The Provenance Problem

In 2017, the Coalition for Content Provenance and Authenticity (C2PA) did not exist. In 2021, it was formed by Adobe, Microsoft, Intel, BBC, and Arm to develop technical standards for content provenance — a way of attaching cryptographically signed metadata to images, video, and audio that would attest to when and where the content was created, by what device or software, and what modifications had been made. By early 2027, the C2PA standard has been implemented by Canon, Nikon, and Sony cameras, by Adobe’s creative suite, by the BBC and Reuters in their editorial workflows, and by a handful of major news organizations.

The adoption footprint sounds significant. The actual coverage of content in circulation is somewhere between 2% and 5%.

The provenance problem is not primarily a technical problem. The technical standards work. The adoption problem is economic and institutional, and it reveals why authentication infrastructure is one of the hardest things to build in a fragmented media ecosystem.

How Provenance Standards Work

The C2PA model works by attaching a Content Credentials manifest to a file at the point of creation. A camera that supports C2PA writes a signed record into the file’s metadata: this image was taken by this specific camera serial number at this GPS location at this time. If the file is subsequently edited in Photoshop, a new entry is added to the manifest: edited in Adobe Photoshop version X at this time. The manifest is signed with cryptographic keys; if the file is modified without adding a new signed record, the chain of trust breaks.

This is a real and verifiable record. It does not prevent AI generation. It does not prevent manipulation of images from cameras that don’t support C2PA. What it provides, for images that do have it, is a positive attestation of authentic camera origin — a way of saying “this image came from this physical camera at this time” in a way that is technically difficult to fake.

The content detection approach — using classifiers to identify AI-generated images — is less reliable. Current detectors have meaningful false positive rates, meaning they flag some human-created content as AI-generated, and they have known evasion techniques. They are useful for bulk triage but not for per-image certainty. The provenance approach is more reliable where it applies; it simply doesn’t apply to most content.

The Economic Incentive Gap

The reason provenance adoption is at 2-5% is not technical resistance. It is economic structure.

Camera manufacturers implemented C2PA partly because professional news photographers and documentary photographers asked for it — a market segment that cares deeply about authenticity attestation and is willing to pay for equipment that provides it. Consumer camera manufacturers implemented it more slowly and with less completeness because the consumer photography market, which is much larger, has minimal stated preference for provenance attestation.

Social media platforms — the distribution points where the authenticity of content matters most to the largest number of people — have been slow to adopt provenance standards, despite being signatories to various industry commitments. The stated reasons involve implementation complexity and user experience; the more cynical reading is that authenticity verification would surface the scale of AI-generated content on their platforms and create pressure to address it.

Creative software companies are in a different position. Adobe’s Content Credentials implementation in Photoshop and Premiere Pro is genuinely functional and is being used by professional creative teams. The problem is that most AI image generation happens in Midjourney, Stable Diffusion, and equivalent tools, not in Photoshop. These tools would need to voluntarily add provenance attestation — marking their outputs as AI-generated in a cryptographically signed way — which they have no strong incentive to do and their users may actively resist.

The Right of Publicity Parallel

The provenance problem for creative work has a useful precedent in the right of publicity — the legal right of individuals to control commercial uses of their name, image, and likeness.

Right of publicity law was developed in the 1950s and 60s in the United States in response to the commercialization of celebrity identity in advertising. The law established that individuals have a property right in their identity that can be licensed and enforced. It doesn’t work perfectly — enforcement is expensive, international jurisdiction is complex, and the definition of “likeness” has been contested in every generation of technology. But it established a legal infrastructure for the claim that identity has value and deserves protection.

The creative provenance problem needs something analogous: a legal infrastructure that establishes that human creative origin has value, is verifiable, and can be enforced. The technical piece (C2PA and its successors) is necessary but not sufficient. The legal piece — what rights creators have to have their work’s provenance correctly represented, what liabilities attach to misrepresenting AI-generated work as human-made — is still being developed through state right of publicity laws, through FTC guidance on deceptive practices, and through early case law.

What Buyers Can Actually Do Now

For anyone who needs to verify human creative origin in a purchasing decision — an art buyer, a news editor, a brand commissioning illustration — the practical options are limited.

C2PA verification, where the content has credentials, is reliable and verifiable using tools in Adobe software and the verify.contentauthenticity.org website. The limitation is coverage.

Direct relationship and documentation — commissioning work from artists whose process you can observe, where the deliverable includes process documentation (sketches, work-in-progress files, reference photographs) — is more universally applicable but requires direct creative relationships rather than platform-mediated purchases.

Watermark and fingerprinting approaches (SynthID from Google, similar systems from other providers) are being built into AI generation tools to mark their outputs. This is meaningful for future content but does nothing for the existing large corpus of AI-generated content that carries no marking.

The honest summary for early 2027: the infrastructure to reliably distinguish human creative work from AI-generated content at scale does not exist. The technical standards to build it exist. The economic incentives to deploy it broadly do not, yet, align. The market for human-authenticated creative work is growing, which will eventually create sufficient incentive for the infrastructure to be built. The current moment is the uncomfortable gap between the problem being visible and the solution being operational.

Provenance is not an abstract philosophical concern. It is a practical economic requirement for a market in human creative work to function. Without it, buyers cannot verify what they are buying, artists cannot credibly certify what they are selling, and the premium that human creation commands cannot be reliably captured. Building that infrastructure is a precondition for the creative economy adaptation that everyone agrees needs to happen. The building is underway. It is not fast enough.