Original Pictures
Comparison of AL1 cloud signing and AL2 hardware-attested signing

What are C2PA Assurance Levels? AL1 versus AL2

Definition: C2PA assurance levels define the rigor of signing-key protection, ranging from AL1 (cloud HSM, FIPS 140-2 Level 3) to AL2 (hardware-attested per-instance key requiring device-level attestation).

TL;DR: Assurance level grades how hard it is to misuse the signing key. AL1 protects the key in a cloud HSM. AL2 binds the key to a specific device with attestation, which is what raises the bar for high-stakes capture. The Pixel 10 was the first AL2 device, in September 2025.

AL1: a well-protected cloud key

At AL1 the signing key lives in a hardened module, typically a FIPS 140-2 Level 3 HSM, and a service signs on request. This is strong for server-side signing of API output, where the threat is key theft rather than a tampered capture device. Original Pictures' Sign API operates here today.

AL2: the key is bound to the device

AL2 adds device-level attestation: the key is provisioned per instance and the signature carries proof of the hardware it came from. This closes the gap where an attacker feeds fake input to a trusted signer. The Pixel 10 reached AL2 in September 2025 by signing with its secure element. AL3 is not yet defined.

Choosing a level

Match the level to the threat. For marking AI-generated API output, AL1 server-side signing is the right tool and capture attestation is irrelevant. For court-grade capture or KYC selfies, device attestation matters, which is the territory of the capture app on the Q3 2026 roadmap rather than something Original Pictures sells as an SDK today.

The incident behind this

The Nikon Z6 III ran an AL1-class certificate and was attacked through its multiple-exposure mode, a soft-target integration flaw. The cryptography held; the input path did not. That gap is exactly what AL2 attestation is meant to close.

FAQ

Is AL2 always better?

It is better for capture-time trust, not for everything. Server-side marking of generated content does not need device attestation; AL1 in a strong HSM is the correct and sufficient level there.

Where Original Pictures stands today

Original Pictures ships three things today: a Sign API, a Verify API, and the SDKs that wrap them. One POST /v1/sign attaches a C2PA-format manifest, an invisible TrustMark watermark, and an OpenTimestamps anchor. The open-source verifier checks any of it without calling us.

Two things are on the near roadmap, and we name them as roadmap, not as shipped: C2PA Conformance Program recognition (target Q3 2026, until then our manifests use the published C2PA v2.2 format and any C2PA-aware validator can read them, but third-party validators will show our signer as not-yet-listed), and a consumer capture app (Q3 2026). We do not sell a capture SDK, and we do not claim Trust-List membership we do not yet hold.

Bottom line: Assurance level is about key protection, not signature validity. Use AL1 cloud signing for API output today; device-attested AL2 belongs to capture scenarios, which arrive with the Q3 2026 capture app.

Related


Original Pictures is progressing through the C2PA Conformance Program; our signing certificate is not yet on the official C2PA Trust List. Target: Q3 2026. We will not describe ourselves as "C2PA-certified" until it is true.

Original Pictures provides content-provenance infrastructure. It does not by itself constitute legal compliance with the EU AI Act or any other regime; compliance depends on how you deploy it, your disclosures, and your governance. Figures are drawn from public reporting, verify against primary sources before citing in regulated materials. Nothing here is legal advice.

Last verified 2026-05-25. Author: Mahdi Kazempour, Founder, Original Pictures.