Cross-border eCommerce flows from non-EU countries with direct product delivery to consumers in the European Union have been rapidly growing. Whereas monitoring eCommerce flows for aspects such as Value- Added Tax (VAT), and safety and security already is a high priority, the increasing volumes bring new concerns. Such concerns include how to ensure that the products are sustainably produced and how to ensure a level playing field with products that are produced in the EU or imported via other modes of transport that are subject to more thorough checks at the border. These challenges have become new priorities in EU policy documents. Currently, authorities receive limited information related to eCommerce goods (particularly the low-value consignments that are exempted from duties), which hampers their risk assessment. Recently, Digital Product Passports (DPPs) have been introduced in legislation as a tool to inform consumers, recyclers, and market surveillance authorities about the material and manufacturing aspects of products. These DPPs promise to contain rich data that can be used to enhance both the monitoring and the customs risk assessment of cross-border eCommerce flows. To assess the exact potential and added value of DPPs, we analyze international eCommerce flows in the context of the EU-funded project PARSEC. We identify potential areas where DPPs can be relevant for eCommerce monitoring and risk assessment and present follow-up research directions on this topic.
In a recent communication, the European Commission (EC) addresses the rapidly growing volumes of eCommerce flows. A specific concern is related to the low-value consignments below 150 euros that are currently exempted from customs duties. Approximately 4.6 billion low-value items were imported into the EU in 2024, which is more than tripled since 2022 (1.4 billion), corresponding to up to 12 million small items per day [1, p 2]. Monitoring and controlling these eCommerce flows is very challenging. Previous efforts at the EU level were focused on fiscal aspects such as Value Added Tax (VAT collection) and safety and security concerns for cross-border eCommerce shipments. More recently, the EC underlines the urgency to address the broader spectrum of risks and concerns ∗ Corresponding author. † These authors contributed equally. (including non-fiscal concerns). In the 2025 EC Communication, it is stated that: “The surging volume of products that are unsafe, counterfeit or otherwise non-compliant leads to serious safety and health risks for consumers, has an unsustainable impact on the environment, and fuels unfair competition for legitimate businesses, with a significant impact on EU competitiveness in different sectors. The sheer number of products imported directly by consumers in the EU also puts an unsustainable strain on authorities” [1, p.2]
To get a better grip on these eCommerce flows, the EC calls for wider collaboration, including
customs, market surveillance authorities, and other actors. As part of this call, the EC discusses the
potential of strengthened supervisory capabilities through digital tools, with specific attention to the
role of Digital Product Passports (DPPs). DPPs are a new concept introduced by the EU Ecodesign of
Sustainable Products Regulation [
2.1.
Driven by policy developments like the EU Green Deal, its Circular Economy (CE) action plan, the
Critical Raw Materials Act, and other regulations, DPPs are introduced as mandatory tools to disclose
information about a product to consumers, businesses, and authorities. First mandatory DPPs will be
required as of early 2027 for EV batteries, for example, followed by other product categories such as
textiles. Product-specific regulations, such as the Battery regulation, require the mandatory use of
battery passports as of 2027 [
CEN-CENELEC is developing standards to support DPP development and deployment [
According to the 2017 World Customs Organization (WCO) Study Report on Cross-Border
eCommerce, one of the key challenges for the European region is a lack of proper information on
the consignment process [
Looking at customs processes in general and not only eCommerce, poor quality of customs
declaration data persists as a critical problem [
For customs administrations, the more steps are taken between the data source and the party that
is doing the customs filing of the data, the less involved an entity is in the production or supply
chain, and when no recognized standard is involved, the more the perceived likelihood of the data
being trustworthy is reduced [
Looking at data quality, Strong et al. introduce several dimensions to discuss data quality, namely
(1) intrinsic data quality (accuracy, objectivity, believability, and reputation; (2) accessible data
quality (accessibility, access security); (3) contextual data quality (relevancy, value-added, timeliness,
completeness, amount of data) and (4) representational data quality (interpretability, ease of
understanding, concise representation, consistent representation) [
In their report on Customs Innovations for Fighting Fraud and Trafficking in Cross-border Parcel Flows, Männistö et al. state that poor data on international parcel traffic is one of the major challenges for customs [13]. In addition, the legally required super-reduced data sets12 (see also section 4.2, H7 data) by nature, pose a challenge to highly specific risk analysis. But also, the broad threat landscape is a complicating factor, which ties closely with the new priorities that could require authorities to strictly monitor product safety, sustainability, and competitiveness aspects. Attempts to improve customs data included access to external data sources from eCommerce platforms using web crawling [15], as well as using AI algorithms in combination with eCommerce data to predict the accuracy of data in customs declarations [16]. Other studies examined the use of business data enabled by blockchain for improving the data quality and cross-validation of customs declarations [17], [18]. To follow up on these attempts, we explore the potential contribution of DPP data to the data quality for eCommerce risk management, looking at mandatory data but also including possible voluntary external data that can be used for de-risking some of the trade flows. When looking at the use of external data sources for customs, previous research studied them from the perspective of public value concerns, which can be linked to types of risks such as fiscal, safety, security, and nonfiscal risks (see also [17], [19]). It is important to keep these public concern areas in mind when articulating the value of DPPs for border authorities and compliance monitoring, as it extends the existing variety of public concerns for which border authorities already have a broad spectrum of responsibilities. 2.2.2.
Many eCommerce packages arrive by plane and need to be quickly risk-assessed and released. With the growing trade volumes, EU customs authorities are investing in detection technologies, including X-ray scanning and other non-intrusive inspection solutions. A series of EU projects and national initiatives have been focusing on exploring capabilities for detection technologies for customs (see [13], [20], [21]). Typically, detection technologies are used to gain as detailed a scan image as possible of the transported goods without the need to open a consignment. In doing so, customs may compensate for data that is likely to be untrustworthy or confirm the trustworthiness of the data. The potential use of detection technology in parcel and courier flows is the focus of the PARSEC EUfunded project, in which the value of non-intrusive inspection is examined: how a series of detection technologies that either individually or in various combinations can be deployed to obtain a more selective level of detection. This enables de-risking international parcels, thereby reducing the need for slow and laborious manual inspections. DPPs can be examined in their potential to combine with analytics on X-ray and other detection data to facilitate cross-border eCommerce risk assessment. 2.2.3.
Differentiated risk management is seen as a way to deal with large volumes of trade and allow for trade facilitation while enhancing supervision. This differentiated risk management can be observed at the international and the global level, as demonstrated by the American Customs Trade 11External data refers to any information that lies outside customs systems and that is not readily available for customs.” [14, p. 7]. 12https://finance.belgium.be/en/customs_excises/enterprises/customs/e-commerce/h7 Partnership Against Terrorism CTPAT13, and the European Authorized Economic Operator (AEO)14 programs. In the Enforcement Vision of the customs administration of the Netherlands15, differentiated risk management is regarded as a way to facilitate trusted traders and trusted trade lanes, and employing access to external data from business information systems and additional information. This allows customs to use its inspection resources in a more efficient and effective way and to focus on physical inspections of high-risk and unknown consignments from less trusted traders. This differentiated risk management has been developed for traditional trade flows. Early exploration of what it could mean in the eCommerce context, with a focus on the fiscal aspects, has been explored by [22]. In the same vein, the potential of differentiated risk management can be explored for non-fiscal aspects related to eCommerce. DPPs may provide the much sought-after source data directly related to the shipment, compiled by a directly involved entity, for customs purposes, according to a widely recognized standard, if a high level of trustworthiness of data is ensured. 2.2.4.
Links to other authorities, Extended Producer Responsibility, and the export of waste One aspect that deserves attention is the link between eCommerce and the circularity of products, as well as Extended Producer Responsibility16 and links to online sales17. This link may not be immediately evident from a purely import perspective where goods enter the EU market. But at some stage, these goods become waste. Especially for textile products, for regular streams, parties placing the product on the market have a responsibility for the end-of-life collection and treatment of these products. For example, brands may work with collection companies or producer-responsible organizations and pay them a fee to ensure that products are treated responsibly at end-of-life. But what happens when textiles come via eCommerce channels directly to the consumer? These are increasingly growing volumes that also generate waste. When these streams accumulate and become waste that may need to be exported, these goods will again need to be risk assessed by border authorities to evaluate whether they are waste, whether they need to be kept in the EU due to limitations for exporting waste, or are allowed to move on. At the moment, it is very hard to track those streams coming from eCommerce flows. DPPs may play a role in supporting a chain of information promoting efficient risk analysis here as well.
We use a case study approach [26], as case studies are a suitable method for understanding complex
phenomena in a real-life context and gaining qualitative insights. The empirical context for our study
is the PARSEC18 project, where the authors, have gained in-depth insights into the current
eCommerce and couriers flows and into the use of data and detection technologies in the risk
13https://www.cbp.gov/border-security/ports-entry/cargo-security/CTPAT
14https://taxation-customs.ec.europa.eu/customs-4/aeo-authorised-economic-operator_en
15https://www.belastingdienst.nl/wps/wcm/connect/bldcontenten/belastingdienst/customs/about-us/how-wework/balance-supervision-trade-facilitation/enforcement-vision;
17https://www.oecd.org/en/publications/extended-producer-responsibility-epr-and-the-impact-of-onlinesales_cde28569-en.html
18https://www.parsec-project.eu/
assessment process. Specific attention was paid to the data elements that form part of the mandatory
customs declaration data, as well as to the issues and limitations of these data sets. Subsequent
analysis was conducted on data elements envisaged for DPPs. We reviewed the Battery Regulation
which requires mandatory battery passports for, among others, Electric Vehicle batteries as of 2027
[
4.1.
LLooking purely at the delivery part, there is a sender, the package goes to a sorting center and then undergoes aviation security and safety checks, checks by authorities at export, and then it is loaded on a plane. When arriving at the destination, risk assessment and, if needed, further checks are performed by customs and other border authorities, and if the goods are cleared, they can be picked up, brought to a sorting center, and delivered to the receiver. This picture focuses only on the logistics and border authorities' processes. In contrast, in eCommerce, a commercial transaction is involved, where, in many cases, digital platforms play the role of an intermediary, and there are distinct flows of the goods and the payment, which may involve a variety of intermediating actors.
From a sustainability and circularity perspective, there is also the production process, starting
with the sourcing of materials. These processes are very important for controlling non-fiscal aspects.
There is a sales process where the commercial transaction takes place, which is important for levying
duties and taxes, and there is the process of use and end of life, which continues after the goods have
been imported and is relevant from a circularity perspective. Typical procedures and related risk
assessment processes will include transportation security and the imminent security risk analysis
based on the Entry Summary Declaration (ENS) that is provided before loading the goods in the
country of export. Subsequently, shortly before the goods arrive, they need to undergo another safety
and security risk assessment for non-fiscal SHEEE aspects. Finally, there is the fiscal risk assessment
of whether import duties, excise, and VAT are paid correctly. Now, with this last aspect, as the EU
reports indicate, there is a large volume of consignments of low value (intrinsic value below 150
euros), which are exempt from import duties. As the Communication of the European Commission
indicates, and as foreseen in the Customs Reform21, the legislation may be changed to abolish this
19https://cirpassproject.eu/; https://cirpass2.eu/
20https://susproc.jrc.ec.europa.eu/product-bureau/product-groups/467/documents
21https://taxation-customs.ec.europa.eu/customs-4/eu-customs-reform_en
exemption. This would mean that volumes of 4.6 billion packages that enter now and are exempt
from import duties will need to be risk-assessed as well [
Currently, there are several declarations that customs receives when it comes to eCommerce transactions, of which the key declarations are: (1) H1 - Customs declaration for release for free circulation and Special procedure - specific use - declaration for end-use; (2) H7 - Customs declaration for release for free circulation in respect of a consignment benefiting from relief from import duties (intrinsic value under €150); (3) Entry Summary Declaration (ENS). The structure and format of these different types of declarations are harmonized at the EU level. This is regulated by the Union Customs Code. Data requirements are in the Delegated Regulation Act of the Union Customs Code [24] and the formats and codes in the Implementing Regulation Act of the Union Customs Code [25]. For operational use, the EU Customs Data Model can be used22. Here, we examine some data requirements for DPPs as defined in the Ecodesign for Sustainable Products Regulation (ESPR). Delegated Acts for specific products under ESPR that may be relevant for cross-border eCommerce and small value consignments (e.g., textile) still need to be defined. But based on the general description of DPPs and related data, and on the ESPR, we can already identify several data elements that are essential for the DPP.
Important elements will be identifiers; the ESPR mentions several unique identifiers: unique product identifiers, unique operator identifiers, and unique facility identifiers. There will be a central DPP registry where the DPP and key unique identifiers will be registered. ESPR also foresees that the registry shall store the commodity code (a harmonized system (HS) code: a code that is used when goods are imported) for products intended to be placed under the customs procedure ‘release for free circulation’ for entering the EU market. The other DPP data will be kept by the economic operator placing the product on the EU market. It is foreseen that the operator will make a backup copy of the DPP available through a DPP service provider. Beyond these identifiers and commodity codes, other data that may be required are on substances of concern23 present in the product, where they are located, and their maximum concentration. This is an example of a limited data set that may be part of the DPP based on ESPR. Table 1 provides an analysis of some of the key DPP data elements as mentioned in the ESPR and their relevance for eCommerce risk assessment with a view to specific public concerns/risks. 22https://taxation-customs.ec.europa.eu/customs-4/union-customs-code/eu-customs-data-model-eucdm_en and the latest version of the EU Customs model itself is available at https://taxation-customs.ec.europa.eu/customs-4/union-customscode/eu-customs-data-model-eucdm_en 23For further analysis on the topic of substances of concern in ESPR and links to REACH, see Becker (2024), Substances of Concern in Ecodesign and Other EU Law, available at: https://stoffr.lexxion.eu/data/article/19706/pdf/ stoffr_2024_03-005.pdf Table 1 Analysis of key DPP data elements from the ESPR and their relevance for eCommerce risk assessment with a view to specific risks.
DPP data Potential relevance for eCommerce risk assessment
Economic operator identifier
manufactured, this is new information for risk assessment.
If the information is about the seller, exporter, economic operator, declarant, importer, or buyer, this information can be used24 for cross-checking similar data elements in the
ENS, H1, and H7.
Cross-checking with commodity codes and descriptions of goods present in ENS, H1, and H7 datasets.
product safety, waste) Männistö et al. discuss data quality dimensions such as accuracy, granularity, and timeliness [13]. Many examples in Table 1 refer to using DPP data for cross-validation of the ENS or H1/ H7 customs declaration by cross-validating the accuracy of the declaration data and identifying possible mismatches that may signal potential risks. Granularity is an interesting dimension, as DPP data may contain more detailed information (e.g., on substances of concern) than the ENS declaration data. Timeliness is also represented because for data to be of value, it needs to be available when needed. 4.2.2.
Opportunities and challenges of using DPP data for X-ray data analytics for cross-border eCommerce risk management Parcels go through X-ray scanning devices for civil aviation security and safety purposes before they are loaded onboard a plane. This scanning is usually carried out at the airport or an international parcel handling facility by postal or express operators themselves or security service providers acting as their agents. In the PARSEC project, several scanning technologies are being piloted to allow for fast scanning lanes. If something suspicious is noticed, the parcel is sent to a secondary lane with more specific detection technology, which, in case of doubt, can be passed to a third level of detection technology for derisking. This layered approach of using detection technologies upholds the fast speed of handling large volumes and minimizes physical inspections. These architectures of detection technologies are currently primarily used for outbound consignments to check for civil aviation safety and security risks. In view of the broader spectrum of concerns that become a priority in the future for cross-border eCommerce flows, including product safety, sustainability, and economic 24For products to be brought on the EU market concerns, DPPs can potentially play a role in providing trustworthy additional data to improve the overall data quality in customs verification. In addition, DPP data can potentially play a role in combination with detection technologies. For example, having a detailed presumption about what to expect in a consignment when scanning it will enable the application of more efficient algorithms for analyzing detection technology results. This links back to the discussion on DPP to improve data quality. If there are specific substances of concern, these should already be declared in the declaration, but with the DPP, authorities could be more confident in the declaration data quality for use in algorithms for analyzing detection technology results. The detection technology, in combination with the algorithms, may be able to predict with a higher likelihood of correctness what materials or goods are present in what position. This can be a powerful derisking method as well as a threat detection method. For example, if the DPP indicates that there are specific substances of concern in a product, but detection technologies identify with a high degree of certainty that a different composition is present, this may be a strong trigger for further investigations. With the advancement of detection technologies and AI, more accurate information about what the algorithms should look for has the potential to develop more accurate algorithms that perform better over time. 4.2.3.
DPPs and opportunities for differentiated risk management in cross-border eCommerce Differentiated risk management works because companies such as trusted traders and trusted trade lanes are willing to be transparent and show that they are in control of their customs-related operational procedures. This often comes with providing authorities access to more data and assurances about the data and that it has not been tampered with. Going back to the dimensions of data quality of Männistö et al., for differentiated risk management and trusted trade lanes, dimensions like accuracy, completeness, and granularity are very important [13]. DPPs for specific product groups may contain very limited data. We have selected such a limited data set (see Table 1) and discussed how it could be of value to customs. Companies that are already heavily investing in traceability systems may see business benefits of sharing more data than the mandatory DPP data with authorities, building trust, and thereby enabling and receiving trade facilitation by customs. This provides opportunities for access to better quality data in terms of granularity, for example, and gaining more detailed product or material composition information. But there may also be value in the data if companies can provide additional assurances about the accuracy of the data, that it comes from the right source, and that it has not been tampered with. Several technological solutions are being developed on the market to provide such data accuracy and trust layer, including, e.g., the use of verifiable credentials25. Differentiated risk management has received a lot of attention in traditional trade flows and the potential can be explored in the eCommerce context as well. 4.2.4.
Responsibility, end-of-life, and waste management A growing concern for circularity, beyond the moment of import, is what happens with the goods at the end of their life. The import of low-value consignments into the EU grew from 1.4 to 4.6 billion between 2022 and 2024, which is more than 3 billion extra items in two years’ time [1, p.2]. With this growth and in view of the waste these packages will generate at the end of life, it is worth reflecting on how this end-of-life treatment is considered. Businesses are already developing solutions to help online marketplaces meet their Extended Producer Responsibility (EPR) requirements, including the EPR for packaging materials, which will be required in the future26. Although not directly related to 25https://unece.org/sites/default/files/2023-10/WhitePaper_VerifiableCredentials-CrossBorderTrade.pdf 26https://www.ecosistant.eu/en/epr-extended-producer-responsibility-ecommerce/ the eCommerce import process, DPPs may play a role in enhancing transparency on what is happening with the cross-border flows of goods when reaching their re-use and end-of-life phase, the speed with which the goods are disposed of and waste is generated, and what kind of waste flows are generated by the eCommerce imports. These insights may be useful for informing and defining future policies and strategies. As more EPR schemes are introduced, the link between eCommerce flows, EPR schemes, and how to monitor their enforcement, as well as the role of DPP, deserves future research.
The EU is determined to take measures so that EU authorities can gain a better grip on commerce eCommerce flows. DPPs are seen as one element that can contribute to a solution. This paper makes a contribution based on in-depth knowledge of eCommerce risk assessment processes and identifies potential areas where DPPs can potentially support authorities to gain more control over eCommerce flows. In Table 2, we present four future research topics where DPPs can potentially contribute in this context. Namely, (1) as an additional data source to address fiscal, safety, and security but also non-fiscal concerns such as sustainability and product safety, (2) as an additional source that can also support the detection technology analytics processes, (3) as an enabler to introduce differentiated risk management in the eCommerce context, and (4) as an enabler to make links between eCommerce, Extended Producer Responsibility and end-of-life/waste flows risk management. In Table 2, we also present the important issue of governance and upscaling, as for DPPs to be of value, they need to be implemented and upscaled by businesses, and authorities need systems in place to access and use DPP data as an external data source.
upscaling challenges need to be overcome to enable the ultimate use of DPP to improve cross-border eCommerce risk management
The EU faces enormous eCommerce flows, and these flows are expected to grow. Among these many small consignments that flood the EU markets, there are products that do not (fully) comply with the product safety, sustainability, and circularity requirements that products must meet before being put on the EU market. In this paper, we explored the potential of DPP data to improve the grip on eCommerce flows in the context of the PARSEC project. Our analysis confirms that DPPs have the potential to contribute to enhancing control and cross-border risk assessment of eCommerce flows. We identify several areas for future research to prepare for DPP utilization. When addressing the research challenges highlighted in the discussion section, it is important to consider the urgency by a stepwise identification of short-term scenarios while keeping the long-term objectives in mind.
This research was partially supported by the European Union’s Horizon Europe research and innovation program through the PARSEC project (EU Grant Agreement No. 101073963) and by the State Secretariat for Education, Research, and Innovation (SERI) of Switzerland (Contract Number 22.00232). Ideas and opinions expressed by the authors do not necessarily represent those of all partners. Special thanks also to Micha Slegt and Norbert Kouwenhoven from the Customs Administration of the Netherlands, Valentin Dethier from Belgian Customs, for their support, inputs, and comments on the paper, as well as the PARSEC Security Advisory Board for their review. Special thanks also to the members of the CIRPASS 2 community for the very insightful discussion on the role of DPPs for eCommerce.
The authors have not employed any Generative AI tools. [12] W. Hofman, J. Migeotte, M. Labare, B. Rukanova, and Y.-H. Tan, “Using Business Data in Customs Risk Management: Data Quality and Data Value Perspective,” in EGOV2021. Lecture Notes in Computer Science, 2021, vol. 12850, pp. 103–116, doi.org/10.1007/978-3-030-84789-0_20. [13] T. Männistö, C. Morino, and J. Hintsa, Customs Innovations for Fighting Fraud and Trafficking in
Cross-border Parcel Flows. CBRA, CH, 2021. [14] T. Mannisto, J. Hintsa, and V. Tsikolenko, “Enhancing Customs Risk Management with External
Data,” CBRA, 2021. [15] B. Rukanova et al., “Identifying the value of data analytics in the context of government supervision: Insights from the customs domain,” Gov. Inf. Q., vol. 38, no. 1, p. 101496, 2020, doi: 10.1016/j.giq.2020.101496. [16] H. Chen, B. van Rijnsoever, M. Molenhuis, D. van Dijk, Y. H. Tan, and B. Rukanova, “The use of machine learning to identify the correctness of HS Code for the customs import declarations,” IEEE 8th Int. Conf. Data Sci. Adv. Anal., 2021, doi: 10.1109/DSAA53316.2021.9564203. [17] B. Rukanova et al., “Public value creation through voluntary business to government information sharing enabled by digital infrastructure innovations: a framework for analysis,” Gov. Inf. Q., p. 101786, Jan. 2023, doi: 10.1016/j.giq.2022.101786. [18] L. Segers, J. Ubacht, Y.-H. Tan, and B. Rukanova, “The use of a blockchain-based smart import declaration to reduce the need for manual cross-validation by customs authorities,” in Proc.20th Annual Int.. Conf. Digital Government Research, June 2019, pp. 196–203, doi: 10.1145/3325112.3325264. [19] B. Rukanova et al., “Realizing value from voluntary business-government information sharing through blockchain-enabled infrastructures: The case of importing tires to the Netherlands using TradeLens,” in ACM Int. Conf. Proc. Series, 2021, pp. 505–514, doi: 10.1145/3463677.3463704. [20] S. Kolokytha et al., “Improving customs’ border control by creating a reference database of cargo inspection X-ray images,” Adv. Sci. Technol. Eng. Syst., vol. 2, no. 3, pp. 60–66, 2017, doi: 10.25046/aj020309. [21] F. Heijmann, Y. H. Tan, B. Rukanova, and A. Veenstra, “The changing role of customs: Customs aligning with supply chain and information management,” World Cust. J., vol. 14, no. 2, pp. 131– 142, 2020, doi: 10.55596/001c.116423. [22] B. Rukanova et al., “eCommerce Platforms Evaluation Framework,” in EGOV2021. Lecture Notes in Computer Science, 2021, vol. 12850, pp. 103–116, doi: 10.1007/978-3-030-84789-0. [23] CIRPASS Consortium, “Mapping of legal and voluntary requirements and screening of emerging
DPP-related pilots,” 2023. [24] European Commission, “Commission Delegated Regulation (EU) 2015/2446 detailed rules concerning certain provisions of the Union Customs Code” OJ, L191/1, pp. 1–557, 2015. [25] European Commission, “Commission Implementing Regulation (EU) 2015/2447 of 24 November 2015 laying down detailed rules for implementing certain provisions of Regulation (EU) No 952/2013 Union Customs Code,” OJ, L343/558, 2015. [26] R.K, Yin, “Case study research: Design and methods”, Vol. 5, Sage, 2009.