HomeGuide › C2PA, SynthID and Digital Watermarks: How Provenance Records Work

C2PA, SynthID and Digital Watermarks: How Provenance Records Work

Updated June 29, 2026

If you come across a photo or video online today, you can rarely say for sure whether it is authentic, edited, or entirely AI-generated. This is exactly where provenance records come in. Rather than relying on a trained eye alone, technical methods are meant to capture where an image comes from and what has happened to it along the way. The most important approaches go by the names C2PA with its so-called Content Credentials, as well as invisible watermarks such as SynthID from Google DeepMind.

In this guide we explain, in plain terms, how these technologies work, how they differ, and where their limits lie. One point up front: none of these methods is fully tamper-proof. They provide indications, not absolute truths. Once you understand that, you can put provenance records in their proper context and avoid a false sense of certainty.

What provenance records are meant to achieve

At its core, a provenance record answers one simple question: where does this piece of media come from, and what has happened to it along the way? For a photo, that might mean recording which camera captured it, which software edited it, and whether generative AI was involved. Experts speak of provenance, meaning the traceable history of how a piece of content came to be.

This information can be carried along in two technical ways. The first is attached metadata, which travels with the file like a package insert. The second is watermarks, where the information is embedded directly into the pixels or the audio signal. The two approaches complement each other, because they have different strengths and weaknesses.

A useful image is the nutrition label on food. Just as a package states what is inside, a provenance record is meant to reveal how a piece of media came about. But the comparison also shows the limit: a label can be missing, torn off, or forged. Exactly the same applies to digital provenance records.

C2PA and Content Credentials: the digital nutrition label

C2PA stands for the Coalition for Content Provenance and Authenticity, an alliance of companies such as Adobe and Microsoft along with several camera manufacturers and media organizations. The result is an open technical standard that becomes visible to users under the name Content Credentials. At its core, C2PA attaches a so-called manifest to an image or video file.

This manifest is a structured record. It can, for example, note when and with which device a shot was taken, which editing steps were applied, and whether generative AI was involved. The key element is the cryptographic signature: the issuer, such as a camera manufacturer or an image editing application, signs the manifest digitally. This signature can be verified later and is triggered as soon as the data has been altered after the fact.

Verifying therefore checks whether the signature is valid and who it comes from. Tools such as the Verify service from Content Credentials then show you which details are stored. However, a signature is only as trustworthy as its issuer. A technically valid signature from an unknown or dubious source says very little. Trust arises from the chain of credible issuers, not from the manifest alone.

An honest look at the limits of C2PA

As useful as Content Credentials are, they have one central weakness: metadata is fragile. Many platforms strip it out on upload or compress the file so heavily that the credentials are lost. A simple screenshot causes the same problem, because it creates a new image file with no manifest at all.

This leads to a rule that is often misunderstood: missing Content Credentials are not evidence of a fake. A great many authentic photos simply carry no credentials, either because the camera does not support the standard or because the data was lost along the way. Conversely, the presence of credentials does not automatically mean authentic, because the details are only as reliable as the issuer and the documented editing history.

C2PA is therefore strongest in the positive sense: it can show what has happened to a piece of content, as long as the chain remains unbroken. As a tool for exposing fakes, however, the mere absence of metadata is of no use. You should always keep this asymmetry in mind.

SynthID and invisible watermarks

While C2PA attaches information to the file, watermarks take a different route. They alter the pixels or the audio signal itself, and do so slightly enough that the human eye or ear does not notice. The information therefore sits not in an external package insert but inside the content itself, and it survives some editing better.

SynthID from Google DeepMind is one such invisible watermark. It is embedded directly at the moment of creation into AI-generated images, audio, or text, and can later be read back out by machine. In this way, a matching detector can, with a certain probability, tell whether a piece of content originates from a participating Google model. Compared with metadata alone, the watermark is more robust, for example under compression or light cropping.

The crucial limitation: SynthID only detects content generated by participating Google models with watermarking enabled. An AI image from another system carries no SynthID mark and remains invisible to this detector. Heavy editing can also weaken the signal, and the detection yields a probability, not one hundred percent certainty. Watermarks are therefore a valuable signal, but not a universal AI detector for all content on the internet.

The EU AI Act and combining the signals

On the regulatory level, the topic is gaining weight. The EU AI Act sets out transparency obligations under which AI-generated or manipulated content should be recognizable as such. Providers of generative systems are expected to mark their outputs in a machine-readable way, and for deceptively realistic content a label for users is envisaged. This is exactly where methods such as C2PA and watermarks come into play as technical building blocks.

A labeling requirement on paper, however, is no substitute for perfect technology. Markings can be lost, and not every actor worldwide abides by European rules. That is why the same principle applies both technically and practically: no single method is fully tamper-proof. Anyone seeking certainty about the origin of an image or video should bring several signals together.

In practice, you are best served by considering several sources together:

Only the overall picture yields a robust assessment. Any single signal can mislead, but the more independent indications point in the same direction, the more reliable your judgment becomes.

  • Content Credentials and their signature, if present
  • any watermarks such as SynthID
  • the context of publication, meaning source and distribution
  • where appropriate, a supplementary technical AI analysis

Key takeaways

Frequently asked questions

Does a missing Content Credential mean an image is fake?

No. A great many authentic photos carry no Content Credentials at all, either because the camera does not support the standard or because the metadata was lost during upload, compression, or through a screenshot. Missing credentials are therefore not evidence of manipulation, but often simply a sign that a provenance record was never present in the first place.

Can SynthID detect every AI-generated image?

No. SynthID only detects content generated by participating Google models with watermarking enabled. An AI image from another provider carries no SynthID watermark and remains invisible to this detector. SynthID is therefore a helpful signal for certain content, but not a universal detector for all AI media.

What is the difference between a watermark and metadata?

Metadata such as C2PA is attached to the outside of the file, similar to a package insert, and can easily be lost in the process. A watermark like SynthID, by contrast, alters the pixels or the audio signal itself, imperceptibly to people. As a result, it survives some editing better, but it is tied to the particular system that creates and reads it.

Are provenance records tamper-proof?

No method is fully tamper-proof. Metadata can be stripped out, watermarks can be weakened by heavy editing, and not every actor abides by labeling requirements. Provenance records provide valuable indications, but no absolute guarantee. The assessment becomes more reliable only when you consider several independent signals together.

Does the EU AI Act require labeling of AI content?

The EU AI Act sets out transparency obligations. Providers of generative AI are expected to mark their outputs in a machine-readable way, and deceptively realistic content should be recognizable to users as AI-generated or manipulated. Technical methods such as C2PA and watermarks are possible building blocks for this, but they are no substitute for critical review in the individual case.

More guides

How to Spot AI Images: Telltale Signs of AI-Generated Photos

Read more →

What Is a Deepfake? How They Work and How to Spot Them

Read more →

How to Spot AI Videos: Signs of AI-Generated and Manipulated Clips

Read more →

Check it yourself

Upload an image or video or paste a link - we check it for AI generation and give you an honest assessment.

Guide · Legal notice · Privacy · aiorauthentic.com