← MUTANT WORK

What Is C2PA and Why Should Artists Care?

Published 3 July 2026  ·  6 min read  ·  By Richard Brereton

If you create images — whether by hand, camera, or AI — there is now a way to embed a permanent record of that creation directly into the file itself. Not in the filename. Not in a separate document. Inside the image, in a cryptographically signed manifest that can be read by any compatible tool.

That standard is called C2PA, and it is becoming increasingly important for artists, photographers, and AI image creators who want to establish authorship, assert rights, and mark their work as off-limits for AI training.

What Is C2PA?

C2PA stands for Coalition for Content Provenance and Authenticity. It is an open technical standard developed by Adobe, Microsoft, BBC, Intel, Truepic, and others. The standard defines a way to embed signed metadata — called a Content Credential — into image, video, and audio files.

A C2PA manifest records:

Because the manifest is cryptographically signed, it cannot be altered without invalidating the signature. This makes it a reliable record — not just a text tag anyone could edit.

What Is the "Do Not Train" Assertion?

C2PA includes an assertion field for AI training permissions. When set to notAllowed, it signals to compliant platforms that this image should not be used to train AI models — for generative training or for inference.

Important distinction: C2PA is a technical standard, not a legal instrument. Compliant platforms like Adobe Firefly, Getty Images, and certain stock libraries read and honour the assertion. General web scrapers and non-compliant AI training pipelines will not. Think of it like robots.txt — it works with platforms that choose to respect it, not as a universal block.

That said, as C2PA adoption grows — and it is growing quickly — the number of platforms that honour it is increasing. Embedding the assertion now means your images are protected on every platform that adopts the standard in future.

Which Platforms and Tools Support C2PA?

Cameras

Leica was the first camera manufacturer to ship C2PA support in hardware, starting with the M11-P and Q3. Images taken with these cameras carry a signed C2PA manifest out of camera. Other manufacturers are following.

Adobe

Adobe Photoshop, Lightroom, and Firefly all support Content Credentials — Adobe's implementation of C2PA. You can attach your identity and creation details to any image exported from these tools, and verify credentials at contentcredentials.org.

Stock and Publishing Platforms

Getty Images, Shutterstock, and major news agencies are integrating C2PA reading into their workflows. Images with valid C2PA manifests receive provenance verification in their systems.

ComfyUI

For AI image creators using ComfyUI, the Mutantwork Power Pack adds C2PA signing directly into your workflow. The Content Credentials node lets you set your name, the AI model used, and a Do Not Train assertion — all embedded and signed in the output PNG.

→ Get the ComfyUI Power Pack (Free)

How to Verify C2PA Credentials

If you want to check whether an image has valid C2PA credentials, you have two options:

Should You Use C2PA If You Create AI Images?

Yes — and this is where the conversation gets interesting. C2PA was designed for provenance, not just for protecting human-made work. AI image creators can use it to:

The framing that C2PA is only for protecting human artists against AI misses the point. It is an authenticity and provenance standard for all content — human, AI, or mixed.

The Limitations Worth Knowing

C2PA metadata can be stripped. If someone screenshots an image, re-saves it as a new JPEG, or processes it through a tool that doesn't preserve metadata, the manifest is lost. This is a known limitation of the standard.

The response to this is not to abandon C2PA but to understand what it does and doesn't do. It creates a verifiable record for the images that carry it, and its presence is meaningful even if its absence isn't conclusive.

Frequently Asked Questions

What does C2PA stand for?

C2PA stands for Coalition for Content Provenance and Authenticity. It is an open technical standard for embedding metadata into image, video, and audio files that records the creation history — including who made it, with what tools, and whether AI was involved.

Does a C2PA "Do Not Train" assertion actually stop AI companies from training on my images?

C2PA is a technical standard, not a legal instrument. Compliant platforms like Adobe Firefly, Getty Images, and certain stock libraries read and honour the assertion. General web scrapers and non-compliant AI trainers will not. Think of it like robots.txt — it works with platforms that choose to respect it.

Which tools support C2PA for artists?

Adobe Firefly, Adobe Photoshop (via Content Credentials), Leica cameras (M11-P, Q3), Truepic, and the Mutantwork ComfyUI Power Pack all support C2PA signing. The Mutantwork nodes are free and open source, adding C2PA signing directly into ComfyUI workflows.

Can C2PA metadata be removed?

Yes. Screenshotting, re-saving, or processing through non-C2PA-aware tools strips the manifest. The presence of a valid C2PA manifest is a strong positive signal, but its absence does not prove an image is fake or unprotected.