If something, AI has made media (and stock media in particular) harder to trust. A realistic image can be captured with a camera, rendered in 3D, drawn by hand, generated from a prompt, or stitched together from all four. That uncertainty creates risk for buyers and, in turn, for agencies themselves. Some agencies are banning AI-generated media altogether (if they can detect it) and others are trying to limit the influx of it. Not to mention the post-processing where the line between “heavy editing” and “AI-generated” is really thin.
C2PA metadata gives creators a practical way to document where a file came from, how it changed, and which tools touched it before upload. And it is becoming increasingly relevant - read why below.
The trust problem
Stock creators now face a trust problem that visual quality cannot solve. Microstock marketplaces do not only sell pixels. They sell usable assets with licensing confidence, predictable risk, and enough context for commercial or editorial use. This is why big clients trust them.
So far the tools agencies were using were AI detectors (not very reliable) and self-attribution plus Terms-and-Conditions ban in case of violation. Problem with detectors is that they can fail when images are edited, recompressed, resized, refined through another model, or produced by a generator that was not in the detector’s training set.
There was a case recently where Getty used an Adobe Stock AI portfolio to argue that most of the creator’s Adobe Stock work was AI-generated, even though manual vectors and clearly marked AI work were kept in different portfolios.
Sending a reference file picture didn’t help. Even a recorded video with full process of creating the vector didn’t help.
C2PA Metadata explained
The Coalition for Content Provenance and Authenticity, or C2PA, is the standards group behind the technical specification.
C2PA metadata is one answer to that problem. It is a chain-of-custody record for digital media, first released in 2022. It can describe where an image, video, or other supported file came from, what software edited it, and which trusted entity signed that information. It cannot prove that a photo represents the truth, that a model release exists, or that every brush stroke was human-made. It can, however, give creators better evidence than a marketplace’s black-box detector score.
Basically it's another metadata specification, but with signatures
C2PA is not the same as EXIF, IPTC, or XMP metadata. EXIF can record camera settings such as shutter speed, aperture, ISO, and device model. IPTC and XMP can carry captions, copyright, keywords, creator names, and licensing notes. Those fields are useful, but they are not usually cryptographically signed. C2PA adds tamper-evident provenance on top.
AI watermark aka 'soft-binding'
C2PA is also not the same as an AI watermark. A watermark may be embedded into the pixels so it can survive some screenshots or transformations. C2PA metadata can carry richer context, but unsupported tools, uploads, or recompression steps can strip it. That is why some AI platforms now use both metadata and watermarking: one gives more detail, the other may survive more abuse.
A number of members of C2PA (it’s a committee after all) like Adobe and Truepic run web services to validate C2PA metadata. So from stock agencies, it can be reasonable to expect Adobe to be one of the first to embrace it.
Why you should care now
C2PA is becoming more relevant because major AI platforms, search platforms, and creative software companies are moving provenance into everyday media workflows. OpenAI now uses C2PA Content Credentials and SynthID watermarks for images generated with ChatGPT, Codex, and its API. Google has also moved C2PA into its transparency work, including Search features such as About this image and advertising-system signals.
This does not mean every stock marketplace will immediately preserve or display C2PA credentials. For microstock contributors, that means provenance is shifting from a newsroom concern to a real life - quite slowly, but steadily. Even when human reviewers make mistakes (like in the “guilt by association” case above) and while C2PA cannot prevent every mistake, cleaner records and cleaner separation reduce the odds.
We are at the step 2 currently. Act ahead of the curve (image from The Verge)
The biggest mistake is to wait until a dispute happens. Provenance is easiest to preserve before upload. After a rejection, takedown, or account review, you may no longer have the exact derivative file, export settings, or version history needed to explain what happened.
Hardware and software support for C2PA
C2PA support is strongest in newer mirrorless cameras, selected mobile ecosystems, and Adobe shop software. It is not yet universal across DSLR bodies, drawing or 3D programs.
For photographers, the most valuable form of C2PA is the “first-mile trust”. First-mile trust means the capture device signs the file close to the moment it was created. A signed export from editing software is useful, but a signed camera original is stronger because it starts the chain before the image enters a computer. Note that while Nikon, Sony, and Canon have also added C2PA into selected mirrorless systems, there’s basically no DSLR with native C2PA support. Notably, Nikon C2PA system is currently useless due to a security vulnerability.
| Manufacturer | Model | Implementation |
|---|---|---|
| Leica | M11-P, SL3-S, Q3. | Integrated hardware encryption chip |
| Sony | α9 III, α1 II, PXW-Z300, and eight additional camera bodies. | Secure on-device hardware enclave |
| Canon | EOS R1, EOS R5 Mark II, and firmware updates for nine cameras down to EOS R100. | Canon Authenticity Imaging System |
| Nikon | Suspended due to a critical signing infrastructure vulnerability | |
| Fujifilm | GFX100S II, X-T50. | Firmware-level signing |
Mobile support is moving faster because phones are the main capture device for much of the internet. Google Pixel 10 or later supports Content Credentials in Pixel Camera under specific conditions. Third-party apps such as Click and Proofmode can help mobile creators capture provenance when the default camera app does not.
Illustrators are kind of excluded from the C2PA party because the only equivalent is process-level evidence. At the same time, Illustrators were kind of first to the “proof-of-work” party with the requirement to sign property releases for references to their artworks IRL.
From software Adobe shop currently offers the clearest Content Credentials path for many illustrators. Procreate, Krita, Affinity, Clip Studio Paint currently have not joined (notably, Procreate has a clear public stance against gen AI).
How to use it
The safest stock workflow is to preserve signed originals, sign final derivatives, keep manual and AI streams separate, and verify files before upload. If your camera or mobile app can create Content Credentials, enable it before the shoot. Archive the signed original before editing. Do not overwrite it with a retouched version - then edit in software that can preserve or add Content Credentials.
For videographers, the risk points are editing, compression, and transcoding. Video files often pass through more destructive steps than still images: camera original, proxy, edit timeline, export, upload transcode, marketplace preview, and client download.
For existing files with metadata you can check it on Adobe-backed service or more hobby version at Hintfo.
Can you just add C2PA at the end?
You kind of can, but that only proves the final signing event. It does not prove the camera captured the image, that the illustration was drawn manually, or that the 3D asset licenses were valid.
Limits of C2PA
A signature is only useful if the verifier recognizes and trusts the signer. A camera manufacturer, app developer, enterprise newsroom, or software vendor may carry different weight depending on the buyer or platform. It is hard to read the exact move of stock agencies in this regard, but there might be limits of such “trust”.
Conclusion
C2PA metadata will not make stock media trust automatic. But with provenance moving into mainstream image infrastructure, stock creators do not need to wait for perfect adoption.
Start with one new habit: keep the signed original, sign the final deliverable, and separate manual work from AI work. Treat provenance as a new part of your stock business, not as an optional metadata trick.
Further reading:
