Here's something nobody talks about.
When you develop a new electronic product for the EU market, the first thing you need to do is figure out which regulations and standards apply. Sounds simple. It is not.
I've done this for years. Sat down with a product concept, worked through the regulatory landscape, identified the applicable directives, found the harmonised standards, checked the OJEU citations, mapped the test requirements. It's research. Deep, boring, critical research. And it takes days. Sometimes weeks for complex products.
The information is scattered across EUR-Lex, the OJEU, CEN and CENELEC catalogues, IEC webstore, national standards bodies, and a dozen consultancy whitepapers that may or may not be current. There is no single source of truth. There is no "type in your product, get your standards list" tool. There are expensive consultants and there is experience. That's it.
Now add the DPP to this picture.
The stack keeps growing
Take a wireless consumer electronics product with an integrated lithium battery. Something like a Bluetooth speaker or a smart home device. Here's your regulatory map in 2026:
- LVD (2014/35/EU) for electrical safety
- EMC (2014/30/EU) for electromagnetic compatibility
- RED (2014/53/EU) for radio equipment, which also pulls in cybersecurity requirements from 2025
- RoHS (2011/65/EU) for restricted substances
- REACH for SVHC notifications
- Battery Regulation (2023/1542) because you have a lithium cell
- WEEE for end of life take back
- Cyber Resilience Act (2024/2847) for connected devices
- ESPR delegated acts when they hit your product category
- Packaging and Packaging Waste Regulation for what the product ships in
- GPSR (General Product Safety Regulation 2023/988) as the catch all
That's 11 regulatory instruments before you've looked at a single harmonised standard. Each one references different EN, IEC, or ETSI standards. Some of those standards are cited in the OJEU (giving presumption of conformity), some aren't. Some have been withdrawn and replaced but the replacement isn't cited yet. Some conflict with each other in edge cases.
For each standard, you need to check: Is this the current edition? Is it cited in the OJEU? Is there a transition period? Are there national deviations (looking at you, UK post-Brexit)?
I've seen product teams spend more time figuring out what applies than actually doing the compliance work. That's backwards. But it's how the system works.
The DPP adds another layer
Now the ESPR comes along and says: all of this compliance information needs to be structured, linked to a unique product identifier, and accessible through a QR code for the product's lifetime plus 10 years.
Your Declaration of Conformity? Going digital. Your test reports? Referenced in the DPP. Your material declarations? Structured data, not PDFs. Your substance of concern disclosures? Machine readable.
This is actually a good thing in the long run. A unified digital compliance container that aggregates everything in one place, accessible to different stakeholders at different permission levels. That's the vision.
But the execution assumes you know what goes in there. And "know what goes in there" means you've correctly identified every applicable regulation, every applicable standard, every required data field. For every product in your portfolio. Kept up to date as regulations change, standards get revised, and new delegated acts publish.
Why this is an AI problem
This is the thing I think about every day. The regulatory identification problem is textbook AI territory.
You have a large corpus of structured and semistructured text (regulations, standards, guidance documents). You have a product description with technical parameters (voltage, frequency, battery chemistry, intended use, connectivity). The task is matching: given this product, which regulations apply, which standards are relevant, what are the requirements.
A human expert does this through experience and a lot of reading. But the knowledge is fragile. It lives in people's heads. It doesn't scale. When that person leaves the company, the knowledge walks out the door. And the corpus keeps growing.
I've seen teams miss applicable standards because nobody on the team knew they existed. I've seen products go to market with incomplete conformity assessments because the regulatory landscape changed between design freeze and production. I've seen companies pay €15,000 for a consultant to produce a standards list that was outdated six months later.
This is fixable. Not perfectly, not yet. But the combination of structured regulatory databases, product ontologies, and large language models makes it possible to automate the identification step in a way that was not feasible even two years ago.
The real bottleneck
Compliance is not a one time event. It's continuous. Standards get revised. Regulations get amended. New delegated acts publish. Harmonised standards get cited or withdrawn from the OJEU. Transition periods start and end.
For a company with 50 products on the EU market, monitoring all of this manually means someone's full time job is reading the OJEU and checking CEN-CENELEC announcements. Most companies don't have that person. They find out about changes when a test lab tells them, or when a customer asks, or when market surveillance comes knocking.
The DPP makes this worse because now the compliance data isn't just in a file cabinet. It's in a live, publicly accessible digital record that customs and market surveillance can query automatically. If your DPP references a withdrawn standard or contains outdated substance data, that's not just an internal problem anymore. It's visible.
The companies that figure out how to keep their regulatory intelligence current, automatically, are the ones that will navigate this without constant firefighting. Everyone else is hiring more consultants.
And consultants are expensive. The information shouldn't be.