Every certificate system, from a paper hangtag to the EU's federated registry, has to answer one question: how does the person holding the object reach the record about it? In 2026 the answer is almost always a QR code. This post covers the practical decisions behind that little square for a Shopify store selling numbered pieces, using the setup from our complete guide to provenance certificates as the baseline.
Scan-and-verify vs look-and-trust
A traditional certificate of authenticity works by looking impressive: heavy stock, a foil seal, a signature. The buyer looks and decides to trust. But everything one printer produced, another printer can reproduce, and a counterfeiter's card only has to survive a glance.
A QR-backed certificate flips the model. The printed card is an artifact, a beautiful thing to keep in the box, but it is not the proof. The proof is the URL the QR resolves to: a tamper-evident page on the merchant's own domain, at your-store.com/apps/provenance/..., showing the edition number, the piece, and the verification state right now. Scan-and-verify, not look-and-trust.
The card carries the pointer, the server carries the facts. Lose the card and the record still exists; photocopy it and the copy points at the same single source of truth. For how this fits into a broader defence against fakes, see the anti-counterfeit playbook for Shopify brands.
What the QR code must encode
One thing: a full HTTPS URL to the hosted certificate, containing a cryptographically random token.
The token is the part most DIY implementations get wrong. If your certificates live at /cert/1, /cert/2, /cert/3, anyone with a browser can enumerate every certificate you have ever issued by changing the number, harvest the details, and print convincing fakes with valid-looking data. This is the enumeration attack, and sequential IDs walk straight into it.
Random tokens close the door. Editioned's verification tokens are 10+ characters drawn from a space of 2.8 trillion+ combinations, so knowing one certificate URL tells an attacker nothing about any other. The cert integrity section on the homepage walks through the maths.
Two more rules for what goes in the square:
- Encode the destination directly, not a redirect. Free QR generators often produce a “dynamic” code that routes through the generator's own domain. If that service disappears or starts charging, every printed card breaks. The QR should contain your URL, full stop.
- Accept that the printed code never changes, and design for it. The URL behind the QR is where lifecycle lives. On a return or refund the edition revokes and the token rotates, so the old URL stops resolving; delete the product entirely and the certificate URL returns HTTP 410 Gone with a “Certificate no longer valid” page. The full lifecycle story is in certificates through returns, revocation, and HTTP 410.
Where to put the QR code
At jewellery scale, the piece itself is the one place the QR does not go. A ring band or a pendant bail has no room for a reliably scannable code, and the marks that belong on the metal, the hallmark and the maker's mark, already do the physical identification work. The QR lives on everything around the piece:
- The DL cert card, shipped with the piece. This is the primary carrier. Editioned's cert PDF is DL card size and prints on standard 210×99 mm cardstock; the QR code, masked verification token, and edition number sit on the back. Resale authenticators scan this card at intake. Pro unlocks the Light style (cream and gold); Studio unlocks all three, Light, Dark, and Minimal.
- A packaging insert. A band around the wrap or a printed panel inside the box lid catches the buyer during unboxing, when scanning intent is highest.
- The product page. A certificate link block makes the record part of the public listing that resale platforms and second owners find first. Editioned's theme blocks work on any Shopify Online Store 2.0 theme, read metafields directly, and add no JavaScript runtime.
- The shipping email. Edition data is written to plain Shopify order metafields, so your own email tool can drop the certificate link into the shipping confirmation, from your domain, in your voice. Editioned never sends email. The exact fields and a copy-paste snippet are in put the certificate link in your own shipping email.
The layers are redundant on purpose: as long as one carrier survives, the buyer can reach the record. About 30-50% of buyers scan within the first week, and many more come back months later at resale or gifting time, so the carriers that persist matter more than the ones that convert on day one.
Print a cert card with the QR built in
Editioned generates a DL-size cert PDF per edition: QR code, masked token, edition number on the back. Install free, 30-day Pro trial, no card.
Install free on ShopifyPrint quality basics for jewellery-scale cards
A QR code that does not scan is worse than no QR code, because the failed scan reads as a failed verification. Four basics keep a jewellery-scale card reliable:
- Error correction. QR codes carry built-in redundancy at four levels, L, M, Q, and H, and higher levels survive more scuffing at the cost of a denser pattern. For a card that lives in a jewellery box for years, the middle levels are a sensible default.
- Quiet zone. The blank margin around the code is part of the code. Do not let the border artwork, foil edge, or text crowd it; keep clear space on all four sides, as the QR specification requires.
- Module size. The smaller the individual squares, the closer and steadier the phone has to be. A shorter URL means fewer, larger modules at the same card size, another reason a compact token should do the identifying work.
- Contrast and finish. Dark modules on a light background scan best. Be careful with gold foil and gloss laminates over the code itself: glare from a phone torch can defeat an otherwise perfect print. Matte finish over the QR area is the safe choice.
Then the step that actually catches problems: test scans from real phones before a drop. Scan the printed proof, not the PDF on screen, with at least one iPhone and one Android, in the light a buyer will actually use. Repeat for each print batch; stock and ink changes quietly kill scannability.
GS1 Digital Link and the EU DPP
The pattern this post describes, a printed QR resolving to a hosted structured record, is not just a boutique trick. It is the architecture the EU chose for the Digital Product Passport.
GS1 Digital Link is a GS1 standard that packs the identifiers already used in barcodes, most commonly a GTIN, into an ordinary web URL. One QR code then serves both audiences: a buyer's phone opens it as a normal link, while supply-chain systems parse the identifiers out of the URL path. Add a serial segment and the same URL identifies an individual item rather than a SKU, the certificate use case exactly: one URL per piece.
The Ecodesign for Sustainable Products Regulation (ESPR 2024/1781) built the DPP on this stack: a federated registry, JSON-LD records, and a QR data carrier using GS1 Digital Link. Not a blockchain, a decision we unpack in why the EU rejected blockchain for the DPP. The rollout is sector by sector: ESPR reaches full application on 19 July 2026 alongside the EU Central DPP Registry, batteries become mandatory on 18 February 2027 under Regulation 2023/1542, textiles follow around late 2028, and the CEN/CENELEC EN 1821x standards that pin down the technical details publish around late 2026. The full schedule is in our EU DPP timeline.
For a certificate-issuing merchant, the scaling path is already laid: a hosted certificate QR and a DPP QR differ in URL syntax and schema vocabulary, not in architecture. Editioned's certificate data is open JSON-LD with a CIRPASS-aligned export, portable out at any time, so when a sector you sell into comes under the mandate, the move is a namespace change rather than a re-platform. The field-level detail lives in DPP JSON-LD fields and schema validators.
QR carrier options, compared
Pulling the placement options and the DPP carrier into one view:
| Carrier | Where it lives | Strengths | Watch out |
|---|---|---|---|
| DL cert card | Ships in the box with the piece (210×99 mm cardstock) | Tangible artifact, kept with the piece, scanned by resale authenticators at intake | Can be lost or separated from the piece; print quality is on you |
| Packaging insert | Box lid, wrap band, or tissue seal | Catches the buyer at unboxing, when scan intent peaks | Usually discarded with the packaging |
| Product-page link block | On the storefront product page | Public, persistent, no printing; part of the product record second owners find | Buyer has to navigate to the page; it is a link, not a scan |
| Shipping email link | The buyer's inbox, sent by your own email tool | Arrives before the piece, searchable years later, your sender and your voice | Needs the metafield wiring once; Editioned never sends email for you |
| GS1 Digital Link QR | On product or packaging, per the EU DPP rules | One code for humans and machines; the EU regulatory path | Mandatory only by sector, starting with batteries in Feb 2027 |
The honest summary: ship the card, wire the email, embed the page block, and treat the GS1 Digital Link QR as the standard your setup grows into rather than a separate project.
One QR per piece, $0 per certificate
Flat monthly subscription at every tier, no per-certificate fees. 30-day Pro trial on install, no card required, auto-downgrades to Free after the trial.
Install Editioned →Frequently asked questions
Should the QR code go on the jewellery piece itself or the packaging?
At jewellery scale the QR belongs on the cert card and the packaging, not the piece. A ring band or pendant bail has no room for a reliably scannable code, and the marks that belong on the metal (hallmark, maker's mark) already do the physical identification work. Ship the DL cert card in the box, then repeat the link on the product page and in the shipping email.
What should a certificate QR code encode?
A full HTTPS URL to the hosted certificate, containing a cryptographically random verification token. Editioned tokens are 10+ characters with 2.8 trillion+ combinations, so knowing one URL tells an attacker nothing about any other. Never encode a sequential ID, and avoid third-party redirect QR services that put another company between the buyer and the certificate.
Do buyers actually scan certificate QR codes?
About 30-50% of buyers scan within the first week, based on view-tracking data from Editioned-using stores. Many more scan months later, when the piece is resold or gifted. The value is that the buyer can verify at any time, not that every buyer scans on day one.
Is a GS1 Digital Link QR required for the EU DPP today?
Not for most categories. ESPR (2024/1781) reaches full application on 19 July 2026 alongside the EU Central DPP Registry, batteries become mandatory on 18 February 2027 under Regulation 2023/1542, and textiles follow around late 2028. Jewellery is not in the first mandated waves. The architecture, a QR resolving to a structured record, is the same one a hosted certificate already uses.
What happens to the QR code if the certificate is revoked?
The printed QR never changes; the URL behind it does. On a return or refund the edition revokes and the token rotates, so the old URL stops resolving. If the product is deleted, the certificate URL returns HTTP 410 Gone with a “Certificate no longer valid” page. Anyone scanning the old card sees a provably invalid certificate, not a stale valid one. Details in the certificate lifecycle post.
Where to go next
The QR is one link in the chain. These cover the rest of it:
Sources
- EU Ecodesign for Sustainable Products Regulation (ESPR 2024/1781), eur-lex.europa.eu/eli/reg/2024/1781
- EU Battery Regulation 2023/1542 (DPP for batteries from Feb 2027), eur-lex.europa.eu/eli/reg/2023/1542
- GS1 Digital Link standard, gs1.org/digital-link
- CIRPASS-2 Core Ontology (April 2025 proposal), cirpass2.eu
- Schema.org Product specification, schema.org/Product