Digital Product Passport Meets Natural Stone — Mandatory from 2027!

What actually happened in 2025 and 2026

In the trade press, much of the past two years revolved around the German Supply Chain Due Diligence Act (LkSG). For German stone importers and larger fabricators, this came with effort: risk analyses, reporting obligations, documentation of complaint procedures. At the end of 2025, the German Federal Cabinet significantly trimmed these duties. Since 1 October 2025, the Federal Office for Economic Affairs and Export Control (BAFA) no longer audits annual reports under sections 12, 13 LkSG (source: BAFA short notice 01.10.2025). The list of fineable offences was reduced from thirteen to four (source: KPMG Law (German law firm, in German), status after the cabinet resolution of 03.09.2025). Only the following remain subject to fines:

1. failing to take — or to take in time — preventive measures when a human rights risk exists, 2. failing to take — or to take in time — remedial measures when a human rights risk exists, 3. failing to draw up or implement a remedial action plan when a human rights risk exists, 4. failing to set up a complaints procedure.

Violations concerning environment-related risks are no longer fineable under the LkSG itself — the specific environmental laws retain their own sanctions. The actual due diligence obligations remain; it is the report audit that falls away.

At EU level, the Corporate Sustainability Due Diligence Directive (CSDDD) was running in parallel. It, too, was watered down in 2025: the transposition deadline for member states was postponed to 26 July 2027, and the thresholds were raised (1,000 employees, 450 million euros in turnover). For now, only large corporations are affected. For the mid-sized stone fabricator, this means: relief on reporting obligations, but contract chains live on — large developers and general contractors pass their proof-of-origin requirements down the line.

While these stories made headlines, another regulation entered into force almost silently: the new EU Construction Products Regulation CPR 2024, in force since 8 January 2026 (source: EUR-Lex, Regulation (EU) 2024/3110). It progressively replaces the old CPR 305/2011 through 2040. And it brings an instrument that will lastingly change the documentation requirements for natural stone: the Digital Product Passport.

The focus has shifted: away from the big compliance report, towards gapless data provenance per product. For a stone fabricator who already tracks every slab individually, that is better news than it first sounds.

What the Digital Product Passport means for natural stone

The Digital Product Passport (DPP) is a structured dataset that accompanies a construction product throughout its entire lifecycle. It is accessed via a data carrier on the product itself — typically a QR code, barcode or RFID tag — pointing to an online resource containing the product data. The aim is transparency for developers, planners, authorities and all downstream stages of the supply chain (source: ZVEI position paper DPP under the new CPR, September 2025).

What the passport must contain is set out in so-called delegated acts. The European Commission has announced a roadmap through the end of 2026; the first product groups will start with DPP obligations in 2027. For construction products, a transition period of around 18 months then applies — natural stone is therefore expected to move into the active DPP obligation in mid to late 2028 (source: vergabe24.de, ÖGNI, as of April 2026).

Which core data the passport is to contain is already outlined in the framework regulation:

- Product ID, manufacturer, origin (country, production site) - Material declaration and ingredients - Declaration of performance and proof of conformity under the CPR - Environmental and climate data, where available (EPD, CO₂ footprint) - Notes on installation, maintenance, deconstruction and recycling - Back-references to prior stages in the supply chain

The passport must remain available for at least ten years. For existing buildings with natural stone facades or floors, this means: even years after installation, the origin must be reconstructable.

Exemptions apply within a narrow corridor. Individually custom-made products and those for heritage preservation are exempt from the DPP. For the typical stone fabricator, this covers part of the kitchen countertop production, but generally not the trade in raw slabs and the upstream supply chains. A producer who purchases blocks from Carrara, Lasa or Porriño and resells them is subject to the DPP obligation. The same operation that then cuts a custom-made single slab for a private kitchen may not be — the details will be settled by the delegated acts over the coming months.

Practically important: the DPP does not replace the declaration of performance; it makes it machine-readable and permanently accessible. Anyone who already issues declarations of performance under CPR 305/2011 is thereby delivering much of the DPP content — the new regulation additionally demands the digital transport layer.

Which data per slab belongs in the passport

Looking at the list of DPP data fields, it quickly becomes clear: most of it is already present in a well-run stone yard. Not always as a coherent dataset, often scattered between delivery notes, inventory software, email attachments and declarations of performance. But the information exists.

Which fields should be collected per slab at minimum:

- Block ID and quarry origin: country, quarry name, ideally GPS coordinates. At Lasa, the block comes from the Weißwasserbruch; at Orlandini, from Nanto; for an Indian granite, from a specific quarry in Karnataka. The supplier has this information — the fabricator must bring it into its own master data. - Arrival and import date: relevant for customs documentation and traceability if a delivery is later subject to a complaint. - Supplier: full legal name and production site, not just the short form. - Material, finish, thickness: standard master data. Map finish combinations such as "polished, bookmatched, mesh-backed, resin-filled" separately — each variant can have its own conformity requirements. - Performance data: compressive strength per DIN EN 1926, freeze-thaw resistance per DIN EN 12371, flexural strength per DIN EN 12372, slip resistance per DIN EN 14231. These values come from the test reports that accompany each batch. - CO₂ footprint or EPD reference: for igneous and sedimentary stones, the German Natural Stone Association (DNV) has published IBU-certified environmental product declarations (source: DNV Sustainability). The PDFs can already be attached to the material master record today. - Photo and barcode ID: not strictly mandated by the DPP, but the practical key to linking the physical slab with the digital dataset. - Further processing history: which cuts originated from this slab, for which project, with which date. The DPP demands traceability down to end use, as far as captured.

What is often missing and needs to be added: structured supplier data, CO₂ metrics per material, a binding link between block and delivery note. In many operations, the origin sits on the delivery note and nowhere else. Once the delivery note is filed away, the information exists — but is not retrievable for a digital passport.

The distinction from existing labels is important: XertifiX and Fair Stone verify social and labour standards in the extraction countries — they add a further stamp on top of the origin (source: XertifiX traceability, Fair Stone FAQ). The DPP, by contrast, demands documentation of origin, without verifying it. The two layers complement each other: a product can be Fair-Stone-certified and simultaneously disclose its origin in the DPP. The certification flows into the passport as a proof attribute.

From practice: An Italian natural stone producer already documents today

An Italian natural stone producer works with DDL and has progressively digitalized its slab management over recent years. The inbound workflow begins at the scanner: every incoming block is captured with its supplier barcode; the inventory software links the block to quarry origin, supplier master data and import date. As soon as the block is gang-sawn, a separate dataset is created for each individual slab with photo, dimensions, veining category and a slab ID printed on a polyester label at the slab edge.

"The slab is the same as it was ten years ago. What has changed is what customers want to know beforehand. ‘Marble from Italy’ used to be enough. Today they ask about block, quarry and documentation — and whoever has no answer on the first call loses the project." — Vincent Orlandini

In the shop and the internal stone gallery, every slab is retrievable with a photo. On request, architects receive a PDF dossier with block origin and slab dimensions; the data comes from the system, not from a separately maintained Excel sheet. Sold slabs are flagged as "sold" and remain historically visible — including project assignment and processing history.

What matters for the DPP perspective is not the software but the data state. When a buyer asks "which quarry does this slab come from and who delivered it?", the answer is available in under a minute. The cut to a specific project is likewise traceable. What is currently missing is an automated export interface that transfers this data into a DPP-compliant format. As long as the delegated acts have not yet defined the exact format, that very bridge is running in initial customer tests.

The practical takeaway: the software data base is roughly 80 percent ready. The missing 20 percent are structural additions — an EPD field per material, a binding supplier geo-location, a DPP export endpoint. All of this is a linear evolution of the existing system, not a fresh start.

The self-check: How far along is the operation already?

Seven questions to quickly assess your own DPP maturity. They capture the practical core of the regulation — without legal subtleties, but with an eye on what matters on the shop floor.

1. Does every slab have its own, permanently legible ID? A label that fades after three months in the outdoor yard is not a permanent ID. Polyester or vinyl labels printed with resin ribbon withstand UV radiation, rain and stone dust.

2. Is the block origin (quarry, country, supplier) recorded per slab — digitally, not only on the paper delivery note? The information must be retrievable from the system, not from the binder in the office.

3. Is there a photo for every slab? Veining, surface finish and any anomalies must be documented visually. In case of complaints years later, this is the only proof.

4. Is the supplier fully linked per block (company, production site, contractual basis)? "Marble from Italy" is not enough. The DPP asks for the production site, not the country.

5. Is every cut documented — with date, project assignment and remnant status? The passport demands traceability to end use. Remnants explicitly belong here, because they can later be sold as standalone slabs in their own right.

6. Are performance data (DIN EN 1926, 12371, 12372, 14231) available for the material and linked to the article master? The test reports usually exist. The question is whether they are digitally attached to the material or sit in the "Certificates 2024" binder.

7. Is there a CO₂ or EPD figure per material? The DNV makes IBU EPDs available for many natural stones. Anyone who does not assign them to their own materials is throwing away a DPP data point.

Interpretation:

- 0 to 3 yes: The operation needs to build a system by 2027. That is doable, but it is a digitalization project, not fine-tuning. - 4 to 5 yes: The shell is standing. Priority: close the weak spots before customers start asking the questions. - 6 to 7 yes: The operation is prepared. Next step: export interface or pilot project, as soon as the delegated acts define the DPP format.