The Missing Actor in the Digital Product Passport
How EU standardisation is set to redraw the rules of the secondary market, and why brands, marketplaces, and resale operators should be paying attention now.
The infrastructure is being built
By 2027, every textile product placed on the European market will need to carry a Digital Product Passport. By late 2028, that requirement becomes binding. The same regime extends progressively over 2027–2030 to electronics, furniture, construction products, and most physical goods sold in the EU. Batteries are already there under a separate regulation since February 2027.
The DPP is often described as a compliance instrument. That framing undersells it. What the EU is actually building is a horizontal data layer that sits underneath every product on the European market: a verified, machine-readable, lifecycle-spanning record of what an item is, where it came from, and what has happened to it. The technical standards that operationalise this layer are being finalised right now: six of the eight horizontal modules under CEN/CLC/JTC 24 passed formal vote in April 2026, with the remaining two (access rights and authentication) approaching formal vote later this year. The international counterpart, ISO/IEC JTC 5, holds its first plenary in September 2026.
The implications go well beyond compliance reporting. Once verified product data is structured, addressable, and accessible under defined credential regimes, every downstream actor (repairers, refurbishers, recyclers, resale platforms, rental services, customs authorities) can build against a common substrate. That has been the explicit ambition of the Ecodesign for Sustainable Products Regulation since its adoption in 2024.
But there is a gap in the framework that neither brands nor marketplaces are discussing publicly. We think they should be.
The secondary market is large, and largely outside the framework
The numbers are not a side note. The Boston Consulting Group, with Vestiaire Collective, sized the global secondhand fashion and luxury market at approximately €195–205 billion in 2025, growing roughly three times faster than the primary market. ThredUp, in its 2025 Resale Report, projects the global secondhand apparel market at approximately €340 billion by 2029, with 94% of surveyed retail executives reporting that their customers participate in resale and 82% expressing a preference for third-party operators rather than building resale in-house. Among consumers active in the secondary market, the BCG × Vestiaire study found that 70% of buyers and 67% of sellers identify authentication as the DPP attribute they value most.
In other words: the demand signal from the secondary market is documented, the operational ecosystem is at scale, and the data infrastructure that would standardise authentication and lifecycle continuity is being defined right now in CEN and ISO working groups.
The problem is that the standards being defined right now do not explicitly address the actors who actually move secondary-market product.
The current actor taxonomies, namely CWA 18186:2025 (the EU CircThread guidelines), ESPR Article 11(1)(b), and CIRPASS-2 V3.1 (the principal reference architecture for DPP implementation), collectively recognise manufacturers, importers, distributors, dealers, professional repairers, independent operators, refurbishers, remanufacturers, recyclers, market surveillance authorities, customs authorities, DPP service providers, and credentials agencies. They do not enumerate the actor that connects brand-authoritative DPP data to a consumer-to-consumer resale transaction.
This is not an inferred gap. The primary sources name it. CWA 18186:2025 Table 3 item 17 catalogues the consumer-to-reuse information exchange and records under "Related standards" the entry: Not Available. CIRPASS-2 V3.1 Section 5 explicitly identifies role credentials, including for the secondary market, as an open question requiring standardisation. ESPR Article 11(1)(b) closes its enumeration of access-entitled actors with "other relevant actors", leaving an open category whose conditions remain undefined.
What is the missing actor?
The function is straightforward to describe. A brand creates a DPP for an item it places on the market. The item is sold, used, and eventually the consumer wants to resell it. Between the brand's DPP and the marketplace where the item is listed, there is a function that needs to happen: verify the item's identity against the DPP, retrieve the brand-signed authenticity attestation, deliver verified listing data to the marketplace, and on completion of the sale, write a resale event record back to the DPP so that the next owner, and any subsequent intermediary, can verify lifecycle continuity.
The actor that performs this function is not the brand (the brand has placed the item on the market and is not party to every subsequent transaction). It is not the marketplace (the marketplace facilitates a transaction between consumers and does not hold the brand's authoritative product data). And it is not any of the existing actor types in the framework, because all of those are oriented around physical work on the product (repair, refurbishment, recycling), whereas the secondary market intermediary performs no work on the product. It mediates a transaction.
This is the actor that the EU framework has not yet enumerated. We refer to it as the secondary market intermediary, and we have proposed in a position paper to the relevant standardisation bodies that it be defined as a sub-pattern within the existing authorised independent operator role established in CIRPASS-2 V3.1 User Story 8, adding scope content to an existing pattern rather than creating a new actor category.
The proposed sub-pattern has four properties: a non-modifying function (no work on the product), consumer-initiated and transaction-triggered authorisation flows, a listing-oriented read scope (public attributes, authenticity attestation, and provenance under consent), and an ownership-transition write scope (one defined event type: a resale event record). The role is open to any qualified actor under verified value chain actor verification: independent intermediaries, branded resale operators, or peer-to-peer marketplaces that meet the qualification criteria. The framework specifies what the role does, not which market entity occupies it.
Why this matters now
Three things are happening simultaneously, and the alignment will not last.
First, the regulatory window is open. The textile delegated act under ESPR is expected in Q3–Q4 2027, with compliance from late 2028. The standardisation work that operationalises that act is in active development at JTC 24 and CEN/TC 248 WG 39. Decisions made now define the reference architecture against which subsequent product groups (electronics, furniture, construction) are specified. A scope clarification made in textile DPPs becomes available across the framework; a clarification deferred is a question replicated across categories.
Second, the international layer is just being built. ISO/IEC JTC 5 was established in 2026 specifically to develop horizontal international standards for the DPP, complementary to the European work. Its first plenary is in September 2026. The scope and structuration of JTC 5 are being decided now. We submitted formal comments to both consultations (via AFNOR, the French standards body) on behalf of the secondary market intermediary pattern, and we encourage other practitioners to engage similarly.
Third, the commercial ecosystem is moving faster than the standards. Brands are already running pilot resale programmes (Levi's with Trove, Coach with EON, dozens of others). Marketplaces are negotiating bilateral data integrations with brands one at a time. Without a standardised credential profile and access scope vocabulary for the secondary market, every brand-marketplace-operator triangle is a custom integration. This burden falls hardest on smaller actors and on cross-border operations across the EU single market.
What we are building
REALIGN is building the infrastructure layer for DPP-enabled resale. Our product connects brand DPPs to peer-to-peer marketplaces and brand buyback programmes through a credentialled intermediary architecture: when a consumer scans the DPP of an item they own and wants to resell, our system retrieves verified product data under brand authorisation, delivers a pre-filled listing to their chosen marketplace, and on completion writes a resale event record back to the DPP. The brand keeps cryptographic control of the authenticity attestation. The marketplace receives verified listing data without integrating directly with every brand DPP. The consumer gets a near-instant listing experience.
This is what the proposed sub-pattern looks like as a working product. The point of contributing to the standards process is to ensure that the architecture our product runs on, and that other practitioners are building independently, is supported by the framework rather than orthogonal to it. A standardised credential profile means brands face one verification process per qualified intermediary instead of bilateral evaluations every time. A standardised resale event schema means lifecycle continuity is preserved as items move between marketplaces and intermediaries over their lifetime.
The contribution is incremental, not disruptive. The proposed sub-pattern inherits the existing CIRPASS-2 V3.1 authorisation mechanism, integrates with the access rights structures specified in prEN 18239 and the authentication primitives in prEN 18246, and requires no new authorisation regime, no parallel registry, and no new credential format. It adds scope content to an existing pattern. The position paper containing the full analysis was produced under a fellowship from the StandICT.eu programme (EU Horizon Europe, Open Call 1) and is available on request.
What brands, marketplaces, and operators should do now
For brands, the operative question is no longer whether DPPs are happening (they are), but whether the framework operationalising them includes a defined, credentialled mechanism for the secondary market or leaves it to bilateral negotiation. The first scenario reduces administrative burden and preserves brand control over which actors access which data fields under which terms. The second scenario produces a fragmented landscape where every secondary-market data flow is a custom contract. The standards being finalised in 2026 will determine which scenario plays out.
For marketplaces, the implication is that DPP-verified listings will become a competitive expectation in the secondary market over the next 24–36 months. Building against a standardised intermediary access surface is dramatically simpler than negotiating direct data agreements with every brand whose products appear on the platform.
For policymakers and standardisation participants, the point is that the secondary market is large, growing, and operating on infrastructure that the DPP framework has not yet explicitly addressed. The textile delegated act under ESPR offers a near-term opportunity to specify how that infrastructure should work, with horizontal applicability to other product groups that follow.
We came back from ChangeNOW in Paris with the same conclusion many practitioners arrive at after engaging with the EU circular economy agenda: the regulation is real, the timing is tight, and the actors with implementation experience need to participate in the standardisation work now if they want the framework to support what they are building. The window is open. It does not close in 2027: it closes when the standards bodies move on from actor-taxonomy questions to the next layer of specification. That is happening this year.
The full position paper, Secondary Market Data Requirements in the EU Digital Product Passport Framework, was produced under the StandICT.eu fellowship (Open Call 1, Short-Term track, May 2026) and is available on request. REALIGN contributes to CEN/CLC/JTC 24 WG 4 through the AFNOR Commission Française Passeport Numérique des Produits.