The EU mandated Digital Product Passports. Simple enough on paper: every product needs lifecycle data aggregated from multiple suppliers across the value chain. Battery manufacturers, recyclers, logistics providers, retailers — all contributing to one unified record.

By 2027, this will affect an estimated 30+ product categories across the EU market. Batteries first. Then textiles. Then electronics. The list keeps growing.

There’s just one problem.

There’s no infrastructure to do this.

The Omnibus delays happened because vendors couldn’t deliver. Not because they lacked ambition or funding. Because the underlying infrastructure doesn’t exist, multiple organisations can’t easily write to shared registries that regulators can access.

Who’s going to fill this gap? And on whose terms?

Who controls the data of Product Passports?

This isn’t a DPP problem. It’s a systemic gap that shows up across every central compliance mandate:

ViDA (VAT in the Digital Age): Real-time invoice data from multiple processors, accessible to tax authorities across borders. What happens when your French supplier’s invoice system can’t talk to German tax authorities? Someone has to bridge that gap.

CSRD/CSDD: Sustainability data aggregated across entire supply chains — not just your operations, but your suppliers’ suppliers. Your Scope 3 emissions require verified data from dozens of partners, each running different systems. Good luck with that spreadsheet.

Real-time taxation: Transaction data flows to authorities in real time. The Dutch Tax Office is already piloting this—point-of-sale systems that calculate and transfer VAT in real time. It works. But it requires infrastructure that doesn’t exist at scale.

The common thread: multi-party data aggregation with auditability. Multiple organisations contribute data to shared registries that regulators (and sometimes consumers) can access.

Current infrastructure can’t do this. It wasn’t designed for cross-organisational data flows. And if we wait for the gap to become painful enough, we know who will fill it.

Your supply chain data is locked up in a platform

What do consultancies sell today for compliance?

SAP. Oracle. Microsoft Dynamics: platform solutions.

For single-company operations, platforms work fine. Your ERP handles your invoices. Your sustainability software tracks your emissions. Your product management system logs your inventory.

But DPP, ViDA, and CSRD don’t stay inside your walls. They require cross-organisational data flows - multiple suppliers, multiple systems, one coherent record.

Here’s where platforms break down:

Vendor lock-in. Your data lives in their system. Their database, schema, and access rules.

Single point of control. One vendor, one failure point, one set of terms that can change with their next board meeting.

Interoperability nightmare. Connecting Platform A to Platform B requires expensive custom integrations. Every new supply chain partner means another integration project.

Dependency. Switch costs are enormous once you’re in. They know this. Their business model depends on it.

Platforms weren’t designed for multi-party compliance. They were designed to keep you inside.

And here’s the risk nobody’s talking about: if Big Tech builds the compliance infrastructure, and they will try, platform lock-in will occur at the regulatory level. Your compliance data, supply chain records, tax information, and sustainability reporting are trapped in another walled garden.

Not because of technical necessity. Because of business models.

Platform vs. Protocol: The Difference That Matters

The distinction isn’t technical pedantry. It determines who controls your compliance infrastructure for the next decade.

• Platform Infrastructure

  • Data ownership: Vendor’s database

  • Switching cost: Expensive migration project

  • Interoperability: Custom integrations per partner

  • Who controls rules: Vendor/shareholders

  • New partner onboarding: Integration project

  • Regulator access: Negotiate with vendor

• Protocol Infrastructure:

  • Data ownership: Public registry you can access from anywhere

  • Switching cost: Change provider, keep your data

  • Interoperability: Built in by design

  • Who controls rules: Locked protocol — nobody

  • New partner onboarding: Already compatible

  • Regulator access: Direct registry access

The Protocol Alternative

What if the data layer were a shared protocol instead of a proprietary platform?

Think about email. Gmail, Outlook, and ProtonMail all use the same underlying protocol: SMTP. You can switch providers without losing your contacts. They compete on user experience, security features, and storage —not on holding your data hostage.

That’s possible because email is built on an open protocol that anyone can access.

Applied to compliance infrastructure:

• Shared registries for product data (DPP), invoice data (ViDA), and sustainability data (CSRD)

• - Multiple service providers can read and write to these registries

• - Data is portable by design

• - No single vendor controls the infrastructure

How it works in practice: a shared coordination layer acts as the registry — notarised, auditable, tamper-proof. Multiple providers can index and access the same data. The organisation retains ownership of its contributions.

Interoperability isn’t bolted on. It’s built in.

The result: switch providers without migration headaches. Regulators get the access they need without relying on a single vendor’s cooperation. Supply chain partners can collaborate without all using the same platform. Competition is driven by service quality, not data lock-in.

The protocol doesn’t care who you use to access it. It just works.

How to interface with this protocol?

Building on protocol infrastructure requires specialised knowledge that most enterprises don’t have — and shouldn’t need.

UTXO architecture and cryptographic primitives. Digital identity standards like eIDAS and GLEI. Data mapping and protocol standards. Stablecoin integration for value transfer. Compliance-specific data models that regulators actually accept.

The reality is simple: enterprises want to connect their supply and demand data to the registries required by regulators. They don’t want to become protocol engineers.

That’s where abstraction layers matter.

Think of how Stripe handles payments. You don’t integrate with Visa, Mastercard, or any individual bank. You integrate with Stripe once, and they hold the complexity. The payment network exists underneath. Stripe makes it accessible.

That’s what we’ve built at mintBlue. The protocol infrastructure exists. The complexity is objective. But enterprises need a layer that abstracts it—integrate once and access shared compliance registries.

Protocol infrastructure at scale isn’t theoretical. We’ve processed 50 million transactions in a single day on a decentralised infrastructure. The technology works.

The key difference from platforms: no lock-in. The protocol is public. You could build your own stack and still interoperate with everyone using the same registry. We make it easier.

Think of it like an ISP. We provide access to the network. We don’t own the network.

Auditability Without Surveillance

One underappreciated advantage of protocol infrastructure: built-in audit trails.

Every transaction and every data contribution is notarised in the shared registry. This enables:

Supply chain traceability. Trace faulty batches back to origin — critical for DPP compliance and recalls.

Compliance verification. Regulators can verify claims without needing full data access.

Accountability. Every claim can be traced to its source. No more “the data was lost in translation.”

Here’s the part that matters for competitive businesses: you can prove something happened without revealing everything. Verify a product’s journey without exposing supplier pricing. Confirm compliance without opening your books.

Privacy for businesses, transparency for oversight — not the other way around.

Platforms can’t offer this. They either share everything or nothing. Protocol infrastructure gives you granular control over what you prove versus what you disclose.

Independence, Not Sovereignty

This isn’t about Europe vs. America. It’s about independent infrastructure vs. dependent infrastructure.

Dependent:

• Your compliance data lives in a vendor’s cloud

• - Their terms, their jurisdiction, their business model

• - Switch costs keep you trapped

• - When they change, you change

Independent:

• Your compliance data lives on a public protocol

• - You choose your access provider

• - You can switch, you can self-host

• - The protocol doesn’t change based on shareholder meetings

For enterprises: resilience, optionality, negotiating power. You’re never stuck because the protocol doesn’t care about retention metrics.

For regulators: access without depending on a single vendor’s cooperation. No need to negotiate with Big Tech for visibility into your own economy.

For the ecosystem, innovation can happen at the application layer without permission from the infrastructure owner. Anyone can build. Anyone can compete.

The compliance mandates are coming regardless. The question is whether we build independent infrastructure now or accept dependent infrastructure later.

What’s Your Compliance Data Architecture?

If you’re facing DPP, ViDA, or CSRD compliance and wondering how to aggregate data across your supply chain without locking into a single vendor, this is worth a conversation.

Protocol-based infrastructure is a new territory for most consultancies. We’ve been building it for years.

What compliance mandate is forcing you to rethink your data architecture?