C2PA
What is C2PA?
C2PACoalition for Content Provenance and Authenticity: an open standard for cryptographically signed metadata that records how digital media was created and edited.
C2PA is a technical standard developed by the Coalition for Content Provenance and Authenticity, founded by Adobe, Microsoft, BBC, Intel, and others, and aligned with the Content Authenticity Initiative. It defines tamper-evident "content credentials" attached to images, video, audio, and increasingly to AI-generated assets. Each manifest contains assertions about creator identity, capture device, generative model used, and any edits, signed with X.509 certificates from a trust list of issuing authorities. Verifiers can later detect whether content has been altered or whether claims are inconsistent. C2PA is being adopted by camera manufacturers (Sony, Nikon, Leica), AI generators (Adobe Firefly, OpenAI, Google), and news organisations, and it underpins regulatory frameworks for AI labelling such as the EU AI Act transparency rules.
● Examples
- 01
An OpenAI image carries a C2PA manifest stating it was generated by DALL-E and signed by OpenAI.
- 02
A news photo from a Sony camera carries an unbroken C2PA chain from capture to publication.
● Frequently asked questions
What is C2PA?
Coalition for Content Provenance and Authenticity: an open standard for cryptographically signed metadata that records how digital media was created and edited. It belongs to the AI & ML Security category of cybersecurity.
What does C2PA mean?
Coalition for Content Provenance and Authenticity: an open standard for cryptographically signed metadata that records how digital media was created and edited.
How does C2PA work?
C2PA is a technical standard developed by the Coalition for Content Provenance and Authenticity, founded by Adobe, Microsoft, BBC, Intel, and others, and aligned with the Content Authenticity Initiative. It defines tamper-evident "content credentials" attached to images, video, audio, and increasingly to AI-generated assets. Each manifest contains assertions about creator identity, capture device, generative model used, and any edits, signed with X.509 certificates from a trust list of issuing authorities. Verifiers can later detect whether content has been altered or whether claims are inconsistent. C2PA is being adopted by camera manufacturers (Sony, Nikon, Leica), AI generators (Adobe Firefly, OpenAI, Google), and news organisations, and it underpins regulatory frameworks for AI labelling such as the EU AI Act transparency rules.
How do you defend against C2PA?
Defences for C2PA typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for C2PA?
Common alternative names include: Content Credentials, C2PA manifest.
● Related terms
- ai-security№ 297
Deepfake
Synthetic audio, image, or video media generated by AI to convincingly depict a real person saying or doing something they did not.
- cryptography№ 321
Digital Signature
A public-key cryptographic mechanism that proves the authenticity, integrity and non-repudiation of a message or document.
● See also
- № 031AI Model Card