Original Pictures
A stripped image being matched back to its manifest by soft binding

What is Soft Binding? C2PA's Fallback When Manifests Are Stripped

Definition: Soft binding is a watermark or perceptual-hash recovery mechanism that locates a manifest by matching a degraded or transformed asset against a registered fingerprint, even after the hard-bound metadata has been removed.

TL;DR: Hard binding is the SHA-256 hash that breaks the instant a file changes. Soft binding is the resilient layer: a watermark or perceptual hash that survives re-encoding and lets a verifier recover the manifest pointer. The EU Code of Practice second draft names it as a required layer.

Why hard binding is not enough

The hard binding is a hash of the exact bytes. It is precise and unforgeable, and it shatters the moment a social platform re-encodes a JPEG or a user takes a screenshot. That fragility is a feature for tamper-evidence, but it means the manifest pointer is gone the moment the file is touched. Soft binding fills the gap.

Two ways to recover provenance

The first is an invisible watermark carrying a payload that points back to the manifest. Strip the metadata, decode the watermark, fetch the manifest. The second is a perceptual hash such as PDQ that fingerprints the visual content; a verifier hashes the degraded asset and matches it against a registry. Robust systems run both, because each fails differently under different attacks.

What the regulators expect

The EU Code of Practice second draft of 5 March 2026 describes layered marking: signed metadata, an imperceptible watermark, and fingerprint logging that recovers provenance when the first two are stripped. No single technique meets all four criteria, effective, interoperable, robust, reliable, which is why soft binding is treated as essential rather than optional.

The incident behind this

Social platforms routinely strip C2PA metadata on upload. This is documented behavior, not a bug. An image signed at a newsroom desk can reach a reader with no manifest unless soft binding recovers it from the surviving watermark.

Implementation

# Perceptual-hash style recovery (illustrative)
from originalpictures import verifier

result = verifier.recover('reuploaded.jpg')
if result.hard_binding_valid:
    print('manifest intact')
elif result.soft_binding_match:
    print('recovered via', result.soft_binding_method)  # 'trustmark' or 'pdq'
    print('manifest:', result.manifest_url)

FAQ

Is soft binding less secure than hard binding?

It answers a different question. Hard binding proves bytes are unchanged. Soft binding survives change to recover the pointer. Used together, a verifier can both recover a manifest and report whether the asset was altered.

Where Original Pictures stands today

Original Pictures ships three things today: a Sign API, a Verify API, and the SDKs that wrap them. One POST /v1/sign attaches a C2PA-format manifest, an invisible TrustMark watermark, and an OpenTimestamps anchor. The open-source verifier checks any of it without calling us.

Two things are on the near roadmap, and we name them as roadmap, not as shipped: C2PA Conformance Program recognition (target Q3 2026, until then our manifests use the published C2PA v2.2 format and any C2PA-aware validator can read them, but third-party validators will show our signer as not-yet-listed), and a consumer capture app (Q3 2026). We do not sell a capture SDK, and we do not claim Trust-List membership we do not yet hold.

Bottom line: Soft binding is the resilience layer of provenance. Pair the SHA-256 hard binding with a watermark and a perceptual hash so the manifest is recoverable even after a platform strips it.

Related


Original Pictures is progressing through the C2PA Conformance Program; our signing certificate is not yet on the official C2PA Trust List. Target: Q3 2026. We will not describe ourselves as "C2PA-certified" until it is true.

Original Pictures provides content-provenance infrastructure. It does not by itself constitute legal compliance with the EU AI Act or any other regime; compliance depends on how you deploy it, your disclosures, and your governance. Figures are drawn from public reporting, verify against primary sources before citing in regulated materials. Nothing here is legal advice.

Last verified 2026-05-25. Author: Mahdi Kazempour, Founder, Original Pictures.