Content provenance is a cryptographic record of a piece of content's origin, authorship, and history. It is embedded directly into the file or text so the record travels with the content wherever it goes. Anyone can verify it for free using the C2PA standard, without trusting a third party.

Traditional metadata - like EXIF data in photos or ID3 tags in audio - is stored separately from the content and can be stripped or altered without detection. Content provenance uses cryptographic signatures so any tampering is immediately visible. If the manifest is removed or the content is edited, verification fails.

The C2PA standard supports 31 MIME types across five categories: 13 image formats (JPEG, PNG, WebP, TIFF, HEIC, AVIF, and others), 6 audio formats (WAV, MP3, AAC, FLAC, AIFF, M4A), 4 video formats (MP4, MOV, M4V, MKV), 5 document formats (PDF, DOCX, PPTX, XLSX, and plain text), and 3 font formats. Text provenance - covering articles, social posts, and any unstructured text - is defined in Section A.7, which Encypher authored.

Anyone. The C2PA verification libraries are open source and the standard is free to implement. Verification does not require an account or API key. Publishers, AI companies, journalists, courts, and regulators can all verify independently.

For text, yes. Encypher embeds provenance markers using proprietary encoding that survives copy-paste across browsers, email clients, and text editors. For images and documents, C2PA manifests are embedded in the file container and survive most distribution pathways. Compression and format conversion can sometimes strip manifests from images - this is an active area of development in the C2PA community.

EU AI Act Article 52, which takes full effect August 2, 2026, requires providers of AI systems that generate images, audio, and video to mark their outputs as AI-generated in a machine-readable format. C2PA manifests satisfy this requirement. Article 50 (effective since August 2024) covers general-purpose AI systems. Encypher provides API and SDK tooling to implement compliant marking before the deadline.

When content carries a C2PA manifest with machine-readable rights terms, AI companies that use that content without a license cannot claim innocent infringement - they had formal notice embedded in every copy. This converts a weak copyright claim into a strong willful infringement claim, increasing statutory damages from up to $30,000 per work to up to $150,000 per work under US copyright law.

Cryptographic watermarking and content provenance serve the same purpose - proving origin - but are implemented differently. Cryptographic watermarking embeds proof directly into the content using steganographic or structural techniques. C2PA manifests are attached as a sidecar container. Both approaches are deterministic: verification either succeeds or fails, with no false positives. This is fundamentally different from statistical watermarking (like SynthID) which produces probabilities, not proof.

Removal is itself evidence. If a C2PA manifest was present when the content was signed but is absent when the content appears elsewhere, that absence documents tampering. For text embedded using Encypher's proprietary provenance markers, an attempt to strip the markers alters the content in ways that break cryptographic verification against the original source.

Three main paths: the Encypher API (REST, works with any language), the WordPress plugin (one-click activation), or the Python/TypeScript/Go/Rust SDKs for batch processing existing archives. The free tier covers 1,000 documents per month. Enterprise tiers support millions of documents with custom workflows.