GS1 Digital Link explained for textile DPP

If you have asked any Digital Product Passport vendor "what standards do you implement," you have almost certainly heard the phrase GS1 Digital Link. The technical conversation usually moves on quickly to other acronyms (W3C Verifiable Credentials, EPCIS, ISO/IEC 18004) and the GS1 Digital Link piece gets treated like a footnote.

It is not a footnote. It is the standard that lets a consumer scan a textile label with their phone camera and reach your passport with no app installed, no special scanner, no manual URL entry. Without it your passport works for you and for nobody else. With it your passport is part of an interoperable supply-chain standard the European Commission already relies on.

This is the explainer we wish someone had given us when we started building Filovera. Read it once, then judge every DPP vendor against what is here.

The two questions every operations head asks

When a textile brand starts evaluating DPP platforms, two questions come up roughly in this order:

1. "Can my customers scan the QR with their phone camera, or do they need to install an app?"
2. "If I switch DPP vendors later, do I need to reprint every label on every product?"

Both of those questions have the same answer, and the answer is GS1 Digital Link.

If your vendor's QR codes are GS1 Digital Link compliant, the answer is "yes, native camera works" and "no, you can re-point the resolver without touching the physical label." If they are not, the answer is "you might need a special app" and "yes, you will reprint."

That is the entire stakes of this conversation in one sentence.

What GS1 Digital Link is

GS1 Digital Link (ISO/IEC 18975, ratified 2024) is a way of encoding a structured product identifier inside an ordinary HTTPS URL.

The traditional GS1 system uses identifiers like the GTIN (the 12 to 14-digit number on every barcode) and stores them in proprietary formats (EPC URN, EAN-13) that only barcode scanners understand. GS1 Digital Link wraps that same identifier in a URL that any browser can read. Same identifier, but now also a working web link.

A GS1 Digital Link looks like this in practice:

https://id.example.com/01/05011234567890/21/ABC-123

Reading it left to right:

• https://id.example.com/ is the resolver host. The brand or vendor that hosts the resolver controls where this URL ultimately routes to.
• /01/05011234567890 is a GTIN (Global Trade Item Number). The 01 tells GS1 readers "the next 14 digits are a GTIN."
• /21/ABC-123 is a serial number. The 21 tells readers "what follows is a per-unit serial." This lets you have different passports for different units of the same product.

Any modern phone camera reads that URL, opens it, and lands on the passport page. Older GS1 barcode scanners read the same URL and extract the structured identifiers from it. One QR, both audiences served.

Why a "normal" QR code is not good enough

If you have ever printed a QR code on a marketing flyer, you used what is technically just an HTTPS URL inside a QR. That works for a one-off campaign. It fails for a Digital Product Passport for four reasons.

First, identity. A normal URL does not encode any structured identifier. If a regulator or retailer wants to programmatically extract the GTIN from your QR, they cannot. They have to crawl the page and hope you put it in structured data.

Second, portability. When you switch DPP vendors, every URL changes. Old QR codes on existing garments stop working unless the old vendor keeps the redirect alive forever.

Third, multi-purpose use. A single GS1 Digital Link URL can resolve to different content depending on who scanned it. Consumers see the public passport. Regulators see the regulatory-evidence pack. Logistics partners see EPCIS shipment data. Retailers see the wholesale information. All from the same QR, governed by content negotiation. A normal URL cannot do this.

Fourth, ecosystem. The EU Central DPP Registry, the textile delegated act drafts, and the GS1 European Commission working group all assume GS1 Digital Link as the substrate. If your platform does not implement it, you are not in the standards conversation.

The resolver pattern

The single most important architectural decision in GS1 Digital Link is who hosts the resolver.

A resolver is the web service that handles the GS1 Digital Link URL and decides where to send the visitor next. There are three patterns. Each has very different long-term consequences for a brand.

Pattern 1: Vendor-hosted resolver

The URL on your label looks like https://id.your-dpp-vendor.com/01/.... The DPP vendor hosts the resolver. They control everything between the scan and the passport.

This is the easiest to set up. It is also the hardest to migrate away from. If you ever switch vendors, the URL on every existing label points at a service the old vendor controls. You depend on them not turning it off.

Pattern 2: Brand-hosted resolver

The URL on your label looks like https://id.your-brand.com/01/..., where the host is your own domain. You host the resolver yourself. The vendor renders the passport content, but the URL on the label belongs to you.

This is the right architecture for any brand serious about not getting trapped. You can switch DPP vendors and just re-point the resolver. The QR codes on existing garments stay valid forever.

The setup cost is one DNS record and a small redirect rule that the DPP vendor configures for you. Not difficult, but you have to ask for it, and a surprising number of vendors do not offer it by default.

Pattern 3: GS1-hosted resolver

The URL on your label looks like https://id.gs1.org/01/..., hosted by the GS1 federation directly. You register the GTIN with your GS1 member organisation and they handle resolution.

This is the most future-proof option, but it is also the most expensive (annual GS1 fees) and the slowest to set up. Useful for large brands with significant GS1 infrastructure already. Overkill for an SMB with 500 SKUs.

What we recommend

For most SMB textile brands working with Filovera, we set up Pattern 2 (brand-hosted resolver) by default. You give us a CNAME pointing at our resolver service, the URL on every label shows your domain, and if you ever leave us you take the resolver with you.

That last sentence is the cheapest insurance policy in DPP procurement. Ask any vendor whether they support it. If the answer is "we recommend you use our domain instead," walk.

Why this matters for ESPR compliance

The EU Central DPP Registry stores a structured identifier for every passport it knows about. Customs and market-surveillance authorities will query the registry by GTIN to look up your passport.

For that to work, two things have to align:

1. The GTIN on your QR code has to match the GTIN registered with the Central DPP Registry
2. The QR code has to be machine-readable as a GS1 identifier, not just as a generic URL

GS1 Digital Link gives you both for free. A passport that does not use it is unlikely to register correctly, which means at the point of customs inspection you will be unable to prove the product on the loading dock is the product your passport describes.

This is the part of ESPR most brands underestimate. The passport is not just consumer-facing content. It is a machine-readable assertion that the regulator can verify in milliseconds. The standard the regulator uses to verify is GS1 Digital Link.

What a healthy GS1 Digital Link pipeline looks like

If you are evaluating a DPP platform, here is what a working implementation should give you, end to end.

At the label: a QR code generated from a GS1 Digital Link URL. The URL contains your GTIN and (optionally) a serial number for batch traceability. The host is your domain, not the vendor's.

At the scan: any modern smartphone camera reads the QR and opens the URL in the system browser. No app, no friction. The passport page loads in under two seconds even on a 3G connection.

At the resolver: the resolver service inspects the request headers. A consumer browser request gets the public-facing passport. A request with an Accept: application/json+ld header gets the structured data feed (used by retailers and regulators). A request from the EU Central DPP Registry's verification crawler gets the regulatory evidence pack.

At the verifier: a regulator or auditor scanning the QR can verify the passport's W3C Verifiable Credential signature without contacting the brand or the vendor. The chain is self-verifying.

At migration: if the brand changes vendors, only the DNS CNAME changes. Every QR code on every garment continues to work. The verification chain remains intact.

If any of these layers is missing from a vendor's pitch, that vendor has not finished implementing GS1 Digital Link properly. Ask which layer is missing and when they plan to fix it.

Migration: if you started without GS1 Digital Link

If you already issued passports using non-GS1 QR codes (just a regular URL), migration is possible but not free.

The cleanest path:

1. Set up a brand-hosted resolver at id.yourbrand.com that maps your existing URL slugs to new GS1 Digital Link URLs.
2. For all new garments, print GS1 Digital Link QR codes from now on.
3. For existing inventory in the field, leave the old QR codes alone. They keep resolving via the migration redirect.
4. Over a 12 to 24-month inventory cycle, the older codes disappear naturally as garments are sold and replaced.

The cost is the resolver setup (a couple of days of engineering or a request to your DPP vendor) and the discipline to not undo it. The benefit is you stop digging the hole and your future labels are standards-aligned.

We do this migration for brands who came to Filovera from older systems. It is not glamorous, but it is the single largest "convert your existing infrastructure into ESPR-readiness" project most brands face.

Frequently asked questions

Do I need to be a GS1 member to use GS1 Digital Link?

You need a GTIN to be a GS1 member. If you already sell into retailers, you have one — every product with a barcode has a GTIN issued through your country's GS1 organisation (GS1 UK, GS1 US, GS1 Sweden, etc.). If you sell only direct-to-consumer with no retail distribution, you may not yet have one. Talk to your local GS1 office about a starter membership; for an SMB textile brand it is typically a few hundred pounds per year.

Can I make up my own identifiers instead of using GS1 GTINs?

You can, but you will pay for it twice. First, ESPR delegated acts for textiles are likely to require GTINs (the drafts have referenced GS1 identifiers throughout). Second, retailers and the EU Central DPP Registry both index by GTIN. A passport without a GTIN is a passport that does not exist in those systems.

What is the difference between GS1 Digital Link and EPCIS?

GS1 Digital Link is the URL standard (how the QR code points at the passport). EPCIS (Electronic Product Code Information Services) is a separate, complementary standard for sharing supply-chain events (when a product was shipped, received, transformed). A mature DPP implementation uses both: GS1 Digital Link for the consumer-facing scan, EPCIS for B2B supply-chain visibility. You do not need EPCIS for ESPR compliance today, but you may by 2028.

Will GS1 Digital Link change in the next two years?

The standard is stable as of mid-2026 and unlikely to break-change before 2030. Minor extensions (new key qualifiers, new application identifiers) will arrive, but the core resolver pattern and URL structure are fixed.

Does my passport need to be one page, or can it be multiple?

The GS1 Digital Link URL points at a single resource. That resource can be a multi-page HTML application, an API response, or a regulator-only PDF. Most consumer passports render as a single mobile-optimised page with collapsible sections. The technical contract is "one URL per product," not "one page per product."

Can I use NFC instead of QR?

Yes. NFC tags can store the same GS1 Digital Link URL as a QR code. NFC is more expensive per garment and more durable than printed QR codes. For luxury textiles or items expected to last a decade, NFC is often preferred. For mass-market apparel, QR on the care label is the standard. Many brands use both — QR on the printed care label, NFC in the leather patch.

What about counterfeits?

A QR code can be photocopied. GS1 Digital Link does not solve counterfeit-detection on its own. The W3C Verifiable Credential layer that signs the passport content makes the content tamper-evident, but a counterfeiter can stick a valid QR on a fake garment. Anti-counterfeit at the physical-label layer (microprinting, anti-tamper holograms, NFC with cryptographic challenge-response) is a separate problem stack.

---

If you want to see how this works on a live Filovera passport, book a demo or browse the feature list. The technical implementation is invisible to your customers, which is the entire point — they scan with their phone camera, and the passport just opens.

Related reading

• ESPR for textile SMBs: what 2028 actually requires for the regulatory context that drives the GS1 requirement
• Choosing a DPP platform: 12 questions to ask to evaluate vendors against the GS1 standards covered here

Disclaimer. GS1 Digital Link is a published standard and the resolver patterns described here are common practice. Specific implementation details vary between vendors. Brands with high-value or high-risk product lines should engage qualified compliance counsel before finalising procurement.