We build the operating layer for Digital Product Passports.
DPP Automate is the regulation-first platform European brands use to publish audit-ready Digital Product Passports — across textiles, electronics, batteries, and the rest of the ESPR product groups arriving through 2027.
Compliance is the product, not a feature.
By 2027, every product placed on the EU market will need a Digital Product Passport. The ESPR framework, the Battery Regulation, and the upcoming textiles delegated act each demand something the average product team has never had to produce: structured, signed, verifiable data on every SKU — durability, recyclability, substances of concern, supply-chain attestations, and end-of-life instructions, all hand-off ready for customs, retailers, and regulators.
Today, most brands meet this with spreadsheets, generic GRC tools, and outside consultants. None of that scales to twelve million passports a year. None of it produces an audit trail a regulator will accept on its own.
DPP Automate exists to close that gap. We treat compliance as the deliverable — not a side-effect of a marketing surface or a PIM extension. Every passport we publish carries a cryptographic audit trail, full lineage back to the supplier record, and a versioned schema mapped to the delegated act it serves. We host inside the EU, ship in six languages, and price by passport instead of by seat — so the people building real DPP programs aren't punished for adopting infrastructure their auditors can actually verify.
How we think
about every decision.
Six rules we use to vet every roadmap item, every contract, and every line of code. They're how we keep the product honest as the regulation evolves.
Compliance is not a feature.
Most vendors bolted a passport flow onto a marketing or PIM stack. We start from the regulation. Every schema, every audit log, every signed publication exists because a delegated act demands it — not because it tested well in a demo.
EU-first, by default.
Data residency in Frankfurt and Amsterdam, locale parity across six EU languages, and contracts written under European law. Not as a configuration option — as the default that every customer inherits on day one.
The audit trail is the source of truth.
Every value on every passport is cryptographically signed, versioned, and traceable back to the supplier record that produced it. When a market-surveillance authority asks how a number was calculated, the answer is one query, not a forensic investigation.
We ship for the regulation, not the demo.
If a feature looks great in a sales deck but won't survive an ESPR conformity assessment, we don't ship it. The roadmap is built backwards from the next delegated act, not from competitor feature charts.
Suppliers are co-authors, not data sources.
A passport is only as defensible as its tier-N inputs. We treat suppliers as first-class participants — invited, scoped, attested, and versioned — instead of as files to be scraped at year-end.
Pricing scales with passports, not seats.
Compliance teams shouldn't shrink to fit a vendor's per-seat model. We price the unit of work — the published passport — and let our customers staff their programs the way the regulation actually demands.
A company built for the regulatory moment.
In 2024 the EU adopted the Ecodesign for Sustainable Products Regulation. Sixty-plus delegated acts arrive on a rolling schedule through 2030. By early 2026, the brands paying attention had realised something uncomfortable: their PIMs, their ERPs, and their spreadsheets had no answer for what a Digital Product Passport actually is.
DPP Automate was founded in Winterthur, Switzerland, to build that answer. Not as a consultancy producing PDFs. Not as a generic GRC tool with a passport skin. As a piece of infrastructure — schemas, signing, hosting, locales, supplier graph, audit log — purpose-built for the regulation Brussels keeps publishing.
We stayed small on purpose. Compliance isn't an industry where the winner ships the most features. It's one where the winner is still standing when the auditor walks in. That's the bar we hold the product to, and the bar we hire against.
Headquartered
in Switzerland.
A focused team operating out of Winterthur, with EU-hosted infrastructure in Frankfurt and Amsterdam. Swiss precision, European jurisdiction, regulator-grade hosting — by design.
For press & analyst inquiries.
We respond to verified press, regulator, and industry-analyst inquiries within two working days. For all other contact, please use the channels in the footer.
info@dppautomate.com →We're hiring across the EU.
We hire compliance engineers, regulation researchers, and platform engineers across the European Union. No public roles listed today — get in touch and tell us what you would build.