Kezzler
Kezzler helps build sustainable value chains.
ID: 187555047865-16
Lobbying Activity
Response to Digital Product Passport (DPP) service providers
10 Dec 2024
Kezzler is a potential DPP Service Provider and are at current helping to prepare our customers IT architecture to comply with ESPR and its upcoming Digital Product Passport. Kezzler is leading a lighthouse pilot in CIRPASS-2, has seconded experts to CEN/CENELEC JTC 24, and is a member of the national cluster for the fashion and textile industry in Norway (NF&TA). Kezzler has been active in the development of the Battery Passport as a partner to the Global Battery Alliance, as well as in KEEP Digital Product Passport for Electronics - part of the Trace4Value project (funded by Horizon Europe). Our input, structured according to the three provided groups of requirements: 1. Information security and (information) services of DPP data that responsible economic operators entrust to DPP service providers: Rather than re-inventing the wheel a company delivering software as a DPP Service Provider could be certified according to ISO/IEC 27001 which is the international standard for information security management. Alternatively, the company can demonstrate that it has an Information Security Management System (ISMS) and information security controls in place that provide the same level of information security as ISO/IEC 27001. (In addition to adhering to the relevant/chosen CEN/CENELEC JTC24 standards). 2. The financial viability of the DPP service providers to guarantee long-term access to DPP information: It is stated that the possible solutions should not create a disproportionate burden, especially on SMEs. This will be relevant for small and medium-sized DPP service providers and small and medium-sized responsible economic operators using their services. Their needs and constraints must be carefully considered. The European Commission should keep in mind that many European SME software companies relevant to becoming DPP Service Providers must continue to be growth companies to succeed at the global level. Such companies do often and almost per definition have a negative cash flow as they expand and continue their growth. Forcing such providers to become break-even in order to operate as DPP Service Providers would be devastating to the European software industry and must be avoided to secure Europes competitiveness in such global market. The interoperability requirements set by JTC24 will ensure an easy switch between DPP Service Providers for responsible Economic Operators. Long-term access to DPP information in the standardized format could be ensured with escrow agreements or similar. 3. Assurance for businesses that DPP service providers comply with the requirements: It is stated that DPP service providers will store and process DPP data on behalf of responsible economic operators that decide not to provide these services themselves. For responsible economic operators that decide to host the DPP themselves, the DPP service providers will store the DPPs mandatory backup copy. These two roles of a DPP Service Provider are very different, where the scope of only delivering the backup copy is much less and requires less sophisticated services compared to operating a primary DPP, especially when operating at batch or item level.. Also, the responsible economic operator should have the freedom to choose different DPP Service Providers for different roles. Should a responsible Economic Operator choose to provide the main services themselves, the required mandatory backup copy by third party should come at minimum cost to the Economic Operator. The European Commission should hence consider splitting the requirements in different DPP Service Provider categories depending on the DPP services provided / role of the DPP Service Provider. At current, two distinct roles are already described in ESPR, but even more distinct roles may appear during the development of the European Commission Central Services, the overall DPP system design and the Delegated Acts following ESPR.
Read full response