Data Regulation, Platform Power, and the Future of Digital Product Passports for Mobile Devices
What a platform-economics model of data sharing and siloing reveals about DPP design
A recent paper by Krämer and Shekhar, which was showcased in the Platform Papers, provides a useful framework for understanding why digital product passports for mobile devices are likely to evolve into multi-sided data platforms rather than remain simple compliance records.1 Although this academic paper does not discuss digital product passports directly, its analysis of data sharing, data siloing, innovation, and welfare helps explain the strategic and regulatory choices that will shape the next generation of mobile-device circularity infrastructure. See:
Krämer, J., & Shekhar, S. (2025). Regulating digital platform ecosystems through data sharing and data siloing: Consequences for innovation and welfare. MIS Quarterly, 49(1), 123-154.
The paper’s central argument
Krämer and Shekhar study how regulation affects a dominant digital platform that operates in a primary market and then uses data from that market to compete in a secondary market. Their core finding is that both data sharing and data siloing reduce the incumbent’s incentive to innovate, but the welfare effects differ sharply: data sharing can improve competition and overall welfare, while data siloing is generally harmful because it shrinks the data pool and weakens innovation across markets.
Critically, the two policies are not independent dials — they interact. The amount of data available for mandated sharing depends directly on how much siloing takes place. The more data is walled off, the less there is left to share. This means a sharing mandate layered on top of a strict siloing regime accomplishes very little, because there is little left in the pool to redistribute. The authors’ policy implication is not simply “favor sharing over siloing,” but rather that policy works best when siloing is minimized and sharing is as broad as practical.
This distinction matters because the paper treats data as a nonrival input that creates demand-side economies of scope across markets. In practical terms, value is created when data generated in one context can improve outcomes in another, and value is lost when policy blocks that reuse too aggressively.
Four governance outcomes
The interaction between siloing and sharing is easiest to see laid out as a 2x2 matrix. Siloing runs on the vertical axis, which shows how much data is walled off by default before any sharing rule is applied. Sharing runs on the horizontal axis, which shows how much of what remains is actually made available across the ecosystem.
Reading the quadrants against mobile-device DPP governance outcomes:
Permissioned data platform (low siloing, high sharing). This is the paper’s optimal policy outcome, mapped onto device data. Activation, usage, repair, and grading data are captured broadly rather than walled off by default, and access to that pool runs through clear, auditable permissions rather than informal arrangements or closed defaults. This is the condition under which a DPP behaves like real infrastructure. It improves grading, pricing, and trust for every participant who touches the device, not just the actor who captured the data first.
Sparse data pool (low siloing, low sharing). Data isn’t locked away, but there is little incentive to contribute. Any actor that shares its slice — repair history, grading data, condition records — risks handing a free advantage to competitors who contribute nothing in return, so contribution stays low even though nothing is technically blocking it. In a DPP context, this looks like inconsistent schemas, informal data exchange between a few partnered firms, and no reliable way for a new entrant to know what’s available or how to request it. The pool exists, but it’s sparse, and it’s not usable at platform scale.
Data islands (high siloing, low sharing). The passport becomes exactly what critics fear: a compliance artifact rather than a value added platform. Each lifecycle actor — OEM, carrier, repair network, resale marketplace, or ITAD firm — holds its own closed record, and almost nothing crosses organizational lines. This is the default outcome if DPP architecture is built around proprietary data vaults from the start, and it doesn’t require any single actor to be the cause; it emerges whenever every party in the chain treats its own slice of data as proprietary.
Hollow mandate (high siloing, high sharing). This is the quadrant regulators should worry about most. A rule requires broad sharing, but because the underlying architecture was built siloed, there is very little left in the pool to actually share. This is the practical trap facing frameworks modeled on the EU’s Digital Markets Act: a sharing obligation imposed after the fact on a siloed system produces compliance paperwork, not a functioning data layer.
The matrix makes the paper’s key policy point concrete: sharing mandates and siloing rules aren’t substitutes for each other, and you can’t regulate your way out of a siloed architecture after the fact. The quadrant a DPP regime lands in is determined largely at the design stage, not the enforcement stage.
Why this matters for mobile-device DPPs
That logic maps well onto digital product passports for mobile devices. A mobile-device DPP can be more than a record of compliance or provenance; it can become a shared data layer connecting OEMs, carriers, repairers, refurbishers, recyclers, marketplaces, insurers, regulators, and consumers across the device lifecycle.2
Seen this way, DPPs have the potential to become multi-sided data platforms. Data generated upstream at manufacture, activation, usage, repair, grading, and recovery can improve decisions downstream in resale, refurbishment, warranty management, parts harvesting, and materials recovery. The passport becomes valuable not only because it stores information, but because it enables controlled data flows among actors who create and capture value in different stages of the circular economy.
It is worth using the paper’s market structure to make this concrete, though the mobile-device case has an added wrinkle that Krämer and Shekhar’s two-market model doesn’t fully capture. In the model, a data-rich platform incumbent holds a built-in advantage because it controls data generated in a primary market it already dominates, while a rival only closes the gap if sharing obligations are strong enough. In a mobile-device DPP context, the OEM typically holds that primary-market position. It accumulates manufacturing, activation, and early usage data by default, simply by being closest to the device at the start of its life. But a device’s lifecycle doesn’t stay inside the OEM’s view.
As the device moves through trade-in, repair, resale, and recovery, each subsequent party generates and controls its own slice of data that the OEM never sees: a repair network holds its own diagnostic and parts-replacement records, a resale marketplace holds its own grading and pricing history, an ITAD firm holds its own recovery and materials data. The OEM’s upstream advantage doesn’t shrink this problem, it compounds it. The ecosystem ends up with several siloed pools controlled by different actors at different lifecycle stages, none of whom can see the others’ data by default, rather than one incumbent and a set of data-poor rivals. That is what makes a shared, permissioned ledger structurally necessary rather than optional. No single party, including the OEM, actually holds the full picture on its own.
This is precisely why a shared, permissioned device ledger is strategically important — and why is a coordination problem, not just an access problem. The goal isn’t to redistribute data away from a single dominant holder; it’s to connect pools that are each individually incomplete. A ledger that only forces the OEM to share solves a fraction of the problem if repair networks, resale marketplaces, and ITAD firms keep their own slices walled off in turn. The Data islands quadrant doesn’t require one actor to be the villain — it emerges by default if every party in the lifecycle treats its own data as proprietary, which is the more likely failure mode than a single incumbent locking everyone else out.
From compliance tool to platform infrastructure
The paper is especially useful because it clarifies what separates a thin passport from a high-value platform. If DPP rules or system design force too much siloing, then the passport may fragment into data islands with limited utility for pricing, diagnostics, trust, and circular-market coordination.
If, by contrast, the system supports governed data sharing, the passport can improve quality verification, lower information asymmetries, and support more competitive secondary markets. That is the platform move: the passport shifts from being a static repository to becoming a transaction-enabling infrastructure layer for billions of dollars in trade-ins, resale, repair, refurbishment, and recovery activity tied to mobile devices.
Implications for DPP creation
For DPP creation, the paper suggests that architecture and governance matter as much as technical compliance. The important design question is not only what data goes into the passport, but who can contribute, who can access, under what permissions, and in what format data can move across the ecosystem.
A key implication is that DPP architecture should avoid building siloing in by default. Proprietary data vaults, closed condition-grading systems, and walled-garden trade-in programs all function as siloing mechanisms — regardless of which actor in the lifecycle builds them, whether OEM, repair network, resale marketplace, or ITAD firm — even when they are not labeled that way. Once the starting architecture is built around closed pools, later sharing requirements can help, but they cannot fully recreate the value of jointly captured data that never existed in the first place — which is exactly the hollow-mandate problem the matrix illustrates.
A workable mobile-device DPP will therefore need interoperable standards, role-based access, auditable permissions, and shared schemas that support circular use cases across firms. In strategic terms, the passport should be designed as an ecosystem layer that enables coordinated value creation rather than as a proprietary database optimized for one actor alone.
Implications for regulation
The paper’s strongest policy lesson is that regulators should be careful not to undermine value creation by overemphasizing siloing. In the authors’ model, strict siloing reduces the amount of usable data, weakens innovation in both the primary and secondary markets, and lowers overall welfare.
The EU’s Digital Markets Act is the paper’s own case study in this failure pattern: Article 5(2) imposes data siloing on gatekeepers by default, while Article 6(11)’s sharing mandate applies narrowly, to search engines only.3 That combination is directly relevant to how DPPs get regulated under frameworks like the EU’s Ecodesign for Sustainable Products Regulation. If DPP rules default to siloed data architectures at any stage of the lifecycle and only mandate sharing in narrow circumstances, they risk reproducing the same welfare-reducing pattern. This lands squarely in the hollow-mandate quadrant, where the rule exists but the data pool underneath it doesn’t. The better approach is to favor controlled data sharing and interoperability over rigid restrictions that keep lifecycle data trapped within organizational boundaries.
Privacy, security, and competition safeguards still matter, but the objective should be to open access without shutting down the cross-market data flows that make circular systems smarter and more efficient. The paper also suggests that technical limits matter: full, real-time, granular sharing is often difficult, so practical governance mechanisms such as federated learning, data trusts, and privacy-preserving access controls may be necessary in addition to legal rules.4
Implications for platform strategy and DPP data infrastructure
For platform strategy, the paper reinforces the idea that the future battle over DPPs will not be only about compliance, but about ecosystem control, data access, and standards leadership. Firms that help define the rules of access, verification, interoperability, and trusted exchange may shape the economic center of gravity in circular mobile-device markets.
This creates a strategic tension. Every actor in the lifecycle has some version of the same incentive to resist broad sharing — OEMs, but also repair networks, resale marketplaces, and ITAD firms — because each one’s proprietary slice supports its own trade-in programs, service offerings, or downstream pricing power. Dominant firms have significant data at stake, and therefore often fear opening it up. But the broader industry gains more when the passport becomes a permissioned multi-sided platform that expands participation, supports innovation by data-deficient actors, and improves trust and transaction efficiency across the ecosystem.
Why the stakes are large
The mobile-device secondary market — trade-ins, resale, repairs, refurbishment, and end-of-life recovery — is already estimated at over $70 billion and growing rapidly. DPP infrastructure could reshape how those transactions are verified and priced. That is why the Krämer and Shekhar paper is useful beyond its immediate digital-platform context: it provides an economic explanation for why data governance choices will determine whether DPPs unlock market-wide value or merely add a new layer of administrative burden.
The practical takeaway is clear, and the matrix above is a reasonable test to apply to any DPP proposal on the table: does the architecture start from low siloing, and does the sharing rule apply to a pool that’s actually worth sharing? If digital product passports for mobile devices are built as open but permissioned data platforms, they can become an enabling infrastructure for competition, circularity, and higher-value transactions. If they are built around siloed compliance, they are far less likely to deliver the innovation and welfare gains that policymakers and industry participants are anticipating.
Footnotes
Krämer, J., & Shekhar, S., p. 124.
Ibid, p. 136.





