← Back to all articles
Substances of Concern

Substances of Concern in the Digital Product Passport: What ESPR's Widened Definition Means for Your Supply Chain

Generated image

Most compliance teams preparing for the Digital Product Passport are focused on the obvious data gaps: recycled content percentages, carbon footprint figures, repairability scores. The substances of concern (SoC) disclosure obligation tends to get treated as a REACH extension - a familiar exercise dressed in new clothes.

It isn't. ESPR's definition of "substances of concern" is materially broader than the REACH Candidate List, the data it demands is more granular than a SCIP notification, and the format it requires - structured, machine-readable, per-product - is a different class of obligation entirely. If your chemical and regulatory teams haven't stress-tested that assumption yet, this post is for them.


What ESPR Actually Requires the DPP to Carry

Under Regulation (EU) 2024/1781, information requirements imposed by delegated acts must include, as a minimum, a Digital Product Passport and information about substances of concern. Ecodesign requirements comprise performance requirements and information requirements; the latter shall include, as a minimum, requirements related to the DPP and to Substances of Concern (SoC).

For each substance of concern present in a product, the DPP information requirement covers four data points:

Under ESPR, the DPP must carry for each substance of concern: its name (identity), its location within the product, its concentration, and instructions for safe use and end-of-life/dismantling/recycling handling.

Information requirements may include the name of the substance, its location, its concentration, instruction for safe use and relevant information for product management at its end of life.

Those four fields - identity, location, concentration, end-of-life instructions - are the minimum floor. Delegated acts for specific product groups can add further fields or set threshold concentrations above which disclosure is triggered. The specific substances and their concentration limits will be identified in product-specific delegated acts.

star Important

The four DPP fields (identity, location, concentration, end-of-life instructions) are a minimum floor set by the framework regulation. Each delegated act will specify which substances are in scope for that product group, at what concentration thresholds, and what additional fields apply. You cannot finalise your SoC data model until your product group's delegated act is published — but you can start collecting the underlying data now.


The Definition Is Wider Than REACH - Much Wider

This is the point most compliance teams miss. The SoC definition is much broader than REACH SVHCs, as it also covers a number of additional CLP hazard classes (e.g. skin sensitisers cat. 1, chronic hazard to the aquatic environment cat. 1 to 4, persistent chemicals according to the CLP Revision), substances regulated under the POPs Regulation (EU) 2019/1021, and substances inhibiting circularity - that is, those that negatively affect the re-use and recycling of materials in the product in which they are present.

ESPR Article 2(27) defines a substance of concern across four criteria: REACH SVHCs, substances classified for chronic human or environmental hazards under CLP, substances regulated under the POPs Regulation, and substances that negatively affect the reuse or recycling of materials in the product.

More precisely, according to ESPR Article 2(27), a SoC is any substance that meets at least one of four criteria: identified as a substance of very high concern (SVHC) under REACH; classified for chronic human or environmental hazards under the CLP Regulation; regulated under the POPs Regulation (EU) 2019/1021; or known to negatively affect the reuse or recycling of materials in the product. More than 4,600 substances currently fall within the ESPR definition - a number that is expected to increase as new hazard classes for endocrine disruption, persistence, mobility and bioaccumulation take effect in 2026.

The fourth criterion - substances that impede circularity - is the genuinely new territory. The definition of Substance of Concern shows an extension beyond safety considerations. The notion is substantially broadened to include substances with confirmed as well as suspected hazardous properties (e.g. CMRs and Endocrine Disruptors Category 1 and 2). Substances can also be deemed 'of concern' if they negatively affect "the reuse and recycling of materials in the product in which it is present."

In practical terms, this means a substance that is perfectly legal under REACH - not on the Candidate List, not restricted - can still be a substance of concern under ESPR if it contaminates a recycling stream or prevents material recovery. Flame retardants in textiles, certain dyes in plastics, adhesives that prevent component separation: these are the kinds of substances that REACH would not flag but ESPR's circularity criterion could.

Isometric diagram showing three overlapping circles representing REACH SVHCs, CLP hazard classes and POPs on the left, and a fourth distinct circle on the right labelled 'circularity-inhibiting substances', with arrows pointing from all four into a central DPP data record

How ESPR Layers on Top of REACH and SCIP

REACH and the ECHA SCIP database already require disclosure of SVHCs in articles. Understanding how ESPR's DPP obligation differs - and why it doesn't replace those existing duties - is essential for planning your data architecture.

As part of the Waste Framework Directive (2008/98/EC), ECHA built a database for storing safe-use information for SVHCs present in articles placed on the market in the EU - the Substances of Concern In articles, as such or in complex objects (Products) (SCIP) database. SCIP covers articles containing an SVHC included in the Candidate List in a concentration above 0.1% weight by weight (w/w).

For chemical substances, REACH (EC) 1907/2006 remains the primary framework; ESPR adds a product-level substance-of-concern disclosure layer on top.

The table below maps the key differences:

REACH/SCIP vs ESPR DPP: Substances of Concern Obligations Compared
DimensionREACH / SCIPESPR DPP
Legal basisREACH (EC) 1907/2006 + Waste Framework Directive 2008/98/ECRegulation (EU) 2024/1781 + product-group delegated acts
Substance scopeREACH Candidate List SVHCs onlySVHCs + CLP hazard classes + POPs + circularity-inhibiting substances (Art. 2(27))
Disclosure trigger>0.1% w/w in articleThreshold set per product group in delegated act
Data granularityArticle-level notification to ECHAPer-product: identity, location in product, concentration, safe-use & EoL instructions
FormatECHA SCIP dossier (XML/IUCLID)Structured, machine-readable, linked to unique product identifier via data carrier
AudienceECHA, waste operators (via public database)Consumers, repairers, recyclers, market surveillance authorities — differentiated access
Update obligationOn Candidate List updateThroughout product lifecycle; live record, not a one-time submission

Businesses that have already established SCIP reporting processes will have a foundation to build on, but additional data collection and structuring will be required to meet ESPR standards. The critical gap is location data: the requirement to specify the location of substances within products is particularly demanding, as it requires component-level knowledge that many businesses currently lack, especially for complex assembled products sourced from multiple suppliers.


The Supply-Chain Data Problem

Here is where the regulatory obligation collides with operational reality. A DPP's SoC fields are only as accurate as the data flowing up from your supply chain - and for most manufacturers, that data does not currently exist in a structured, auditable form.

Your DPP is only as accurate as the data your supply chain provides. Assess whether your current systems can collect sustainability data from suppliers, maintain it accurately over time, and distribute it in the structured formats that DPPs require. A spreadsheet-based approach won't scale across a large portfolio with multiple product categories and staggered delegated act timelines.

The location-within-product requirement makes this especially acute for assembled goods. Knowing that a flame retardant is present somewhere in your product is not enough - the DPP must identify which component or sub-assembly contains it, at what concentration. For textiles, brands will need data from dyehouse, finisher, and fabric mill suppliers - typically three to four tiers up the supply chain - that they have never systematically collected before.

Industry analysts estimate that establishing the data infrastructure needed for DPP compliance typically takes 12-18 months - particularly the supply-chain traceability components.

Even if your product category's mandatory date is 2027 or later, preparation in 2026 is essential. The data collection required for a DPP typically takes 12-18 months to set up properly - especially the supply chain traceability components.

Without structured product data, meeting DPP requirements, tracking substances of concern, and generating audit-ready documentation becomes a manual, error-prone scramble for every delegated act that applies to your portfolio.

There is also a dynamic update problem. REACH currently lists over 240 SVHCs, and the list is updated twice annually. A DPP implementation that treats SVHC disclosure as a one-time data entry will be non-compliant within months of launch. Update processes must connect to live regulatory substance databases. And that is before accounting for the additional CLP hazard classes and circularity-inhibiting substances that ESPR adds to the scope.


Timeline: When Does This Become Binding?

Under ESPR Article 13, the European Commission must establish the Digital Product Passport Registry by 19 July 2026.

Under ESPR Article 13(1), the European Commission must set up the registry infrastructure by 19 July 2026. Battery passport registration becomes mandatory from February 2027. The registry is designed to scale across all ESPR product categories as their respective delegated acts come into force.

The registry launching does not mean all products need a DPP in 2026 - it means the infrastructure exists to issue and verify them. Product-specific SoC disclosure obligations become binding only once the delegated act for your product group is adopted. Requirements phase in by product category between 2026 and 2030 under the ESPR Working Plan. Once a delegated act is adopted for your sector, businesses have 18 months before enforcement begins.

The 18-month window sounds generous. Given the data collection lead times involved, it is not.


Data Readiness: What to Start Collecting Now

You do not need to wait for your delegated act to begin building the data foundation. The four DPP fields for SoC - identity, location, concentration, end-of-life instructions - are fixed in the framework regulation. The only unknowns are which substances will be in scope for your product group and at what thresholds.

Use the checker above to identify your biggest gaps, then prioritise these actions:

Immediate (now, regardless of delegated act status)

  • Map your product portfolio against the ESPR Working Plan to identify which delegated acts will apply and their expected timelines.
  • Audit your current BOM data: does it capture substance identity and location at component level, or only at finished-product level?
  • Review your supplier data request process - are you asking for structured material declarations, or just PDFs?
  • Cross-reference your existing SCIP notifications against the broader ESPR SoC definition: substances that inhibit recycling may not appear in your SCIP data at all.

Before your delegated act is adopted

  • Build or procure a system capable of storing per-component substance data in a structured, machine-readable format.
  • Establish a process to propagate Candidate List updates (published twice yearly by ECHA) into your product records automatically.
  • Engage your tier-2 and tier-3 suppliers now - working with suppliers to collect substance data typically takes months, not weeks.

When your delegated act publishes

  • Map the delegated act's specific SoC scope and thresholds against your existing substance inventory.
  • Identify any circularity-inhibiting substances that were not previously flagged under REACH/SCIP.
  • Validate location-within-product data against the delegated act's required granularity.

The Bigger Picture

The substances of concern obligation is not a standalone chemical compliance task. It is the intersection of chemical regulatory knowledge, product engineering data, and supply-chain information management - and it needs to be treated as such.

One of the ESPR's most impactful provisions is the requirement to track and disclose substances of concern in products. This goes beyond existing chemical regulations by creating a systematic, product-level tracking mechanism that follows the product through its lifecycle. Substance of concern data must be integrated into the Digital Product Passport in a structured, machine-readable format. This enables automated processing by waste management and recycling operators, allowing them to identify and segregate materials containing problematic substances before they enter recycling streams.

The teams that will be ready when their delegated act lands are the ones building that data infrastructure now - not waiting for the regulation to tell them exactly which substances to disclose before they start asking suppliers the right questions.