C2PA — Coalition for Content Provenance and Authenticity
An industry standard that embeds provenance information for content (images, video, audio, PDF) as Content Credentials (the C2PA Manifest), with each capture / edit / AI-generation step pinned by a cryptographic signature.
Definition
C2PA stands for the Coalition for Content Provenance and Authenticity. Co-founded in 2021 by Adobe, Microsoft, BBC, Truepic, Intel, Sony, Arm, and others. The technical spec ships as Content Credentials.
Three-layer mechanism: (1) embed a Manifest (CBOR-encoded) into the content, (2) record Capture / Edit / AI Generation events as Assertions, (3) sign the chain endpoint with an X.509 certificate. Verifiers decode the Manifest and machine-confirm each Assertion's authenticity.
Adoption is accelerating in the AI-content space. When a generative model emits a C2PA Manifest alongside the image, "this is AI-generated" becomes a cryptographically-bound label. Journalism, the EU AI Act Article 50 transparency obligations, and AI-content labeling on social platforms are all driving uptake.
Lemma Oracle implementation
Lemma's provenance stack is complementary to C2PA. C2PA is the industry standard for media content provenance specifically; Lemma provides a cross-domain provenance proof substrate — AI inference traces, attribute attestations, regulatory adherence.
Typical integration: feed Assertions from a C2PA Manifest into the Lemma lineage chain as docHash entries, then use ZK proofs for attribute-level selective disclosure. Media-origin data entering an AI pipeline never breaks the lineage chain.
Organizations that adopt Lemma alongside C2PA cover both the media surface (C2PA) and the AI / data surface (Lemma) on a unified provenance infrastructure.