As AI-generated and edited media become harder to distinguish by eye, C2PA Content Credentials offer a different approach: instead of guessing whether something is real, they record a signed, tamper-evident history of where a file came from and how it was changed. This interactive explainer breaks the standard down into plain language.
How it works
C2PA — the Coalition for Content Provenance and Authenticity — defines a “manifest” that travels with an image or video. The manifest holds “assertions”: verifiable statements such as the capture device, the editing software, the date, and whether AI was involved. The whole manifest is cryptographically signed, so any later change to the pixels breaks the signature and becomes detectable.
The explainer walks through six topics you can expand in any order: what C2PA is, what a manifest stores, how it is embedded in a file, how to verify it, what its limitations are, and which creation, platform, and verification tools support it today.
What a C2PA manifest actually records
A manifest is not a single field — it is a structured collection of assertions, each covering a different claim about the file’s history. Common assertions include:
- Capture method. Whether the file was captured by a camera, generated entirely by an AI model, or created from a combination of source material and AI editing.
- Software and tools. Which applications were used to edit or process the file, with the software name and version.
- Actions. A log of editing actions — for example, that a crop was applied, a generative AI fill was used, or colour grading was applied — in order.
- Digital source type. A structured label classifying the image as, for example, a photograph, a composite, or AI-generated content.
- Signer identity. The certificate used to sign the manifest, which traces back to a trust anchor (often a camera manufacturer, a platform, or a publisher identity).
The manifest is embedded directly in the file’s metadata using format-specific containers — for JPEG it goes in an APP11 marker, for PNG in a dedicated chunk, and so on. Because it is inside the file, it survives download and re-upload — unless the file is re-encoded or screenshotted, which strips the metadata.
How to verify a file
The most accessible verification path for most users is the online inspector at contentcredentials.org/verify. Upload the file and the inspector:
- Extracts the manifest from the file’s metadata.
- Verifies the cryptographic signature on the manifest against the signer’s certificate.
- Checks the certificate against the C2PA trust list.
- Displays the recorded assertions: who signed it, what tools were used, and any AI involvement that was declared.
Several platforms (including Adobe products and certain camera firmware) have begun embedding credentials at capture or export time. The inspector lets you see those claims and judge their credibility.
The limits you need to understand
No manifest is not proof of fakery. The vast majority of images on the internet today carry no C2PA manifest — they predate the standard or come from tools that do not yet support it. An absent manifest is simply the absence of provenance information, not evidence that a file is manipulated.
A valid signature does not mean the claims are true. The cryptographic signature proves the file has not changed since it was signed. It does not prove the signer was honest. A deepfake video deliberately signed as AI-generated would pass verification with flying colours. Trust depends entirely on the identity of the signer and the policies of the trust list they are on.
Screenshot and re-encode strip credentials. Any workflow that decodes and re-encodes the image — a screenshot, a social media platform’s processing pipeline, or a format conversion — typically discards the embedded manifest. Soft-binding (a perceptual hash stored in a cloud lookup service) can sometimes recover credentials after transcoding, but support is not universal.
Used correctly, Content Credentials are a useful provenance signal for images and videos from credentialed sources — particularly useful when a known publisher, camera maker, or platform has signed the content. They are not a general-purpose lie detector for unknown media.