Skip to content
ProductPolishProductPolish
Sign up
Glossary

C2PA (Coalition for Content Provenance and Authenticity)

C2PA is an open standard for cryptographic provenance metadata on digital content — primarily images, video and audio. A C2PA-tagged image carries invisible, signed metadata that discloses who produced it, when, with which tool, and whether AI was involved. The information is machine-readable (browsers, marketplaces, search engines can read it) but not visible to the human viewer in normal display.

Who is behind the standard

C2PA is a cross-vendor initiative backed by the biggest tech companies:

  • Adobe (founding driver, ships C2PA in Photoshop, Lightroom, Firefly)
  • Microsoft (Windows, Bing Image Creator, Microsoft Designer)
  • Google (YouTube, Pixel Camera, Google Images)
  • OpenAI (ChatGPT/DALL-E images since early 2024)
  • Sony (professional cameras with C2PA capture)
  • BBC (news provenance)
  • Truepic, Leica, Nikon, Canon, Stability AI and many more

The list covers practically every relevant source — from professional cameras to major AI image generators. That makes C2PA the de-facto industry standard.

How C2PA works technically

C2PA signatures are cryptographic and tamper-evident: every edit to the image (crop, recolour, resize) is logged in the "Content Credentials" history. Browsers can display this history — Adobe's Content Authenticity Initiative ships the reader tools.

A C2PA-signed image contains:

  • Creation source (camera, AI tool, editing programme)
  • Timestamp
  • List of all edits (with tool + date)
  • Identity of the signer (can be pseudonymous)
  • AI-generation flag (always set when output comes from an AI tool)

The signature is asymmetric (public-key cryptography) and not forgeable without the original tool's private key.

Relevance: EU AI Act Article 50

The EU AI Act requires from August 2026 that providers of generative AI mark their output "in a machine-readable format" and make it recognisable as AI-produced (Article 50(2)). C2PA is the most likely standard for fulfilling this obligation — it's built for exactly this case.

For e-commerce:

  • If you generate AI images (DALL-E, Midjourney, Stable Diffusion, etc.): the tools will set C2PA tags automatically from 2026. You don't have to do anything.
  • If you publish AI images (e.g. as product imagery): most platforms will read the C2PA tags and display an "AI-generated" label.
  • If you strip C2PA metadata: legally problematic — potentially violates transparency obligations.

C2PA + marketplaces

Amazon is a member of the C2PA Steering Group and is expected to be the first major marketplace with a C2PA reader. As of May 2026 it's not visible in the UI yet, but the roadmap is announced.

Expected effects:

  • Listings with AI imagery get a UI label (e.g. "AI-generated visual")
  • Shoppers can filter "Real photos" / "Studio photos" / "AI visualisations"
  • Product authenticity disputes can be traced via the C2PA history

How to prepare your shop

  1. Preserve C2PA metadata on upload — many image optimisers (TinyPNG, etc.) strip metadata by default. Check the "preserve metadata" option.
  2. Document internally: which images are AI, which are studio, which are lifestyle. Matters for disputes.
  3. Update your privacy policy / imprint with a note on AI-generated content (see EU AI Act §50).
  4. Watch for platform updates — Amazon, Etsy, Shopify are expected to roll out C2PA readers by end of 2026.

Common mistakes

  • Stripping metadata during image editing — potentially violates transparency obligations from August 2026.
  • Passing off an AI image as a studio photo — if provable, can be classified as misleading advertising under EU consumer law.
  • Confusing C2PA with watermarks — C2PA is invisible metadata, not a visual watermark.

Related terms

  • Main Image — AI main images are expected to be labelled from 2026
  • E-E-A-T — trust signal via image provenance
  • UWG — misleading advertising with AI images