Automotive companies aren't dealing with one new regulation, but with a growing set of overlapping requirements emerging across markets, several of which require Traceability and Digital Product Passports (DPP), rolling out between 2026 and 2032. Different scopes. Different timelines. But they all need the same thing from the supply chain: structured, verifiable data about what's in the product, where it came from, and how it was processed.

Most companies are still treating each regulation as a separate project. Separate teams, separate data collection, separate timelines. That approach worked when you had one or two obligations to manage. It won't hold when you've got several landing in quick succession, all pulling on the same suppliers for overlapping (but not identical) information.

This article maps out what's converging, when it hits, and why the underlying data challenge is bigger than any single regulation.

What's converging and when

The EU has introduced a cluster of regulations that directly affect automotive manufacturers, battery producers, and their supply chains. Each one targets something different: emissions transparency, battery sustainability, critical material security, end-of-life circularity, responsible sourcing. But they all land on the same operational problem: getting verified data from suppliers across multiple tiers.

The table below maps the regulatory timeline.

The pattern underneath: one data challenge, many regulatory labels

Taken together, these regulations form a coordinated regulatory framework rather than a set of isolated requirements. They build on overlapping data flows, supplier inputs, and verification mechanisms, reinforcing the need for a coordinated approach to supply chain data.

Different regulatory entry points, but a shared operational backbone. Strip away the policy framing, and the requirements start looking highly aligned: 

• Collect structured data from suppliers about materials, components, and processes
• Trace that data across multiple tiers, not just from direct suppliers but from raw material sources
• Verify the data through third-party audits or digital verification mechanisms
• Report or disclose the data in a standardised, machine-readable format

The terminology may differ. "Passport." "Due diligence." "Traceability." "Declaration of Conformity," but the underlying requirement is the same: a reliable, structured data trail running from raw material extraction through to the finished vehicle.

The main variation is depth. Passport obligations mostly require data about the finished product or component. Due diligence pushes further, demanding evidence from the mine, the refinery, and every processing stage in between. But the underlying infrastructure to collect, verify, and structure that data? It's the same. We'll go deeper into each of these regulations in dedicated articles later in this series.

Most companies haven't recognised this convergence yet. They're still running each regulation as a separate compliance workstream. That creates duplication, inconsistency, and a lot of wasted effort when several regulations are pulling on the same supply base within a few years of each other.

One vehicle, many passports

The scale of this challenge becomes clear when you examine a single product.

Take a battery electric vehicle sold in the EU from 2027. That one vehicle could need:

• A Battery Passport for the traction battery, covering cell chemistry, sourcing, carbon footprint, and recycled content (EU Battery Regulation)
• An Environmental Vehicle Passport (EVP) with emissions performance, energy consumption, and durability data (EURO7)
• CRM traceability system for permanent magnets in electric motors and other automotive components, tracing rare earth elements back to their source and reporting on recycled content (Critical Raw Materials Act)
• A supply chain due diligence report for cobalt, lithium, nickel, and natural graphite in the battery (EU Battery Regulation, Article 39)
• Eventually, a Digital Circularity Vehicle Passport (DCVP) covering the vehicle's full material composition, recyclability, and end-of-life handling (ELV Regulation,)
• Component-level passports for parts which may be applicable under the Ecodesign for Sustainable Products Regulation (ESPR)

These aren't just the same data repackaged into different formats. Each regulation asks for different data points, from different parts of the supply chain, at different levels of granularity. A Battery Passport needs cell-level composition data. A CRM label needs rare earth origin tracing for the magnets used in Automotive components and their recycled content. An EVP needs whole-vehicle environmental performance metrics. A due diligence report needs risk assessments from the mining tier.

The suppliers involved overlap, but they're not identical. The data requirements overlap, but they don't match up neatly. Each regulation has its own reporting format, verification requirements, and update cycles. Companies that try to handle these one at a time will end up running multiple parallel data programmes, sending overlapping (but slightly different) requests to the same suppliers, and producing outputs that aren't interoperable.

That's expensive. It's slow. And it creates inconsistencies that auditors will notice.

The smarter play is to recognise that while the outputs differ, they draw from a shared pool of supply chain data. Collect it once, structure it properly, and route it into whatever compliance output you need.

The real bottleneck isn't policy, it's data‍

Most automotive companies understand the rules of the game. The challenge isn’t understanding them, it’s building the practical infrastructure needed to play.

The default tool for supplier data collection in automotive is still the questionnaire: a spreadsheet sent to tier 1 suppliers, asking them to self-report on material origins and composition. Three problems with that, and they get worse as the regulatory load increases.

It doesn't reach deep enough. Several of these regulations require data from raw material sources, which typically sit at tier 3, tier 4, or deeper. Most companies can barely see past tier 1. A supplier assembling battery cells may not know where the cathode manufacturer sources its nickel. Even when that data exists further upstream, it rarely flows down in a structured, verifiable format.

It doesn't scale. When you need data from hundreds of suppliers across multiple product lines for several regulatory frameworks, manual questionnaires collapse. Each regulation asks for slightly different information in different formats, which means overlapping requests that frustrate suppliers and produce inconsistent results. The automotive industry's new Due Diligence Reporting Template (DDRT) is an attempt to standardise this, but standardised templates still need digital infrastructure to process at volume.

It doesn't protect confidentiality. Suppliers across global supply chains, particularly in regions with less established data-sharing norms, are often reluctant to share detailed sourcing or process data. Concerns around intellectual property, competitive positioning, and commercial sensitivity are well-documented barriers to supply chain transparency. Without mechanisms that allow suppliers to share what's required for regulatory compliance while protecting commercially sensitive information, data collection efforts frequently stall.

What a data-driven approach actually requires

If the regulatory landscape converges on structured supplier data, and manual methods can't keep up, what does a modern approach look like? Across automotive supply chain traceability programmes, four building blocks keep coming up.

N-tier visibility, not just tier 1 declarations

Due diligence, battery passports, CRM label: they all need data from raw material sources, not just from direct suppliers. That means building mechanisms for cascading data collection, where requests flow through the supply chain tier by tier and each supplier adds their portion before passing it on. Porsche demonstrated this approach in practice, working with Circularise to trace plastics across multiple supplier tiers while maintaining data privacy. The infrastructure needs to make this operationally feasible, not just theoretically required.

Confidentiality-preserving data sharing

Suppliers won't share sensitive data if they think it'll be visible to competitors or customers downstream. Any system serving this regulatory landscape needs granular access controls. Suppliers share what's required for compliance and auditing, nothing more. No pricing data. No volumes. No proprietary process information leaking out. This is often the difference between getting data and getting nothing, especially from suppliers in regions where data protection concerns run high.

Connected compliance outputs

A single electric vehicle may require multiple, interconnected passports, from component-level like the Digital Battery Passport(DBP), to broader vehicle-level Passports. Setting up a separate system for each type of DPP creates data silos, duplicates effort, and makes it significantly harder to maintain consistency across regulatory submissions. The data collected from your supply chain should feed directly into all of these outputs, along with your due diligence reports, from a single connected infrastructure. A unified approach that serves multiple compliance needs produces more consistent, more auditable results and reduces the burden on both your teams and your suppliers.

Digital infrastructure over manual processes

Questionnaires and spreadsheets can't support compliance at the scale automotive supply chains need. Companies need a dedicated supplier data collection infrastructure that automate data collection, validate incoming data, maintain tamper-proof audit trails, and generate reports for multiple regulatory frameworks at once.

Beyond compliance: the business opportunity

It's easy to look at this regulatory landscape and see only cost and complexity. But there's a different way to read it.

Companies that invest in supply chain data infrastructure now aren't just ticking compliance boxes. They're building capabilities that create real business value:

• Digitalisation at scale. Collecting and structuring supplier data accelerates digital transformation across the supply chain. That same infrastructure improves decisions across procurement, quality, and product development, well beyond what regulators ask for.
• New value from existing data. Once you've got structured supply chain data flowing through a digital system, you can do more with it than file regulatory reports. Carbon footprint optimisation, supply chain resilience measures, supplier benchmarking, material substitution analysis, circular business model development. 
• Stronger customer relationships. OEMs and tier 1 suppliers that can demonstrate verified, transparent supply chains build trust and loyalty that competitors relying on self-declarations can't match. Traceability is becoming a competitive differentiator, not just a regulatory checkbox.

The regulations create the obligation. But the data infrastructure they require also creates lasting operational value.

The road ahead

Supply chain compliance in 2026 isn't about meeting one regulation at a time any more. The convergence means that investing in data infrastructure now prepares you for all of them at once: battery passports, vehicle passports, CRM traceability, material declarations, due diligence reporting, and circularity obligations.

Different names. Different timelines. Different policy origins. Same underlying ask. The sooner companies recognise that, the sooner they can stop building in silos and start building something that lasts.

At Circularise, we provide one platform for traceability across your entire automotive supply chain. We help OEMs and suppliers collect verified data across multiple tiers, protect commercially sensitive information through selective disclosure, and connect that data directly to regulatory outputs. Battery passports, CRM disclosures, due diligence reports, vehicle passports: one data collection process, multiple compliant outputs. You build it once. You don't rebuild for every new obligation.

In the next articles in this series, we'll look at the Critical Raw Materials Act and CRM passports, followed by a deeper dive into battery regulation due diligence and then the ELV Regulation.

‍