Original Pictures
C2PA training opt-out assertion on an image

AI Training Opt-Out: the C2PA training_mining Assertion Explained

Definition: An AI training opt-out is a C2PA assertion, c2pa.training_mining with use: notAllowed, embedded in a signed manifest to signal that the creator does not permit the content to be used for AI training or data mining.

TL;DR: The assertion is a machine-readable do-not-train signal that compliant scrapers can honor before content leaves a platform. It is a declaration, not an enforcement mechanism, and it pairs with the EU AI Act's training-data transparency duties.

What the assertion declares

Embedding c2pa.training_mining with use: notAllowed in a signed manifest states the creator's intent in a form software can read. Because it sits inside a signed manifest, the declaration is tamper-evident and travels with the asset, unlike a robots.txt rule that lives only on a server.

What it does and does not do

It signals; it does not enforce. A scraper that ignores it can still ingest the content, just as one can ignore robots.txt. Its value is establishing a clear, signed record of the creator's choice, which matters for the EU AI Act's training-data transparency expectations and for any future licensing or dispute.

Where it fits the opt-out movement

The Getty v. Stability AI dispute and the broader artists' opt-out push created demand for a portable, verifiable do-not-train signal. The C2PA assertion is that signal in standard form: sign once at publish, and the intent rides with every copy that preserves the manifest.

The incident behind this

Getty Images sued Stability AI in 2023 over training on its catalog, crystallizing the demand for a machine-readable opt-out that travels with the content rather than living on a single server.

Regulatory mapping

RegimeEffectiveBiteWhy it applies
EU AI Act Art. 53PhasedTransparency dutyTraining-data transparency

FAQ

Does the assertion legally block training?

It records intent in a verifiable way. Enforcement depends on scrapers honoring it and on law; it is a strong signal, not a technical lock.

Where Original Pictures stands today

Original Pictures ships three things today: a Sign API, a Verify API, and the SDKs that wrap them. One POST /v1/sign attaches a C2PA-format manifest, an invisible TrustMark watermark, and an OpenTimestamps anchor. The open-source verifier checks any of it without calling us.

Two things are on the near roadmap, and we name them as roadmap, not as shipped: C2PA Conformance Program recognition (target Q3 2026, until then our manifests use the published C2PA v2.2 format and any C2PA-aware validator can read them, but third-party validators will show our signer as not-yet-listed), and a consumer capture app (Q3 2026). We do not sell a capture SDK, and we do not claim Trust-List membership we do not yet hold.

Bottom line: Sign content with the training_mining opt-out to leave a portable, tamper-evident do-not-train signal that compliant scrapers can honor and that supports training-data transparency duties.

Related


Original Pictures is progressing through the C2PA Conformance Program; our signing certificate is not yet on the official C2PA Trust List. Target: Q3 2026. We will not describe ourselves as "C2PA-certified" until it is true.

Original Pictures provides content-provenance infrastructure. It does not by itself constitute legal compliance with the EU AI Act or any other regime; compliance depends on how you deploy it, your disclosures, and your governance. Figures are drawn from public reporting, verify against primary sources before citing in regulated materials. Nothing here is legal advice.

Last verified 2026-05-25. Author: Mahdi Kazempour, Founder, Original Pictures.