no login · no cookies · works offline

expiry, explained

Do QR codes expire?

No — the QR standard has no expiry date. What actually expires is a paid dynamic code's redirect server. Here's what really stops a code working, and what never can.

The short answer

No — not the code itself. A QR code is a printed pattern of black and white squares, and there is no clock ticking inside it. The international standard that defines QR codes, ISO/IEC 18004, describes how to encode data, the symbol sizes, the error-correction maths and the reference algorithm for decoding the grid. Nowhere in it is there a field for an expiry date, an owner, an account or a server, and nothing in the format makes a code stop working. So when someone tells you a QR code “expired”, something more specific is going on — and it’s almost always the same thing.

Then why do people say theirs expired?

Because two very different things both get called “a QR code”, and only one of them can be switched off.

What people experience as a QR code “expiring” is almost always a dynamic one. The subscription lapses, the free trial ends, a scan cap is hit or the platform shuts down — the vendor stops resolving the redirect, and the scan lands on an “expired” page, an upsell, or nowhere at all. The printed squares are completely unchanged. It’s not the code that died; it’s the server behind it. If the static-versus-dynamic split is new to you, static vs dynamic QR codes walks through it slowly.

The standard genuinely has no concept of expiry

This is worth being precise about, because it’s the whole point. ISO/IEC 18004 (current edition 2024) has no expiry mechanism anywhere in it. There is no “valid until” field and no rule that makes a symbol go stale.

You can, if you want, write a date into the data itself — a URL like example.com/menu?expires=2026-01-01, or the standardised GS1 “use-by” identifier that some product codes carry. But those are just inert characters sitting in the payload. No ordinary phone scanner reads that date, checks the calendar and refuses to open the link. The standard gives you a place to store a date; it gives nothing that acts on one. That’s exactly why a dynamic code’s expiry has to live in the redirect server it points at, not in the printed pattern — the pattern has nowhere to keep a timer.

So who decides when a dynamic code stops? The vendor does

Deactivation isn’t a property of QR codes — it’s a business decision by whoever runs the redirect. And the terms vary:

The one dependable rule across all of them: whoever controls the redirect decides when it stops resolving. If that’s a vendor, it’s their call, on their terms.

The irony worth noticing

Search “do QR codes expire?” and most of the pages you’ll find are published by companies selling dynamic-QR subscriptions. To their credit, they usually state the facts correctly — static codes never expire. Then they use it: a static code, they point out, “can’t be fixed” if its destination ever breaks, so you should pay for a dynamic code to stay in “control”.

Here’s the twist. Dynamic codes are the ones that actually stop working, precisely because they route through a vendor-controlled redirect that dies when the billing does. The expiry risk being sold to you as the reason to pay is, in large part, created by the very product sold as the cure. Worth keeping in mind when you read that a static code is a liability.

When a static code can still appear to break

Honesty cuts both ways, so here are the ways a code that can’t “expire” might still stop doing its job. None of them is expiry, but they can feel like it:

What doesn’t happen is digital decay. A static code doesn’t “time out” with age. Decoding is deterministic image processing, not a network call, so a code generated years ago decodes identically today. If a code that used to work suddenly won’t, the culprit is one of the above — see why won’t my QR code scan? to narrow it down.

What about codes you make at dottr?

Every code dottr generates is static, and it’s drawn entirely in your browser — no account, nothing stored on a server, no redirect of ours behind it. That means there is simply nothing that can expire: no subscription to lapse, no trial to end, no platform that could go dark and take your code with it. The pattern is the data, and it’s yours. You can make one free in your browser and it’ll keep working for as long as its destination stays live.

If you want the option to re-aim it later

There’s one honest trade-off. Because a static code is permanent, you can’t change where it points after it’s printed. If you might need to — a menu URL that’ll change, a campaign page that’ll move — put a short link you control in front of it before you generate the code. The printed squares stay fixed forever, but you re-aim the link in seconds.

Just go in clear-eyed: a redirect is a dependency, and whoever runs it decides whether it keeps resolving. A free shortener can shut down or start charging. The way to minimise that risk is to own the link — use your own domain, so if a provider disappears you just update where it points and every printed code carries on working. That’s the same lever the paid platforms sell, without renting it.


QR codes don’t expire; redirect subscriptions do. If you want a code that can’t be switched off by anyone, build a QR code at dottr — it’s free, runs entirely in your browser, and nothing you type ever leaves your device.

Someone ask where you got this?

dottr this page

Drag to your bookmarks bar — then on any site, get its QR and add it to your wallet in a tap.