Not all battery passport data is public. Annex XIII of Regulation (EU) 2023/1542 organises the information into access tiers so that anyone scanning the QR code sees the public layer, while more sensitive data is reserved for verified parties, national authorities and the Commission. The defining requirement is that this gating must be enforced on the server — the restricted data must never be sent to a public client and then hidden in the interface.
| Access tier | Who can read it | Example data | How accessed |
|---|---|---|---|
| Public | Anyone scanning the QR code | Battery type, manufacturer, basic specs | Open passport URL |
| Legitimate interest | Verified parties with a legitimate interest | Detail supporting repair and repurposing | Authenticated access |
| Authorities | National market surveillance authorities | Compliance and due-diligence detail | Authenticated access |
| Commission | The European Commission | Data reserved to the Commission | Authenticated access |
Why the public layer is deliberately small
The public layer is meant to let a customer, repairer or recycler identify and understand the battery, not to expose commercially sensitive or regulator-only information. The more detailed compliance, due-diligence and life-cycle data sits behind the higher tiers, released only to parties the regulation entitles to it.
- Public: open via the QR code, identity and basic technical data.
- Legitimate interest: released to verified parties for purposes such as repair and repurposing.
- Authorities: available to national market surveillance authorities.
- Commission: data reserved to the European Commission.
Frequently asked
Is all battery passport data public?
No. Annex XIII of Regulation (EU) 2023/1542 defines tiers: a public layer anyone can read via the QR code, plus restricted layers for parties with a legitimate interest, national authorities and the Commission.
Can I just hide restricted fields in the front-end?
No. Access tiers must be enforced server-side. The public endpoint must return only public-tier data; sending restricted data to the browser and hiding it in the interface does not satisfy Annex XIII.