19 July 2026
Unsold goods
Large companies
Destruction of unsold textiles and footwear is banned for large companies, and destruction practices must be disclosed.
ESPR (EU) 2024/1781, Art. 25
EU Digital Product Passports
Alpha · Active developmentOdal Node is sovereign infrastructure for EU Digital Product Passports. Your product data is validated and signed on your infrastructure, with your keys — only the signed proof is stored and served. Anyone can verify it.
Why now
Compliance arrives sector by sector, date by date — not "everything by 2027." Three dated obligations are already in law:
19 July 2026
Large companies
Destruction of unsold textiles and footwear is banned for large companies, and destruction practices must be disclosed.
ESPR (EU) 2024/1781, Art. 25
18 February 2027
EV, industrial (>2 kWh), LMT
Every battery in scope placed on the EU market needs a digital battery passport, registered in the EU central registry.
Regulation (EU) 2023/1542, Art. 77
Next, from 2026
Textiles, iron & steel, furniture, tyres
The ESPR 2025–2030 working plan sets the order: textiles and iron & steel lead the first delegated acts, each fixing its own DPP application date when adopted. Electronics is not a priority sector in this plan.
ESPR 2025–2030 Working Plan, COM(2025) 187
The question is whether the infrastructure you adopt now still fits the next sector's act. Odal Node is built so that it does: new sectors arrive as schema and plugin updates, not as new systems.
How it works
Manufacturers keep trade secrets. Regulators and customers need data they can trust. A proof-bound architecture serves both without asking either to compromise: raw production data is validated and signed locally, then discarded — only the signed passport is stored and served.
Product data from CSV, Excel, or your ERP into your own node.
Against versioned sector schemas tracking the regulation, locally.
With your own key, generated and held on your infrastructure.
Only the signed passport becomes resolvable, via QR and GS1 Digital Link.
Any consumer, authority, or recycler verifies the signature against your public DID document — without Odal in the loop. What the node stores: the signed passport, the audit trail, the signature. What it never stores: raw import files, supply-chain detail beyond passport content, or your private keys.
What you get
Raw inputs are discarded after signing. A property of the software, not a policy promise.
GS1 Digital Link 1.2 resolution, W3C VC 2.0 credentials, did:web identity, AAS submodel export.
Each sector's compliance logic runs in an isolated sandbox. New regulations land as plugins, not rewrites.
dpp-core (the regulatory standard in Rust) is Apache-2.0, full capability, forever. dpp-engine is BSL-1.1 with a real self-host grant — production self-hosting is free.
The node is a single, self-contained service. You can run it on your own infrastructure, or on a cloud you control.
One compose file. No licence keys, no passport caps. Ever.
Data and trust
Proof-bound is not a promise about our conduct; it is a property of the software. The node validates and signs locally, then discards the raw input — so there is no data for us to access, by construction. Stated precisely:
The signed passport you publish to a resolver we operate, and the metadata required to serve it.
Your private keys (held in-process on your infrastructure), your raw production data, your supply-chain detail.
The contents of your import files, which the node discards after validation.
Standards
GS1 Digital Link
Product identification and QR resolution
W3C Verifiable Credentials
Credential format for signed passports
did:web
Issuer identity, anchored in DNS and HTTPS
IDTA AAS
Industrial submodel export for Industry 4.0 consumers
CEN/CENELEC JTC 24
Harmonised DPP standards — tracked as they finalise