That was my impression.
IANA has a registry for schemes but it seems that was mostly created in a reactive, after the fact, and historical manner. So BigSnoop (Apple / Google) can register new schemes if they want.
I note that the IANA registry even contains
sms: (RFC 5724) while in fact
smsto: is being used in the wild. (It may be entirely appropriate not to use
sms: if the syntax being used does not comply with the related RFC, and non-compliance appears to be the case here.)
wifi: is registered and it refers the reader to the “Wi-Fi Alliance Wi-Fi Protected Access 3 (WPA3) specification” for the syntax (but I don’t have a copy of that document).
That’s the way it works on the iPhone though. The camera app always (continuously) analyses the image in the viewfinder for a valid QR code and if there is one then a dialog box pops up, giving you some indication of what would happen if you proceed. Touching the dialog box “opens” the QR code, where the meaning of “open” depends on the scheme. (So, while one is using the camera app, there is no need to take a photo.)
I think there are solid arguments both ways.
From a security point of view, it may be safer to have a dedicated QR code app - so that visiting an unsafe web site (drive by attack) requires more explicit actions on the part of the user i.e. launch specific app and confirm to proceed. A dedicated app would be able to give the user more information about the contents of the QR code, which the user would be able to use to make an informed decision about whether to proceed. (Compare that with the existing iPhone camera app where the dialog box is minimalist and the user is exercising a high degree of trust.)
The counterarguments would be mostly around a) familiarity b) proliferation of apps (my Librem 5 screen already has too many apps, with no obvious way to organise them).