How to map Tier 2-3 of your textile chain: a 6-phase protocol to reach the DPP with verifiable data

Why the data framework governs over technical integration

The ESPR Regulation and the preparatory technical studies show that most of the sustainability attributes required for the DPP are not generated at the assembly stage (Tier 1). According to the CIRPASS consortium (D2.1, section 3.1.1), the "Upstream data provider (cradle to gate)", which includes material manufacturers and logistics providers, is responsible for supplying the data on technical specifications, material composition and supply chain history. This means that between 60% and 70% of the required datapoints are generated before garment assembly, in the material links of the chain (see the technical manual of the textile DPP under ESPR for more detail).

The ESPR Regulation, in its Article 7(5), requires documenting the presence of Substances of Concern (SoC), stating their name, location within the product and maximum concentration. Garment manufacturers often do not know the exact chemical formulation of the dyes or flame-retardant treatments applied in Tier 3. That is why a generic traceability viewer, connected before establishing the information-exchange framework with these actors, solves nothing: the data does not yet exist. The difference is made by a platform that embeds that readiness framework —model clauses, data mandate, structured questionnaires— and guides the correct order from day one.

For large companies (>1,000 employees and net turnover >€450M according to Recital 7 of Directive 2026/470), the urgency is even greater. Article 25.1 of the ESPR prohibits the destruction of unsold consumer products from 19 July 2026. Determining recycling or donation options requires knowing the exact composition of the product, a piece of data that depends entirely on Tier 2. Contractual mapping is the only technical route to ensure the data flows from origin all the way to the DPP's decentralised repository.

Phase 1 (weeks 1-2): inventory of Tier 1 garment makers

Formalise an exhaustive, structured inventory of Tier 1 (garment makers and direct assemblers). This is not a list of trade names, but a register of unique identifiers. Article 9 of the ESPR specifies that identifiers must be based on internationally recognised standards.

Carry out the creation of a control matrix in the format "1 row per garment maker × 5 mandatory columns":

1. Legal Company Name: the exact corporate name under which contracts are signed. 2. Unique Operator Identifier (UOI): the unique identifier of the economic operator. Use the GS1 Global Location Number (GLN) or the format set out in the ISO/IEC 15459-6 standard. 3. Unique Facility Identifier (UFI): the unique identifier of the physical facility where assembly takes place. An operator may have multiple UFIs. 4. Geographic Coordinates / Structured Address: the physical location for carbon footprint calculation and audit. 5. Compliance Contact: the name, role and email of the person with legal authority to sign contractual annexes related to the DPP.

Success criterion: a tabular file (CSV or relational database) where 100% of active Tier 1 suppliers have their five columns verified. No new order should be placed with a supplier that lacks a UOI and a UFI.

Phase 2 (weeks 3-6): model contractual clauses

The exchange of technical data requires a legal mandate. Draft and deploy contractual clauses on the supply of data for the DPP. For new contracts: the main body. For existing suppliers: an addendum or amendment.

The contractual clause specifies three non-negotiable elements:

1. Cascading disclosure obligation: the Tier 1 supplier assumes the legal obligation to collect, document and transfer ESPR data in respect of its own suppliers (Tier 2 and Tier 3). If Tier 1 buys fabric from a weaving mill (Tier 2) and yarn from a spinning mill (Tier 3), Tier 1 is responsible for executing the data flow towards the brand.

2. W3C VC and JSON-LD data format: compliance data (composition declarations, REACH tests) is delivered as Verifiable Credentials (VC) under the W3C Verifiable Credentials Data Model 2.0. The required serialisation format is JSON-LD. This ensures compliance with Article 10(1)(d) of the ESPR, which requires interoperable and machine-readable formats.

3. Penalty for non-compliance (SLA): the absence of composition data, refusal to disclose the Tier 2 UFI, or delivery of data that cannot be cryptographically verified is classified as a product quality defect. A textile product without its data twin is deemed unfit for sale in the EU market, entitling the brand to withhold payments or apply direct financial penalties.

Success criterion: documented signature of the amendment by all Tier 1 suppliers representing at least 80% of the season's purchasing volume.

Phase 3 (weeks 7-12): Tier 2 questionnaire

With the contractual framework active, launch primary data collection towards Tier 2 via a standardised questionnaire. A technical, closed instrument, designed to map the critical parameters set out by the JRC and the European directives in force.

The questionnaire contains 15 standardised questions covering four critical dimensions: geographic identification of the process (country of origin, UFI), exact material composition (percentages per fibre, polymer source), chemical processes applied (list of auxiliaries, REACH and SVHC declarations) and supporting documentary evidence.

The geographic identification breaks down the chain by process: country of origin of the fibre (Tier 3), country of spinning, country of weaving, country of dyeing, country of finishing. Opacity over any of these five links forces the Tier 1 garment maker to justify, with documentation, the impossibility of obtaining the data.

The questions on chemical evidence require REACH tests and SVHC declarations with a date, issuing laboratory and signature. These documents are transmitted as attachments or as Verifiable Credentials (Phase 2). Success criterion: a questionnaire completed by at least 80% of active Tier 1 garment makers.

Phase 4 (months 4-6): random documentary audit

Full documentary validation of every supplier is unfeasible on cost grounds. Phase 4 carries out a random statistical audit over 10% of the Tier 2 suppliers identified in Phase 3, prioritising the highest-volume spinning mills and dye houses and suppliers in geographies of high regulatory risk.

The audit verifies three dimensions: (a) the match between questionnaire declarations and physical certificates, (b) effective traceability of the fibre lot through to the final finished product, (c) the technical validity of the verifiable credentials issued (the laboratory's cryptographic signature, date, scope of accreditation).

Success criterion: signature of an audit report documenting identified gaps, corrective actions required of suppliers and agreed remediation deadlines. Any critical gap that compromises the integrity of the DPP data must trigger the contractual penalty mechanism from Phase 2.

Phases 5-6 (months 6-12): JRC matrix + federated DDR+DIDs architecture

Phase 5: [JRC 145830](/recursos/glosario/jrc-145830-metodologia-dpp) Table 13 matrix × responsible party × source

Build the three-dimensional documentary control matrix. Table 13 lists approximately 35 mandatory datapoints organised into 6 thematic blocks (fibre composition, geographic origin, production processes, tested durability, care instructions, end-of-life routes).

The matrix crosses three axes: - X axis (Data Point): the required parameter (water consumption, carbon footprint, spare components, end-of-life instructions). - Y axis (Responsible party): the actor obliged to generate the data (Tier 3 spinning mill, Tier 2 dye house, Tier 1 garment maker, Brand). - Z axis (Source/Format): the source system (ERP, PLM, scanned PDF, JSON-LD) and the granularity (model, lot, item).

Phase 6: Federated DDR + DIDs architecture

The ESPR Regulation and the CIRPASS framework (D3.2) do not prescribe a centralised database. They propose a decentralised system. Configure the data in Decentralized DPP Data Repositories (DDR).

Assign a Decentralized Identifier (DID) to each product (model or lot, depending on the applicable delegated act). The DID acts as the vault key. The unique product identifier (Product UID) printed on the label or GS1 Digital Link QR code will point to a resolver. This resolver, operated by the brand or a third-party provider, redirects the HTTP request to the exact location of the DDR where the Tier 2 and Tier 3 data resides in JSON-LD format.

Apply a Policy Decision Point (PDP) to manage access permissions. Sensitive commercial Tier 2 data is not exposed to the end consumer; instead it is reserved for market surveillance authorities and authorised recyclers, in line with the role-based access requirements documented in CIRPASS.

For brands that want to execute this complete protocol without reinventing it every season: [DPP](/recursos/glosario/dpp) Readiness — the TraceWeave module that ships with the model contractual clauses, the standardised [Tier 2](/recursos/glosario/tier-1-2-3)-3 questionnaires, the pre-loaded [JRC 145830](/recursos/glosario/jrc-145830-metodologia-dpp) matrix and the federated architecture ready for the delegated act, all embedded. The correct order of the phases comes out of the box; there is no need to reinvent it at every brand. → Discover DPP Readiness