What Is C2PA and Why Should Artists Care?
If you create images — whether by hand, camera, or AI — there is now a way to embed a permanent record of that creation directly into the file itself. Not in the filename. Not in a separate document. Inside the image, in a cryptographically signed manifest that can be read by any compatible tool.
That standard is called C2PA, and it is becoming increasingly important for artists, photographers, and AI image creators who want to establish authorship, assert rights, and mark their work as off-limits for AI training.
What Is C2PA?
C2PA stands for Coalition for Content Provenance and Authenticity. It is an open technical standard developed by Adobe, Microsoft, BBC, Intel, Truepic, and others. The standard defines a way to embed signed metadata — called a Content Credential — into image, video, and audio files.
A C2PA manifest records:
- Who created the content and when
- What software or hardware was used
- Whether AI was used in creation
- What edits were made and in what order
- The creator's assertion about AI training permissions
Because the manifest is cryptographically signed, it cannot be altered without invalidating the signature. This makes it a reliable record — not just a text tag anyone could edit.
What Is the "Do Not Train" Assertion?
C2PA includes an assertion field for AI training permissions. When set to notAllowed, it signals to compliant platforms that this image should not be used to train AI models — for generative training or for inference.
Important distinction: C2PA is a technical standard, not a legal instrument. Compliant platforms like Adobe Firefly, Getty Images, and certain stock libraries read and honour the assertion. General web scrapers and non-compliant AI training pipelines will not. Think of it like robots.txt — it works with platforms that choose to respect it, not as a universal block.
That said, as C2PA adoption grows — and it is growing quickly — the number of platforms that honour it is increasing. Embedding the assertion now means your images are protected on every platform that adopts the standard in future.
Which Platforms and Tools Support C2PA?
Cameras
Leica was the first camera manufacturer to ship C2PA support in hardware, starting with the M11-P and Q3. Images taken with these cameras carry a signed C2PA manifest out of camera. Other manufacturers are following.
Adobe
Adobe Photoshop, Lightroom, and Firefly all support Content Credentials — Adobe's implementation of C2PA. You can attach your identity and creation details to any image exported from these tools, and verify credentials at contentcredentials.org.
Stock and Publishing Platforms
Getty Images, Shutterstock, and major news agencies are integrating C2PA reading into their workflows. Images with valid C2PA manifests receive provenance verification in their systems.
ComfyUI
For AI image creators using ComfyUI, the Mutantwork Power Pack adds C2PA signing directly into your workflow. The Content Credentials node lets you set your name, the AI model used, and a Do Not Train assertion — all embedded and signed in the output PNG.
→ Get the ComfyUI Power Pack (Free)How to Verify C2PA Credentials
If you want to check whether an image has valid C2PA credentials, you have two options:
- contentcredentials.org — Adobe's official C2PA verification tool. Drag in any image and it will display the manifest if one is present.
- Mutant Verify — detects both C2PA Content Credentials and the Mutantwork Signature embedded by the Power Pack nodes. Also runs Hive AI detection to check whether the image appears AI-generated.
Should You Use C2PA If You Create AI Images?
Yes — and this is where the conversation gets interesting. C2PA was designed for provenance, not just for protecting human-made work. AI image creators can use it to:
- Establish authorship — your name and identity attached to your work
- Record the tools used — Midjourney, ComfyUI, Stable Diffusion, model version
- Assert Do Not Train — preventing your AI outputs from being used to train other models without permission
- Build credibility — signed provenance is more trustworthy than unsigned claims
The framing that C2PA is only for protecting human artists against AI misses the point. It is an authenticity and provenance standard for all content — human, AI, or mixed.
The Limitations Worth Knowing
C2PA metadata can be stripped. If someone screenshots an image, re-saves it as a new JPEG, or processes it through a tool that doesn't preserve metadata, the manifest is lost. This is a known limitation of the standard.
The response to this is not to abandon C2PA but to understand what it does and doesn't do. It creates a verifiable record for the images that carry it, and its presence is meaningful even if its absence isn't conclusive.
Frequently Asked Questions
What does C2PA stand for?
C2PA stands for Coalition for Content Provenance and Authenticity. It is an open technical standard for embedding metadata into image, video, and audio files that records the creation history — including who made it, with what tools, and whether AI was involved.
Does a C2PA "Do Not Train" assertion actually stop AI companies from training on my images?
C2PA is a technical standard, not a legal instrument. Compliant platforms like Adobe Firefly, Getty Images, and certain stock libraries read and honour the assertion. General web scrapers and non-compliant AI trainers will not. Think of it like robots.txt — it works with platforms that choose to respect it.
Which tools support C2PA for artists?
Adobe Firefly, Adobe Photoshop (via Content Credentials), Leica cameras (M11-P, Q3), Truepic, and the Mutantwork ComfyUI Power Pack all support C2PA signing. The Mutantwork nodes are free and open source, adding C2PA signing directly into ComfyUI workflows.
Can C2PA metadata be removed?
Yes. Screenshotting, re-saving, or processing through non-C2PA-aware tools strips the manifest. The presence of a valid C2PA manifest is a strong positive signal, but its absence does not prove an image is fake or unprotected.