Blog
TechnicalFeb 22, 2026·10 min read·By Lars

What Is C2PA? Content Credentials for AI Images Explained

AIC2PAMidjourneyDALL-E

If you’ve generated an image with Midjourney, DALL-E, Adobe Firefly, or ChatGPT in 2026, that image almost certainly contains invisible metadata identifying it as AI-generated. It’s not a watermark you can see. It’s not a label on the image. It’s cryptographic data embedded directly in the file, and a growing number of platforms, search engines, and stock sites are checking for it.

Here’s what you need to understand.

TL;DR

C2PA (Coalition for Content Provenance and Authenticity) is a technical standard, backed by Adobe, Microsoft, Google, the BBC, and others, for embedding tamper-evident “content credentials” into a file: a cryptographically signed record of who made it, what tool was used, and whether AI was involved. As of 2026, Midjourney, DALL-E, ChatGPT, Adobe Firefly, and Stability AI all embed these credentials by default, and Google Search, Meta, stock sites, and newsrooms actively check for them. The credentials are metadata, so they can be read and removed with a metadata tool like MetaStrip, but that does not remove a pixel-level watermark like SynthID, which lives in the image data itself. The absence of credentials is starting to become its own signal as cameras begin signing photos at capture.

What is C2PA?

C2PA stands for the Coalition for Content Provenance and Authenticity. It’s a technical standard developed by Adobe, Microsoft, Google, Intel, the BBC, and other industry heavyweights under the Linux Foundation. The standard defines how to embed verifiable “content credentials” into digital files: essentially a tamper-evident record of where a piece of content came from and how it was created.

Think of it as a nutrition label for digital content. Just as a food label tells you what’s inside the package, C2PA content credentials tell you what’s inside the file: who made it, what tools they used, whether AI was involved, and what edits were applied along the way.

The credentials are cryptographically signed, which means they can’t be altered without breaking the signature. If someone modifies the image without using a C2PA-enabled tool, the original signature becomes invalid, immediately flagging the content as tampered.

Try MetaStrip; it's free.

Strip metadata from any photo in seconds. No upload, no account.

Open MetaStrip →

What gets embedded in AI-generated images

When you generate an image with a major AI tool in 2026, the file typically contains several layers of metadata identifying its origin:

C2PA manifest data: a cryptographically signed record containing the claim generator (e.g., “Midjourney v6.1”), the digital source type (typically trainedAlgorithmicMedia for fully AI-generated content), a timestamp, and an action history showing c2pa.created as the origin event.

XMP AI markers: standard metadata fields used by the wider ecosystem. These include Iptc4xmpExt:DigitalSourceType set to trainedAlgorithmicMedia, xmp:CreatorTool identifying the AI platform, and sometimes dc:description fields noting AI generation.

Tool-specific data: some platforms embed additional information like generation parameters, prompt hashes, model versions, and configuration flags. The specifics vary by platform, but the presence of AI identification is increasingly universal.

As of early 2026, Midjourney, OpenAI’s DALL-E and ChatGPT image generation, Adobe Firefly, and Stability AI’s official tools all embed C2PA content credentials by default. This is a significant shift from even a year ago, when C2PA adoption was optional and inconsistent.

Who’s checking for AI metadata?

This is where it gets consequential for creators.

Google Search has integrated C2PA metadata into its “About this image” feature. When an image in search results contains C2PA credentials indicating AI generation, Google can surface that information to users. Google’s ad systems have also begun integrating C2PA signals to inform policy enforcement.

Social media platforms are moving quickly. Meta displays “AI Generated” labels on Instagram and Facebook for content with AI metadata markers. The detection isn’t limited to C2PA, Meta also uses its own classifiers, but the metadata makes detection trivially easy.

Stock photo platforms have taken the hardest line. Getty Images bans AI-generated content entirely and uses metadata to enforce it. Adobe Stock requires creators to disclose AI use. Shutterstock has integrated content credential checking into its submission pipeline.

News organizations including the AP, Reuters, and the New York Times are members of the Content Authenticity Initiative and are implementing credential verification in their editorial workflows. Content without verifiable provenance is increasingly viewed with suspicion.

The trajectory is clear: in 2026 and beyond, platforms that consume visual content are actively looking for AI generation markers, and the consequences of having them range from labels to outright rejection.

Metadata-based tags vs. invisible watermarks

It’s important to understand the distinction between what MetaStrip can remove and what it can’t.

Metadata-based AI tags: C2PA manifests, XMP fields, IPTC markers, and embedded generation parameters, are all data stored alongside the image content. They can be read, modified, and removed with metadata processing tools. This is what MetaStrip handles.

Steganographic watermarks, like Google’s SynthID, are entirely different. These are modifications to the actual pixel data of the image. The watermark is invisible to the human eye but detectable by specialized algorithms. Because it’s embedded in the pixels themselves, not in the metadata, it survives metadata stripping, screenshots, re-encoding, and mild editing.

The honest assessment: stripping C2PA metadata removes the most common and easily-detectable AI identification markers. Most automated systems checking for AI content in 2026 rely on metadata signals rather than pixel analysis, because metadata checking is fast, reliable, and binary. Steganographic detection is computationally expensive and less widely deployed.

However, as detection technology matures, pixel-level analysis will become more common. Removing metadata is a meaningful step, not a complete solution. We break down exactly which markers are metadata and which are pixel-level, and what each means for removal, in content credentials vs watermarking vs metadata tags.

The legal and ethical landscape

This is a topic where reasonable people disagree, and the legal framework is still developing.

In the United States, removing metadata could potentially intersect with Section 1202 of the Digital Millennium Copyright Act, which prohibits removing “copyright management information” from copyrighted works. However, C2PA content credentials are provenance information, not copyright information per se, and the application of DMCA Section 1202 to AI-generated content (which may not be copyrightable in the first place) is legally untested.

The European Union’s AI Act requires certain disclosures for AI-generated content, but the requirements apply primarily to deployers and providers of AI systems, not to individual users of those systems.

From a practical standpoint, the most common reasons people strip AI metadata are benign: avoiding algorithmic demotion on platforms, using AI-assisted images in commercial contexts where AI labels create friction, or simply maintaining creative privacy about their workflow.

MetaStrip doesn’t make ethical judgments about why you’re removing metadata. We provide the tool; how you use it is your decision. We do encourage users to be transparent about AI use where it matters, especially in journalism, academic work, and contexts where authenticity is a reasonable expectation.

What to expect going forward

C2PA adoption is accelerating. Camera manufacturers including Leica, Nikon, Sony, and Canon are building content credential signing directly into hardware. Within a few years, most professional cameras will sign every photo with cryptographic provenance data at the moment of capture.

This means the absence of C2PA data will itself become a signal. In a world where legitimate cameras embed credentials and AI tools embed credentials, a file with no credentials at all may be viewed with more suspicion than one with clear provenance.

The standard is also expanding beyond still images. Video, audio, and document formats are all within C2PA’s scope. OpenAI has committed to embedding credentials in AI-generated video, and Adobe’s tools already support credential embedding across their creative suite. MetaStrip’s video and audio metadata stripping handles the practical end of this expansion: MP4, MOV, MP3, M4A, FLAC, and WAV all in the browser.

For creators, the practical takeaway is this: understand what’s embedded in your files, make intentional decisions about what you share, and use tools that give you control over your own metadata. Whether you choose to keep, modify, or remove content credentials should be your choice, not a default you didn’t know about.

Update: we’ve published a 2026 update on this topic covering C2PA’s ISO ratification, EU AI Act enforcement, and the current state of platform detection, read it here.

FAQ

What is C2PA in simple terms? C2PA (Coalition for Content Provenance and Authenticity) is a standard for embedding a tamper-evident record into a file that says who made it, what tool was used, and whether AI was involved. Think of it as a nutrition label for digital content: it’s cryptographically signed, so it can’t be altered without breaking the signature.

Do AI images have hidden metadata identifying them as AI? Yes. As of 2026, images from Midjourney, DALL-E, ChatGPT, Adobe Firefly, and Stability AI carry C2PA content credentials plus XMP and IPTC markers (like DigitalSourceType set to trainedAlgorithmicMedia) identifying them as AI-generated. It’s invisible in the image but easy for platforms to read.

Who checks for C2PA content credentials? Google Search surfaces them in its “About this image” feature, Meta uses them to label AI content on Instagram and Facebook, stock sites like Getty and Adobe Stock enforce AI disclosure with them, and news organizations verify provenance in editorial workflows. The consequences range from labels to outright rejection.

Can I remove C2PA content credentials from an image? Yes. C2PA manifests, XMP fields, and IPTC markers are metadata, so a metadata tool like MetaStrip can read and remove them client-side. What it can’t remove is a pixel-level steganographic watermark like SynthID, which is embedded in the image pixels and survives metadata stripping.

Is it legal to remove AI metadata? Removing metadata from your own content is generally legal, though it’s legally untested how DMCA Section 1202 (which covers copyright management information) applies to AI provenance data, and the EU AI Act’s disclosure rules apply mainly to AI providers rather than individual users. Where content is required to be labeled, removing the disclosure may carry implications depending on context.

Try it now

Strip metadata from your files.

Free, no account, no upload, no tracking.

Open MetaStrip →
Lars Holmstrom
Written by
Lars Holmstrom

Lars is a cybersecurity and privacy specialist and the developer of MetaStrip, an open-source, client-side metadata-removal tool.

More from Lars