Last reviewed
May 24, 2026
Sources
No citations yet
Review status
Needs citations
Revision
v1 ยท 4,303 words
Add missing citations, update stale details, or suggest a clearer explanation.
The Coalition for Content Provenance and Authenticity (C2PA) is an open technical standards body that develops Content Credentials, a cryptographically signed metadata format for tracking the provenance and edit history of digital media including images, video, audio, and documents.[1] The coalition was founded in February 2021 as a Joint Development Foundation project hosted by the Linux Foundation, with six initial members: Adobe, Arm, the BBC, Intel, Microsoft, and Truepic.[2] C2PA merged two predecessor efforts, the Adobe-led Content Authenticity Initiative (CAI) launched in November 2019 and the Microsoft- and BBC-led Project Origin formed in 2020, unifying their work into a single technical specification published as version 1.0 on 26 January 2022.[3] By 2024 to 2026 the standard had been adopted by OpenAI for DALL-E 3 and Sora, by Google alongside SynthID, by Microsoft Copilot and Bing Image Creator, by Adobe Firefly and Photoshop, by camera manufacturers including Leica, Sony, Nikon, and Canon, and by social platforms Meta, TikTok, and X.[4] C2PA is on a fast track to become international standard ISO/IEC 22144, "Authenticity of information, Content credentials," and is named by example in the European Commission's Code of Practice for EU AI Act Article 50 transparency requirements.[5]
Adobe announced the Content Authenticity Initiative (CAI) at the Adobe MAX conference on 4 November 2019, jointly with The New York Times Company and Twitter.[6] The stated goal was an "industry standard for digital content attribution" that would let creators sign images at the point of capture or editing, give consumers tools to inspect that signature, and provide a counter to the rising volume of deepfake and synthetic media.[6] CAI's first phase concentrated on opt-in metadata for still images, with Adobe contributing engineering work and the partner publications contributing newsroom requirements. By 2020 CAI had published a draft white paper describing a manifest, a claim, and a signing key, the conceptual ancestors of the later C2PA data model.[7]
CAI was an open initiative rather than a formal standards body. Membership grew through 2020 to include Arm, Microsoft, BBC, Truepic, Qualcomm, and dozens of news organizations and camera makers.[7] Adobe positioned CAI as the "promotion and adoption" arm of an ecosystem whose technical specification would later be hosted elsewhere.[7]
In parallel, the BBC, CBC/Radio-Canada, Microsoft, and The New York Times announced Project Origin in 2020.[8] Origin was a smaller and more journalism-focused effort, aimed at attaching tamper-evident provenance signals to news content as it moved through publishing, encoding, syndication, and social distribution.[8] Microsoft Research and BBC R&D contributed prototypes for chaining cryptographic signatures across transcoding steps, with the goal of preserving a verifiable lineage from camera to viewer.[8]
Although the two efforts were independently announced, they overlapped in membership (Microsoft, BBC, and Adobe staff participated in both) and in objective. By late 2020 the participants had agreed that a single set of technical specifications would be more useful than two competing ones, and that the work belonged in a neutral standards forum.[2]
On 22 February 2021, Adobe, Arm, BBC, Intel, Microsoft, and Truepic announced the Coalition for Content Provenance and Authenticity as a Joint Development Foundation project under the Linux Foundation umbrella.[2] The press release described C2PA as a unification of the CAI and Project Origin technical work under one organization while CAI and Origin continued their respective adoption and outreach activities.[2] Andrew Jenks, Director of Media Provenance at Microsoft, was named executive chair, and Leonard Rosenthol, Senior Principal Scientist at Adobe, was named chair of the technical working group.[9]
The coalition operates under the Joint Development Foundation, an organization that the Linux Foundation acquired in 2019 specifically to host industry standards consortia outside the typical open-source-license framework.[10] This structure allowed C2PA to publish royalty-free technical specifications, run a conformance program, and accept new members without negotiating bespoke incorporation paperwork.[10]
C2PA released its draft specification in September 2021 for public review, and the final version 1.0 on 26 January 2022.[1] Subsequent revisions added support for additional file formats, refined the soft-binding mechanism, expanded the certificate policy, and introduced cloud-signed manifest workflows. Version 2.1 was published 20 September 2024, version 2.2 on 1 May 2025, and version 2.4 followed in late 2025.[11] Each release is published as both an HTML specification and a versioned PDF at spec.c2pa.org under a royalty-free patent and copyright grant.[11]
A C2PA-protected asset carries one or more manifests in an embedded metadata block. Each manifest contains three required components:[12]
Assertions are encoded primarily in CBOR (Concise Binary Object Representation) or JSON, with some types using JSON-LD for linked-data semantics.[12] The full manifest is wrapped in a JUMBF (JPEG Universal Metadata Box Format) container, the ISO/IEC 19566-5 standard for embedding boxes of metadata inside JPEG and related file formats.[13] JUMBF lets the same manifest layout sit inside JPEG, PNG, MP4, WAV, PDF, WebP, AVIF, HEIC, and other carrier formats without re-encoding the underlying media.[13]
The specification defines two ways for a manifest to "bind" to the bytes it describes.[12]
A hard binding uses a cryptographic hash, typically SHA-256, of the asset's pixel or sample data. If a single bit of the bound region changes, the hash no longer matches and validators flag the manifest as tampered. Hard bindings provide strong tamper evidence but are brittle: any recompression, resize, format conversion, or editor save that does not produce a fresh manifest invalidates the binding.[14]
A soft binding uses a perceptual hash or an invisible watermark that is designed to survive minor transformations. The C2PA specification documents soft bindings as an option for use cases where strict bit-identity cannot be guaranteed, such as social-media republishing.[14] The specification notes that perceptual hashes are not cryptographically secure and can in principle be inverted or collided by an adversary, so soft bindings supplement rather than replace cryptographic guarantees.[14] Soft-binding watermark implementations such as Google's SynthID and Digimarc-based schemes are referenced as compatible technologies.[15]
C2PA inherits the X.509 public-key infrastructure used for web TLS.[16] A signing certificate must chain back to a root certification authority on the C2PA Trust List, a curated registry maintained by the coalition under a certificate policy that specifies issuance requirements, audit obligations, and revocation procedures.[16] Generator products that wish to sign manifests apply to a listed CA (for example, DigiCert, GlobalSign, or Truepic's purpose-built CA) and undergo conformance evaluation before receiving an end-entity certificate.[16] Validator products consult the trust list to decide whether an inbound certificate is trustworthy, and they record the result as a validation status on the manifest.[16]
The certificate policy distinguishes between "hardware" and "software" trust anchors, with stronger requirements (typically a secure element or trusted execution environment) for the former. The Leica M11-P's secure chipset is an example of a hardware-rooted signer.[17]
The model lets validators describe their trust decision in fine-grained terms. A validator might report that a manifest was signed by a known generator product whose CA is on the trust list (full trust), signed by an unknown CA (untrusted but well-formed), or unsigned (informational only). The C2PA Verify reference implementation and Truepic's open-source verifier follow this graduated reporting model, and the same pattern is reflected in the Adobe Content Authenticity inspector available at contentcredentials.org/verify.[16]
C2PA runs a conformance program that evaluates "generator products" (anything that creates or modifies signed assets) and "validator products" (anything that reads and verifies them).[16] Products that pass conformance testing are eligible to receive signing certificates from trust-list CAs and to display the official Content Credentials "CR" icon. The program publishes interoperability test vectors and a conformance specification alongside each numbered release of the technical specification, so that an implementation built against version 2.2 can be evaluated against the same fixtures used by other vendors.[16]
C2PA does not replace older metadata standards. The model is designed to interoperate with EXIF (camera metadata), IPTC PhotoMetadata (caption, copyright, rights), and XMP (Adobe's extensible metadata platform).[18] An assertion can wrap and sign existing EXIF or IPTC fields, lifting them from advisory metadata into cryptographically attested statements.[18] This makes C2PA additive: an image can keep its conventional caption and copyright fields while also carrying a signed manifest that proves who wrote them.
The Leica M11-P, released on 26 October 2023, was the first camera with native C2PA Content Credentials built into the firmware.[17] Each shutter press computes a SHA-256 hash of the JPEG/DNG output and signs it with a private key stored in a dedicated secure chipset, producing a manifest that asserts camera model, firmware version, capture timestamp, and (optionally) photographer identity.[17] Verification is available via the contentcredentials.org/verify website or the Leica FOTOS mobile app.[17]
Sony rolled out Content Credentials firmware for the Alpha 1, Alpha 7S III, and Alpha 9 III through 2024, and expanded to a video-capable workflow in October 2025 with support for Alpha 1 II and additional Alpha bodies as the first cameras with C2PA-signed video output aimed at newsrooms.[19] Nikon announced at Adobe MAX 2024 (14 October 2024) that the Z6 III would receive a C2PA firmware update for accredited news agencies in mid-2025.[20] Canon announced a Content Credentials firmware program for select EOS bodies on a similar timeline.[21]
For mobile and consumer capture, Truepic maintains the Truepic Lens SDK, a camera framework that generates C2PA-signed photos and videos directly from iOS and Android applications, used by insurance, supply-chain, and citizen-journalism workflows.[21]
Adobe shipped a beta Content Credentials integration in Photoshop in 2021, expanded it through Photoshop 24 and 25, and rolled out unified Content Credentials across Photoshop, Lightroom, Firefly, Premiere Pro, and Adobe Express during 2023 and 2024.[22] At Adobe MAX 2023 (October 2023) the company introduced a standardized "CR" Content Credentials icon and announced that any Firefly-generated image would automatically carry a manifest identifying it as AI-generated.[23] In October 2024 Adobe launched a free, standalone Adobe Content Authenticity web app that allows creators to attach Content Credentials to arbitrary files outside the Creative Cloud apps.[24]
OpenAI began embedding C2PA manifests in images produced by DALL-E 3 on 6 February 2024, both for images generated through ChatGPT and for images returned by the OpenAI API.[25] The manifest identifies the asset as AI-generated by OpenAI and includes a creation timestamp.[25] OpenAI noted at the time that adding the manifest adds roughly 3 to 5 percent to file size for API images and around 32 percent for ChatGPT outputs (which include a larger thumbnail assertion), and acknowledged that "metadata like C2PA is not a silver bullet" because most social platforms strip it on upload.[25]
On 7 May 2024 OpenAI joined the C2PA Steering Committee, alongside Adobe, BBC, Intel, Microsoft, Google, Publicis Groupe, Sony, and Truepic.[26] In the same announcement OpenAI committed to attaching Content Credentials to videos generated by Sora when the model became publicly available, a commitment honored when Sora launched broadly in late 2024.[26] Sora 2 continues to carry C2PA manifests on its video outputs.[26]
Google joined the C2PA Steering Committee on 8 February 2024, with a commitment to incorporate Content Credentials into its products and to align them with SynthID, DeepMind's invisible watermarking system for text, image, audio, and video.[27] Google described the combination as complementary: C2PA provides cryptographically signed metadata that proves origin, while SynthID embeds a watermark in the signal itself that can survive metadata stripping.[27] By 2025 Google's Imagen and Veo models produced outputs that carried both a SynthID watermark and a C2PA manifest, and Google Search began surfacing a Content Credentials badge for verified images.[27]
Microsoft applies Content Credentials to images and videos generated by Copilot, Bing Image Creator, Bing Video Creator, and Microsoft Designer.[28] Each AI-generated asset carries a manifest identifying the model and service, and visible "CR" pins or text labels appear in the respective surfaces.[28] Microsoft also embeds Content Credentials in AI imagery produced inside Microsoft 365 Copilot for documents and presentations.[28]
On 6 February 2024 Meta announced labels for AI-generated images on Facebook, Instagram, and Threads, with detection driven by C2PA and IPTC metadata indicators from Adobe, OpenAI, Google, Microsoft, Midjourney, and Shutterstock.[29] Meta added "Made with AI" or "AI Info" tags below detected uploads, expanded the system to additional surfaces during 2024, and joined the C2PA Steering Committee on 5 September 2024.[30]
TikTok announced on 9 May 2024 that it would auto-label AI-generated images and videos uploaded with C2PA Content Credentials, becoming the first major video-sharing platform to read C2PA at scale.[31] The company committed to attaching Content Credentials to AI content created within TikTok itself "over the coming months," a workflow that rolled out across 2024 and into 2025.[31] By 2025 TikTok reported having labeled more than a billion videos using the combination of Content Credentials, invisible watermarks, and platform-side classifiers.[32]
Twitter, which joined C2PA in May 2021 under its previous ownership, has had a more complicated trajectory under its rebrand as X. X re-encodes most uploaded images, which strips C2PA manifests as a side effect of compression.[33] X has not publicly committed to preserving Content Credentials on upload as of 2026, although the verification site contentcredentials.org/verify can still inspect any image whose manifest survives.[33]
Newsroom adoption has lagged platform adoption. The BBC, The New York Times, Reuters, the Associated Press, CBC/Radio-Canada, The Washington Post, and Agence France-Presse all participate in CAI or C2PA, and several have run pilots in which wire photographs were signed at capture, preserved through the editorial pipeline, and surfaced with a verification badge to readers.[7] Industry trackers reported in early 2026 that fewer than 1 percent of news images globally carried a C2PA manifest at the time of publication, though pilot programs at major agencies were expanding.[4]
The IPTC Media Provenance Summit, co-hosted with Reuters in Toronto in early 2026, brought together photo editors, agency engineers, and platform representatives to coordinate practical newsroom workflows around C2PA. Speakers framed newsroom adoption as the "spiritual core" of the standard, on the grounds that journalism is the use case in which provenance is most easily contested and most consequential when contested.[4] Operational obstacles raised at the summit included the cost of training photographers on signed capture, the unavailability of C2PA-aware fields in legacy digital asset management systems, and the lack of preserved-on-upload behavior at major social platforms (which negates the value of signing for content distributed virally).[4]
C2PA maintains an open-source tooling stack under the Content Authenticity Initiative's GitHub organization. The Rust-based c2pa-rs library is the reference implementation that underpins most production verifiers and signers, with language bindings for JavaScript, Python, C/C++, iOS, and Android.[21] The c2patool command-line utility, also published under CAI, allows developers to inspect, sign, and validate manifests from a terminal.[21] These libraries are dual-licensed under MIT/Apache 2.0 and have been used by Truepic, Adobe, Microsoft, OpenAI, and many newsroom integrators as the basis for their pipelines.[21]
C2PA submitted its specification to ISO/IEC JTC 1 for fast-track international standardization in 2024, where it is being processed as ISO/IEC 22144, "Authenticity of information, Content credentials."[5] The draft, based on C2PA version 2.1, advanced to Committee Draft (CD) stage in 2024 and was approved for circulation as a Draft International Standard (DIS) on 28 October 2024.[5] Once approved, the JPEG specification's second edition is expected to align directly with ISO/IEC 22144 for embedded content credentials.[34]
The EU AI Act entered into force in August 2024. Article 50 requires that providers of generative AI systems mark their outputs in a machine-readable format and that those outputs be detectable as artificially generated or manipulated.[35] The provision enters full applicability on 2 August 2026, with maximum penalties of EUR 15 million or 3 percent of global annual turnover for non-compliance.[35]
The Act itself does not name a specific technical standard, but the European Commission's draft Code of Practice on Transparency cites C2PA Content Credentials by example as one of the principal mechanisms by which providers can satisfy Article 50.[36] The Code envisions a "multi-layer marking" approach in which a cryptographic provenance manifest (the C2PA layer) is combined with an imperceptible watermark (such as SynthID) that can survive metadata stripping.[36]
The US Executive Order on AI (Executive Order 14110), issued by President Biden on 30 October 2023, directed the Department of Commerce, through NIST, to develop guidance for content authentication and watermarking of AI-generated material.[37] NIST published NIST AI 100-4, "Reducing Risks Posed by Synthetic Content," in 2024, naming provenance data tracking (digital signatures, watermarks, metadata) and synthetic content detection as the two principal state-of-the-art approaches.[38] C2PA was the leading example of a provenance-tracking mechanism cited in the technical literature reviewed by NIST.[38]
China's deep-synthesis regulations, in force since January 2023, mandate marking of AI-generated content but specify a Chinese national standard rather than C2PA.[7] In the United Kingdom, the BBC and Ofcom have endorsed C2PA in policy submissions on AI transparency, although no statutory mandate is in force as of 2026.[7]
The most-discussed weakness of C2PA is that most social media platforms recompress uploaded images and discard the JUMBF metadata box in the process.[33] Instagram, Facebook, X, LinkedIn, and (historically) TikTok have all been documented stripping or rewriting metadata, with the practical effect that a verified image loses its provenance the moment it crosses a platform boundary.[33] OpenAI itself flagged this limitation in the February 2024 DALL-E 3 announcement.[25] The C2PA response, via soft bindings and watermark interoperability (notably with SynthID), aims to preserve at least the AI-generated signal even when the cryptographic manifest is gone, but the soft-binding path provides weaker guarantees than the hard-binding cryptographic chain.[15]
The Center for Democracy and Technology, the World Privacy Forum, and various researchers have noted that a valid C2PA manifest proves the asset's history (who signed it, when, with what tools), not the truth of what the asset depicts.[39] A manipulated or staged image can carry a cryptographically valid manifest if it passes through a signed pipeline, and viewers who confuse "Content Credentials present" with "image is accurate" may be misled by an apparently authoritative badge.[39]
Embedding creator identity assertions in published media can expose journalists, activists, and whistleblowers to doxing and retaliation. C2PA's specification accommodates redaction and anonymous signing, but the default workflows in most generator products attach producer identity by default.[40] The World Privacy Forum's 2023 technical analysis recommended that C2PA tooling default to minimal personal-data disclosure and that user interfaces clearly flag what identity information will be attached.[40]
Signing certificates from C2PA-listed certificate authorities cost approximately USD 289 per year as of 2025, with no free tier that is generally available.[33] Researchers and civil-society commentators have argued that this cost creates an accessibility gap for independent creators, small newsrooms, and citizen journalists, even as the largest platforms and AI labs adopt the standard at scale.[33]
A manifest records the edits applied by C2PA-aware tools, but most existing image and video editors do not yet emit C2PA assertions. An asset that passes through a non-C2PA editor between two signed steps has a gap in its provenance chain, and validators typically report this as "unknown intermediate edit" rather than a definitive tamper indicator.[14] Closing this gap requires either broader editor adoption or fallback verification via soft bindings.
C2PA sits within a small ecosystem of related provenance and authenticity standards.
SynthID, developed by Google DeepMind and first released in 2023, embeds an invisible watermark in pixels, audio samples, or text tokens. Where C2PA carries provenance as metadata, SynthID carries it as a signal in the asset itself, which lets it survive recompression and metadata stripping. The two are designed to be used together rather than as alternatives.[15]
The IPTC Photo Metadata Standard, maintained by the International Press Telecommunications Council, defines journalism-oriented metadata such as caption, byline, copyright, and rights-usage terms. IPTC has worked closely with C2PA to define how IPTC fields should be carried inside C2PA assertions, and IPTC has co-hosted media-provenance summits with the coalition.[18]
EXIF (Exchangeable Image File Format) and XMP (Adobe's Extensible Metadata Platform) are older metadata formats that C2PA does not replace; instead, a C2PA manifest can wrap and sign their fields to lift them into a cryptographically attested layer.[18]
Truepic maintains an enterprise transparency platform built on top of C2PA, providing signed-capture SDKs, signing-CA services, and verification dashboards aimed at insurance, supply-chain, and newsroom customers.[21]