Do QR codes expire? What actually makes a QR campaign stop working

Someone scanned a flyer your agency printed eighteen months ago, and nothing happened. The camera focused, the little notification slid up, they tapped it, and landed on a 404. The client wants to know why a code that worked at launch is dead now. So here is the question that follows every QR campaign around: do QR codes expire?

The honest answer is two answers. The QR code itself, the black-and-white square, never expires. It has no clock, no counter, and no kill switch. But almost everything behind the square can expire, and when it does, the code stops working just as surely as if it had a built-in expiry date. Understanding the difference is the whole game, because it is the difference between a campaign you can rescue and one your client has to reprint.

This guide explains what actually expires, why a code that scanned fine last year can fail today, and how to print a campaign that keeps working for as long as the poster is on the wall.

The short answer: the square is permanent, the chain behind it is not

A QR code stores its data directly in the pattern of squares. That encoding is defined by the international standard ISO/IEC 18004 and was invented by Denso Wave in 1994 to track car parts on a Toyota production line. Nothing in that standard puts a timestamp, an expiry flag, or a "phone home" check inside the symbol. A static code printed on paper encodes one fixed string of characters, and it will encode that exact string in a hundred years.

So as a piece of printed information, a QR code does not expire. Denso Wave, which holds the original patent and has chosen not to enforce it, is clear that the format is free to use as long as you follow the standard. There is no licence to lapse and no subscription baked into the ink.

What expires is the chain of things the square points at. A QR code is only useful because it sends a phone somewhere, and "somewhere" is a stack of moving parts: a URL, the domain that URL lives on, possibly a redirect service in the middle, a security certificate, and a web page at the end. Every link in that chain has its own way of dying. The square outlives all of them, which is exactly why a permanent symbol can produce a dead scan.

What actually "expires" in a QR campaign

The diagram above lays out the chain behind the square: the five links a working scan depends on, and where each one can break.

1. The destination URL or page. The link still resolves, but the page behind it was deleted, moved, or renamed. The visitor gets a 404.
2. The domain. The whole web address lapsed or was not renewed, so there is nothing to resolve at all.
3. The redirect provider. For a dynamic code, a third-party service sits in the middle and forwards the scan. If that service shuts down or your account lapses, the forward dies.
4. The security certificate. The page is alive but its TLS certificate expired, so the browser throws a full-screen security warning before the visitor ever sees the content.
5. The print itself. Ink fades, vinyl peels, sunlight bleaches the contrast, and eventually the camera can no longer read the pattern.

Take them one at a time, because the fix for each is different.

The destination URL or domain dies

This is the classic static-code trap. A static QR code has the destination URL baked straight into the pattern, so the moment that URL stops working, the code is dead and there is nothing you can do to it. You cannot edit a static code. If the landing page was a seasonal promotion that got taken down, or the domain was registered by a client who later stopped paying for it, every printed copy fails at once and the only remedy is a reprint.

Domains are the quieter risk. A client lets a campaign microsite lapse, a registration auto-renew fails on an expired card, and a perfectly legible code now points at a parking page full of ads. The square is fine. The address it names is gone.

The redirect provider shuts down

Dynamic codes solve the "can't edit it" problem by encoding a short link on a provider's domain and forwarding each scan to wherever you currently point it. That is what lets you change a code's destination without reprinting. But it introduces a new dependency: the provider has to stay alive for the redirect to work.

This is not a hypothetical. Two of Google's own redirect services reached their end on the same day, 25 August 2025. Firebase Dynamic Links, which a lot of apps and packaging campaigns used to forward scans, was shut down, and Google's own FAQ states plainly that links clicked after shutdown "will return a HTTP 404 status response to end users." Google's goo.gl URL shortener wound down on the same date, with inactive short links returning a 404. Any printed QR code that encoded one of those short links broke the moment the service went dark, regardless of how pristine the print was.

The lesson for an agency is not "never use dynamic codes." Dynamic codes are the right default for anything you print, for reasons covered in dynamic vs static QR codes. The lesson is that a dynamic code is only as durable as the company running the redirect, so that choice deserves real scrutiny.

The security certificate expires

This one rarely makes a code literally unscannable, but it kills the campaign in practice. Every reputable landing page is served over HTTPS, and HTTPS depends on a TLS certificate that has an expiry date. When that certificate lapses, the browser stops the visitor with a full-page "your connection is not private" warning. Most people scanned a poster out of mild curiosity, and a red security wall is more than enough to make them give up.

The same family of problems includes a destination that is still on plain http:// (flagged "Not Secure" in the address bar) and mixed content, where an HTTPS page loads some assets over HTTP and the padlock breaks. The page technically loads, but it looks broken or dangerous, and a scan that ends in a warning screen is a scan you wasted. If you are seeing failures that feel intermittent or device-specific, our guide on why a QR code is not scanning walks through how to tell a print problem from a destination problem.

The print physically degrades

QR codes are famously robust because they carry their own error correction. The standard defines four levels, named L, M, Q and H, that can restore roughly the bottom 7%, 15%, 25% and 30% of the code's data if it is damaged or obscured. A higher level means the code can survive a torn corner, a coffee ring, or a logo dropped in the middle and still scan.

That robustness is what buys a printed code its years of life, but it has a limit. The percentages describe how much of the code's data can be recovered, not a fixed share of the picture, and once damage pushes past the level you chose, the code fails. Outdoors, the usual killer is contrast: UV light bleaches dark ink towards grey until the camera can no longer separate the modules from the background. Choosing the right error-correction level and protecting the print is the durability lever you control, and it is closely tied to how you add a logo without breaking the scan and how big the code should be.

Static versus dynamic, purely on lifespan

It is tempting to read all this and conclude that static codes are safer because they "never expire." That is half true and dangerously misleading.

A static code's symbol genuinely never expires, and it has no provider that can shut down, no subscription to lapse, and no scan cap. But it is brittle in the way that matters most: if its single hard-coded destination ever dies, the code is unrecoverable and every printed copy is waste. You traded a provider dependency for a permanence you can never edit.

A dynamic code is the opposite. The symbol is just as permanent, but the redirect can die if you stop paying or the provider folds. The upside is that almost every other failure is fixable: page moved, you repoint it; campaign changed, you repoint it; destination went down, you repoint it, all without touching the print. For a campaign that lives on a wall for months or years, "fixable" usually beats "permanent but frozen." The real question is not static versus dynamic, it is whether you control the redirect well enough that the dynamic provider can never strand you.

The "free QR generator" expiry trap

If you have ever read "do QR codes expire?" on a generator's own blog, you met a conflict of interest. Free static codes from a reputable tool really are permanent, because the data is baked in and there is no server involved. The trap is the free dynamic code.

Many free generators hand you a dynamic code, let you print it, and then deactivate the redirect when a trial period ends (often around two weeks), or quietly cap the number of scans, or move the feature behind a paywall. Because the redirect lives on their domain, you have no way to take it with you. Your client's print run is now a hostage to a third party's pricing and survival, and "free" turns out to mean "free until the campaign matters."

For an agency managing many clients, this is the scenario that should keep you up at night: one lapsed free account can break the printed codes for every client routed through it, all at once. The defence is boring and effective: treat code portability as due diligence before you commit a campaign to print.

How to print a QR campaign that does not die

You cannot make the square more permanent than it already is. What you can do is harden every link in the chain behind it.

• Control the redirect. Use a dynamic provider that lets your codes resolve through a domain you trust, so that no single vendor's pricing change or shutdown can orphan a printed campaign overnight. This is the single biggest lever after the Firebase and goo.gl lesson.
• Insist on data export and portability. Before printing, confirm you can export your codes and their destinations and migrate to another tool if you ever need to. A provider you cannot leave is a provider that can hold a campaign hostage.
• Own or supervise the destination domain. Make sure the landing domain belongs to someone who will keep renewing it, with auto-renew on a card that will not expire mid-campaign. A lapsed domain is the most avoidable death there is.
• Keep the destination on HTTPS with a renewing certificate. Automated certificate renewal is standard now; confirm it is actually on, and never quietly retire a landing page without putting a redirect in its place.
• Pick the error-correction level for the environment. Level M is a sensible default for clean indoor print; step up to Q or H for outdoor, industrial, or logo-bearing codes that will take abuse. Pair that with good contrast and a clean quiet zone, as covered in how to prepare a QR code for print.
• Watch the codes after launch. A dead campaign is far cheaper to catch from your scan analytics than from an annoyed client. A code that scanned daily and then flatlined is telling you the chain behind it broke.

Do those six things and the practical lifespan of a QR campaign stretches to "as long as the poster is legible and the destination is maintained," which is exactly what a client means when they ask whether the code will keep working.

Frequently asked questions

Do QR codes expire?

No. The QR code itself, the printed pattern of squares, never expires; it has no built-in time limit, scan limit, or kill switch. What can expire is whatever the code points at: the destination URL, the domain, a dynamic redirect provider, or the security certificate on the landing page. A code stops working when one of those breaks, not because the square aged.

Do static QR codes expire?

A static QR code never expires as a symbol, because the destination is encoded directly in the pattern with no server involved. The catch is that it can never be edited, so if its single hard-coded URL ever dies, the code is permanently dead and the only fix is to reprint it.

Do dynamic QR codes expire?

The dynamic code's symbol does not expire, but its redirect can stop working if your subscription lapses, a free trial ends, you hit a scan cap, or the provider shuts the service down. Two of Google's redirect services, Firebase Dynamic Links and the goo.gl shortener, both ended on 25 August 2025 and now return 404s, which broke any printed code that relied on them.

How long does a QR code last?

There is no fixed lifespan. As a symbol a QR code lasts indefinitely, so a campaign's real life is set by two things: how long the print stays legible, and how long the destination stays live. Maintain both and a code can keep working for many years; neglect either and it can die within weeks.

Why did my QR code suddenly stop working?

The usual causes, in rough order of likelihood: the destination page was deleted or moved (404), the domain lapsed, a dynamic redirect provider was shut down or your plan expired, the landing page's security certificate expired, or the printed code has faded or been damaged below its error-correction threshold. Scanning the code to see exactly where it lands tells you which link in the chain broke.

Do free QR code generators expire?

Free static codes from a reputable generator do not expire. Free dynamic codes often do: many deactivate the redirect when a trial ends, cap the number of scans, or move editing behind a paywall, which can take a live printed campaign offline. If you print a dynamic code, make sure you can export and migrate it.

What percentage of a QR code can be damaged and still scan?

It depends on the error-correction level chosen when the code was generated. The four levels, L, M, Q and H, can restore roughly the lowest 7%, 15%, 25% and 30% of the code's data. That figure is a share of the code's data, not a fixed slice of the image, and the code only survives damage up to the level you actually selected.

The short version

QR codes do not expire, but QR campaigns absolutely can. The square is a permanent piece of printed information with no clock inside it. What dies is the chain behind it: a deleted page, a lapsed domain, a redirect provider that shut down, an expired security certificate, or a print that faded past the point its error correction could rescue.

That reframes the question every client really asks. They do not care whether the symbol is eternal; they care whether scanning it next year still works. You make that true by controlling the redirect, choosing a provider you can leave, keeping the destination domain and certificate alive, printing at the right error-correction level, and watching the scans after launch.

Before your next print run, scan the proof, follow it all the way to the live page, and ask one question of your provider: if you disappeared tomorrow, could I move these codes somewhere else? If the answer is yes, your campaign will outlast the poster it is printed on.