Traceability in Data Spaces: From Individual Measurements to a Digital Product Passport

Abstract

Data spaces are digital realms of data and information shared between stakeholders and peer groups. They underpin several developments in sectors ranging from the automotive industry, through social sciences, to governmental networks. Digital traceability of information in data spaces is needed to validate statements about metadata, data quality, and data features. In many cases, this also directly translates to metrological traceability of measurements to the SI. The concept and development of Digital Product Passports bring these traceability aspects together to form a tool for a digital quality infrastructure. This paper outlines the general principles of digital metrological traceability based on digital certificates, a digital international system of units, and Digital Product Passports.

1. Introduction

According to the “Vocab Digital Product Passportsulary in Metrology” (VIM), the term “measurement traceability” is a “property of a measurement result whereby the result can be related to a reference through a documented unbroken chain of calibrations, each contributing to the measurement uncertainty” [1]. Thus, traceability requires calibration (as defined in the VIM) and documentation about each calibration in a chain from the measuring instrument to a reference. The ultimate reference for measurement results is the realization of the international system of units of measurement—the SI. A traceable measurement in metrology is relatable to the SI via the unbroken chain of calibrations. This is important to ensure comparability and reliability of measurement results. By following their traces, different measurements of the same quantity can be compared to each other, and their quality can be assessed. This is of particular importance in cases where data from different sources is aggregated, and in the quality infrastructure where conformity with regulatory requirements needs to be approved.

In digital infrastructures, the term “traceability” usually refers to a digital trace to the origin and the provenance of data. This traceability allows users to track changes made to the data, e.g., content or location. This is an important property of data to assess the reliability of its content. For instance, in a product specification, the provenance of conformity statements is important metadata for end-users and regulators.

The realization of communicating metrological and digital traceability has certain similarities. In both cases, information relevant to the statement of traceability is gathered and provided to customers and end-users. In both cases, digital anchors of trust are considered to ensure trustworthiness and immutability of this information. In both cases, an established technical solution for a digital anchor of trust is an electronic signature based on a Public Key Infrastructure (PKI). And in both cases, distributed ledger technologies are considered an alternative technical solution [2].

In data spaces, the digital traceability of a data set is realized using a number of different technologies. Examples include digital identities linked to data sets, digital verifiable credentials, and clearing houses based on distributed ledger technologies. In this contribution, we discuss the use of technologies for the implementation of metrological traceability.

With the digital transformation of the quality infrastructure, in particular in metrology, the transition from paper-based processes to digital processes is becoming the default method. Therefore, a commonly applied and internationally harmonized technical implementation of metrological traceability becomes increasingly important. Moreover, activities within the German initiative “QI-Digital” [3] demonstrated that the interconnection of metrological traceability with other digital solutions in the QI enables more efficient processes. For instance, the combination of an electronic signature based on a digital trust anchor provided by the national accreditation body, and a Digital Calibration Certificate [4,5] enables an automated digital verification that the calibration of a given measuring device has been carried out by an accredited laboratory.

Overall, the scope of this paper is to discuss the opportunities of an interoperable digital metrological infrastructure based on emerging technologies and international standards of the World Wide Web Consortium (W3C). The paper is structured as follows. Section 2 introduces the relevant background and foundations for this work, such as terminology and existing technologies. Section 3 outlines the potential use of data spaces as a technical implementation for traceability in metrology and the wider QI. In Section 4, we discuss the concepts of the Digital Product Passport (DPP) as a use case for digital metrological traceability. Finally, in Section 5, we draw some conclusions and provide an outlook.

2. Background and Foundations

Digital transformation in metrology aims to achieve more efficient processes, gain more insight into measurement results, and improve the reusability of measurement data. This comprises transformational processes within organizations and for the provision of services. The Digital Calibration Certificate (DCC) is an international example for this transformation [5]. Initiated by the Physikalisch-Technische Bundesanstalt, the German National Metrology Institute, the DCC development has become an international effort, including a dedicated task group in the Forum “Metrology and Digitalization”, established by the Committee of the Meter Convention (CIPM).

The DCC is a data model with an XML schema as a reference implementation [5]. The XML structure enables a software to find and access the content of the certificate in a very granular way. In the same way, software can create an XML DCC and fill in content from other sources. This is a prerequisite for automated digital processes. As an example, we consider the intra-organizational process for a calibration service, which consists of the following steps:

• Receiving an order for a calibration request;
• Administrative processing of the order;
• Carrying out the calibrations;
• Creating the certificate;
• Drawing up an invoice;
• Providing the certificate and related material to the customer.

Each step, after the initial placement of the order by the customer, utilizes some information from earlier process steps [6]. Automation of the whole process thus requires making available the information elements from previous steps, e.g., by application of programmable interfaces (APIs). Step 4, the creation of the certificate, puts all information elements related to the service together in the XML file. This can be signed electronically, to secure the content against manipulation, and to provide digital traceability to the issuing organization [5]. An established technology for electronic signatures is the use of Public Key Infrastructure (PKI). The PKI provides a form of digital traceability from an electronic signature through several steps up to a root certificate provided by an acknowledged anchor of trust.

For decades, the quality infrastructure has relied on the traceability of information from a single asset or statement to non-digital anchors of trust, such as a national body and internationally recognized authority. Digital transformation of the quality infrastructure consequently comprises the transfer of the established trust chains from the analog to the digital world. A recent example is the German accreditation body (DAkkS, www.dakks.de (accessed on 16 November 2025)), which developed a PKI-based digital anchor of trust for specific electronic signatures. These signatures allow verifying the identity of the issuer and include the confirmation from DAkkS that the issuer has a valid accreditation. In this way, the human-oriented printing of the DAkkS logo on a certificate can be transformed into a software-oriented digital statement, which can be verified automatically by a machine [7,8].

For the automation of digital processes to be most efficient, the to-be-processed information must be available in structured, self-contained elements—ideally expressed in a machine-readable way. For a digital certificate, this can be achieved by considering the certificate as a database rather than a document. That is, elements of the certificate are considered as information modules organized in a hierarchical structure. For instance, the DCC holds information such as date and time of calibration, issuing organization, serial number of the device, and number of calibration points. If the certificate is treated like a database, all information modules can be accessed directly and independently from the rest of the certificate, see Figure 1.

The corresponding processes, for instance, for workflows within the quality infrastructure, can then be designed to take advantage of the accessibility of such information modules. That is, the processes are not designed based on the circulation of documents but instead rely on APIs or other means to obtain exactly the information needed for a certain process step, see Figure 2 for a visualization of a simplified example.

In the quality infrastructure, processes are usually product-focused. For instance, assessing the conformity of a measuring instrument with regulatory requirements requires calibration, conformity assessment, accreditation, and standards. Calibrated measuring instruments provide metrological traceability for the measurements undertaken to assess conformity. The certificate of conformity proves that the conformity of the instrument is issued by an accredited organization that performs the conformity assessment based on standards and regulations. Consequently, processes in the quality infrastructure should put the product at the center of consideration and may thus differ from intra-organizational processes, where the focus on a certain product or asset may not always be equally relevant. This also leads to differences in the digitalization of such processes.

Paper-based processes limit the effectiveness of digital transformation in organizations and cause additional burdens and risks. Today, most organizations use digital workflows and infrastructures for their data and information management. Documentation is stored digitally using databases or file systems. Data processing is carried out using software tools. Moreover, many companies are pursuing the implementation of data-driven tools, such as artificial intelligence, to improve internal processes and to cope with the lack of skilled personnel. Paper-based quality infrastructure services thus cause media discontinuities for these organizations. The transfer of data and information from paper to digital infrastructures is laborious, error-prone, and time-consuming. For this reason, many organizations within the quality infrastructure have started their digital transformation in recent years. In this development, it has been identified early on that interoperability is a key issue. National initiatives such as QI-Digital in Germany and the “Joint Statement of Intent” signed by all major international QI organizations, seek interoperability and harmonization of digital transformation developments [3,4,5].

Interoperability can, for instance, be achieved through the following three basic approaches:

• Use of a monolithic software solution;
• Use of standards of specialized domains or groups;
• Use of general standards.

In a monolithic software solution, interfaces and data models are all part of the same software development. Thus, they can be designed specifically for the software to enable very high performance and reliability. This is important for use cases where APIs are not to be shared openly and where processes are very stable [9]. However, monolithic software can become very complex and inflexible when extensions and additional features are added over time. Maintenance and handling of the monolithic software then becomes a critical risk for operations.

Domain-specific standards are, for instance, used in data spaces. In these cases, a group of organizations with a common interest in data sharing and digital services defines rules and operational specifications. Only approved interfaces and data models are integrated into the data space. At the same time, changes or extensions to the software solutions can be handled in a more flexible way based on the standards set for the data space compared to a monolithic software stack. The International Data Spaces Association (IDSA) specifies general elements and a reference architecture model for data spaces [10]. This supports the creation of a domain-specific data space. However, the initial task of agreeing on operational procedures and standards remains. Moreover, changes to these standards, as well as maintenance of the overall data space, must be organized.

The use of general standards, such as World Wide Web Consortium (W3C) specifications, may reduce the design space compared to domain-specific and therefore tailor-made interfaces and software solutions. However, they offer the advantage that more software tools are available, and sharing data between domains becomes easier. Moreover, general standards can also be specific for a larger domain. For instance, the UN Transparency Protocol (UNTP) considers procedures based on verifiable credentials (VC) and decentralized identities (DID) for verifiable conformity statements. This requires domain-specific authority repositories, implementing roles and responsibilities from the domain of conformity assessment. However, the underlying technology of VC and DID is based on general W3C standards.

In practice, there is usually no strict implementation of only one of these three approaches. For instance, the concept of the European Metrology Cloud comprises monolithic nodes for building a data space for legal metrology. However, the nodes themselves use separate modules for communicating, based on web-based technologies similar to elements of a data space as specified by the IDSA [9,10]. Thus, the concept of data spaces and their role in digital traceability for metrology is of great interest for digital transformation.

3. Digital Traceability in Data Spaces

Processes in the quality infrastructure rely on the mutual sharing of information and data, technological and regulatory trust frameworks, and common vocabularies. For instance, the conformity assessment for a product requires information from the manufacturer, access to standards, and—for the certificate of conformity—a mutually accepted framework for authenticating the certificate. Traceability of statements in such a scenario comprises access to all relevant information for an auditor, a customer, or other interested parties in order to assess the statements’ validity. In an analog world, this is realized mostly through mutual recognition of regulatory frameworks, e.g., based on the rules for CE markings for products sold in the European Union. That is, relevant information about the product is usually made available as paper documents handed out together with the product.

Federated data spaces provide a technological framework to accomplish the digital transformation of processes in the quality infrastructure. A data space is basically a governance framework for handling metadata about data provenance, identities, interfaces, vocabulary, data policies, etc. One particular example is the GAIA-X framework (https://gaia-x.eu (accessed on 16 November 2025)). It defines a set of modules that can be used as building blocks for governing resources, managing identities, granting access, and setting up rules through data attributes. Credentials and labels are assigned to assets and participants according to previously agreed rules, access rights, and other data properties. A so-called “clearing house” manages the handling of credentials and can be used to enforce data policies. An important aspect of such a data space framework is the federated provision of data and services. That is, instead of centralized resources, multiple actors can provide modules and services within the data space. A registry, a set of compliance rules, and a corresponding certification provider ensure interoperability and accessibility. A more general reference architecture for data spaces is defined by the IDSA. It defines fundamental elements for functional, technical, operational, legal, and commercial aspects of a data space. The common fundamental feature of all such developments is to ensure data sovereignty. That is, instead of providing data in an open way accessible to everyone, the sharing of data is organized based on predefined rules and procedures. The data space modules are the technical realizations of such rules and procedures.

An important aspect of any data space providing data or services for quality infrastructure purposes is the definition of role-based access rights. For instance, an official representative of a market surveillance body should be able to identify with that very role in the data space in order to gain access to all documents and information required for their specific tasks, e.g., verification. Therefore, the data space rules and procedures must contain suitable access rights for that role. The European Digital Identity Wallet (EUDI) developments go in that direction by considering organizational wallets that enable an organization to digitally identify itself to other organizations and platforms, share specific data and documents from their wallet to others, and create electronic signatures and seals with their wallet identity. It can thus be expected that future data space standards will include EUDI Wallets and similar developments as accepted identity providers. Thus, such wallet solutions should contain rules related to quality infrastructure roles. This would allow for the specification of role-based access rights to data spaces, being applicable cross-sectoral and independent from other, domain-specific data space roles and access rights.

4. The Digital Product Passport

In very simple terms, a Digital Product Passport (DPP) is a structured collection of properties and data related to an individual product, or a product batch or type. The first DPP in the European Union (EU) will be the battery passport for which the EU Regulation 2023/1542 sets requirements and procedures. This regulation defines the properties that must be provided in the battery’s DPP as well as the requirements for the underlying DPP system to consider role-based access. Organizations with a legitimate interest and authorities should gain access to a much richer set of information than the general public. However, the actual technical specification of such a DPP system is still under development at the level of CEN/CENELEC.

Nevertheless, digital and metrological traceability concepts can be outlined properly based on the existing information from Regulation EU2023/1542 [11] and the Battery Passport Project (https://thebatterypass.eu (accessed on 16 November 2025)). Digital traceability is indeed one of the main drivers behind the EU activities for the DPP. Similar to the motivation behind the UNTP, the EU aims to address the need for tracing claims about product properties along the product lifecycle and across the supply chain. The DPP serves as a central element that points to all digital traces required for this purpose. For instance, the material from which the battery is built must not only be named in the DPP, but actual information about the source and supplier must be provided. EU2023/1542 foresees a distributed data infrastructure for this, instead of a central database or singular platform.

For metrological traceability for the battery passport, consider the use case of an organization buying a set of used batteries. This organization requires information about rated capacity and state of health to decide on the batteries’ value and potential further use. Figure 3 shows a potential scenario outline for this use case. The rated capacity may have been tested by an accredited laboratory to validate the manufacturer’s claim. The DPP property would then be linked by reference to the testing laboratory, which itself provides proof of being accredited for this service at the time of measurement. Moreover, the testing laboratory in the test report may link to the SI reference point as a means for digital interoperability for unit encoding. Similarly, the state of health may have been evaluated by a car repair shop based on some standardized routines and calibrated equipment. The property in the DPP would then be linked to the repair shop, which provides proof of the calibration of their equipment at the time of measurement. Based on these digital traces, the organization that bought the batteries can assess the batteries in a comparable way due to all measurements being traceable to the SI. For the accredited laboratory, the traceability is implicitly provided by proof of being accredited. For the repair shop’s equipment, parts of the traceability chain are provided via the calibration proofs and by the calibration lab’s statement of the method employed for calibration. The information about the measurement and the information about the calibration methods are important for interpreting the properties stated in the DPP. In particular, for the comparability of stated property values, knowledge about whether the same or comparable methods have been applied is highly relevant.

This simple scenario can easily be extended to a full lifecycle analysis of a battery, including repairs and other incidents that are relevant for assessing the quality of the battery. Thus, beyond stating immediate product properties such as its carbon footprint, the DPP offers great potential for the quality infrastructure to gather and report information along a product’s lifecycle [11].

The fundamental technical aspect in this and other use cases based on DPP and data spaces is that all data is held in a distributed infrastructure where each datum can remain at the data infrastructure of the respective datum owner. This is different from approaches such as, for instance, the recently published QR code service offered by the Austrian metrology body BEV [12]. In the BEV concept, a QR code refers to a web-based service provided by BEV that holds all relevant data and information about the product. Nevertheless, the resource referred to via such a QR code could be used for a property within a DPP to link to the BEV resources backing up the statement of product conformity.

5. Conclusions and Outlook

Concepts and technologies for digital traceability can be applied to implement metrological traceability. This is particularly true for the upcoming Digital Product Passport, whenever it contains properties based on metrological services.

Existing technologies, such as verifiable credentials, data spaces, and distributed ledger (blockchain), offer a ready-to-use basis for implementing metrological traceability. Developments such as the Digital Calibration Certificate and similar developments, e.g., the Digital Certificate of Conformity [13], provide modular data structures. These can serve as a basis for granular traceability chains in the future. For instance, the D-CoC for a product can contain a reference to the DPPs of the measuring devices used in the metrological part of the conformity assessment. Each of these DPPs can provide digital references to DPPs about the measuring devices and methodologies used in their calibration. In this way, the traceability chain becomes transparent and accessible to algorithms for addressing metrological questions in traceability, such as the identification of common sources of uncertainty and correlations due to the same measurement standards applied.

An important prerequisite for the successful implementation of metrological traceability chains is the semantic harmonization of data structures in certificates and reports, as well as in the semantic specification of role-based access rights.

Beyond the technological developments, the bodies of the quality infrastructure (QI) are challenged by the digital transformation of processes, organizationally. Digital traceability of information requires digital anchor points and may need to rethink the way humans interact in QI processes. Instead of human auditors needing to verify complete documentation and their interconnections, AI-assisted checking based on digital traceability chains will become the default approach. However, this requires trustworthy AI assistants, automatically verifiable digital traces of trust, and digital literacy of the people relying on such technology. In addition, all of these developments require time and resources to be further developed and properly implemented. Therefore, the attribution of costs and the prioritization of implementation steps based on economic reasoning will lead to a development that may not put the most fundamental technological changes first. Overall, the digital transformation of the quality infrastructure is a long-term effort, and the combined efforts of QI bodies are needed. Initiatives such as the German QI-Digital and the international “Joint Statement of Intent” are important pillars.