
What is C2PA? A Technical Guide for Developers and Compliance Officers
Definition: C2PA (Coalition for Content Provenance and Authenticity) is an open technical standard that cryptographically binds a signed manifest of origin and edit history to a media file, so any downstream verifier can confirm who created an asset, when, and how it was altered without trusting the file's current host.
TL;DR: C2PA is not a watermark, not a detector, and not a blockchain. It is a cryptographically signed declaration of provenance, creator identity, edit history, and a hash of the file itself, that stays valid as long as the signature and timestamp remain mathematically sound.
Why the Pentagon hoax proved we need provenance at the source
On 22 May 2023 a synthetic image of an explosion near the Pentagon reached verified accounts and a forged "Bloomberg Feed" handle. The S&P 500 dropped about 0.3% to a session low before AP and Bloomberg debunked it eleven minutes later. Hany Farid at UC Berkeley spotted structural errors on the building within minutes.
The failure was not detection. It was provenance at the source. If the authentic Pentagon imagery had carried a signed manifest from the Department of Defense's own infrastructure, verification would have been a single call returning "valid manifest, signed by DoD, timestamped 10:06 UTC" instead of an eleven-minute fact-checking chain. Detection trains the next forger. C2PA inverts the question from "is this fake?" to "can we prove this is real?"
What is actually inside a C2PA manifest?
A manifest is a structured bundle of cryptographic assertions, not editable metadata. It carries assertions such as c2pa.created (who made this), c2pa.actions (crop, color, AI generation), and c2pa.ingredient (source files composited in). The claim bundles those assertions with a SHA-256 hash of the asset bytes, the hard binding. Change one pixel and the hash breaks. The claim signature is an X.509 signature by the claim generator, and an RFC 3161 trusted timestamp with the sigTst2 v2 attribute proves the signature was valid at signing time, even after the certificate later expires.
What C2PA does not do
C2PA is confused with three things it is not. It is not a watermark: strip the metadata, which Instagram and X do on upload, and the manifest is gone, which is why a watermark layer matters. It is not a deepfake detector: it records a signed claim, it does not analyze pixels. And it is not a physical-world guarantee: it proves integrity from the moment of signing forward, not that the camera saw something real. The Nikon Z6 III suspension in September 2025, where multiple-exposure mode could be tricked into signing AI imagery, is the cautionary tale: the cryptography was sound, the integration was not.
Who uses C2PA today?
Adoption crossed the chasm in 2025. Cameras: Leica M11-P (2023), Sony's 2024 bodies via cloud signing, Google Pixel 10 (September 2025). Generation: Adobe Firefly, OpenAI DALL-E 3 and Sora 2, Google Imagen. Platforms: LinkedIn and TikTok show "CR" Content Credentials badges, Meta applies "Made with AI" labels, and Cloudflare preserves C2PA through image transforms. The Steering Committee includes Adobe, Arm, BBC, Intel, Microsoft, Truepic, OpenAI, Google, and Sony.
The incident behind this
Pentagon-explosion AI image, 22 May 2023. The S&P 500 fell roughly 0.3% intraday before correction. Sources: Bloomberg, CNN Business, Arlington County Fire Department joint denial.
Implementation
# Verify a C2PA manifest with the open verifier (no API key, runs offline) c2patool signed-image.jpg --verify # Sign with the Original Pictures API: manifest + watermark + anchor in one POST curl -X POST https://api.originalpictures.com/v1/sign \ -H "Authorization: Bearer $OP_API_KEY" \ -F "[email protected]" \ -F "producer=Acme Newsroom" \ -F "identity_assertion=cawg.x509.cose" \ -F "watermark=trustmark" \ -F "anchor=opentimestamps"
Regulatory mapping
| Regime | Effective | Bite | Why it applies |
|---|---|---|---|
| EU AI Act Art. 50(2) | 2 Aug 2026 | €15M or 3% turnover | Machine-readable marking of AI output |
| EU Code of Practice | 2nd draft, 5 Mar 2026 | Voluntary benchmark | Multi-layer marking expectation |
| CISA/NSA/FBI advisory | Jan 2025 | Procurement signal | Recommends C2PA adoption |
FAQ
Does C2PA survive a screenshot?
No. The SHA-256 hard binding breaks the moment bytes change, by design, because that proves tampering. The soft-binding watermark and the OpenTimestamps anchor survive. A verifier that recovers the watermark payload can call the resolver and walk the proof back to the anchor.
Can I add C2PA to images I did not create?
Yes. This is co-signing. The original manifest, if present, is preserved as a c2pa.ingredient and your new manifest is appended. Newsrooms use this to sign wire photos that arrived with camera-native C2PA.
What happens when the signing certificate expires?
If the manifest carries an RFC 3161 sigTst2 timestamp from a trusted authority, the signature stays verifiable indefinitely. The timestamp proves validity at signing time regardless of later expiry or revocation.
Where Original Pictures stands today
Original Pictures ships three things today: a Sign API, a Verify API, and the SDKs that wrap them. One POST /v1/sign attaches a C2PA-format manifest, an invisible TrustMark watermark, and an OpenTimestamps anchor. The open-source verifier checks any of it without calling us.
Two things are on the near roadmap, and we name them as roadmap, not as shipped: C2PA Conformance Program recognition (target Q3 2026, until then our manifests use the published C2PA v2.2 format and any C2PA-aware validator can read them, but third-party validators will show our signer as not-yet-listed), and a consumer capture app (Q3 2026). We do not sell a capture SDK, and we do not claim Trust-List membership we do not yet hold.
Bottom line: C2PA is the open standard for content provenance, not a watermark, not a detector, but a signed declaration of origin that, combined with a watermark and a timestamp, creates a chain any downstream user can test without trusting intermediaries.
Related
Original Pictures is progressing through the C2PA Conformance Program; our signing certificate is not yet on the official C2PA Trust List. Target: Q3 2026. We will not describe ourselves as "C2PA-certified" until it is true.
Original Pictures provides content-provenance infrastructure. It does not by itself constitute legal compliance with the EU AI Act or any other regime; compliance depends on how you deploy it, your disclosures, and your governance. Figures are drawn from public reporting, verify against primary sources before citing in regulated materials. Nothing here is legal advice.
Last verified 2026-05-25. Author: Mahdi Kazempour, Founder, Original Pictures.