DPP Kit

Whitepaper

From Pilot to Production Credentials in Days: The DPP Kit Approach to UNTP

A Technical Whitepaper on Accelerating UNTP Implementation

Published: March 2026
Version: 1.2

Who This Is For

Supply chain businesses facing EU ESPR compliance deadlines
UNTP practitioners implementing credentials for multiple clients
Conformity Assessment Bodies (CABs) issuing compliance credentials
Industry consortiums piloting supply chain transparency

Executive Summary

The UN Transparency Protocol (UNTP) is becoming the global standard for supply chain data exchange. The technical specification is solid. The reference implementation exists. And yes, teams can self-deploy.

The challenge isn't cost — it's time, confidence, and the gap between a working reference implementation and a production-grade multi-tenant system your clients can actually use.

DPP Kit bridges that gap. It's built by someone who spent a year running UNTP pilots at scale — from critical mineral mines through refiners, processors, and manufacturers, all the way to Fortune 500 OEMs — and who knows exactly where the friction lives in real deployments.

The platform handles the operational complexity that the reference implementation doesn't: multi-tenant DID management, per-organization cryptographic signing, AI-assisted credential authoring, and built-in Tier 2 conformance validation. Organizations get production credentials in days, not months.

And when UNTP 1.0 is ready and they want to take ownership of their infrastructure, they can — using the exact same DIDs, with no disruption to existing credentials.

1. Why UNTP Adoption Is Harder Than It Looks

The Standard Is There. The Path to Production Isn't.

The UN/CEFACT Transparency Protocol is well-designed. The open-source reference implementation (VCKit) works. Teams can spin up a UNTP-capable system without spending six figures.

What the reference implementation doesn't give you:

  • Multi-tenant identity management — Each organization needs its own cryptographic identity (DID) and signing keys. Wiring this correctly across multiple clients or subsidiaries is where most implementations bog down.

  • A usable interface — The reference implementation is built for developers, not for supply chain managers who need to issue a Digital Product Passport for 200 SKUs without filing a support ticket.

  • AI-assisted credential authoring — Mapping existing product documents to UNTP schemas manually is slow and error-prone at any scale.

  • Conformance confidence — Knowing that every issued credential actually passes UNTP Tier 2 validation requires infrastructure that needs to be built and maintained.

  • Spec maintenance — UNTP is at v0.6. Breaking changes between versions are real. Keeping credentials conformant as the spec matures is ongoing work.

The implementation gap isn't primarily financial. It's operational. Getting from a working local deployment to production-grade multi-tenant infrastructure that practitioners can hand to clients confidently takes significant effort — and the spec is still moving.

Built From Real Pilot Experience

DPP Kit isn't a product built against the UNTP documentation. It's built by someone who ran UNTP pilots for a year across an entire supply chain — from critical mineral mines to Fortune 500 OEMs — and encountered every point of friction that exists between the spec and a working production system.

That operational depth shapes every design decision: which parts of UNTP are stable enough to build on, where multi-tenant identity gets complicated, what practitioners actually need to manage multiple client deployments efficiently, and what "production ready" actually means for credentials that will be scanned by auditors and regulators.

2. What DPP Kit Does

Core Value: Multi-Tenant Cryptographic DID Signing, Done Right

The fundamental operation DPP Kit provides is straightforward: each organization on the platform gets its own did:web identifier and signing keys. When they issue a credential, it's cryptographically signed under their own DID — not the platform's DID, and not a shared issuer.

Acme Corp:         did:web:app.dppkit.io:org:acme-corp
Global Refining:   did:web:app.dppkit.io:org:global-refining
Nevada CAB:        did:web:app.dppkit.io:org:nevada-cab

This matters for trust chains, regulatory reporting, and portability. A credential issued by Acme Corp shows Acme Corp as the issuer — not "issued via DPP Kit." That's the standard working as designed.

Running this correctly across a multi-tenant system — key generation, secure storage, rotation, per-credential signing, DID document hosting — is what DPP Kit handles so practitioners don't have to rebuild it for each deployment.

What's Included

AI Credential Agent
Upload evidence documents — PDFs, Word files, spreadsheets, certificates — and the AI agent maps the data to the appropriate UNTP credential fields. It runs Tier 2 schema validation in a loop, fixing errors automatically until the credential passes. You get a draft with accept/reject control per field. Every AI-generated credential is conformant by default.

Built-in UNTP Tier 2 Validation
Three validation surfaces: pre-flight (before signing), post-issuance (after signing), and a standalone validator UI for checking any credential — yours or a supplier's. Self-hosted, so no dependency on external validation endpoints for production operations.

Full Credential Lifecycle
Issue, store, resolve, update, and revoke. Public verification pages for QR code scanning. GS1 Digital Link identifier resolution linking GTINs to credentials. Status List 2021 revocation. Audit logging.

Multi-Tenant Management
Practitioners manage multiple client organizations from a single dashboard. Each organization has independent identity, isolated credentials, and its own management context. Clients can be onboarded quickly and handed off or migrated later.

Compensation Logic in the Issuance Pipeline
The issuance flow is pseudo-transactional — if any step fails (signing, storage, registration, validation), the pipeline rolls back and cleans up. No orphaned credentials end up publicly accessible from partial failures.

Supported Credential Types

  • Digital Product Passport (DPP) — Product identity, composition, provenance, sustainability claims

  • Digital Facility Record (DFR) — Facility identity, certifications, location

  • Digital Traceability Event (DTE) — Transformation, transaction, and association events

  • Digital Conformity Credential (DCC) — Regulatory certificates, standards conformance, audit findings

  • Digital Identity Anchor (DIA) — Organizational identity for entities in the supply chain

3. The Portability Architecture

DPP Kit as Accelerator, Not Lock-In

One of the explicit design goals of DPP Kit is to be the fastest path to production credentials without creating dependency on our infrastructure.

When an organization issues credentials on DPP Kit, their DID is anchored to their organization slug:

did:web:app.dppkit.io:org:acme-corp

When they're ready to self-host — once UNTP 1.0 is stable and the tooling matures — they can migrate to their own infrastructure and update their DID to resolve from their own domain:

did:web:supply.acme-corp.com:org:acme-corp

Existing credentials remain valid. The DID document update propagates through the standard resolution mechanism. No re-issuance required, no disruption to credentials already in circulation.

This is the right architecture for where UNTP is right now. The spec is at v0.6. Running your own infrastructure while the standard is still evolving carries real maintenance overhead — breaking changes, conformance testing updates, schema revisions. DPP Kit absorbs that overhead during the pilot phase. When UNTP 1.0 ships and organizations want full control, the exit is clean.

Data Ownership

All credential data is exportable via API. Organizations own their credentials and can take them when they go. DPP Kit is infrastructure for the journey to production, not a destination that holds data hostage.

4. Pricing

DPP Kit is in pilot phase. All tiers are 50% off production pricing while we build in lockstep with UNTP toward its stable release.

Free Trial
10 credentials, all types, no credit card required. Enough to validate your data mapping and see conformance in action.

Model — $60/month (pilot price)
200 credentials/month · 1 organization · Email support (48hr)
For organizations running a single-org pilot or small-scale deployment.

Pro — $200/month (pilot price)
1,000 credentials/month · Up to 10 organizations · Priority support (24hr)
For practitioners managing multi-client deployments or organizations running multi-subsidiary pilots.

Enterprise — $1,200/month (Coming Q3 2026)
Unlimited credentials · Up to 20 organizations · 99.9% uptime SLA · Full API access · Dedicated support
For production-scale deployments with integration and SLA requirements.

Early Adopter Program
Sign up for Pro now and get a free upgrade to the full Pro tier at launch — locked in at pilot pricing for your first renewal year. $2,400 value.

5. Use Cases

UNTP Practitioner Managing Multi-Client Rollout

A supply chain consultancy implementing UNTP for clients across battery manufacturing and critical minerals. Each client needs independent organizational identity; the practitioner needs unified management and the ability to demonstrate conformant credentials quickly.

With DPP Kit:

  • Onboard each client as a separate organization with its own DID

  • Use the AI agent to draft credentials from existing product documentation

  • Demonstrate conformant credentials to client stakeholders in the first week

  • Hand off management to the client or migrate to their infrastructure when ready

The practitioner's billable work is governance frameworks, schema mapping decisions, and adoption strategy — not rebuilding credential infrastructure for each engagement.

Battery Manufacturer (EU Battery Regulation)

An EV battery manufacturer preparing for the mandatory Digital Battery Passport requirement coming into force February 18, 2027. The data requirements — carbon footprint, material origin, performance metrics, repairability — are defined. The question is implementation.

With DPP Kit:

  • Stand up production-grade credential infrastructure in days

  • Use the AI agent to map existing product data to Battery Passport schemas

  • Issue conformant credentials with Tier 2 validation on every issuance

  • Build internal process fluency while UNTP 1.0 stabilizes

  • Evaluate full self-hosted deployment for 2027 production volumes

Early implementation means the internal team understands what UNTP actually requires — so when ERP systems add UNTP support, the organization can evaluate those integrations from a position of experience rather than speculation.

Conformity Assessment Body (CAB)

A certification body issuing Digital Conformity Credentials for ISO 14001 environmental audits. Trust chain integrity requires that the CAB's DID is the issuer — not a platform acting on their behalf.

With DPP Kit:

  • CAB gets its own DID; all DCCs show the CAB as issuer

  • Tier 2 validation on every credential satisfies accreditation requirements

  • Revocation dashboard for withdrawn or expired certifications

  • AI agent drafts credentials from audit documentation

Industry Consortium Pilot

Twelve manufacturers in the electronics sector piloting supply chain transparency, each needing independent identity but shared infrastructure for the pilot period.

With DPP Kit:

  • One administrator account manages the consortium structure

  • Each member organization gets its own DID

  • Cross-company credential verification works out of the box

  • All members issuing credentials in the first week

  • Individual organizations can migrate to independent infrastructure post-pilot

6. Getting Started

Step 1: Free Trial
Sign up at dppkit.io — no credit card required. Issue 10 credentials across the types relevant to your use case. Validate conformance. See the public verification page in action.

Step 2: Run Your Pilot
Upgrade to Model ($60/month) or Pro ($200/month) depending on volume and organization count. Use the AI agent to accelerate credential drafting from your existing documentation. Get your internal team fluent with the workflow.

Step 3: Evaluate Your Path Forward
DPP Kit credentials are portable. Once you have pilot experience and UNTP 1.0 is closer, you can make an informed decision about self-hosted infrastructure — with your existing DIDs and credentials intact.

7. Technical Specifications

Architecture

Frontend (Astro + React) — Organization management, credential issuance, public verification pages, dashboard
API (Express) — Multi-tenant orchestration, issuance pipeline, auth, audit logging
VCKit — DID management, W3C VC signing, cryptographic verification
Storage Service — S3-compatible public credential hosting (DigitalOcean Spaces)
IDR Service — GS1 Digital Link identifier resolution
UNTP Validation — Self-hosted Tier 2 conformance testing
AI Agent Pipeline — Document ingestion, credential drafting, validation loop (n8n + Anthropic)
Directus CMS — User management, organization config, credential metadata, audit logs

Standards

  • W3C Verifiable Credentials 1.1

  • W3C Decentralized Identifiers (DIDs) — did:web method

  • UNTP v0.6 Tier 2 conformance

  • GS1 Digital Link (ISO 18975)

  • Status List 2021 (credential revocation)

Identity

Per-organization Ed25519 signing keys. DID documents hosted at app.dppkit.io/org/{slug}/.well-known/did.json. Migratable to organization-owned domains without credential re-issuance.

Supported Identifier Schemes

GS1 (GTIN-14, GLN-13, SSCC), Australian Business Register (ABR), custom internal schemes.

Performance

Credential issuance: <5 seconds · Public verification: <1 second · Uptime SLA: 99.9% (Enterprise tier)

8. Roadmap

Current (Q1 2026)

✅ All 5 UNTP credential types
✅ Per-organization DID provisioning (did:web)
✅ AI Credential Agent with Tier 2 validation loop
✅ Inline UNTP Tier 2 conformance validation
✅ Public verification pages and QR code generation
✅ Revocation management
✅ Multi-tenant organization management

Q2 2026

  • White-label verification pages (custom domains)

  • Enhanced credential relationships (supply chain graph visualization)

  • Selective disclosure support

  • Microsoft Dynamics integration

Q3 2026

  • Enterprise tier (SLA, full API access, dedicated support)

  • SAP integration module

  • Advanced analytics and reporting

  • Multi-language support

Q4 2026+

  • Self-hosted deployment documentation and migration tooling

  • Industry-specific credential templates (automotive, textiles, food & agriculture)

  • Zero-knowledge proof support for sensitive data fields

  • Third-party audit integrations

Q1 2027 — Community Edition (Open Source)

An open-source, single-organization version of DPP Kit — derived directly from the same cloud-hosted codebase that's been tested and refined through real pilots. Built for organizations that want to self-host once UNTP 1.0 is stable, and for the broader community to build on.

This is the natural endpoint of the portability story: start on managed infrastructure while the spec matures, then take ownership of a proven implementation — using the same DIDs, no credential disruption, no migration uncertainty.

Conclusion

UNTP is ready enough to pilot. The reference implementation works. The question for most organizations is how to get from "this works in a dev environment" to production credentials their supply chain partners can actually verify — without rebuilding infrastructure that already exists.

DPP Kit provides the operational layer that the reference implementation doesn't: multi-tenant DID management, AI-assisted credential authoring, built-in conformance validation, and a clean path to self-hosted infrastructure when the time is right.

The platform is built by someone who's been through the full supply chain journey with UNTP — from the mine to the OEM — and who built DPP Kit to solve the problems that actually exist in the field, not the ones that look important on paper.

If you're a practitioner helping organizations adopt UNTP, DPP Kit is the infrastructure that lets you focus on the work that matters: governance, standards alignment, and helping organizations understand what supply chain transparency actually means for their business.

Start with the free trial at dppkit.io
10 credentials, all types, no credit card required.

Questions: support@dppkit.io · Documentation: docs.dppkit.io

About DPP Kit

DPP Kit is built by Xylo Digital. Our focus is removing the technical barriers to UNTP adoption so practitioners can focus on governance, standards bodies can focus on schema design, and organizations can focus on what supply chain transparency means for their business.

Full API access and portable credentials mean no vendor lock-in. We're the accelerator to production, not the permanent infrastructure if you'd rather run your own.

This whitepaper reflects DPP Kit capabilities as of March 2026. UNTP specification continues to evolve at v0.6; DPP Kit maintains conformance with current standards.