An independent third-party authorised by the economic operator to process DPP data and make it available to entitled actors under ESPR.
Companies can mistake the service provider for the party responsible for the product. The implementation risk is outsourcing hosting or processing while failing to record authorisation, access-right rules, service boundaries, and the economic operator that remains accountable.
ESPR Article 2, point 32 defines the role through independent third-party status, authorisation by the economic operator, processing of digital product passport data, and making that data available to actors with access rights. It is narrower than a generic software vendor, data host, or platform provider.
Regulation (EU) 2024/1781 establishing a framework for the setting of ecodesign requirements for sustainable products
a natural or legal person that is an independent third-party authorised by the economic operator which places the product on the market or puts it into service and that processes the digital product passport data for that product for the purpose of making such data available to economic operators and other relevant actors with a right to access those data under this Regulation or other Union law;
Reference: Article 2, point 32
Maintain a provider identifier, authorisation record, economic-operator link, product identifier, access-right rule, data-processing log, availability SLA, audit trail, revocation process, incident record, and fallback export file. The passport service record should show what the provider processes and which responsibilities stay with the economic operator.
Digital product passport service provider is a passport-service control: service infrastructure, access rights, processing logs, and operator authorisation must be explicit. That prevents a technical provider from being mistaken for the manufacturer, importer, or other economic operator responsible for the product.