IT-tillämpningar inom handel

This document specifies the requirements for Digital Product Passport (DPP) access rights management, including IT security, data protection, and responsibility transfer between economic operators. It defines the framework for managing confidential information access, while acknowledging that public DPP data requires no access restrictions. The document applies to all product groups subject to DPP requirements under Regulation (EU) 2024/1781, with specific access rights to be detailed in respective delegated acts.

This European Standard establishes a semantic data model of the core elements of an electronic invoice. The semantic model includes only the essential information elements that an electronic invoice needs to ensure legal (including fiscal) compliance and to enable interoperability for cross-border, cross sector and for domestic trade. The semantic model may be used by organizations in the private and the public sector for public procurement invoicing. It may also be used for invoicing between private sector enterprises. It has not been specifically designed for invoicing consumers. This European Standard complies at least with the following criteria: - it is technologically neutral; - it is compatible with relevant international standards on electronic invoicing; - the application of this standard should comply with the requirements for the protection of personal data of Directive 95/46/EC, having due regard to the principles of privacy and data protection by-design, data minimization, purpose limitation, necessity and proportionality; - it is consistent with the relevant provisions of Directive 2006/112/EC [2]; - it allows for the establishment of practical, user-friendly, flexible and cost-efficient electronic invoicing systems; - it takes into account the special needs of small and medium-sized enterprises as well as of sub-central contracting authorities and contracting entities; - it is suitable for use in commercial transactions between enterprises.

This document defines the requirements and frameworks for secure information processing and communication to safeguard integrity, authenticity and reliability in the digital product passport (DPP) data exchange, minimizing product fraud and counterfeiting through data verification and integrity enforcement mechanisms. This document provides a framework for establishing trust, interoperability, and interoperation via secure electronically signed data construct (ESDC) for multi-actor applications, applicable across various sectors and in multilingual environments. Existing hardware and software systems for unique product identification and storage of this identification are to be considered. The following is out of the scope of this document: system architecture for DPP, DPP use cases, secure elements related to data carriers and cryptographic security features for unique product identifiers. NOTE 1 While not disrupting existing traceability and authentication systems, this document facilitates interoperability by introducing an ESDC scheme to be combined with existing data constructs to cover and preserve existing data models. NOTE 2 Annex A includes illustrative examples and references to supporting implementations, intended to demonstrate approaches that promote interoperability across diverse environments. These references are provided to assist stakeholders in selecting appropriate solutions that comply with applicable legal obligations and technical standards, while preserving existing systems.