation of a TC 440 specification;
-   the connection to the eProcurement Ontology project.
This specification does not describe the detailed process of building an extension.

  • Technical specification
    22 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 16931-9:2024(Main)
Electronic invoicing - Part 9: VAT reporting and gap analysis with current e-invoicing standardization deliverables
SIST-TP CEN/TR 16931-9:2025

The European Commission will in its project “VAT in the digital age” mandate that VAT reporting on intra-EU transactions is performed in near real time and based on EN 16931. This document defines the impact of this legislation on the various deliverables of CEN/TC 434, with a focus on the subset to be sent to tax authorities and how EN 16931-1 will need to be changed.
NOTE 1   The ViDA proposal only applies to EU member states.
This document does not define the subset of the electronic invoice to be sent to the authorities.
NOTE 2   The definition of that subset is a task of the European Commission. As the subset message is not an invoice, but a VAT report, it is not regarded as a Core Invoice Usage Specification (CIUS). The subset therefore needs not to obey the rules for developing a CIUS. For example, not all mandatory elements in the invoice need to be part of the subset.

  • Technical report
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 16931-8:2024(Main)
Electronic invoicing - Part 8: Semantic data model of the elements of an e-receipt or a simplified electronic invoice
SIST EN 16931-8:2025

This document establishes a semantic data model of an e-receipt or a simplified electronic invoice.
NOTE   In the remainder of this document, when “e-receipt” is mentioned, “simplified invoice” is also meant.
The semantic model includes essential information elements that an electronic receipt needs to ensure legal (including fiscal) compliance and to enable interoperability for cross-border, cross sector and domestic trade. The semantic model can be used by organizations in the private and the public sector for documenting by issuing a receipt for the purchase of services and /or goods. It can also be used for documenting a purchase between private sector enterprises. In addition, it has been designed for the use of consumers.

  • Technical specification
    106 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17016-1:2024(Main)
Electronic Public Procurement - Ordering - Part 1: Choreographies
SIST EN 17016-1:2024

This choreographies document specify ordering between Buyer and Seller where the Buyer wants to reach an agreement with the Seller about an order. It specifies a series of activities that govern communication between the parties and refers to the specifications where information and rules that apply are specified.
The various possible behaviours of the Seller and Buyer subsequent to the first order communication are conveyed by variants of this choreography that are specified in 5.2.
Previous activities (e.g. cataloguing) and subsequent activities (e.g. invoicing) are outside the scope of this document. If performed electronically, their implementation is covered by other choreographies.
The identifier of this choreographies document is EN 17016-1:2024.
How to claim compliance to this choreography is specified in 5.2.3.

  • Standard
    81 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17015-1:2024(Main)
Electronic Public Procurement - Catalogue - Part 1: Choreographies
SIST EN 17015-1:2024

The purpose of this deliverable is to specify and describe choreographies for exchanging an electronic product catalogue (“catalogues”) as part of the business processes in the pre-award and post-award area, so that catalogues can serve as a basis for placing orders as well as evaluating tenders. The key aspects covered by this choreography specification are:
-   processes for submitting catalogues from the selling to the buying side;
-   processes for submitting catalogue-related data as part of a tendering process;
-   processes integrating sell-side procurement systems.
This document does not apply to the transactions used in the specified choreographies. These transactions are specified in EN 17015 2. The relationship between the choreographies and the transaction is described in Clause 8.
The identifier of this choreographies document is EN 17015 1:2024.
How to claim compliance to this choreography is specified in 6.2.3.

  • Standard
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day