The war on detecting fakes is over; detection lost. What replaced it is a quieter, better idea: stop trying to spot the synthetic, and start letting the authentic prove itself. That idea now has an ISO number, hardware inside flagship phones, a legal deadline in Europe - and, this desk is pleased to report, its first properly embarrassing failure, which taught the ecosystem more than any launch did.
The mechanism, in one paragraph
A Content Credential is a cryptographically signed manifest travelling inside a media file: which device or model produced it, when, and what edits followed, each step signed onto the chain. Unlike EXIF - plain text any tool can rewrite - altering a single recorded fact breaks the signature, visibly. It does not say a photo is true. It says this file, from this signer, with this edit history, has not been tampered with since - and verification needs no phone call home; the certificates travel in the file.
What actually shipped
The standardisation moment: the C2PA specification became ISO/IEC 22144, which is the boring sentence that lets governments and procurement departments require it, and the coalition passed 6,000 members. The hardware moment: Leica’s M11-P started it in October 2023 - the first camera signing every frame by default from a dedicated security chip - and by 2026 Sony, Canon, Nikon and Fujifilm ship C2PA-capable bodies, Sony’s PXW-Z300 became the first camcorder signing broadcast video natively, and the Pixel 10 became the first smartphone to sign every native photo by default from hardware-backed keys. The generation moment: the major image and video models now attach credentials to outputs as default behaviour - which is precisely what Article 50 of the EU AI Act will demand of anyone serving Europe from August 2026, with the Commission’s draft Code of Practice naming C2PA as its worked example.
The failure that proved the system
In August 2025 Nikon shipped C2PA to the Z6 III by firmware - then a signing vulnerability was found, the service was suspended, and every certificate was revoked, with the programme still dark months later. The desk’s read: this is the system working. A provenance scheme whose credentials cannot be revoked when a signer is compromised would be theatre; one that publicly burns a major manufacturer’s certificates is infrastructure with an immune system. It also demonstrated the ecosystem’s real trust anchor - the conformance programme and trust list launched in mid-2025, which separate “C2PA-capable” marketing from products that passed testing. Check the list, not the press release.
Most social platforms remove metadata, credentials included, during upload and re-encoding; a screenshot removes everything. The chain, in other words, still breaks at exactly the point most people encounter an image. The countermeasures - durable credentials pairing manifests with invisible watermarks and fingerprints, and the 2.3 spec’s extension of signing to live streams - exist and are deploying. Until they are universal, absence of a credential proves nothing, and this desk will keep saying so.
How to actually check one
- Open the public verifier - the Content Authenticity Initiative’s verify tool reads any file’s manifest in a browser; no account, no upload to the signer.
- Read the signer, not the badge - a valid signature from an unknown or non-conformant signer is a valid signature of nothing much. Cross-check against the conformance list.
- Walk the edit chain - each signed action is listed; a gap between capture and publication is not proof of mischief, but it is where questions live.
- Treat absence as absence - unsigned means unsigned: possibly old, possibly stripped, possibly synthetic. It is a missing datum, not a verdict - the mistake in both directions is treating it as one.
What it cannot do - the list this desk maintains
A credential proves custody of a file, not truth of a scene: a camera pointed at a staged event signs the staging faithfully. It can leak - device identity, timestamps, coordinates - which is why redactable assertions and anonymous-but-verified workflows for sources are the standard’s most consequential open work. And it shifts, rather than removes, trust: to the signer list, the certificate authorities, the conformance testers. Better anchors than vibes. Anchors nonetheless.
Provenance won the standards war, the hardware war and the regulatory war in the same three years - and it still loses at the last hop, where platforms strip what cameras sign. Judge 2026-27 on exactly one metric: whether credentials start surviving the feed. Everything else is solved or solvable.