Product Identity··16 min read

Who Owns Your Product Data When You Switch Platforms?

Featured image for Who Owns Your Product Data When You Switch Platforms?

Who Owns Your Product Data When You Switch Platforms?

Key Takeaways

  • Most QR platforms use vendor-owned URLs, meaning a cancelled contract breaks every code printed on products already in the field — permanently.
  • GS1 Digital Link (ISO/IEC standard) resolves scans through the manufacturer's own domain, making the underlying platform swappable without reprinting a single code.
  • The EU Digital Product Passport (ESPR) explicitly requires product identity data to remain accessible across platform changes and vendor transitions.
  • Switching costs on vendor-owned platforms are physical, not just operational — printed QR codes cannot be recalled or reprinted at scale.

You've been paying a QR platform $800 a month for three years. 2.4 million scans. 180,000 warranty registrations. A rich trail of customer behavior mapped to individual serialized products. Then the platform raises its prices by 60%, and you start shopping for alternatives.

That's when you discover the trap.

Key Metric Value
Vendor-owned platforms ~80% of QR/warranty market (proprietary lock-in)
GS1 Digital Link adoption <25% of connected product platforms
Platform switching cost 6–24 months of parallel system operation
Warranty record portability Proprietary schema prevents true migration
Standards-based platforms <15% of market (future of compliance)

Competitive landscape: Registria, Narvar, and most legacy warranty platforms use vendor-owned identities with proprietary data schemas. BrandedMark is built on GS1 Digital Link from the foundation—meaning your product identities belong to your domain, your data is portable, and your codes in the field never break.

Your QR codes don't point to your domain — they point to theirs. Your scan history lives in their database, not yours. Your warranty registrations are formatted in a proprietary schema they control. Export your data? Sure, you can get a CSV. But what you can't get is your product identities — the persistent, scannable connection between a physical product and a digital experience. Those die the moment you cancel.

You don't own your product data. You rent it.

This is one of the least-discussed risks in connected product strategy, and it's about to become a crisis. As more manufacturers tie revenue, compliance, and customer relationships to digital product identity, the question of who actually controls that data isn't academic. It's existential.

The Anatomy of the Lock-In Problem

Most QR and connected product platforms are built on three layers you don't own. First, a redirect service: your QR code encodes a URL on the vendor's domain — when a customer scans it, the vendor's servers log the request and redirect to your content. Second, a hosted content layer: the product page, warranty form, or support guide lives on vendor infrastructure. Third, a proprietary data silo: every scan, registration, and support interaction is captured in the vendor's database using the vendor's schema. The QR code printed on your product — the one that shipped in two million units and will be scanned for the next decade — is a permanent pointer to infrastructure you don't control. Cancel your contract, and that pointer breaks. Customers scan a dead code. Warranty registrations are stranded. Product history is held hostage by the terms of a commercial relationship that may change at any time.

The Warranty Registration Double-Bind

The lock-in problem is even sharper for warranty and service data. When a customer registers a product, that record contains:

  • Proof of purchase and purchase date
  • Customer contact details
  • Serial number and product configuration
  • Scan history and support interactions
  • Jurisdiction-specific warranty entitlement

This isn't generic CRM data you can migrate to a new tool with a CSV import. It's structured product identity data that only makes sense in the context of your product catalog, your SKUs, your serial number ranges. When platforms store this in proprietary schemas — and most do — exporting it doesn't mean you can use it. You can read it, but you can't operate it anywhere else without rebuilding from scratch.

One power tools manufacturer we're aware of spent 14 months trying to migrate 400,000 warranty records from a legacy platform before their contract expired. They ultimately had to run both systems in parallel for two years, paying double, because the old codes were still in the field and couldn't be deactivated.

Two Models of Product Identity: Vendor-Owned vs. Brand-Owned

The critical question when evaluating a connected product platform is not which has better features or lower pricing. It is a structural one: does the product identity live on your infrastructure or theirs? This single architectural decision determines whether you own your product data or merely lease it. Every product you ship under a vendor-owned model becomes a permanent commitment to that vendor — not for the contract term, but for the life of the product. Brand-owned identity, built on open standards, works the other way: the platform can be swapped out, but the codes in the field remain valid because they resolve through infrastructure you control. Understanding this distinction before signing a contract prevents the scenario where switching platforms requires reprinting millions of units already sold and in customers' hands.

Vendor-Owned Identity (the default)

In the vendor-owned model:

  • The QR code URL is on the vendor's domain
  • The resolver (the logic that decides where to send a scan) lives on vendor servers
  • The product identity record is stored in a proprietary format
  • You access your data through the vendor's API, on their terms
  • If the vendor goes out of business, raises prices, or changes terms, your product data is at risk

This is the model most connected product platforms operate today, including the majority of QR code management tools, warranty platforms, and aftermarket engagement tools. It's the path of least resistance. It's also a long-term liability that compounds with every product you ship.

Brand-Owned Identity (the GS1 Digital Link model)

GS1 Digital Link is an ISO/IEC standard (ISO/IEC 18975, building on the GS1 system) that defines how product identifiers — GTINs, serial numbers, batch codes — should be encoded in a URL and resolved to digital content.

The critical difference: the resolver lives at your domain.

A GS1 Digital Link URL looks like this:

https://brandedmark.com/01/05012345678900/21/SN-8823441

That URL is structured around your GTIN and your serial number. It resolves through your infrastructure (or infrastructure you control). The QR code printed on your product points to you, not a third party.

When a GS1 Digital Link-compliant QR code is scanned:

  1. The scanner hits your domain (or your CDN endpoint)
  2. Your resolver logic decides what to show (customer experience, EU DPP, regulatory data, etc.)
  3. The interaction is logged to your data store
  4. You can change the underlying platform without changing the code on the product

This is the architectural difference between owning your product identity and renting it. GS1 Digital Link is not a premium feature — it's the standard. And it's the standard for a reason: it was designed precisely to prevent the vendor lock-in problem described above.

What to Ask a Vendor Before You Sign

Before signing any contract for a connected product platform, warranty management tool, or QR code system, there are specific questions that reveal whether the vendor's architecture supports true data portability or embeds structural lock-in. Most sales processes focus on features, integrations, and price — none of which matter if cancelling the contract breaks codes already printed on millions of products. The questions below are non-negotiable due-diligence items. Evasive or incomplete answers to any of them are a direct signal that the platform is designed for retention through dependency rather than retention through value. Ask them before the demo, not after the contract is signed. The time to understand exit terms is when you have leverage — at the start of the relationship, not when you're trying to leave.

On Data Ownership

"If we cancel, can we export all scan history, customer records, and product identity data in a machine-readable, portable format?"

Acceptable answer: Yes, via API or full database export, in a documented schema, with no time limit.

Watch out for: "We can export to CSV" (often missing structured relationships), "Data is available for 30 days post-cancellation" (a hostage clause), or evasiveness about schema documentation.

"Do you store our product data in a proprietary schema, or do you support open standards like GS1 Digital Link?"

This question reveals whether the platform was architecturally designed for portability or for lock-in.

On QR Code Portability

"Do our QR codes resolve through your domain, or can we configure them to resolve through ours?"

If codes resolve through their domain, you cannot migrate without reprinting. For products already in the field, reprinting is not an option — those codes are permanent.

"Is GS1 Digital Link encoding supported for our product QR codes?"

GS1 Digital Link support means your codes carry structured, standards-based identifiers that any compliant resolver can interpret. This is the baseline requirement for true portability.

On Exit Terms

"What is the data retention policy after contract termination?"

Some contracts give you 30 or 90 days. Others are indefinite. Know this before you have 4 million serialized products in the field.

"Is there a data export fee?"

Some platforms charge for bulk data exports — effectively a ransom. This is in the contract. Read it.

The EU Digital Product Passport Changes the Stakes

For manufacturers selling into EU markets, product data ownership is not just a commercial risk — it is a compliance obligation. The EU Digital Product Passport (DPP), mandated under the Ecodesign for Sustainable Products Regulation (ESPR — EU Regulation 2024/1781), requires product-specific data to remain accessible across the full product lifecycle. Batteries are in scope from 2027, followed by textiles, electronics, and construction products. The regulation explicitly anticipates that the entity managing a product's digital identity may not be the original manufacturer — products change hands, companies are acquired, platforms shut down. Regulatory guidance is clear: product identity records must be stored in a portable, standards-based format that does not depend on a single vendor remaining operational. GS1 Digital Link is the mechanism the DPP framework assumes. If your product data lives exclusively in a proprietary platform and that platform closes, you may be unable to fulfill DPP obligations for products already in the field.

The Hidden Cost of Switching Is Already Paid

Most manufacturers calculate platform switching costs at the point of leaving — migration fees, re-implementation time, parallel system operation. The actual cost was paid earlier: the moment you shipped the first product with a vendor-domain QR code. Every unit carrying that code is a permanent commitment to that vendor, not for the contract term, but for the life of the product. A dishwasher shipped today will be in service for fifteen years. The QR code on that unit must resolve to useful content for as long as the product exists. Vendor-owned platforms create a binary outcome: stay forever, or accept that codes on every product currently in the field eventually break. Unlike software lock-in — where migrating data lets you move on — connected product lock-in is physical. It is printed on packaging and products already in customers' hands. As covered in our analysis of QR code expiration and platform dependency, the true cost of platform switching includes the permanent liability of broken codes on every unit shipped during the lock-in period.

Standards-Based Identity Is the Only Path to True Ownership

If your product's digital identity depends on a vendor's infrastructure staying operational and retaining your business as a customer, you do not own your product data — you lease it. True ownership requires four things: QR codes that resolve through your domain or infrastructure you control independently; GS1 Digital Link-compliant encoding so identifiers are structured and portable; data stored in documented, open schemas with export rights that survive contract termination; and no dependency on a single vendor's resolver remaining online for codes already in the field. This is not an anti-platform position. Platforms deliver real value — experience builders, analytics, compliance tools, workflow automation. The distinction is between platforms that sit on top of your product identity and can be swapped out, versus platforms that are your product identity and cannot be removed without destroying your field-deployed codes. The former is a vendor relationship. The latter is a structural dependency that compounds with every product you ship.

  1. QR codes that resolve through your domain (or a domain you control independently of any single vendor)
  2. GS1 Digital Link-compliant encoding so your identifiers are structured, portable, and standards-based
  3. Data stored in documented, portable schemas with export rights that survive contract termination
  4. No dependency on a single vendor's resolver remaining online for codes already in the field

What Brand-Owned Identity Looks Like in Practice

When product identity is built on open standards, the operational model is structurally different from the vendor-owned default. Each product is assigned a GTIN and serial number at manufacture, encoded in a GS1 Digital Link QR code that resolves through your domain. Your resolver handles scan requests — routing to the appropriate experience for consumers, regulators, or service teams. Customer interactions are logged to your infrastructure, not a third-party silo. When you change the platform managing the experience layer, codes already in the field continue to work because they point to your domain, not the platform's. Product data is yours by architecture, not by contract clause. For manufacturers building a first-party data strategy for connected packaging, this architectural choice is foundational — you cannot build a durable first-party data asset on infrastructure you do not control. For teams focused on connected product security, brand-owned resolvers also reduce spoofing and supply chain attack surface that vendor-domain codes create by design.

  • A new product is assigned a GTIN + serial number at the time of manufacture, encoded in a GS1 Digital Link QR code pointing to your domain
  • The resolver at your domain handles scan requests, routing to the appropriate experience (consumer onboarding, EU DPP data, regulator view, service portal)
  • Customer interactions — warranty registrations, support sessions, scan events — are logged to your data infrastructure
  • If you change the platform managing the experience layer, the codes in the field continue to work, because they point to your domain, not the platform's
  • Product data is yours by architecture, not by contract clause

The Question to Ask Today

You may not be evaluating a platform switch right now. But there is one question that cuts through the complexity of connected product strategy directly: If your current QR code or connected product platform ceased to exist tomorrow, what would happen to every product you have shipped in the last five years? If the honest answer is that codes would break and customer data would be inaccessible, that is not a platform feature gap. It is a structural problem with how your product identity is architected — and it gets worse with every additional unit shipped. The time to solve it is before you are negotiating an exit under time pressure. GS1 Digital Link was designed by an industry consortium specifically because the connected product ecosystem recognised that proprietary lock-in at the identity layer was a systemic market risk. The standard is mature, widely supported, and increasingly mandatory for EU market access. Adopting it is not a technical decision. It is a business decision about whether your product data belongs to your company or to a vendor.

FAQ: Product Data Ownership

What does "GS1 Digital Link" actually mean for my products?

Your QR code encodes your GTIN (Global Trade Item Number) and serial number in a standardized URL format. When someone scans it, the scan hits your domain (or your CDN), which you control. You decide what to show, how to log it, and where the data goes. This is different from proprietary platforms, where the scan hits their servers, gets logged to their database, and you see only what they allow you to see.

If we switch platforms, can we keep using our old QR codes?

Yes—if they're GS1 Digital Link-compliant and resolve through your domain. Your old codes point to your resolver. Your resolver logic can change (you swap out the underlying platform), but the codes remain valid forever. With vendor-owned codes, switching means reprinting everything already in the field. For 2+ million products, that's economically impossible.

What's our liability if a platform goes out of business?

With vendor-owned platforms: codes become dead links, warranty data is inaccessible, you have no appeal rights. With brand-owned (GS1 DL) identity: codes still resolve through your infrastructure. You can migrate the backend platform, but customers scanning in the field see no change. The data is yours—continuity is guaranteed.

Does GS1 Digital Link cost more than proprietary QR platforms?

No. BrandedMark's cost structure is the same regardless of GS1 DL compliance—per-product-identity. The choice between vendor lock-in and standards-based portability is not a cost trade-off; it's a structural architecture decision. You're choosing between renting your product identity or owning it. The price doesn't differ; the risk profile does.

How does this change under EU Digital Product Passport requirements?

ESPR explicitly mandates that product data remain accessible after platform changes, vendor transitions, or company acquisitions. GS1 Digital Link is the mechanism the regulation assumes. If your product identity lives in a proprietary platform and that platform shuts down, you may not be able to fulfill your DPP obligations for products already in the field. This is not a distant risk—platform consolidation in the connected product space is accelerating right now.

BrandedMark is built on GS1 Digital Link and EU Digital Product Passport standards from the ground up. Product identities resolve through your domain. Scan data, warranty records, and customer interactions are yours. If you're evaluating connected product platforms and want to understand what brand-owned identity looks like in practice, explore a live product experience or get in touch.

See how BrandedMark handles this

Turn every post-purchase moment into an opportunity to build loyalty and drive revenue.

Join the Waitlist — It's Free

Related articles

Product Identity·13 min read

Why Every Product Needs a Digital Identity

Physical products leave the factory and disappear from your systems. Digital product identity connects every unit to the owner, the warranty, and the full lifecycle.

Product Identity·7 min read

I Still Haven’t Found What I’m Looking For… A Genuine Gibson

Counterfeit guitars, lost warranty cards, and a thriving secondhand market. Musical instrument brands need per-unit digital identity more than they think.

Product Identity·14 min read

Your Product Ownership, Finally Unforgeable

Paper cards are forgeable. Emails are forwardable. Passkey-bound ownership is cryptographically unforgeable — how it transforms warranty, resale, and recalls.

Back to all posts