C2PA Metadata
Also known as: Content Provenance, Content Credentials
Updated Jun 1, 2026
C2PA — the Coalition for Content Provenance and Authenticity — is a cross-industry technical standard for tracking where a piece of media came from and what was done to it after creation. Founded in 2021 by Adobe, Microsoft, Intel, Sony, BBC, Arm, and Truepic, it has since pulled in OpenAI, Google, Meta, and (in early 2026) Midjourney as adopting partners.
Technically, C2PA stores a chain of cryptographically signed assertions inside the image, video, or audio file itself. Each assertion records something verifiable: the device or model that generated the content, the timestamp, edits applied, and the signing identity. The chain is tamper-evident — flipping a pixel breaks the signature, and the verifier knows.
Who emits C2PA today
- OpenAI embeds C2PA Content Credentials in every DALL-E 3 and image output from ChatGPT.
- Adobe emits Content Credentials by default in Firefly, Photoshop's Generative Fill, and Premiere's generative tools.
- Microsoft includes them in Copilot Designer and Bing Image Creator output.
- Midjourney began emitting C2PA in v7 (early 2026) after several years of resisting the standard.
- Leica, Sony, Nikon, and Canon ship select cameras that sign capture-time C2PA assertions, useful for journalism authenticity claims.
How Instagram uses it
Meta's detection pipeline reads C2PA metadata on upload. When the signature matches an AI generator, the post auto-triggers the "Made with AI" label without any creator action. This is why a Reel produced in DALL-E or Firefly often shows the label even if the creator never opted in — the platform read the file metadata and made the call.
Where it falls apart
- Screenshotting strips it. Take a screenshot of a DALL-E image and the C2PA chain dies with the original file. This is why Meta also runs SynthID watermark detection on top.
- Re-encoding can break it. Heavy compression and format conversion can corrupt the signature, depending on the encoder.
- Adoption is uneven. Most open-source models (Stable Diffusion forks, local Flux, smaller video models) emit no C2PA at all.
For creators producing AI content for European audiences, C2PA emission is now a regulatory checklist item under EU AI Act Article 50, which mandates machine-readable provenance marking from August 2, 2026.
Example
A creator generates a product mockup in DALL-E 3 inside ChatGPT, downloads the PNG, and uploads it as part of an Instagram carousel. Without any creator action, Meta's pipeline reads the C2PA chain at upload, sees the OpenAI signing identity and "generated" assertion, and stamps the carousel with the "Made with AI" label. If the creator first opens the PNG in Photoshop and re-saves it, the Adobe C2PA layer is added on top — Meta still reads the chain and still applies the label. The only way to strip the signal is a screenshot or a hostile re-encode, both of which trigger SynthID detection as the backup.
Related terms
Compliance
AI Creator Label
Instagram's opt-in label (launched May 4, 2026) that marks an account as primarily AI-generated content. Auto-detection covers C2PA metadata, watermarks, and audio fingerprinting.
Compliance
SynthID
Google DeepMind's invisible pixel-level watermark embedded in AI-generated images and audio. Detectable by partners (Meta included) even after compression or screenshotting.
Compliance
EU AI Act Article 50
The EU AI Act provision requiring providers and deployers of AI systems that generate synthetic content to label outputs as artificially generated. In force August 2, 2026 — affects any creator reaching European audiences.
Read more