The Digital Product Passport Under Toy Safety Regulation (EU) 2025/2509

The Toy Safety Regulation (EU) 2025/2509 introduces the Digital Product Passport (DPP) as a central tool to strengthen product safety, traceability and regulatory enforcement across the European Union.

The DPP represents a shift toward digital‑by‑default compliance, supporting the effective implementation of EU toy safety rules while addressing long‑standing challenges related to market surveillance, online sales and imports from third countries.

What is the Digital Product Passport?

The DPP is a digital record linked to a toy through a data carrier — such as a QR code or similar machine‑readable element — affixed to the product, its label or, in some cases, its packaging. This data carrier must be clearly visible to consumers or other end users before purchase and accessible to market surveillance authorities, including when the toy is sold through distance sales.

The DPP provides structured access to key compliance and traceability information throughout the product’s life cycle. Rather than introducing new safety requirements, it consolidates existing regulatory information under EU law in a digital format, making it more readily accessible to authorities, customs officials and, where relevant, consumers.

DPP scope and objectives

The main scope of the DPP is to enhance toy safety and facilitate enforcement of Regulation (EU) 2025/2509. By enabling rapid verification of compliance information, the DPP supports more effective market surveillance and customs controls, particularly for toys sold online or imported into the EU. It supports a more uniform application of toy safety rules across EU member states and helps reduce administrative fragmentation by providing a single, authoritative source of product data.

Information included in the DPP

The DPP includes a set of mandatory information elements that broadly align with — and in some cases extend — the EU Declaration of Conformity. Examples include:

• Product identification and traceability data, including a unique product identifier and a clear color image of sufficient to support identification
• The name, address and contact details of the manufacturer and, where applicable, the importer
• References to applicable EU legislation, along with references to the relevant harmonized standards or common specifications used to demonstrate conformity
• The reference of the digital product passport service provider hosting the backup copy of the DPP
• The CE marking
• The commodity code, as defined in Regulation (EEC) No 2658/87
• Information for contacting the responsible economic operator in the event of safety concerns or complaints

This information must be uploaded to a central EU digital registry and remain accessible through the product’s data carrier.

The role of DPP service providers

Unlike earlier sector‑specific product legislation, the EU Digital Product Passport framework explicitly establishes a role for DPP service providers. While Regulation (EU) 2025/2509 introduces the obligation to provide a DPP for toys, the rules governing DPP service providers are set at the horizontal level under the Ecodesign for Sustainable Products Regulation (ESPR), through dedicated delegated acts adopted by the European Commission that are still under development.

DPP service providers are independent third parties authorized by the economic operator responsible for creating a DPP for a toy. They process the DPP data for the toy and make it available to economic operators and other relevant actors with a right to access the data under this regulation or other EU law.

These providers can store, process and manage DPP data on behalf of responsible economic operators — such as manufacturers or importers — where those operators choose not to host the DPP themselves. Even where manufacturers host their own DPP systems, service providers may be required to store a mandatory backup copy to support long‑term data availability and system resilience.

Importantly, involving a DPP service provider does not transfer regulatory responsibility. Under Regulation (EU) 2025/2509, the manufacturer remains fully responsible for the accuracy, completeness, and legal conformity of all information in the DPP, regardless of whether technical services are outsourced. Service providers operate as regulated technical intermediaries, but compliance obligations stay with the manufacturer. This reflects the EU’s general principle that regulatory accountability cannot be outsourced, even within a regulated digital infrastructure.

Conclusion

The Digital Product Passport under Regulation (EU) 2025/2509 modernizes the EU toy safety by embedding it in a broader, harmonized digital governance framework. By pairing clear responsibilities for economic operators with a legally defined role for DPP service providers, the DPP can help strengthen enforcement, improve transparency and support accountability — while enabling scalable digital compliance across the single market. Regulatory responsibility remains firmly with manufacturers.

Note: International and local regulations are subject to change, and each customer’s situation may vary. This information is intended as a general overview and should not be relied upon as specific advice.