AI · Technology 8 min read

AI images and the new metadata:
Content Credentials (C2PA)

For twenty years, metadata mostly answered "where and when was this photo taken?". With generative AI, a new question matters: "was this image made by a machine?" — and a new metadata standard, C2PA, is being embedded in files to answer it.

calendar_today July 2026

What are Content Credentials?

Content Credentials are provenance metadata defined by the C2PA standard (Coalition for Content Provenance and Authenticity), an industry group founded by Adobe, Microsoft, Intel, the BBC and others. Instead of describing camera settings, this metadata describes an image's history: what tool created it, whether AI was involved, and what edits were applied since.

Unlike classic EXIF, Content Credentials are cryptographically signed. Each entry in the history is sealed with a digital signature, so software can verify that the record hasn't been tampered with. If someone edits the file and re-saves it without updating the credentials, the signature no longer matches.

Who embeds it today

Tool / platform What it embeds
OpenAI (DALL·E / GPT images) C2PA Content Credentials marking the image as AI-generated
Adobe Firefly & Photoshop Content Credentials with generation and edit history
Google (Gemini / Imagen) SynthID — an invisible watermark in the pixels, plus IPTC metadata
Leica, Sony, Nikon (select cameras) Signed credentials proving a photo is a real capture
LinkedIn, TikTok, Instagram Read credentials to display "AI-generated" labels on posts

Regulation is pushing this forward

The EU AI Act requires providers of generative AI systems to mark AI-generated content in a machine-readable way, with transparency obligations phasing in from 2025–2026. Provenance metadata like C2PA is one of the main mechanisms the industry is adopting to comply.

The privacy flip side

Provenance metadata is designed to build trust — but it's still metadata, and it can carry more than "made by AI". Depending on the tool and settings, Content Credentials can include the creator's name or account identity, the software and version used, and a chain of edit timestamps. A designer sharing a mockup, or an artist selling AI-assisted work, may be sharing their identity and workflow without realising it.

As with EXIF, the right approach is awareness: know what's in the file, then decide deliberately what to keep. A metadata analyzer shows you everything embedded in an image — classic EXIF, XMP and provenance data alike.

Can Content Credentials be removed?

Yes — like other metadata, C2PA data lives in the file and metadata removal strips it. That's worth understanding from both directions:

If you're verifying an image

Absence of credentials proves nothing — most images never had them, and they can be stripped. Presence of valid credentials is meaningful; absence is not.

If you're publishing your own work

You may want to keep the "AI-generated" marker for transparency while removing personal identifiers — or strip everything for a clean file. It should be your choice, made knowingly.

Note that pixel-level watermarks like Google's SynthID are a different mechanism: they're woven into the image data itself, not stored as metadata, so metadata removal doesn't affect them. The two systems are deliberately complementary.

What this means in practice

Metadata is getting richer, more standardised and more widely read by platforms. The days when only forensics experts looked at file properties are over — social networks now parse and display this data automatically. Whether you're sharing photos, documents or AI-generated art, it pays to check what's inside the file before it leaves your hands.

Inspect any image's metadata — including AI provenance

Free analyzer & remover · No account needed.

Analyze a file free arrow_forward

Related articles

Security

Can metadata be falsified?

Authenticity and manipulation explained.

Guide

Types of metadata explained

EXIF, XMP, IPTC, ID3 and more.