The United Nations Transparency Protocol (UNTP) by UN/CEFACT is the emerging global standard for how digital product passports and verifiable credentials are built, signed and checked. It is deliberately lightweight and vendor-neutral - a shared language that regional binding regimes such as the EU product passport can build on, instead of every jurisdiction and every vendor inventing its own format.
UNTP has put version 0.7.0 out for public review. Until version 1.0 is released, every person and every organisation can give feedback through an open register. We submitted six comments. Two of them have already drawn a response from the working group - and one changed our own code.
This should not be confused with the EU consultation we also took part in: that one was about the binding DPP register of the EU Commission. UNTP is the layer beneath - the global, technical foundation that the EU register and other regimes can rest on.
Why we help write the global standard
A product passport that only one vendor’s software can read and verify is not a passport - it is a silo with a nicer name. The point of a DPP is that a buyer, a recycler or a market-surveillance authority can check the data with any conformant tool, not just with ours. Where exactly that conformance is defined is decided in the standard. We would rather help write it than inherit it.
1. Proofs that outlive decades (#678)
The current UNTP profile mandates enveloping proofs via W3C VC-JOSE-COSE: the signature wraps the document as a JWT. For a passport that has to be archived, mirrored and retrieved by its content address for ten years, the alternative has clear advantages. Embedded proofs via W3C Data Integrity stay inside the document itself, survive any redistribution, and canonicalisation via the JSON Canonicalization Scheme (RFC 8785) yields a stable content hash for version tracking. We proposed allowing the eddsa-jcs-2022 cryptosuite as an equivalent conformance option. Why a passport has to outlive its issuer in the first place, and how cryptographic proofs make that possible, we explored in the post on signatures and certificates.
This comment did not just draw a response - it changed our own verifier. With Transpareo Time Machine 2.0.0 (20 June 2026) we moved from a reduced in-house profile to the standards-conformant W3C cryptosuite eddsa-jcs-2022. Any Data Integrity verifier can now check a Transpareo passport, not just our own tool. We did not merely call for interoperability, we shipped it.
In the same comment we raised two related points: robust guidance on how long a status list must stay reachable, with the option to reconstruct revocation status from lifecycle events if needed; and idempotent rendering from a semantically rich data model, so that any conformant renderer displays the same passport identically, without shipped rendering instructions.
2. A single algorithm for the whole trust chain (#683)
How a verifier gets from the issuer’s DID via the Digital Identity Anchor to the register and on to the production facility is today described in prose spread across several pages - but not as a single algorithm. We proposed a step-by-step verification algorithm for the entire trust chain: credential integrity, mapping the issuer DID to anchor and register, matching the conformity criteria, resolving the production facility. Without this one authoritative description, independent implementations read the scattered paragraphs differently and reach different verdicts on whether a passport is genuine. This comment, too, prompted a response from the working group.
3. Tiered disclosure of a single passport (#679)
A regulated passport has to serve several audiences: the general public, legitimate stakeholders such as recyclers, and authorities each see different slices of the same passport - the EU Battery Regulation requires precisely this. We argued for treating this tiered disclosure as a first-class case, rather than bolting it on afterwards as per-recipient encryption.
4. Multilingual content in the data model itself (#680)
UNTP currently carries human-readable values as single-language strings. In regulated, multilingual markets that is not enough - a passport valid across the whole EU needs its text in several languages at once. We proposed using JSON-LD language maps, so that a single value carries all of its language versions. Transpareo ships passports in 39 languages today - we feel this gap every day. How we handle this breadth of languages at all we describe in the post on AI translation.
5. Long-term verifiability as an architecture question (#681)
Related to the first point, but more fundamental: proofs, DID documents and status lists have to stay resolvable across a decade, otherwise an old passport can eventually no longer be checked even though it was valid. We asked for non-normative guidance on keeping keys, DID documents and status lists durably reachable - a question that only arises years later and belongs in the standard today for exactly that reason.
6. A bridge to the EU product passport (#682)
UNTP is deliberately a lightweight B2B passport. The EU product passport is a binding regime with its own attribute list. Implementers need an explicit mapping between the two - a profile that shows how a UNTP passport feeds the mandatory fields of a regulatory passport. We work at exactly this seam every day, which is why we called for the bridge.
Why we do this
A standard gets better when the people who actually sign and verify passports speak up - not only those who write about them. Two of our six comments already have a response, one has moved our verifier to the standards-conformant cryptosuite. That puts us no longer at the edge but in the expert circle of the supply chain working group.
For our customers this is not an end in itself. The more precise and vendor-neutral the global standard, the safer their investment: their passport data stays exportable and verifiable with any conformant tool. No lock-in, no format that stands or falls with a single provider.
Who wants to take part
The public review is still open. Every submitted point is out in the open on the public UNTP issue register. The supply chain working group meets regularly by video call; the dates are on the UNTP governance page. Anyone who will issue or verify product passports - manufacturers, service providers, recyclers, authorities - should read over the open points at least once. Even a short, technically precise piece of feedback carries weight.
And anyone who wants to verify a Transpareo passport independently today can do so with Transpareo Time Machine - since version 2.0.0 with exactly the cryptosuite we argued for in the UNTP profile.