2026 is shaping up to be a pivotal year for regulatory compliance in the EU, with a wave of new and updated rules affecting industries from packaging and textiles to electronics and batteries. Many of these regulations share a common theme: traceability is no longer optional.

Companies will need to track products, materials, chemicals, and digital elements across complex supply chains. Moreover, they will have to maintain accurate documentation, and ensure compliance through digital systems. Whether it’s PFAS-free packaging, digital product passports for toys and batteries, or ESG reporting across your value chain, traceability solutions will be central to staying compliant, avoiding fines, and protecting your brand.

In this article, we highlight 10 key regulations coming into effect or requiring action in 2026. You can learn what each regulation is about, the timeline, and the traceability obligations that matter most.

1. EU Ecodesign for Sustainable Products Regulation (ESPR): Ban on Destruction of Unsold Consumer Products

Applies from: 19 July 2026
Key deadline: Destruction of unsold apparel, clothing, footwear and accessories prohibited from 19 July 2026
Regulation: Regulation (EU) 2024/1781

What is the ESPR measure on unsold products?

The Ecodesign for Sustainable Products Regulation (ESPR) is a broad EU framework to improve product circularity, durability, and sustainability. One of its landmark provisions is a ban on destroying specific unsold consumer products, beginning with apparel, clothing accessories and footwear. This measure aims to reduce waste and promote reuse, repair, or recycling instead of disposal.

Why was it introduced?

The EU identified the destruction of unsold consumer goods, especially textiles and footwear, as a major waste driver that undermines circular economy goals. By prohibiting this practice, the regulation pushes companies to rethink overproduction and unsold stock management. In addition, it incentivises alternative pathways such as resale, donation, or recycling.

Timeline highlights

• 18 July 2024: ESPR enters into force EU‑wide.
• 19 July 2026: Setting up a digital registry which should store at least the unique identifiers
• 19 July 2026: Ban on destruction of unsold apparel, clothing, footwear and accessories becomes applicable.
• 19 July 2030: The ban extends to medium‑sized enterprises (micro and small enterprises are exempt under certain conditions).

What role will traceability play?

Traceability under this ESPR measure is essential to compliance. Businesses must be able to track unsold inventory and demonstrate how they handle it once it isn’t possible to destroy it.

This includes:

• Recording and reporting unsold products: Companies are required to disclose data such as the number and weight of unsold products discarded each year and the reasons for the discard.
• Proving alternatives to destruction: Traceability systems must show when products are redirected to reuse, donation, repair or recycling, backed by verifiable data.
• Supporting enforcement and transparency: Regulators may check records to confirm compliance, including any documented derogation under which destruction is permitted (e.g., safety or hygiene reasons).

In practice, this will require digital or structured data systems that link product identifiers with inventory actions and disposal outcomes. As a result, it ensures companies can respond quickly to authorities and meet reporting obligations.

1.1 Digital Product Passport (DPP) Roll-Out – Extended ESPR Sectors

Applies from: Mid‑2026 and onwards (phased by sector)
Key deadlines: Specific delegated acts define sectoral requirements; rolling out through 2030
Regulation: Ecodesign for Sustainable Products Regulation (ESPR, Regulation (EU) 2023/2152)

What is the DPP?

The Digital Product Passport (DPP) under ESPR extends beyond textiles, toys, and batteries to other sectors such as furniture, electronics, tyres, mattresses, and energy-related products. The DPP links product information to unique digital IDs, including material composition, repairability, recyclability, and regulatory compliance data.

Why was it introduced?

The DPP is a cornerstone of the EU’s circular economy strategy, allowing regulators, businesses, and consumers to access reliable, interoperable product data. Thus, it promotes transparency, sustainability, and compliance verification across multiple product categories.

Timeline highlights

• Mid‑2026: Preparatory measures for additional sectors; delegated acts define product-specific data requirements
• 2027–2030: Phased roll-out across multiple sectors, with DPP becoming mandatory as each sector-specific delegated act applies

What role will traceability play?

Traceability is central to the DPP:

• Product lifecycle tracking: Material, repair, recycling, and compliance data linked to unique IDs
• Cross-sector interoperability: Data systems must accommodate multiple product types and harmonised reporting standards
• Regulatory verification: Authorities and economic operators can access product information digitally to ensure compliance

Furthermore, businesses will need digital platforms capable of storing, managing, and sharing structured product data across the supply chain to meet DPP obligations.

1.2  Ecodesign for Sustainable Products Regulation (ESPR) – Iron and Steel measures (2026)

Applies from: Expected 2026
Key deadline: First product‑specific requirements for iron and steel adopted in 2026
Regulation: Regulation (EU) 2024/1781

What is the ESPR initiative for iron and steel?

Under the ESPR framework, iron and steel are among the first product groups to abide by sustainability and ecodesign requirements. These measures will focus on reducing environmental impacts by improving:

• Energy and water efficiency,
• Cutting emissions, and
• Enhancing circularity and resource use in the sector.

Why was it introduced?

The iron and steel industry is a significant source of emissions and resource use. Therefore, introducing ecodesign and sustainability requirements aims to:

• Lower environmental footprints across the lifecycle
• Align production with EU climate goals
• Drive innovation in material use and recycling

In addition, ecodesign requirements under the ESPR will operate alongside other EU instruments such as the Emissions Trading System (ETS) and the Carbon Border Adjustment Mechanism (CBAM).

For iron and steel, traceability will be central to demonstrating regulatory compliance with ecodesign obligations. Companies will need to:

• Track product attributes related to environmental performance (e.g., energy use, emissions, resource efficiency).
• Link sustainability data to unique product identifiers (often via Digital Product Passports or similar digital systems).
• Provide evidence to authorities and business partners that products meet performance and sustainability criteria set by the delegated acts.

2. EU Battery Regulation – Digital Battery Passport (DBP)

Applies from: Mid‑2026 (preparatory); mandatory for EV and industrial batteries from 18 February 2027
Key deadlines: Digital Battery Passport mandatory for larger batteries from 2027
Regulation: Regulation (EU) 2023/1542

What is the DBP?

The Digital Battery Passport (DBP) is part of the EU Battery Regulation and requires detailed, traceable digital records for batteries, particularly electric vehicle (EV) and industrial batteries. The DBP contains information on material composition, supply chain origin, carbon footprint, and lifecycle data, enabling safer, more sustainable battery management.

Why was it introduced?

The DBP ensures full lifecycle traceability of batteries, supporting circular economy goals, compliance with sustainability targets, and responsible sourcing of critical and rare materials. It also aids regulators, recyclers, and end-users in tracking battery performance and environmental impact.

Timeline highlights

• February 2024: Core regulation applies
• August 2024: Mandatory CE marking & conformity requirements
• February 2025: Carbon footprint reporting for EV batteries
• February 2026: Carbon footprint reporting for industrial batteries
• August 2026: QR code labels required on batteries
• February 2027: Digital Battery Passport mandatory for EV, LMT & industrial batteries
• August 2027: Due diligence for critical materials applies

What role will traceability play?

Traceability is essential for DBP compliance:

• Material origin tracking: Each battery must have a link to the supplier and the raw material information
• Lifecycle data recording: Companies must capture production, use, recycling, and carbon footprint data
• Digital reporting: Information is stored in interoperable digital systems accessible to regulators and recyclers
  

In practice, this requires robust digital traceability platforms that can link battery IDs to materials, suppliers, and environmental impact data throughout the product lifecycle.

3. EU Toy Safety Regulation

Applies from: 1 January 2026
Key deadlines: Digital Product Passport active from January 2026; full chemical bans phased in through 2030
Regulation: Regulation (EU) 2025/2509

What is the EU Toy Safety Regulation?

The EU Toy Safety Regulation replaces the previous Directive 2009/48/EC, upgrading the rules from a directive to a regulation. This makes the rules identical and immediately applicable across all EU Member States. Its main goals are to ensure the safety of toys, including chemical safety, mechanical safety, and, for the first time, digital and cybersecurity safety for connected toys.

Why was it introduced?

The regulation’s aim is to strengthen safety, reduce chemical risks, and improve supply chain transparency. 

Key drivers include the increasing complexity of toys, including connected or “smart” toys, and the need to verify regulatory compliance across all suppliers and products. This is seen especially as stricter bans on PFAS, bisphenols, and endocrine-disrupting chemicals are phased in. Traceability is now central to demonstrating compliance.

Timeline highlights

• October 2025: Regulation adopted
• 1 January 2026: Regulation enters into force; Digital Product Passport (DPP) system becomes active
• 2027–2028: Main provisions, including DPP traceability, phase in for toys on the market
• 2030: Full chemical bans (PFAS, high-risk bisphenols, endocrine disruptors) take effect

The Use of Digital Product Passport

The Digital Product Passport (DPP) replaces the traditional EU Declaration of Conformity and serves as the central tool for traceability and compliance for toys. Each toy must carry a data carrier, such as a QR code, linking to the DPP, which contains:

• Safety and compliance data: Chemical safety, mechanical tests, and conformity with harmonised standards.
• Origin tracking: Manufacturer, importer, and EU Authorized Representative details.
• Regulatory alignment: Demonstrates compliance not only with the Toy Safety Regulation but also with other applicable EU laws, reducing duplication of declarations.

It is important to note that the DPP must be up to date and digitally accessible to market surveillance authorities, customs, economic operators, and consumers. For imports, customs authorities will be able to automatically verify the existence and validity of the DPP. This will be done via the EU’s central registry and its interconnection with the EU Customs Single Window (CSW-CERTEX). As a result, this will allow non-compliant toys to be blocked at the border, supporting both risk-based enforcement and supply chain transparency.

By creating the DPP and affixing the CE marking, manufacturers declare full responsibility for the toy’s compliance. Meanwhile, the system ensures that traceability data is easily accessible, interoperable, and ready for regulatory checks.

What role will traceability play?

Traceability is now mandatory for every toy that enters the EU market:

• Digital Product Passport (DPP): Each toy must carry a data carrier (likely a QR code) linking to a digital file containing chemical safety data, technical documentation, and origin tracking (manufacturer, importer, and Authorized Representative).
• Chemical compliance: Batch-level lab results must be stored to prove the absence of PFAS, bisphenols, restricted endocrine disruptors, and fragrance allergens. This ensures recycled or cross-contaminated materials don’t introduce banned substances.
• Connected toys and cybersecurity: Manufacturers must track software versions, updates, and digital risk assessments, including documentation that digital functions do not pose risks to children’s privacy or mental health.
• Customs enforcement: The DPP will be scanned at EU borders, and shipments without a valid digital passport can be blocked automatically.

In other words, toy manufacturers and importers will need robust digital traceability systems to link each product to its passport, store batch-level chemical results, and maintain compliance documentation for regulatory authorities.

4. EU Deforestation Regulation (EUDR): Traceability for Forest-Risk Commodities

Applies from: 30 December 2026 for large operators; 30 June 2027 for SMEs
Key deadline: Proof that commodities are deforestation-free (since 31 December 2020)
Regulation: EU Regulation 2023/1115

What is the EUDR?

The EU Deforestation Regulation (EUDR) sets strict rules for commodities linked to deforestation. It applies to products such as cattle, cocoa, coffee, palm oil, rubber, soy, and wood, requiring companies to prove that the materials were sourced from deforestation-free land. The regulation combines due diligence obligations with mandatory traceability and supply chain mapping.

Why was it introduced?

Unquestionably, deforestation is a major driver of biodiversity loss and climate change. The EUDR ensures that commodities imported into or produced in the EU do not contribute to illegal deforestation, while promoting transparency and responsible sourcing across global supply chains. 

Traceability is central: companies must demonstrate the exact origin of raw materials and prove that the land has not been deforested since 31 December 2020.

Timeline highlights

• 2023: Regulation adopted (EU Regulation 2023/1115)
• December 2024 and December 2025: The EU amends the regulation, introducing simplification measures to reduce administrative costs and burden for companies.
• 30 December 2026: Compliance begins for large and medium operators, and for micro and small operators already covered by the EU Timber Regulation (EUTR)
• 30 June 2027: Compliance begins for micro and small operators not previously covered by EUTR

What role will traceability play?

Traceability is mandatory under the EUDR. Companies must:

• Track geolocation data: Record latitude and longitude for every plot where raw materials are produced.
• Link data to batches or lots: Ensure that satellite or mapping data can be connected to specific shipments to prove regulatory compliance.
• Document supplier compliance: Maintain records and evidence for audits or inspections.
  

In this case, this means implementing digital traceability systems capable of linking geospatial data to physical products throughout the supply chain. Without these systems, demonstrating compliance and legally placing forest-risk commodities on the EU market will be impossible.

5. Packaging and Packaging Waste Regulation (PPWR)

Applies from: Mid-2026
Key deadline: PFAS banned from packaging from August 2026
Regulation: Regulation (EU) 2025/40

What is the PPWR?

The Packaging and Packaging Waste Regulation (PPWR) replaces the existing Packaging Waste Directive and introduces a single, EU-wide set of packaging rules. Unlike a directive, PPWR applies directly in all Member States, reducing national interpretation and strengthening enforcement.

Its focus is on cutting packaging waste, improving recyclability, and removing harmful substances from packaging materials.

Why was it introduced?

Packaging waste is growing faster than any other waste stream in the EU, while enforcement under the previous directive was fragmented. Authorities often lacked the data needed to identify who placed non-compliant packaging on the market or to verify material and chemical claims.

Consequently, PPWR addresses this gap by making traceability and record-keeping mandatory, enabling faster market surveillance and enforcement across borders.

Timeline highlights

• February 2025: The regulation entered into force
• Mid-2026: PPWR starts to apply across the EU
• August 2026: PFAS (“forever chemicals”) banned in packaging
• December 2026: EU Commission to report on substances of concern
• January 2030: Key recyclability targets begin applying
• 2030-2040: Progressive reuse, recycling, and recycled content targets

Some countries are moving faster. Denmark and France, for example, are introducing earlier or broader PFAS bans, increasing the need for consistent, EU-wide traceability for companies operating in multiple markets.

What role will traceability play?

Under PPWR, companies must be able to trace packaging throughout the supply chain and show who placed it on the market. Economic operators are required to retain transaction and compliance information so authorities can trace non-compliant packaging back to the responsible party.

Traceability must also cover material composition, including proof that restricted substances such as PFAS are not present, and extend into packaging waste, where Member States must ensure quality control and traceability of waste streams.

Specifically, this means businesses need reliable, preferably digital, systems that link packaging, materials, suppliers, and products, and that can respond quickly to regulatory checks.

6. Revised EU Waste Shipment Regulation: Mandatory Digital Tracking (DIWASS)

Applies from: 21 May 2026
Key deadlines: DIWASS mandatory from 21 May 2026; export ban on plastic waste to non-OECD countries from 21 November 2026
Regulation: Regulation (EU) 2024/1157

What is the Waste Shipment Regulation?

The revised Waste Shipment Regulation modernises EU controls on cross-border waste movements. Namely, it replaces paper-based tracking with a digital system (DIWASS), making all shipments traceable in real time. Accordingly, the regulation applies to all intra-EU movements, imports, and exports, with stricter rules for certain hazardous or plastic wastes.

Why was it introduced?

Paper-based tracking was slow, fragmented, and prone to fraud, making illegal waste exports difficult to control. Hence, the regulation ensures full traceability of waste shipments, reduces administrative burden, and improves enforcement against illegal trafficking.

Timeline highlights

• 20 May 2024: Regulation enters into force
• 21 May 2026: DIWASS (Digital Waste Shipment System) becomes mandatory for all intra-EU notifications and tracking
• 21 November 2026: Export ban on plastic waste to non-OECD countries takes effect
• 21 May 2027: New export procedures and broader export controls start to apply

What role will traceability play?

Traceability is at the heart of this regulation. Companies must:

• Digitally submit all notification documents and Annex VII forms; paper forms are no longer valid
• Link shipments to DIWASS in real time, either via the portal or through ERP/Waste software APIs
• Ensure compliance with export restrictions, with immediate alerts if a shipment is not recorded in DIWASS

In practice, every waste shipment becomes a tracked asset. If authorities stop a shipment that isn’t in DIWASS, it is automatically flagged as illegal. As a result, this can potentially result in fines, seizure of goods, and enforcement actions. Therefore, Digital traceability systems are essential for regulatory compliance and operational control.

7. General Product Safety Regulation (GPSR): Traceability and Documentation Requirements

Applies from: 13 December 2024
Key deadlines: Full traceability and documentation systems expected to be operational by 2026
Regulation: Regulation (EU) 2023/988

What is the GPSR?

The General Product Safety Regulation (GPSR) replaces the older General Product Safety Directive and provides a modernised framework for consumer product safety across the EU. It applies to all products sold both online and offline, making safety rules directly applicable in every EU Member State.

Why was it introduced?

The GPSR was introduced to strengthen consumer protection and ensure a consistent approach to product safety in the EU single market. By requiring companies to systematically document and trace products, the regulation supports recalls, safety interventions, and enforcement across borders.

Timeline highlights

• 13 December 2024: Regulation enters into force
• 2026: Companies should have fully operational traceability, documentation, and digital record systems to comply with audits and market surveillance requests
• 13 December 2026: Commission publishes report on interconnection between information systems under GPSR and the Safety Gate Portal, including potential improvements or new interfaces
• 13 December 2027: Commission assesses modalities for removing illegal content from online marketplaces via the Safety Gate Portal; may propose legislation
• 13 December 2029: Commission evaluates the regulation, including Articles 16, 18, 22, 25, and 44, assessing consumer protection effectiveness, impact on businesses (especially SMEs), penalties, and implementation outcomes; may propose legislative changes

What role will traceability play?

Traceability under the GPSR is mandatory and multi-layered:

• Product identification: Every product must be clearly identifiable and traceable through the supply chain using batch numbers, serial numbers, or other unique identifiers.
• Technical documentation: Companies must maintain a file demonstrating product safety and compliance, similar in purpose to a Digital Product Passport. This file must be accessible on demand by market surveillance authorities.
• EU Authorised Representatives: For non-EU manufacturers, the authorised representative must maintain and provide access to the product’s safety and traceability documentation.

In short, this means companies need digital traceability systems that link product identifiers to compliance records, lab reports, and other documentation, ensuring products can be audited quickly and effectively.

8. Cyber Resilience Act (CRA): Early Reporting Timeline & Digital Product Data

Applies from: 11 September 2026 (early reporting)
Key deadlines: Full CRA compliance from 11 December 2027
Regulation: Regulation (EU) 2024/2847

What is the CRA?

The Cyber Resilience Act (CRA) establishes EU-wide cybersecurity requirements for products with digital elements, such as hardware, software, or connected devices. Hence, it sets rules to ensure products are designed securely and remain safe throughout their lifecycle.

Why was it introduced?

Due to digital products being increasingly integrated into daily life, vulnerabilities can have serious safety, privacy, and economic impacts. The CRA introduces early reporting obligations to ensure rapid detection and mitigation of cybersecurity incidents, while also requiring structured documentation of digital product components and risk assessments.

Timeline highlights

• 11 September 2026: Mandatory reporting of cybersecurity vulnerabilities and incidents to ENISA and national CSIRTs begins
• 11 December 2027: Full CRA compliance applies, including security-by-design, risk management, and lifecycle obligations

What role will traceability play?

Traceability under the CRA focuses on digital product and supply chain data rather than physical products:

• Incident and vulnerability tracking: Companies must record and report incidents and vulnerabilities in a structured, traceable format, ensuring regulatory deadlines and follow-ups are met
• Lifecycle documentation: Detailed records must be maintained for product cybersecurity design, software components, updates, and risk assessments
• Supply chain data traceability: Traceability systems help track which components and software versions are deployed in which products, making it possible to trace potential vulnerabilities or affected batches

In this case, companies will need digital platforms that can link software components, versions, and security records to specific products, allowing for auditable reporting, fast incident response, and full compliance once the CRA obligations fully apply in December 2027.

9. Corporate Sustainability Reporting Directive (CSRD): Structured Supply Chain Data for ESG Reporting

Applies from: 2026 (rolling implementation for different company sizes)
Key deadlines: Reporting on 2025 and 2026 performance due in subsequent years; thresholds adjusted in late 2025
Regulation: Directive (EU) 2022/2464 (CSRD)

What is the CSRD?

The Corporate Sustainability Reporting Directive (CSRD) is an EU framework requiring companies to disclose detailed environmental, social, and governance (ESG) information. It expands on the Non-Financial Reporting Directive and aligns reporting with digital platforms such as the European Single Access Point (ESAP).

Why was it introduced?

The CSRD was introduced to standardise ESG reporting across the EU and ensure that companies provide transparent, verifiable data on their environmental and social impacts. Moreover, it covers the full value chain, requiring firms to collect reliable sustainability data from suppliers and upstream partners.

Timeline highlights

• 2025: Omnibus simplification and threshold changes reduce obligations for smaller companies, but large firms remain fully covered
• 2026: Reporting requirements continue rolling out for large companies and listed SMEs; collection of value-chain sustainability data is essential
• Subsequent years: Reports on 2025 and 2026 performance due via ESAP in machine-readable, structured formats

What role will traceability play?

Traceability is critical for CSRD compliance, even though the regulation itself is not a traceability law:

• Value chain reporting: Companies must gather reliable ESG data from suppliers and partners across multiple tiers
• Digital reporting formats: Data must be structured, verifiable, and machine-readable, creating the need for traceable data pipelines
• Materiality tracking: Firms must identify and disclose the most significant environmental and social risks in their operations and supply chains

Altogether, this drives demand for traceability systems that can link sustainability data to specific suppliers, products, and business units, ensuring companies can consolidate, verify, and report ESG information accurately to regulators, investors, and stakeholders.

10. EU Conflict Minerals Regulation: Traceability of 3TG

Applies from: Already in force (EU Regulation 2017/821)
Key deadlines: Continuous compliance for importers of tin, tantalum, tungsten, and gold (3TG)
Regulation: EU Regulation 2017/821

What is the Conflict Minerals Regulation?

Firstly, the regulation requires importers of 3TG minerals to ensure they are sourced responsibly from conflict-affected and high-risk areas. Therefore, companies must implement due diligence processes and maintain traceability systems linking minerals to mines, suppliers, and smelters.

Why was it introduced?

The regulation aims to prevent the trade of minerals that fund armed conflicts and encourages responsible sourcing throughout the mineral supply chain. Traceability is crucial to demonstrate regulatory compliance and avoid illegally sourced minerals entering the EU market.

Timeline highlights

• 2017: Regulation adopted and entered into force
• Ongoing: Importers must maintain traceability, due diligence, and annual reporting for all 3TG imports

What role will traceability play?

Traceability is mandatory under the Conflict Minerals Regulation:

• Supply chain mapping: Companies must track minerals from mines through smelters, refiners, and importers
• Due diligence documentation: Records must be available for audits and regulatory inspections
• Risk management: Traceability enables the identification of conflict risks and corrective actions

In this case, digital traceability systems allow importers to link batch-level mineral data to suppliers and verification reports, ensuring compliance with EU law and international standards.

Conclusion

To sum up, 2026 is more than just a year of new regulatory compliance deadlines; it marks a shift toward a fully traceable, digitally managed supply chain across sectors. From chemical bans and sustainable product passports to cybersecurity reporting and ESG transparency, the ability to collect, manage, and share reliable data is now critical.

In addition, companies that invest early in digital traceability systems will not only meet regulatory requirements but also gain operational visibility, reduce risk, and strengthen market trust.

Finally, the takeaway is clear: traceability isn’t just a compliance checkbox, it’s the backbone of 21st-century supply chains. Preparing now will make 2026 the year your business is ready for the future of regulatory compliance.