UNTP-aligned JSON-LD: what it actually means (and what it doesn't)

The UN Transparency Protocol (UNTP) is the most concrete, vendor-neutral framework for digital product passports today. It's also one of the most over-claimed terms in the DPP marketing landscape. This guide unpacks what UNTP actually specifies, what "UNTP-aligned" should mean on a vendor's website, and what to ask when a vendor says they "support UNTP."

What UNTP actually is

UNTP is an open specification published by UN/CEFACT covering:

• Core vocabulary — types like DigitalProductPassport, Product, Conformity, MaterialProvenance
• JSON-LD context — versioned @context files that map vocabulary to URIs
• Identity Resolver — RFC 9264-aligned linkset model for resolving GS1 Digital Link URLs to passport content
• Decentralized Trusted Credential model — for credential issuance and verification

The DPP and Identity Resolver specifications are explicitly framed as "suitable for pre-production pilot implementations." That framing is intentional and important — it means UNTP is converging on a stable interface, but the spec is not yet a finalized v1.0.

What "UNTP-aligned" should mean

When a vendor says "UNTP-aligned JSON-LD output," a defensible meaning is:

1. The output is valid JSON-LD with an @context array that includes the UNTP vocabulary URI (https://vocabulary.uncefact.org/untp/)
2. Core fields use UNTP vocabulary terms — DigitalProductPassport, materialProvenance, producedAtFacility, certification, etc.
3. Vendor-specific extensions live in a clearly-namespaced extension (e.g., ss: for SellSafely) so they don't pollute the UNTP vocabulary
4. The output validates against external JSON-LD parsers (the jsonld npm library, the UNTP playground, etc.)

What it does not mean:

• ❌ "Full UNTP VC issuance" — UNTP credentials are W3C VCs, which add a separate signing layer most DPP vendors don't yet ship
• ❌ "Certified UNTP-compliant" — there is no certification body for UNTP today
• ❌ "Production-ready conformance" — UNTP itself says pre-production

How SellSafely uses UNTP

We output UNTP-aligned JSON-LD as a parallel artifact to the human-readable public passport. Same passport URL, content negotiation:

GET /01/{gtin14}                 Accept: text/html       → human passport
GET /01/{gtin14}                 Accept: application/ld+json → JSON-LD
GET /01/{gtin14}/passport.jsonld → JSON-LD download

Our @context looks like:

{
  "@context": [
    "https://vocabulary.uncefact.org/untp/",
    "https://schema.org/",
    { "ss": "https://schema.sellsafely.ai/" }
  ]
}

The ss: namespace holds SellSafely-specific extensions (snapshot version, view type, signature reference) that aren't part of UNTP core. Keeping them namespaced means downstream parsers can ignore them safely.

What we don't claim

• We do not issue W3C Verifiable Credentials today. The signing/verification layer is on the roadmap; what ships now is JSON-LD plus a SellSafely-specific signature pointer.
• We don't claim conformance to a finalized UNTP spec because there isn't one yet.
• We don't claim to replace certified material-ledger systems (see Material Allocation vs Material Ledger).

How to evaluate any vendor's UNTP claim

Three quick checks:

1. Show me the JSON-LD. A vendor that says "UNTP-aligned" should have a downloadable sample JSON-LD on their public site. If they don't, the claim is hand-waving.
2. What's in the @context? It should include https://vocabulary.uncefact.org/untp/. If it just says "schema.org" or has only vendor-specific URIs, it's not UNTP-aligned.
3. What do they explicitly say they don't claim? A vendor that's honest about not issuing full VCs is more credible than one that uses "UNTP-compliant" without qualification.

If you'd like to inspect the SellSafely sample, /sample-passport has all three sectors with downloadable JSON-LD. No signup, no email gate.