Kill Command

Kill Command

The RFID tag." data-category="Security">Kill Command is an EPC Gen2 instruction that permanently and irreversibly disables an RFID tag. Once killed, the tag IC ceases all RF communication — it will never respond to any reader again. The tag is physically and electronically destroyed at the silicon level. The Kill Command was introduced to address consumer privacy concerns about post-sale tracking, providing an absolute guarantee that a tag cannot be used for surveillance after purchase.

How the Kill Command Works

The Kill Command requires the tag's Kill Password — a 32-bit value stored in the Reserved Memory bank. The execution sequence is:

1. The reader singulates the target tag via normal inventory.
2. The reader sends the first 16 bits of the Kill Password using the Req_RN / Kill command sequence.
3. The tag verifies the first half of the password and responds with a handle.
4. The reader sends the remaining 16 bits of the Kill Password.
5. The tag verifies the complete password. If correct, the tag permanently disables itself.
6. The tag sends a final backscatter acknowledgement before shutting down.

The two-step password transmission (split into two 16-bit halves) is a safety mechanism — it prevents accidental kills from corrupted single transmissions.

Irreversibility

The Kill Command triggers a destructive process inside the tag IC. The exact mechanism is manufacturer-specific but typically involves blowing internal fuses or permanently altering the power-on state machine. There is no factory reset, no recovery command, and no physical repair. A killed tag is permanently inert.

This irreversibility is both the feature's strength and its limitation. It provides the strongest possible privacy guarantee — no technology can revive a killed tag. But it also means the tag cannot be used for returns, warranty claims, recycling programmes, or Digital Product Passport verification after the kill.

When to Use Kill

Consumer privacy compliance: In jurisdictions where regulations or consumer expectations demand complete tag deactivation after sale. GDPR does not explicitly mandate killing, but it may be the simplest way to demonstrate that no personal tracking is possible.

End-of-life disposal: When a tagged asset is scrapped or destroyed, killing the tag prevents its EPC from being associated with a replacement or counterfeit item.

Sensitive items: Government, military, or classified items where even partial tag data could be a security risk. Killing ensures no information leaks from decommissioned tags.

Alternatives to Killing

The Kill Command is increasingly seen as a last resort. Modern alternatives provide privacy protection without destroying the tag:

• Untraceable Command: Hides tag data and reduces range — reversible with Access Password.
• Protected Mode: Makes the tag invisible to unauthorised readers — reversible.
• Access Password locking: Prevents data reads without authentication — reversible.

These alternatives preserve tag functionality for returns, circular economy programmes, and post-sale services while still addressing privacy concerns. The Kill Command remains available for scenarios requiring absolute, irreversible privacy assurance.