“If we had computers that knew everything there was to know about things—using data they gathered without any help from us—we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best”.1
In his statement, Kevin Ashton highlights two essential aspects of using data for environmental benefits: on the one hand, data acquisition (i.e., in the Internet of Things by means of sensor technology); on the other hand, data analysis and data use. Kevin Ashton formulated his idea of the Internet of Things back in 1999, and we see today, over 20 years later, that we still face many of the same questions and challenges.
Now, we have the opportunity to put the thoughts of Kevin Ashton into practice by mapping them to the information that can be gained through the digital analysis of data, data that will be created due to new information obligations in the EU linked to the introduction of digital product passports (DPPs) [1
]. DPPs can allow the envisioned exchange of collected product-related life-cycle data [1
]. They can become an essential tool to support the adoption of a circular economy and to realize the associated resource savings [1
] (cf. Section 2.1
). However, despite the promises of DPPs, until now, there has been no structured and stakeholder-involving analysis of the requirements for a DPP system.
A DPP system can be defined as the cross-sectoral, underlying IT infrastructure enabling the creation of upcoming DPPs. Current work in industry and science rather focuses on solutions for content and policy-related concerns of DPPs but less on the underlying technical aspects and requirements for the DPP system which will enable the realization of DPPs (cf. Section 2.2
). This paper aims to close this gap.
Thinking one step further, the question beyond this paper’s requirement analysis for DPP systems is how to further leverage the collected information derived from the DPPs. The insights from the analyzed DPPs should in the end help to establish a circular economy. This can be achieved, for example, by providing information on different R-Strategies [5
] (e.g., reuse, repair, refurbish, remanufacture, and recycle) [7
], or by enabling digital services for the respective products (e.g., predictive maintenance).
To achieve the objective of this paper (i.e., the requirement analysis for DPP systems), we first provide a brief overview on current DPP approaches, as well as existing work on DPP systems requirements. Secondly, we identify cross-sectoral requirements for DPP systems. The requirements are intended to apply to DPP systems that can be used in any industry or sector. Therefore, we do not consider a specific industry/sector in this paper but focus on the general, overarching requirements for DPP systems. Moreover, there are also (nontechnical) requirements a DPP system will have to fulfill from the onset. For example, it needs to be scalable and sustainable in itself, as it should not lead to rebound effects in terms of environmental sustainability (e.g., carbon emissions).
Both stated objectives are expected to serve as a basis for discussion among the research community in order to find an effective and timely solution for DPP systems.
The requirements analysis in this paper is based on the state-of-the-art literature of scientific and industry-related contributions concerning DPP systems (cf. Section 2.2
), as well as nine semistructured expert interviews. At this point, it must be considered that the scientific field around DPPs is still quite new, and therefore the scientific literature on DPPs, and especially DPP systems, is still limited. Therefore, in addition to the scientific literature, we also took gray literature into account. The gray literature (e.g., blog posts from industry/companies) must be assessed critically, as it has not been examined for academic quality (i.e., peer reviews). Moreover, in most cases, the reviewed literature does not provide direct DPP systems requirements but implies them through statements and explanations of certain aspects and proposed solutions. We analyzed these and, in synopsis with the findings from the expert interviews, derived the requirements for DPP systems. Where we found contradictory statements, we point them out in Section 4
, where the identified DPP systems requirements are presented.
The interviewed experts were selected based on their knowledge background and activities in the field, demonstrated either by publishing, research projects, or activities in norming and regulation. We asked the experts to refer us to other experts by means of a snowball system. Eight of the nine interviewed experts are from industry (cf. Appendix A
). One expert works in research. This distribution also corresponds to our perception of the extent to which the topic of the DPP has already arrived or is being addressed in industry and academia. Since our objective for the expert interviews was to explore requirements for DPP systems (i.e., for the underlying technical infrastructure of the upcoming DPPs), all experts have a mainly technical background (cf. Appendix A
). After reaching out to the experts, the semistructured interviews took place online and remotely. The duration of the interviews varied between thirty minutes and one hour. The structure of the requirement analysis for the DPP systems refers to ISO/IEC 25010:2011(en) [14
] for systems and software quality requirements and evaluation. Accordingly, the questions to the interviewed experts were also based on this structure. In addition, however, open questions were also asked about other requirements and requirement categories, which are not included in ISO/IEC 25010:2011(en) [14
]. In this context, for example, the category legal obligations
was added, as it turned out to be an important aspect during the requirements analysis (cf. Section 4.1
). Overall, we conducted semistructured, exploratory interviews, since DPP systems represent a new research area on which there is little literature from academia at present. The structure of the expert interviews was dynamically adapted to the respective discussion. Therefore, it must be taken into account in Section 4
that not all interviewed experts discussed the completely same issues. Consequently, the expert statements are not quantifiable. However, this was not the purpose of the conducted expert interviews.
4. Consolidated Requirements for DPP Systems
This section is structured into eight requirement categories. All eight categories and their respective identified requirements refer to DPP systems. The categories are mainly taken from ISO/IEC 25010:2011(en) [14
] for system and software quality requirements and assessment. Where necessary, they have been adapted and supplemented. For instance, the category legal obligations
was added because it turned out to be an important aspect during the requirements analysis.
4.1. Legal Obligations
The DPP system must comply with regulations and standards, of which some are just emerging. The European Commission’s “Proposal for the new Ecodesign for Sustainable Products Regulation” (ESPR) is among the most recent and important publications concerning DPPs. It was published in late March 2022 and represents the introduction of DPPs [8
]. The ESPR provides a comprehensive overview of the mandatory and voluntary information requirements of the upcoming DPPs, both in the main text (especially Articles 8 through 13) and in the annexes (especially Annex III). It also provides some implications for the underlying IT infrastructure and the handling of DPPs. This concerns in particular the establishment of a central registry for a unique identifier, which is required for linking the DPPs and their respective physical objects (cf. Section 4.8
]. In addition to the central registry, the ESPR currently seems to favor a decentralized approach, where data is stored at the data provider’s preferred location.
Moreover, the Extended Producer Responsibility6
(EPR) also plays an important role for the design of a DPP system. The EPR was defined by the OECD in 2019 as an environmental policy concept whereby the producer’s responsibility for a product is extended to the postconsumption phase of the product’s life cycle [15
]. Thus, the EPR attempts, like the DPP itself, the integration of environmental quality data from products and production processes into the entire product chain, and therefore should be considered when creating a DPP system. The same applies to the “right to repair”7
The “right to repair” relates to an EU government legislation to prohibit manufacturers from erecting barriers that prevent consumers from repairing and modifying their own consumer products (e.g., electronic devices and automotive) (see note 7). This should enhance the reuse, refurbishment, and repair of products in the EU and beyond. Thus, the EPR, as well as the “right to repair”, should be addressed with the DPP, and therefore must be considered in the design and implementation of a DPP system.
The General Data Protection Regulation (GDPR) was adopted in May 2018 [16
]. It is the most important regulation for the European market for data privacy and concerns the protection of natural persons with regard to the processing of personal data and the free movement of such data [16
]. Personal data means any information relating to an identified or an identifiable natural person [16
]. Thus, the GDPR is expected to have important implications for DPP handling if it comes to the processing of personal data (e.g., employee data in the case of product maintenance). Potentially, there will be analogous efforts for IP and know-how protection.
4.2. Functional Suitability
Functional suitability defines what a product or service should do and includes functional completeness, correctness, and appropriateness [14
]. The functional suitability of a DPP system needs to fit the respective sector, industry, and use case.
Overall, according to the literature [1
] and the majority of the interviewed experts, the primary objective of the upcoming DPPs, which are created by a DPP system, is to support circular economy goals through transparency on products, components, and materials.
Moreover, according to the literature [1
], DPP systems are designed to improve supply chain transactions by tracking the entire value chain and sharing information about products, components, and materials (cf. Section 2.1
). The majority of the interviewed experts also claimed that the establishment of DPP systems must not hinder existing value chain processes. Additionally, one of the interviewed experts emphasized that the quality and safety of products, components, and materials must continue to be guaranteed.
To be more precise, for DPP systems to work properly, the actors in a value chain have to provide information about their product, component, or material. They need to make statements exclusively for the step for which they are responsible [9
]. A DPP should consist of the collected DPP information of all actors of a value chain [9
]. For example, the raw material producer has to make statements about the raw material and the process of raw material extraction. The DPP system must therefore be capable of enabling such decentralized collection of the information required for a DPP, and it must allow decentralized actors to provide and receive this information. In addition, the members of the value chain need to have the ability to determine the data storage location (i.e., cloud) of their DPP information themselves [9
]. Moreover, the majority of the interviewed industry experts stressed the need to preserve the sovereignty of the industry and to reduce dependence on central players.
4.3. Security, Confidentiality, and IP Protection
Among other aspects, security describes the degree to which a product or system protects information and data, so that persons, other products, or systems have the degree of data access appropriate to their types and levels of authorization [14
]. These are described in the following as requirements for building trust, confidentiality, and the protection of the intellectual property (IP) throughout DPP systems.
When reviewing the contemporary literature related to DPP systems (cf. Section 2.2
), we found that, according to Guth-Orlowski [9
] and Berg et al. [2
], the secure exchange of DPP data among the members of a product’s value chain is the most important requirement across all sectors and industries. All nine interviewed experts confirmed this perception.
From a technical point of view, information in IT systems can be easily copied and modified [2
]. This implies that the information contained in a DPP needs to be verified with regard to its origin, integrity, and compliance in order to create trust and confidentiality along the entire value chain [2
]. The respective actors should not be able to add, change, or delete information about the product unnoticed. This means that the changes must be recorded or tracked by the DPP system (i.e., for nonrepudiation) [9
]. In this context, one of the interviewed experts emphasized that immutability has to be ensured, i.e., records in the DPP itself must not be overwritten. Verified data could then serve as a certificate for trustful information in terms of the origin and the production conditions [9
]. With regard to IP protection, according to Berg et al. [2
], data providers must retain direct control over their provided data (i.e., data sovereignty) and the data needs to be stored safe from unauthorized access.
Accessibility describes the degree to which a product or system can be used by people with the widest range of characteristics and capabilities to achieve a specified goal in a specified context of use [14
Certain information about a product is often a well-guarded company secret (e.g., its composition or supply chain) [9
]. According to Guth-Orlowski [9
], secrecy in terms of IP protection is one of the main reasons for the access control mechanisms of DPP systems. Hence, access rules for the DPP system need to be determined. For example, it could be defined that the Federal Environment Agency may access the carbon footprint of a production step [9
]. Overall, the data consumers and members of a DPP system should only have access to the information they need, which results in appropriate access authorizations.
Apart from that, according to one of the interviewed experts with an industry background, it is important to distinguish between small and medium-sized companies (SMEs) and larger organizations, since some SMEs do not have their own information system. In many countries, there is no suitable IT system available at the material supplier’s or manufacturer’s site. They often only have smartphones, and therefore a smartphone application connection to the DPP system is required. Hence, participation opportunities in DPP systems for those members of the value chain who do not have their own information system has to be established. Moreover, Guth-Orlowski [9
] states that there must be no cost or technical barriers to participation in the DPP system that exclude small economic actors. In addition, one of the interviewed experts claimed that there is often no stable internet connection. Thus, the respective data need to be cached locally and uploaded later to the DPP system when a stable internet connection is ensured.
Interoperability describes the degree to which two or more systems can exchange information and use the information that has been exchanged [14
According to the majority of the interviewed experts and Berg et al. [2
], a sufficient degree of interoperability of the DPP system is necessary for exchanging information between stakeholders across company boundaries. Regarding the requirement of interoperability, shared and common semantics make it possible to understand the content and the meaning of information and character strings up to the autonomous interaction of different systems [17
]. Data schemes describing the product should ideally be standardized [2
], or at least be supported by a broad consensus. In this way, it is known in which structure or schema the searched character strings are arranged. If this requirement is met, a DPP can be processed by different DPP systems, and/or the information of a DPP can be provided by the DPP system to external requesters via an application interface (API).
In addition, the majority of the interviewed experts stated that not only the interoperability between the different members of a DPP system must be ensured but also the interoperability within the IT and data infrastructure of a single member (e.g., a manufacturer). Such a DPP system member must be able to collect all the necessary DPP information it needs to provide to the other value chain members. Therefore, the DPP system member must be able to get the required information into the respective DPP.
4.6. Modularity and Modifiability
Modularity and modifiability refer to the degree to which the DPP system is composed of discrete components, such that a change to one component has minimal impact on other components [14
]. Global value chains involve a large number of players who frequently change [9
]. Likewise, according to Guth-Orlowski [9
], the required attributes that a DPP must contain evolve continuously. For a DPP system, this means that it needs to have the flexibility to add actors, products, or product attributes, change them, and remove actors or information that is no longer needed [9
]. Evolvability is an important aspect of information integration and applies to DPP systems as well, since they will most likely need to enable a variety of frequent changes related to the products and participants in the value chain. As most modern information systems, DPP systems must be easily expandable and ready for broader, international use to accommodate additional market participants and use cases [2
The majority of the interviewed experts confirmed the aspects that we found in the literature stated above.
4.7. Availability and Time Behavior
The DPP information needs to be available through the DPP system whenever it is needed. The time behavior depends on the specific use case. In some use cases, real-time data are required. In other use cases, it might be sufficient to collect and analyze the respective DPP data once a day, or even once a week. Consequently, for some use cases, certain parts of a DPP system must be real-time capable and might therefore be outsourced to the edge if machines and systems are to be operated on the basis of the information from the DPP (cf. use case described in [3
The conducted expert interviews did not provide any additional information on this requirement.
Portability refers to the degree of effectiveness and efficiency with which an IT system can be transferred from one hardware, software, or other IT system to another [14
]. In this paper, portability is understood as the requirement that the product identifiers, and thus the respective DPP information, need to be transferable from one software system to another. The product identifiers are needed to connect the physical products to their respective digital information [2
]. The portability of these product identifiers, i.e., the possibility of finding the product identifier with a different software system, represents an important requirement in a decentralized DPP system. This means that portable product identifiers are crucial, because otherwise a product cannot be identified in a decentralized DPP system. In this context, Berg et al. [2
] also outline that “the digital identities must remain permanent and must be usable in various systems and networks, thus implement the openness to various digital ecosystems”. Moreover, Berg et al. [2
] claim that the system that issues the product identities (i.e., a registry) must have no central intermediary, in order to avoid the risks of a central, single point of failure.
Accordingly, the majority of the experts interviewed emphasized that product identifiers should be referenceable and harmonizable throughout the EU. This is necessary in order to be able to track the entire life cycle of a product and to be able to analyze and use the relevant information collected by the DPP system and thus contained in a DPP.
5. Identified Gaps for DPP System Requirements and Discussion
Overall, we identified two gaps concerning DPP systems requirements. This means that we did not find any information on the following aspects within the literature or during the expert interviews. In the following, we briefly elaborate on these identified gaps for DPP systems requirements.
Energy and Resource Utilization: In the literature and during the interviews, we could not find any information on the energy and resource utilization of DPP systems themselves. Therefore, we identify this as a critical gap in terms of sustainability and see the risk of rebound effects when DPP systems are scaled up. More specifically, we see a risk that the resource and energy consumption for deploying DPP systems in some use cases could have a greater negative environmental impact than the counteracting positive environmental impact from the data insights (i.e., higher energy and resource consumption for DPP system deployment and use than energy and resource savings from DPP data analysis.). However, this is only a hypothesis at this stage and needs to be further investigated in the future.
Data privacy goes beyond data security qualities. The objective is that attackers, even if they gain access to the respective data, would not be able to receive meaningful insights from these data [18
]. The privacy of shared DPP information has to be guaranteed if it comes to the collection and processing of personal data (e.g., employee data in the case of product maintenance). In this context, legal requirements, such as the GDPR, have to be fulfilled [2
]. With regard to the expert interviews, the majority of the experts considered the topic of data privacy to be less relevant for the time being, since it is primarily product data that are considered in the upcoming DPPs, not personal data. However, the experts agreed that if personal data (e.g., data of employees) are involved in DPPs, these data must be treated in a privacy-aware way and in accordance with the prevailing privacy regulations (e.g., the GDPR).
Summarized, we identified the DPP systems’ requirements and their gaps. In the following, we briefly discuss how these requirements for DPP systems could possibly be implemented. Moreover, we put it in the context of product life-cycle management (PLM), since PLM is closely related to DPP systems, as it manages the entire life cycle of a product [19
One concept which could be used as the backbone of DPP systems is data spaces. For example, as mentioned in the EU Battery Regulation,8
the collection of DPP information must correspond to the “open data space” of a DPP [9
Data spaces are a contemporary construct for sharing data. They are therefore a possible solution for DPP systems. According to Reiberg et al., a data space is defined as “a federated, open infrastructure for sovereign data sharing, based on common policies, rules and standards” [20
]. In other words, a data space refers to a type of data relationship between trusted partners and represents an approach to information integration.9
The decentralized approach of a data space provides the basis for digital sovereignty, as data can remain in the sphere of influence of the data originator until they are retrieved (see note 9). Overall, a multitude of data spaces for various purposes exist, as shown in the Data Space Radar.10
Based on our identified requirements for DPP systems (cf. Table 1
), we consider the approach of using the concept of data spaces as the backbone of DPP systems to be feasible. However, we clearly emphasize that the identified requirements need to be further investigated in order to derive more evidence and more specific implications in terms of the actual implementation of such a DPP data space.
Furthermore, most of our identified requirements are not new for the general integration of heterogeneous systems and for the purposes of data sharing. Such work has been established in other areas of production science, such as, for example, in the literature on the digital thread concept, or similar work on product life-cycle management (PLM) [21
]. However, the identified requirements are new in the context of DPP systems. Consequently, for the future investigation of DPP systems requirements, this means that a translation of the requirements from PLM research (e.g., digital threads [21
]) into the context relevant for DPPs should be conducted. Semantic interoperability, for example, is an obvious requirement, and it will be useful to define interoperability in terms of the specific types of systems required to exchange information within a DPP system. However, in order to do this, the specific types of systems must be defined first. Consequently, this represents a crucial next step for the future development of DPP systems. For future work, it would be helpful to explore this need in more detail and provide a framework that would allow DPP system stakeholders to evaluate their approaches/solutions against the DPP system requirements we identified in this paper.
Summarized, the identified requirements in Section 4
provide an overview of the current discussion on requirements for DPP systems and will likely be expanded upon and more detailed as more research is conducted on this topic in the future. Nevertheless, they provide a solid foundation on which further research on DPP system requirements can expand.
This paper represents the first academic contribution to investigate the requirements for DPP systems. We accomplished this requirements analysis based on a literature review of scientific and industry contributions to the topic, as well as from nine semistructured expert interviews. We investigated eight requirement categories in accordance with ISO/IEC 25010:2011(en) [14
] and thereby identified several requirements for DPP systems (cf. overview of identified requirements per category in Table 1
). Overall, the reviewed literature and the majority of the interviewed experts emphasize that, currently, the biggest hurdles are the confidential exchange of information and the alignment between all stakeholders (e.g., the agreement on common standards). In addition, we determined two gaps with regard to the identified requirements. The first gap addresses the energy and resource utilization of DPP systems, which is crucial in terms of the scalabilty and sustainability of such solutions. The second identified gap is data privacy, which goes beyond data security aspects and concerns personal data. We also briefly elaborated on the current discussion to use the concept of data spaces as the backbone of DPP systems. Based on our identified requirements for a DPP system, we consider this approach to be feasible. However, we see the need to examine the identified requirements in more detail in the future.
Summarized, this paper is intended to build the basis for further exploration of DPP systems requirements. It should help to fill the current knowledge gaps related to DPP systems to eventually establish scalable and sustainable data handling for the circular economy.