Pre-DPP Internal Audit: The Checklist for Brands in 2026
Fifteen essential checks on product data, suppliers, and processes to arrive prepared for the EU Digital Product Passport mandate.
- The EU Digital Product Passport for textiles is expected to become mandatory around mid-2028, giving brands roughly 18–24 months to prepare
- Most fashion companies lack the structured data infrastructure the DPP requires—now is the time to assess gaps
- A systematic internal audit covers three domains: product data completeness, supplier traceability, and operational processes
- Early movers gain competitive advantage; laggards face market access risk and rushed compliance costs
Why audit now?#
The Ecodesign for Sustainable Products Regulation (ESPR) entered into force in July 2024, and the European Commission is expected to publish the delegated act for textiles in late 2026 or early 2027 (European Commission, 2024). Once published, brands will have a transition window—likely 18 months—before compliance becomes mandatory for products placed on the EU market.
That sounds comfortable until you consider what compliance actually requires: structured, machine-readable data on composition, origin, durability, repairability, and end-of-life handling for every SKU. According to a 2023 survey by the Sustainable Apparel Coalition, only 18% of fashion brands rated their product data systems as "ready or nearly ready" for upcoming EU transparency requirements (SAC, 2023).
An internal audit surfaces gaps while there is still time to fix them without panic.
The three audit domains#
Domain 1: Product data completeness#
The DPP will require specific, verifiable information—not marketing copy. Walk through each check below for a representative sample of your SKUs.
| # | Check | What to look for |
|---|---|---|
| 1 | Fibre composition | Exact percentages (not "cotton blend"); distinguish shell, lining, trim |
| 2 | Country of origin | Manufacturing country per garment, ideally per component |
| 3 | Care instructions | ISO 3758 / Ginetex symbols stored digitally, not just on physical labels |
| 4 | Durability data | Pilling, abrasion, wash-cycle test results (where available) |
| 5 | Unique identifier | GTIN or internal SKU that can anchor a GS1 Digital Link URI |
| 6 | Certifications | Scanned certificates (GOTS, OEKO-TEX, etc.) linked to specific products |
Red flag: If data lives only in PDF tech packs or supplier emails, it is not audit-ready. The DPP requires structured, machine-readable formats (European Commission, 2024).
Domain 2: Supplier traceability#
The ESPR emphasises supply-chain transparency. You may not need full Tier-4 visibility on day one, but you will need a credible path toward it.
| # | Check | What to look for |
|---|---|---|
| 7 | Tier-1 supplier list | Complete, current, with facility addresses |
| 8 | Tier-2 visibility | Fabric mills identified; dyeing/finishing locations known |
| 9 | Data-sharing clauses | Contracts that permit (or require) suppliers to share composition and origin data |
| 10 | Supplier certifications | Copies on file, expiry dates tracked |
| 11 | Chain-of-custody gaps | Any "black boxes" where material origin is unknown |
A 2024 report by Fashion Revolution found that 99% of major brands could not disclose all raw-material suppliers (Fashion Revolution, 2024). Mid-size brands typically have better supplier proximity—use that advantage.
Domain 3: Processes and governance#
Data without maintenance becomes liability. Assess whether your organisation can keep passports accurate over time.
| # | Check | What to look for |
|---|---|---|
| 12 | Data ownership | A named person or team responsible for product data accuracy |
| 13 | Update workflow | Defined process when a supplier changes, a certification expires, or a formula shifts |
| 14 | Version control | Ability to track what data was valid at a given date (DPP may require historical access) |
| 15 | IT integration | PLM/ERP capable of exporting structured data; API or bulk-export pathway |
If no one currently owns product data quality, that is the first gap to close.
Scoring your readiness#
After completing the fifteen checks, tally results:
Frequently asked questions
Do I need to audit every SKU?
Not initially. Start with your top 20% by revenue or a representative cross-section. The goal is to identify systemic gaps, not to pre-fill every passport.
What if my suppliers refuse to share data?
This is a commercial negotiation. Frame it as a market-access requirement: without data, products may not be sellable in the EU. Begin conversations early; switching suppliers takes time.
Is blockchain required for DPP compliance?
No. The ESPR does not mandate any specific technology. What matters is that data is accurate, machine-readable, and accessible via a standardised identifier like GS1 Digital Link (GS1, 2024).
Moving from audit to action#
An audit reveals the distance between where you are and where you need to be. The next step is translating gaps into a prioritised roadmap—data collection first, then structuring, then the infrastructure to host and resolve passports.
Trama helps brands close that gap: from messy spreadsheets and PDF tech packs to compliant, hosted Digital Product Passports with print-ready QR codes. If your audit uncovered more red than green, that is exactly the starting point we are built for.
Generate your collection's passports
From product sheet to compliant, hosted, print-ready QR codes.
Get started