what is C2PA?
C2PA is an open standard for attaching cryptographically signed origin and edit history to digital media as tamper-evident ’Content Credentials.’
C2PA is a specification. it defines a manifest format: a JSON-LD bundle of “assertions” about who captured or generated a file, what edits happened, and which tools touched it. the manifest is signed by an X.509 certificate chain and either embedded in the file (JPEG, MP4, PDF, etc.) or stored alongside it. anyone with a verifier can read the manifest and confirm the signatures match.
the coalition formed in 2021 by Adobe, Microsoft, the BBC, Intel, Truepic, and Arm, merging the Content Authenticity Initiative and Project Origin. membership now includes Google, OpenAI, Meta, Sony, Nikon, Leica, and Canon. the spec has moved past v2.1; version 2.3 landed in late 2025.
a C2PA manifest records a verifiable chain of who said what about a file. it can declare “AI-generated by DALL-E 3” as readily as “captured on a Leica M11 at this GPS coordinate.”
three practical limits matter:
Content Credentials are opt-in metadata. the absence of a manifest means nothing; only its presence is informative. most images on the open web carry no manifest.
most social platforms strip or re-encode uploads, which destroys embedded manifests. Meta began preserving C2PA on Facebook / Instagram / Threads in early 2024 for some uploads, but coverage is partial; X, TikTok, and Reddit generally don't. a clip that was signed at capture often arrives on a user's phone as a bare MP4 with no provenance left to read.
a C2PA manifest proves signed claims, not truth. a bad actor with a valid certificate can sign a lie; what they can't do is alter the manifest without breaking the signature. that's the actual security property.
C2PA proves a specific signer made specific claims about the file. the credential might say “generated by Midjourney” and that's still a valid C2PA manifest. treat it as a chain of custody, not a truth verdict.
questions
what is C2PA?
C2PA is an open standard for attaching cryptographically signed origin and edit history to digital media as tamper-evident Content Credentials. it defines a manifest format: a signed bundle of assertions about who captured or generated a file, what edits happened, and which tools touched it. it is a specification backed by Adobe, Microsoft, Google, OpenAI, Sony, and major camera makers. the spec reached version 2.3 by late 2025.
does C2PA prove an image is real?
a C2PA manifest proves signed claims. it confirms a specific signer made specific claims about a file. the credential might say ‘generated by Midjourney’ as readily as ‘captured on a Leica M11.’ treat it as a chain of custody; it does not establish whether the underlying content is real.
is C2PA the same as a watermark?
C2PA verifies who claimed what through signed metadata attached to the file. invisible watermarks like SynthID embed a signal in the pixels themselves. the two complement each other: C2PA metadata gets stripped on re-encoding, while pixel watermarks survive that step somewhat better.
why do most images have no C2PA data?
Content Credentials are opt-in, and most social platforms re-encode uploads, which destroys embedded manifests. Meta reads C2PA to label AI content on Facebook and Instagram, but Instagram still strips the manifest on upload, and X, TikTok, and Reddit do the same. a clip signed at capture often lands on a phone as a bare MP4 with no provenance left. absence of a manifest means nothing; only its presence informs you.
sources.
- 01
- 02Content Authenticity Initiative — membership listAdobe, Microsoft, Google, OpenAI, Sony, Nikon, Leica, Canon, BBC, Intel, Truepic, Arm.
- 03Leibowicz et al., Manipulating Images Beyond the Bounds of C2PA (arXiv:2401.09239)Adversarial robustness analysis of C2PA in practice.
- AI watermarking →the umbrella term. C2PA is the cryptographic-provenance half; SynthID-style invisible signals are the other half.
- SynthID →the invisible-watermark approach. C2PA verifies who claimed what; SynthID embeds a signal in the pixels themselves.
- model attribution →the fingerprinting approach used when no provenance metadata is available, which is most of the time.