oSIST prEN 18216:2025
(Main)Digital product passport - Data exchange protocols
Digital product passport - Data exchange protocols
This document defines a standard for secure and efficient data exchange protocols and data formats to be used for the digital product passport. Data exchange protocols establish the rules and procedures that systems follow when communicating and exchanging information. Data formats define the structure and presentation of that information so it can be understood and processed correctly by the involved systems. Together, protocols and formats ensure that data can be exchanged in a manner that is secure, reliable, and compatible across various platforms and sectors.
This will guarantee that data is machine-readable, structured, searchable, and transferable through an open, interoperable network without vendor lock-in.
a) Secure communication:
this standard defines protocols that ensure secure and authenticated data exchange between systems, ensuring that data is protected against unauthorised access and that only authorised entities can access the information.
b) Interoperability for data exchange:
The protocols and data formats defined in this standard allow for easy integration with existing data exchange systems, ensure compatibility of protocols and formats across various sectors and supporting a wide range of applications and use cases.
c) Ease of use and integration:
Ensure that the identified protocols and formats can be implemented easily, especially for mobile devices, and are user-friendly in order to facilitate widespread adoption.
d) Data integrity:
The protocols and data formats defined in this document ensure the integrity of information linked to physical objects and electronic data throughout the entire value chain, extending to the product's or asset's end-of-life end-of-life.
e) Documentation and Discoverability:
The protocols and formats are available to individuals without specialised knowledge, enabling broader adoption across sectors
In order to promote interoperability, reduce costs for businesses, and align with existing European regulations and initiatives, this document considers the data exchange protocols and data formats already in use in other legislations. Relevant existing standards are integrated into the development process to ensure consistency and coherence with industry practices and regulatory frameworks.
Digitaler Produktpass - Protokolle zum Datenaustausch
Dieses Dokument beschreibt eine Norm für sichere und effiziente Datenaustauschprotokolle und Datenformate, die für den digitalen Produktpass zu verwenden sind. Datenaustauschprotokolle legen die Regeln und Verfahren fest, die Systeme bei der Kommunikation und dem Austausch von Informationen befolgen. Datenformate definieren die Struktur und Darstellung dieser Informationen, damit sie von den beteiligten Systemen verstanden und korrekt verarbeitet werden können. Protokolle und Formate stellen gemeinsam sicher, dass Daten sicher, zuverlässig und kompatibel über verschiedene Plattformen und Sektoren hinweg ausgetauscht werden können.
Dadurch wird sichergestellt, dass die Daten maschinenlesbar, strukturiert, durchsuchbar und über ein offenes, interoperables Netzwerk ohne Vendor Lock in übertragbar sind.
a) Sichere Kommunikation:
Diese Norm legt Protokolle fest, die einen sicheren und authentifizierten Datenaustausch zwischen Systemen sicherstellen, wobei sie sicherstellen, dass die Daten vor unbefugtem Zugriff geschützt sind und nur befugte Stellen auf die Informationen zugreifen können.
b) Interoperabilität für den Datenaustausch:
Die in dieser Norm festgelegten Protokolle und Datenformate ermöglichen eine einfache Integration in bestehende Datenaustauschsysteme, stellen die Kompatibilität von Protokollen und Formaten in verschiedenen Sektoren sicher und unterstützen eine Vielzahl von Anwendungen und Anwendungsfällen.
c) Benutzerfreundlichkeit und Integration:
Es wird sichergestellt, dass die ermittelten Protokolle und Formate leicht implementiert werden können, insbesondere für mobile Geräte, und dass sie benutzerfreundlich sind, um eine flächendeckende Anwendung zu erleichtern.
d) Datenintegrität:
Die in diesem Dokument festgelegten Protokolle und Datenformate stellen die Integrität von Informationen, die mit physikalischen Objekten und elektronischen Daten verknüpft sind, in der gesamten Wertschöpfungskette bis hin zum Ende der Nutzungsdauer des Produkts oder der Anlage sicher.
e) Dokumentation und Auffindbarkeit:
Die Protokolle und Formate sind auch für Einzelpersonen ohne Fachwissen zugänglich, wodurch eine breitere sektorübergreifende Anwendung ermöglicht wird.
Um die Interoperabilität zu fördern, die Kosten für Unternehmen zu senken und sich an bestehende europäische Verordnungen und Initiativen anzupassen, berücksichtigt dieses Dokument die Datenaustauschprotokolle und Datenformate, die bereits in anderen Gesetzgebungen verwendet werden. Maßgebliche bestehende Normen werden in den Entwicklungsprozess integriert, um Konsistenz und Kohärenz mit den Praktiken der Industrie und den rechtlichen Rahmenbedingungen sicherzustellen.
Passeport numérique des produits - Protocoles d'échange de données
Le présent document définit une norme pour les protocoles d'échange de données et les formats de données sécurisés et efficaces à utiliser pour le passeport numérique des produits. Les protocoles d'échange de données établissent les règles et procédures que suivent les systèmes lorsqu'ils communiquent et échangent des informations. Les formats de données définissent la structure et la présentation de ces informations de sorte qu'elles puissent être comprises et traitées correctement par les systèmes concernés. Ensemble, les protocoles et les formats garantissent que les données peuvent être échangées d'une manière sécurisée, fiable et compatible entre différentes plateformes et différents secteurs.
Cela garantira que les données sont lisibles par machine, structurées, interrogeables et transférables par l'intermédiaire d'un réseau ouvert et interopérable sans verrouillage du fournisseur.
a) Communication sécurisée :
La présente norme définit des protocoles qui garantissent un échange de données sécurisé et authentifié entre systèmes, garantissant que les données sont protégées contre un accès non autorisé et que seules les entités autorisées peuvent accéder aux informations.
b) Interopérabilité pour l'échange de données :
Les protocoles et formats de données définis dans la présente norme permettent une intégration facile dans les systèmes d'échange de données existants, garantissent la compatibilité des protocoles et des formats dans différents secteurs et prennent en charge un large éventail d'applications et de cas d'utilisation.
c) Facilité d'utilisation et d'intégration :
S'assurer que les protocoles et formats identifiés peuvent être mis en œuvre facilement, en particulier pour les appareils mobiles, et qu'ils sont conviviaux afin de faciliter une adoption généralisée.
d) Intégrité des données :
Les protocoles et formats de données définis dans le présent document garantissent l'intégrité des informations liées aux objets physiques et des données électroniques tout au long de la chaîne de valeur, s'étendant jusqu'à la fin de vie du produit ou de l'actif.
e) Documentation et découvrabilité :
Les protocoles et formats sont mis à la disposition des individus sans connaissances spécialisées, ce qui permet une adoption généralisée dans tous les secteurs.
Afin de promouvoir l'interopérabilité, de réduire les coûts pour les entreprises et de s'aligner sur les réglementations et initiatives européennes existantes, le présent document prend en compte les protocoles d'échange de données et les formats de données déjà utilisés dans d'autres législations. Les normes existantes pertinentes sont intégrées dans le processus de développement afin d'assurer la cohérence avec les pratiques de l'industrie et les cadres réglementaires.
Digitalni potni list izdelka - Protokoli izmenjave podatkov
General Information
- Status
- Not Published
- Public Enquiry End Date
- 18-Sep-2025
- Technical Committee
- DPP - Digital Product Passport
- Current Stage
- 4020 - Public enquire (PE) (Adopted Project)
- Start Date
- 17-Jul-2025
- Due Date
- 04-Dec-2025
- Completion Date
- 22-Sep-2025
oSIST prEN 18216:2025: Digital Product Passport - Data Exchange Protocols
Overview
The oSIST prEN 18216:2025 standard, developed by CEN, specifies the requirements for secure and efficient data exchange protocols and data formats tailored for the Digital Product Passport (DPP). This standard targets seamless information exchange about products throughout their lifecycle, enabling enhanced traceability, compliance, and sustainability. It ensures data is machine-readable, structured, searchable, and exchangeable via an open interoperable network, eliminating vendor lock-in.
This standard is crucial for manufacturers, suppliers, retailers, consumers, repairers, waste managers, and regulators, providing a trusted and unified framework to communicate product data securely and reliably.
Key Topics
Secure Communication
oSIST prEN 18216:2025 outlines protocols to guarantee authenticated, confidential, and encrypted data exchange. Only authorized parties can access or transmit data, protecting product information from unauthorized use or tampering.Data Integrity and Non-Repudiation
The standard mandates measures ensuring data remains unaltered during transmission and enables verification of sender and receiver identities, preventing denial of data exchange actions.Interoperability and Compatibility
It fosters integration compatibility across diverse systems and sectors, leveraging existing proven standards such as RESTful APIs and HTTPS over TLS. This approach supports cross-sector adoption, enhancing the DPP’s ecosystem connectivity.Ease of Use and Mobile Integration
Protocols and data formats are designed for easy implementation, especially on mobile devices, promoting widespread practical adoption without requiring extensive technical expertise.Standardized Data Formats
Data exchanged under this standard uses formats such as:- JSON (JavaScript Object Notation): Lightweight and human-readable for quick data processing.
- XML (Extensible Markup Language): Flexible format supporting complex and nested data structures.
- JSON-LD (Linked Data): Adding semantic context to support linked data integration.
- HTML (HyperText Markup Language): Used primarily for rendering data in browsers to enhance human readability.
Applications
oSIST prEN 18216:2025 applies to various sectors and use cases where product transparency and secure data exchange are vital, including:
Supply Chain Management
Enables secure, verifiable sharing of product information across B2B partners to improve sourcing transparency and regulatory compliance.Consumer Access and Product Information
Facilitates user-friendly access via smartphones or apps to product histories, ingredient sourcing, recycling instructions, and compliance labels.Regulatory and Compliance Verification
Supports authorities in accessing trusted product data securely for ecodesign, waste management, and safety inspections, enhancing enforcement capabilities.Circular Economy and End-of-Life Tracking
Assists stakeholders involved in product lifecycle extension, reuse, and recycling by maintaining consistent and trusted digital product records.
Related Standards
- TLS (Transport Layer Security) – Ensures encrypted communication protocols, in line with RFC 8446 and subsequent versions.
- RFC Standards for HTTP/1.1, HTTP/2, HTTP/3 – Underpin the RESTful API communication architecture.
- OAuth 2.0 and OpenID Connect – Facilitate authentication and authorization frameworks integrated within the standard for secure access control.
- CEF eID and Decentralized Identifiers (DIDs) – Enhance identity verification for decentralized and cross-organizational environments.
The oSIST prEN 18216:2025 standard aligns with existing European regulatory frameworks on ecodesign, batteries, and waste management, promoting consistent practices and reducing business costs through harmonized data exchange protocols.
By adopting oSIST prEN 18216:2025, organizations can benefit from a secure, interoperable, and user-friendly framework to share and manage product passport data efficiently, supporting sustainability goals, regulatory compliance, and circular economy initiatives across Europe and beyond.
Frequently Asked Questions
oSIST prEN 18216:2025 is a draft published by the Slovenian Institute for Standardization (SIST). Its full title is "Digital product passport - Data exchange protocols". This standard covers: This document defines a standard for secure and efficient data exchange protocols and data formats to be used for the digital product passport. Data exchange protocols establish the rules and procedures that systems follow when communicating and exchanging information. Data formats define the structure and presentation of that information so it can be understood and processed correctly by the involved systems. Together, protocols and formats ensure that data can be exchanged in a manner that is secure, reliable, and compatible across various platforms and sectors. This will guarantee that data is machine-readable, structured, searchable, and transferable through an open, interoperable network without vendor lock-in. a) Secure communication: this standard defines protocols that ensure secure and authenticated data exchange between systems, ensuring that data is protected against unauthorised access and that only authorised entities can access the information. b) Interoperability for data exchange: The protocols and data formats defined in this standard allow for easy integration with existing data exchange systems, ensure compatibility of protocols and formats across various sectors and supporting a wide range of applications and use cases. c) Ease of use and integration: Ensure that the identified protocols and formats can be implemented easily, especially for mobile devices, and are user-friendly in order to facilitate widespread adoption. d) Data integrity: The protocols and data formats defined in this document ensure the integrity of information linked to physical objects and electronic data throughout the entire value chain, extending to the product's or asset's end-of-life end-of-life. e) Documentation and Discoverability: The protocols and formats are available to individuals without specialised knowledge, enabling broader adoption across sectors In order to promote interoperability, reduce costs for businesses, and align with existing European regulations and initiatives, this document considers the data exchange protocols and data formats already in use in other legislations. Relevant existing standards are integrated into the development process to ensure consistency and coherence with industry practices and regulatory frameworks.
This document defines a standard for secure and efficient data exchange protocols and data formats to be used for the digital product passport. Data exchange protocols establish the rules and procedures that systems follow when communicating and exchanging information. Data formats define the structure and presentation of that information so it can be understood and processed correctly by the involved systems. Together, protocols and formats ensure that data can be exchanged in a manner that is secure, reliable, and compatible across various platforms and sectors. This will guarantee that data is machine-readable, structured, searchable, and transferable through an open, interoperable network without vendor lock-in. a) Secure communication: this standard defines protocols that ensure secure and authenticated data exchange between systems, ensuring that data is protected against unauthorised access and that only authorised entities can access the information. b) Interoperability for data exchange: The protocols and data formats defined in this standard allow for easy integration with existing data exchange systems, ensure compatibility of protocols and formats across various sectors and supporting a wide range of applications and use cases. c) Ease of use and integration: Ensure that the identified protocols and formats can be implemented easily, especially for mobile devices, and are user-friendly in order to facilitate widespread adoption. d) Data integrity: The protocols and data formats defined in this document ensure the integrity of information linked to physical objects and electronic data throughout the entire value chain, extending to the product's or asset's end-of-life end-of-life. e) Documentation and Discoverability: The protocols and formats are available to individuals without specialised knowledge, enabling broader adoption across sectors In order to promote interoperability, reduce costs for businesses, and align with existing European regulations and initiatives, this document considers the data exchange protocols and data formats already in use in other legislations. Relevant existing standards are integrated into the development process to ensure consistency and coherence with industry practices and regulatory frameworks.
oSIST prEN 18216:2025 is classified under the following ICS (International Classification for Standards) categories: 35.240.63 - IT applications in trade. The ICS classification helps identify the subject area and facilitates finding related standards.
oSIST prEN 18216:2025 is associated with the following European legislation: Standardization Mandates: M/604, M/604 AMD 1. When a standard is cited in the Official Journal of the European Union, products manufactured in conformity with it benefit from a presumption of conformity with the essential requirements of the corresponding EU directive or regulation.
You can purchase oSIST prEN 18216:2025 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of SIST standards.
Standards Content (Sample)
SLOVENSKI STANDARD
01-september-2025
Digitalni potni list za proizvode - Protokoli izmenjave podatkov
Digital product passport - Data exchange protocols
Digitaler Produktpass - Protokolle zum Datenaustausch
Passeport numérique des produits - Protocoles d'échange de données
Ta slovenski standard je istoveten z: prEN 18216
ICS:
35.240.63 Uporabniške rešitve IT v IT applications in trade
trgovini
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD DRAFT
NORME EUROPÉENNE
EUROPÄISCHE NORM
June 2025
ICS 35.240.63
English version
Digital product passport - Data exchange protocols
Passeport numérique des produits - Protocoles Digitaler Produktpass - Protokolle zum
d'échange de données Datenaustausch
This draft European Standard is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee
CEN/CLC/JTC 24.
If this draft becomes a European Standard, CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal
Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any
alteration.
This draft European Standard was established by CEN and CENELEC in three official versions (English, French, German). A
version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language
and notified to the CEN-CENELEC Management Centre has the same status as the official versions.
CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.Recipients of this draft are invited to submit, with their comments, notification
of any relevant patent rights of which they are aware and to provide supporting documentation.
Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without
notice and shall not be referred to as a European Standard.
CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2025 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. prEN 18216:2025 E
reserved worldwide for CEN national Members and for
CENELEC Members.
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 5
4 Data exchange protocols . 6
5 Data formats . 7
6 Data exchange protocol requirements . 7
6.1 General introduction to data exchange protocols . 7
6.2 Secure data exchange . 7
6.3 Data confidentiality and integrity for data exchange . 8
6.4 Secure data transmission . 8
6.5 Non-repudiation . 8
6.6 Data transfer protocols . 8
7 Data exchange . 9
7.1 Security and access control . 9
7.2 Ease of use and integration . 9
7.3 Data integrity . 9
7.3.1 General . 9
7.3.2 HTTP over TLS . 10
7.3.3 RESTful APIs . 10
8 Secure communication . 11
8.1 General . 11
8.2 How HTTPS and RESTful APIs satisfy secure communication . 11
8.2.1 HTTPS (using TLS 1.2 or 1.3) . 11
8.2.2 RESTful APIs . 11
8.3 Identification, authentication, and authorization . 11
8.3.1 9.2.1 OAuth 2.0 . 12
8.3.2 OpenID Connect (OIDC) . 12
8.3.3 CEF eID . 12
8.3.4 Decentralised identifiers (DIDs) . 13
Annex A (informative) Systems compatible with data exchange protocols . 14
Annex ZA (informative) Relationship between this European Standard and the ecodesign
requirements of Commission Regulation (EU) No 2024/1781 aimed to be covered . 15
Bibliography . 17
European foreword
This document (prEN 18216:2025) has been prepared by Technical Committee CEN/CENELEC JTC 24
"Digital Product Passport - Framework and System", the secretariat of which is held by DIN.
This document is currently submitted to the CEN Enquiry.
This document has been prepared under a standardization request addressed to CEN by the European
Commission. The Standing Committee of the EFTA States subsequently approves these requests for its
Member States.
For the relationship with EU Legislation, see informative Annex ZA, which is an integral part of this
document.
Introduction
This proposal is in response to the Standardization Request from the European Comission for the digital
product passport, as seen in “Commision Implementing Decision of 31.7.2024 on a standardization
request to the European Committee for Standardisation, the European Committee for Electrotechnical
Standardisation, and the European Telecommunications Standards Institute as regards digital product
passports in support of Union policy on ecodesign requirements for sustainable products and on
batteries and waste batteries” (C(2024) 5423 final). As specified in the Annex I, module 5, requesting a
standard on “data processing, data exchange protocols and data formats”.
A digital product passport (DPP) is a dynamic digital record that contains information about a product
throughout its life cycle. For DPPs to be effective and universally accessible, standardized data exchange
protocols and frameworks need to be in place. Standardization and harmonisation of these protocols
ensure that all actors of the DPP - such as manufacturers, suppliers, retailers, consumers, repairers,
waste treatments facilities, and regulatory authorities - can access, extract, utilise, and update the shared
product passport information seamlessly. The subsequent sections of this document outline the
standardization for data exchange protocols.
1 Scope
This document defines a standard for secure and efficient data exchange protocols and data formats to
be used for the digital product passport. Data exchange protocols establish the rules and procedures
that systems follow when communicating and exchanging information. Data formats define the
structure and presentation of that information so it can be understood and processed correctly by the
involved systems. Together, protocols and formats ensure that data can be exchanged in a manner that
is secure, reliable, and compatible across various platforms and sectors.
This will guarantee that data is machine-readable, structured, searchable, and transferable through an
open, interoperable network without vendor lock-in.
a) Secure communication:
this standard defines protocols that ensure secure and authenticated data exchange between
systems, ensuring that data is protected against unauthorised access and that only authorised
entities can access the information.
b) Interoperability for data exchange:
The protocols and data formats defined in this standard allow for easy integration with existing
data exchange systems, ensure compatibility of protocols and formats across various sectors and
supporting a wide range of applications and use cases.
c) Ease of use and integration:
Ensure that the identified protocols and formats can be implemented easily, especially for mobile
devices, and are user-friendly in order to facilitate widespread adoption.
d) Data integrity:
The protocols and data formats defined in this document ensure the integrity of information linked
to physical objects and electronic data throughout the entire value chain, extending to the product's
or asset's end-of-life end-of-life.
e) Documentation and Discoverability:
The protocols and formats are available to individuals without specialised knowledge, enabling
broader adoption across sectors
In order to promote interoperability, reduce costs for businesses, and align with existing European
regulations and initiatives, this document considers the data exchange protocols and data formats
already in use in other legislations. Relevant existing standards are integrated into the development
process to ensure consistency and coherence with industry practices and regulatory frameworks.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
a) ISO Online browsing platform: available at http://www.iso.org/obp
b) IEC Electropedia: available at http://www.electropedia.org/
3.1
identifier
digital identifier
sequence of characters associated with digital, non-digital, or abstract entities, such as books, images,
reports, metadata records or events
[SOURCE: [1], 3.2.1]
3.2
data exchange
storing, accessing, transferring, and archiving of data
[SOURCE: [2], 3.1.5]
3.3
identification
process of recognizing an object in a particular domain as distinct from other objects
[SOURCE: [3], 3.2.1]
3.4
authentication
verification that a claimed identity is correct
[SOURCE: [4], 3.2]
3.5
data integrity
property that data has not been altered or destroyed in an unauthorized manner
Note 1 to entry: In the context of secure communication, data integrity ensures that data transmitted between
parties remains unaltered and intact from the moment it leaves the sender to the moment it reaches the receiver.
This means that the data has not been tampered with, modified, or corrupted during transmission – whether
accidentally or through malicious actions.
[SOURCE: [5]]
3.6
secure communication
mechanism of transmitting data between systems in a way that ensures its confidentiality, intergrity
and authenticity
4 Data exchange protocols
The data exchange protocols listed below shall be used.
a) RESTful APIs are built upon the HTTP (Hypertext Transfer Protocol) standard. While REST
(Representational State Transfer) itself is an architectural style rather than a formal standard, it
leverages the existing standards and capabilities of HTTP to perform operations on web resources.
b) HTTP over TLS (HTTPS)
Protocol: HTTPS (HyperText Transfer Protocol Secure) is the secure version of HTTP, used for
secure communication over a computer network.
Standards:
— TLS (Transport Layer Security): Defined by RFC 8446 for TLS 1.3. and future versions.
— HTTP/1.1, HTTP/2 and HTTP/3: Defined by RFC 7230-7235, RFC 7540 and RFC9114,
respectively
Other data exchange protcols are allowed upon bilateral agreement.
5 Data formats
The data format listed below shall be used.
a) JSON (JavaScript Object Notation): It is a human and machine readable data-interchange format
used to transmit data between a server and a client.
Besides the abovementioned, the message format may be used:
b) XML (Extensive Markup Language) is a markup language and file format for storing, transmitting
and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that
is both human-readable and machine-readable
c) JSON-LD (JavaScript Object Notation for Linked Data) is a human-readable data format that
provides context and links data, enhancing interoperability and integration between different data
sources. Its representation shall be processible by a regular JSON parser, allowing the possibility
of including linked data context for advanced semantic processing.
For human readable representation the following shall be provided:
The DPP shall be provided according to W3C HTML standards, and should be tested across a range of
browser technologies and platforms.
d) HTML (Hypertext Markup Language): is the standard markup language for documents designed
to be displayed in a web browser. It defines the content and structure of web content and is often
assisted by technologies such as Cascading Style Sheets (CSS) and JavaScript.ext
The digital product passport does not have to be stored in HTML, but will be rendered in HTML.
6 Data exchange protocol requirements
6.1 General introduction to data exchange protocols
A data exchange protocol is a set of rules and standards that govern how data is transmitted, received,
and interpreted between different systems or organizations. In the context of digital product passports
(DPPs), these protocols are essential for enabling seamless communication and interoperability among
various stakeholders, such as manufacturers, suppliers, retailers, consumers, and regulatory
authorities.
Data exchange protocols ensure that the information contained within a digital product passport – such
as product specifications, origin, materials, compliance certifications, and sustainability metrics – is
consistently formatted and securely transmitted. This consistency allows different software
applications, platforms, and systems to understand and utilize the data effectively, regardless of the
underlying technologies they employ.
6.2 Secure data exchange
All data exchanges between the server and client shall use TLS.
NOTE This requirement applies to situations where an individual uses a mobile app, desktop software or
embedded system integration to access a product's DPP. The application connects to the DPP service to retrieve
detailed information about the product. This allows the user to make informed decisions or gain insights about
the product directly through the app. It is assumed that the data exchange is between Business to Customer (B2C)
and therefore the relevant standards are proposed.
Additional relevant standards:
a) [6]: Network Security Protocols.
b) [7]: Information Security Management System (ISMS).
6.3 Data confidentiality and integrity for data exchange
The data exchange protocol shall maintain confidentiality and integrity of DPP data.
DPP data shall be encrypted during transmission.
NOTE When transferring DPP data from one organization to another organization:
Specific considerations also exist when one organization transfers the digital product passport to another
organization. This typically occurs within a supply chain, such as when a manufacturer sends product information
to a distributor or retailer. In an instance like this it could involve both the physical transfer of data between two
locations as well as the standard access to data. This also assumes that the data exchange/data transfer occurs
between Business to Business (B2B) or Business to Government (B2G).
DPP controlled data shall be encrypted during transmission.
When authorities or other organizations are requesting confidential access to a digital product passport
based on their specified access rights, there exist specific requirements for when sensitive DPP data is
accessed or transferred between organisations, often in regulatory or compliance contexts (B2B/B2G).
6.4 Secure data transmission
Requirement: Secure data exchange protocols shall be used for DPP data exchange.
6.5 Non-repudiation
Entities involved in the DPP data request shall not be able to deny sending or receiving the DPP.
NOTE When transferring DPP data from one organisation to another organisation:
Specific considerations also exist when one organisation transfers the digital product passport to another
organisation. This typically occurs within a supply chain, such as when a manufacturer sends product information
to a distributor or retailer. In such cases it could involve both the physical transfer of data between two locations
as well as the standard access to data. This also assumes that the data exchange/data transfer occurs between
Business to Business (B2B) or Business to Government (B2G). Similarly, sensitive DPP data could be accessed or
transferred between organisations inregulatory or compliance scenarios (B2B/B2G)
6.6 Data transfer protocols
Data exchange protocols shall at a minimum conform to Clause 5 (b), 7.2 and 7.5
NOTE When transferring DPP data from one organization to another organization:
Specific considerations also exist when one organization transfers the digital product passport to another
organization. This typically occurs within a supply chain, such as when a manufacturer sends product information
to a distributor or retailer. In such cases it could involve both the physical transfer of data b
...
The standard oSIST prEN 18216:2025, titled "Digital Product Passport - Data Exchange Protocols," provides a robust framework for secure and efficient data exchange pertaining to digital product passports. The document comprehensively outlines a set of protocols and formats that establish the necessary rules for systems to communicate effectively, enabling reliable information transfer across diverse platforms and sectors. One of the standout features of this standard is its emphasis on secure communication. The protocols established ensure that data exchange is performed with stringent security measures in place, preventing unauthorized access. This layer of protection fosters trust among users, as only authorized entities gain access to sensitive information. Furthermore, the standard excels in promoting interoperability for data exchange. By allowing seamless integration with existing systems, it addresses a critical need across various industries. The compatibility of these protocols and formats supports a wide range of applications, which can lead to increased efficiency and collaboration among stakeholders. Ease of use and integration is another strength highlighted in this standard. It prioritizes user-friendly implementation, particularly for mobile devices, facilitating adoption even for those with limited technical expertise. This accessibility is crucial for widespread uptake across different sectors, ensuring that businesses can quickly adapt to the new protocols without extensive training. The guarantee of data integrity is also integral to the effectiveness of the oSIST prEN 18216:2025 standard. It meticulously ensures that information related to physical objects and electronic data remains intact throughout the entire value chain, including the end-of-life phase. This focus on integrity is essential for maintaining the quality and reliability of the data exchanged. Lastly, the documentation provided within this standard enhances discoverability and understanding. It enables individuals without specialized knowledge to engage with the protocols and formats effectively. This inclusivity supports the broader adoption of best practices across sectors, aligning with the increasingly interconnected nature of global commerce. In conclusion, the oSIST prEN 18216:2025 standard represents a significant advancement in facilitating secure, efficient, and interoperable data exchange for digital product passports, making it highly relevant in the context of modern data management and regulatory compliance.
oSIST prEN 18216:2025は、デジタル製品パスポートに関するデータ交換プロトコルとデータ形式の標準を定義する文書です。この標準は、システム間での情報の通信及び交換に関するルールと手続きを確立し、データを安全かつ効率的に交換できることを目的としています。特に、データ交換プロトコルとデータ形式は、情報の構造と提示方法を定義することで、参加するシステムが情報を正しく理解し処理できるようにします。 この標準の強みの一つは、そのセキュリティ機能にあります。セキュアなコミュニケーションを保証するプロトコルが定義されており、これにより、システム間でのデータ交換が認証され、無許可のアクセスからデータが保護されます。これにより、重要な情報が許可されたエンティティのみがアクセスできる環境が整えられます。 加えて、この標準はデータ交換の相互運用性を強化します。既存のデータ交換システムとの簡易な統合が可能であり、様々な分野でのプロトコルおよび形式の互換性を確保しています。これにより、多種多様なアプリケーションやユースケースをサポートすることができ、ビジネスの効率向上に寄与しています。 また、使用の容易さと統合の手軽さも重要な要素です。特にモバイルデバイスにおいて迅速に実装できるプロトコルと形式が提供されているため、ユーザーフレンドリーな体験を提供し、広範な採用を促進することを目指しています。 データの整合性も確保されており、物理オブジェクトや電子データに関連する情報が、製品や資産のライフサイクル全体にわたって一貫して保持されることが保障されています。これにより、企業は信頼性の高いデータ管理が可能になります。 さらに、ドキュメンテーションと発見可能性の向上も、この標準の魅力の一つです。専門知識を持たない個人にも利用可能なプロトコルと形式が提供されているため、さまざまな分野での広範な採用が期待されます。 最後に、oSIST prEN 18216:2025は、企業にとってのコスト削減を促進するだけでなく、既存の欧州規制およびイニシアチブと整合性を持たせるために、他の法令で使用されているデータ交換プロトコルやデータ形式を考慮に入れています。これは、業界の慣行や規制枠組みに一貫性を持たせることで、標準の重要性をさらに高めています。このように、oSIST prEN 18216:2025は、デジタル製品パスポートに関連する重要な基盤を提供しています。
Le document normatif oSIST prEN 18216:2025 sur le passeport numérique des produits est un avancement significatif dans le domaine des protocoles d'échange de données. Cette norme établit les bases nécessaires pour assurer une communication sécurisée et efficace entre les systèmes, permettant ainsi un échange de données sans faille tout en garantissant la protection des informations sensibles. L'un des principaux atouts de cette norme est sa capacité à appliquer des protocoles de communication sécurisés. En définissant des règles strictes pour l'échange de données, oSIST prEN 18216:2025 protège les informations contre les accès non autorisés, ce qui est essentiel dans un environnement numérique où la sécurité des données est primordiale. Cela permet de garantir que seuls les acteurs autorisés peuvent accéder aux informations, renforçant ainsi la confiance dans les transactions numériques. De plus, la norme met un accent particulier sur l'interopérabilité des systèmes. Les protocoles et formats de données proposés favorisent une intégration aisée avec les systèmes d'échange de données existants, assurant une compatibilité à travers divers secteurs. Cela rend la norme particulièrement pertinente pour les entreprises cherchant à optimiser leurs opérations et à minimiser les coûts liés à la mise en œuvre de nouveaux systèmes. L'aspect praticité et facilité d'intégration de la norme est également un point fort. Elle a été conçue pour être accessible, y compris pour les dispositifs mobiles, et vise à être conviviale pour encourager son adoption généralisée. En tenant compte de l'utilisateur final, la norme facilite les transitions nécessaires pour de nombreuses entreprises, rendant l'application des protocoles et des formats de données plus rationalisée. En ce qui concerne l'intégrité des données, oSIST prEN 18216:2025 garantit que les informations sont fiables et maintenues tout au long de la chaîne de valeur, y compris à la fin de vie des produits ou des actifs. Cela consolide la confiance dans le partage et la gestion des données, ce qui est essentiel pour une utilisation efficace du passeport numérique des produits. Enfin, cette norme prend en considération l'existant réglementaire et les initiatives européennes pour promouvoir l'interopérabilité et la réduction des coûts. En intégrant des normes préalablement établies dans le processus de développement, oSIST prEN 18216:2025 assure une cohérence avec les pratiques industrielles et les cadres réglementaires. Dans l'ensemble, oSIST prEN 18216:2025 représente une avancée cruciale dans l'harmonisation et la sécurisation de l'échange de données pour le passeport numérique des produits, faisant de ce document un outil essentiel pour les entreprises souhaitant naviguer dans le paysage numérique actuel.
oSIST prEN 18216:2025 표준은 디지털 제품 여권을 위한 데이터 교환 프로토콜과 데이터 형식을 정의하는 중요한 문서입니다. 이 표준의 범위는 안전하고 효율적인 데이터 교환을 위한 규칙과 절차를 수립하여 다양한 플랫폼과 분야에서 정보가 안전하고 신뢰할 수 있으며 호환성 있게 교환될 수 있도록 하는 것을 목표로 하고 있습니다. 이 표준의 주요 강점 중 하나는 보안 커뮤니케이션입니다. 정의된 프로토콜은 시스템 간에 안전하고 인증된 데이터 교환을 보장하며, 이를 통해 무단 접근으로부터 정보를 보호하고 권한이 있는 주체만 해당 정보를 접근할 수 있도록 합니다. 이러한 보안 기능은 디지털 제품 여권의 신뢰성을 높이는 데 기여합니다. 또한, 상호 운용성은 이 표준의 중요한 특징입니다. 데이터 교환 프로토콜과 데이터 형식은 기존의 데이터 교환 시스템과 쉽게 통합할 수 있도록 설계되어 있으며, 다양한 분야와 애플리케이션을 지원하여 프로토콜과 형식의 호환성을 보장합니다. 이로 인해 기업들이 보다 효율적으로 데이터 교환을 수행할 수 있습니다. 사용 편의성과 통합 용이성 또한 oSIST prEN 18216:2025 표준의 강력한 요소입니다. 이 표준에서 정의한 프로토콜과 형식은 특히 모바일 장치에서도 쉽게 구현 가능하도록 되어 있으며, 사용자 친화성을 고려하여 폭넓은 채택을 촉진할 수 있습니다. 데이터 무결성 또한 이 표준의 주요 이점 중 하나입니다. 이 문서에서 정의된 프로토콜과 데이터 형식은 물리적 객체와 전자 데이터에 연결된 정보의 무결성을 보장하며, 이는 제품이나 자산의 생애 주기 전반에 걸쳐 적용됩니다. 이러한 데이터 무결성은 기업들이 신뢰할 수 있는 데이터를 가지고 의사 결정을 내릴 수 있게 합니다. 마지막으로, 문서화 및 검색 가능성은 이 표준의 전반적인 활용성을 증대시킵니다. 전문 지식이 없는 개인도 프로토콜과 형식을 쉽게 접근할 수 있어, 다양한 분야에서의 폭넓은 채택이 가능하게 됩니다. oSIST prEN 18216:2025은 기존 유럽 규정 및 이니셔티브와의 정합성을 고려하여 개발되었으며, 다른 법률에서 사용되고 있는 데이터 교환 프로토콜과 데이터 형식을 통합하여 일관성과 응집력 있는 산업 관행 및 규제 프레임워크를 보장합니다. 이 모든 요소들은 디지털 제품 여권이 보다 광범위하게 실행될 수 있는 기틀을 마련합니다.
Die Norm oSIST prEN 18216:2025 bietet einen umfassenden Rahmen für die Entwicklung und Implementierung von sicheren und effizienten Datenübertragungsprotokollen sowie Datenformaten, die für den digitalen Produktpass verwendet werden. Der Umfang dieser Norm ist entscheidend, da sie die Regeln und Verfahren definiert, denen Systeme beim Austausch von Informationen folgen müssen. Dadurch wird sichergestellt, dass Daten maschinenlesbar, strukturiert, durchsuchbar und über ein offenes, interoperables Netzwerk ohne Anbieterbindung übertragbar sind. Eine der Stärken dieser Norm ist die Garantie für sichere Kommunikation. Die definierten Protokolle gewährleisten einen geschützten und authentifizierten Datenaustausch zwischen Systemen, wodurch unbefugter Zugriff verhindert wird. Dies ist besonders wichtig, um die Vertraulichkeit sensibler Informationen zu wahren und somit das Vertrauen in digitale Anwendungen zu stärken. Die Interoperabilität der Datenübertragungsprotokolle und Datenformate ist ein weiteres Highlight. Die Norm ermöglicht eine einfache Integration mit bestehenden Systemen, was die Kompatibilität über verschiedene Sektoren hinweg sicherstellt und eine breite Palette von Anwendungen und Nutzungsmöglichkeiten unterstützt. Das fördert nicht nur die Effizienz, sondern verringert auch die Implementierungskosten für Unternehmen. Ein weiterer wesentlicher Vorteil ist die Benutzerfreundlichkeit und die einfache Integration der identifizierten Protokolle und Formate, insbesondere für mobile Endgeräte. Diese Aspekte sind entscheidend, um eine weitreichende Akzeptanz zu erleichtern und die Nutzung in verschiedenen Branchen zu fördern. Die Norm legt zudem großen Wert auf die Datenintegrität. Die Protokolle und Datenformate sichern die Integrität der Informationen, die mit physischen Objekten und elektronischen Daten über die gesamte Wertschöpfungskette hinweg verknüpft sind, einschließlich des Lebenszyklus des Produkts oder Vermögenswerts. Damit wird gewährleistet, dass alle Beteiligten zu jeder Zeit auf zuverlässige Daten zugreifen können. Schließlich erleichtert die Dokumentation und Auffindbarkeit der Protokolle und Formate den Zugriff für Personen ohne spezialisiertes Wissen, was zu einer breiteren Akzeptanz über verschiedene Sektoren hinweg führt. Durch die Einbeziehung bestehender Standards und die Ausrichtung an europäischen Vorschriften und Initiativen wird die Kohärenz mit branchenüblichen Praktiken und regulatorischen Rahmenbedingungen sichergestellt. Insgesamt zeigt die Norm oSIST prEN 18216:2025 ihr Potenzial, die Interoperabilität zu fördern, die Kosten für Unternehmen zu senken und gleichzeitig die Sicherheit und Effizienz des Datenaustausches erheblich zu steigern.
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...