Device records and device reports are not interchangeable: a record is a verifiable, auditable artifact that updates across a device's full lifecycle, while a report is a point-in-time snapshot derived from that record. As EU Digital Product Passport mandates under ESPR begin phasing in from 2026, companies operating in the connected device supply chain cannot meet compliance or commercial transparency requirements with static reports alone — they need the underlying records infrastructure. Organizations that build that infrastructure now will have trusted, structured device data that drives smarter pricing, grading, and supply chain decisions, not just regulatory checkboxes.
According to consumers we've spoken with: not much. They don't know what "pass" means. They don't know who ran the test, when it was run, or what standard it was measured against. They see a tick mark, and they either trust it blindly or dismiss it entirely. There's no middle ground, because there's no context.
"I understand they're saying the diagnostics are 100%. I understand we've got this lovely imagery, we've got all these green ticks, and you think, yeah, this is all great on the surface, but how realistic is this? I haven't seen one image of what the phone looks like, haven't got any specific information." - UK Focus Group Participant
It’s a consumer education problem and a data infrastructure problem. Every company operating in the device supply chain must address these problems, whether they know it or not.
A device report and a device record are not the same thing.
Two terms worth keeping distinct before we go further. A device record is a verifiable, auditable artifact tied to a specific unit; updated as that device moves through its lifecycle. A report is a snapshot: a document generated at a point in time that captures what was known in that moment. Reports are useful. But reports are derived from device records. You cannot reverse-engineer a device record from a report, and you cannot meet tomorrow's transparency requirements with yesterday's documents.
The third term, records infrastructure, is what makes device records possible at scale. It's the system underneath: the data pipelines, diagnostics integrations, and shared standards that allow individual device records to be created, updated, shared and trusted. A Device Passport™ is what emerges at the top of that chain. The infrastructure produces the records; the records power the passport.
Here's a comparison:
Compare to your health records. A medical chart is the living record; every test, every observation, every change, documented as it happens. Following a doctor visit or emergency, you receive a discharge summary, which is a report. The summary is useful, but if something goes wrong later, the chart is what anyone will want to see. The summary cannot stand in for the detailed medical record.
Device records work the same way. The data that lives in your systems — diagnostics results, condition assessments, battery health, trade in and resale value, and repair history — is the chart. What you hand a customer, a regulator, or a supply chain partner today is comparable to the discharge summary. The gap between the two is your records infrastructure problem. That gap is fine until it isn't.
Having data about a device isn't new. Every company that processes refurbished phones has its own version. The shift happening right now isn't about whether you have data; it's about what form that data takes, and whether it can do more than sit in a report.
Two forces are accelerating this.
The first is regulatory. The EU's Ecodesign for Sustainable Products Regulation (ESPR) is moving from pilot to mandate. The first required Digital Product Passports (DPP), starting with batteries, are set to hit in 2026–2027, with additional product categories phasing in through 2030. A DPP isn't a form you fill out. It's a structured, verifiable digital record linked to a specific product that covers its identity, materials, environmental impact, and lifecycle history. You cannot generate one from a static report. You need the underlying records.
The second force is commercial. Buyers, whether consumers, enterprises, or downstream supply chain partners, are getting better at recognizing when transparency is real and when it's decoration. A tick mark with no provenance is decoration. A verified record with a chain of custody is transparent. The difference shows up in conversion rates, resale values, and the trust that makes data-sharing relationships actually work.
There's also a subtler problem that most organizations don't openly discuss: most companies lack a single internal version of the truth about their devices. Data is siloed across teams, systems, and partners. The warehouse has one view. Finance has another. The logistics partner has a third. If your device program is a black box today, and you can't answer basic questions about where a device is, what condition it's in, and who last touched it, you don’t have the records infrastructure to produce trusted data for DPPs tomorrow. You can only export a report that approximates the truth.
Here's the reframe that changes how this looks.
A Device Passport™ is not a report you generate. It's the output of a system you build. The infrastructure is the essential foundation. It produces device records with trusted data. Verified data can come from multiple sources, first-party diagnostics, partner inputs, third-party data, each contributing to a more complete and trusted record. The passport is what emerges when that infrastructure is working.
That's also where the real opportunity is, and it's bigger than compliance.
When device records are structured, shared, and trusted, they become the raw material for decisions that companies currently make on instinct or approximation. What should this device be priced at in the secondary market? Which units are worth repairing and which aren't? Which partner is consistently grading accurately, and which isn't? What does our inventory’s battery health look like at the population level, and what does that tell us about upgrade cycles? These aren't DPP questions. They're business questions. A system of device records answers them.
The companies building that records infrastructure now, not to check a compliance box, but because the data is valuable, will be positioned differently when the mandate arrives. They'll have the evidence. They'll have the record, not just the report.
The consumer staring at that checklist deserves better than a tick mark. So does your business. A tick mark isn't proof. A record is.
If this has you thinking about what your own infrastructure can and can't do yet, that's the right question to be sitting with. Explore You’re Asking the Wrong Question: The Real Value of the Digital Product Passport →
.webp)
.webp)
