What is C2PA?

v2.1 Compliant

Coalition for Content Provenance and Authenticity

C2PA is an open technical standard that enables publishers, creators, and consumers to verify the origin and history of digital content. It's the foundation of content credentials on xcr.sh.

Open StandardIndustry BackedCryptographically Secure

Backed by Industry Leaders

C2PA was founded by major technology and media companies working together to establish a universal standard for content authenticity:

Adobe

Microsoft

Google

Intel

BBC

Sony

Arm

Truepic

How C2PA Works

1. Content Hashing

A unique cryptographic fingerprint (hash) is calculated from the content. Any change to the content, even a single pixel, results in a completely different hash.

2. Manifest Creation

A manifest is created containing assertions about the content: who made it, when, what tools were used, whether AI was involved, and permissions for use.

3. Digital Signature

The manifest is signed with the creator's private key. This signature can only be created by someone with the private key, proving authenticity.

4. Timestamp

A trusted timestamp is added to prove when the credential was created. This prevents backdating and establishes a clear timeline.

Standard Assertions

C2PA defines standard assertion types that can be included in credentials:

c2pa.actions

What actions were taken (created, edited, AI-generated)

c2pa.hash.data

The cryptographic hash of the content

stds.schema-org.CreativeWork

Creator information following schema.org standards

c2pa.training-mining

Permissions for AI training and data mining

Why C2PA Matters

Combat Misinformation

Verify content origin in an age of AI-generated media

Protect Creators

Prove ownership and fight content theft

AI Transparency

Clearly disclose AI involvement (required by EU AI Act)

Industry Standard

Interoperable across platforms and tools

C2PA on xcr.sh

xcr.sh implements C2PA v2.1 specification with the following features:

  • Ed25519 cryptographic signatures
  • SHA-256 content hashing
  • Full assertion support (actions, creative work, training/mining)
  • Decentralized Identifiers (DIDs) for creator identity
  • Public verification API

Learn More

C2PA Official Website
C2PA Technical Specification
Content Authenticity Initiative
Start Using C2PABack to Guide