Beeler.Tech Pub Report · May 2026
Content Provenance for Publishers: Taking Back Control of Your Content
Buyers and AI companies cannot tell your content apart from scraped archives or AI slop, because there is no signal that says “this is legitimate publisher content, and it is mine.” C2PA fixes that by binding cryptographic proof of origin and rights to the content itself. In this Pub Report session, Encypher CEO Erik Svilich walks publishers through how it works, how to turn it on, and why now.
Who is in this conversation
- • Rob Beeler (Host, founder of Beeler.Tech)
- • Erik Svilich (Founder and CEO of Encypher; Co-Chair, C2PA Text Provenance Task Force)
What the talk covered
The problem: your content has no source signal
The moment your content is copied, pasted, scraped, or pulled into a dataset like Common Crawl, it stops pointing back to you. Buyers placing ads cannot confirm it is premium publisher inventory. AI companies training on it have no way to know it is high-value, licensed content. And if someone uses it downstream, there is no embedded proof it was ever yours. Meanwhile, brands are pouring budget into brand safety because no one wants their ad sitting next to AI-generated or deepfaked content from an unknown source.
How C2PA works in the ad stack
C2PA is an open standard, backed by the BBC, The New York Times, Google, Meta, Microsoft, OpenAI, and Adobe, for embedding machine-readable, cryptographically signed provenance into images, video, audio, and text. You sign your content when you publish, and the signal travels with it.
For the ad side, Encypher built a Prebid Real-Time Data module that reads the provenance signal on page load, with caching, so there is almost no lift. It is a one-line config in your Prebid setup. From there the verification rides the bid request to SSPs and DSPs, and every buyer sees it in the auction. Buyers can then bid toward authentic inventory.
What publishers get
- •A differentiation signal, and the basis for CPM uplift. Authenticated inventory gives buyers a reason to pay more for verified content over anonymous or possibly AI-generated content.
- •Stronger legal leverage. You hold machine-readable, cryptographically bound proof of your rights, embedded in the content itself, where it cannot be spoofed. That matters when enforcing a license or a contract.
- •Free signing. Encypher signs publisher content for free using C2PA and watermarking. You keep the licensing revenue. We earn as the independent third-party verification layer that makes sure you get paid and your license is respected.
Why now
Brand demand is real: a 4A's representative recently told the IPTC Spring Summit that brands want C2PA on publisher sites and are willing to require the signal to survive through the ecosystem. Provenance is now officially part of AdCP, the new ad-context standard. And the regulatory clock is running: EU AI Act Article 50 transparency obligations start applying August 2, 2026. As Pub Report host Rob Beeler put it, doing the work now means that when precedent is set, you will already have done it.
Why Encypher
Encypher operates the entire C2PA trust chain itself. We sign across 20+ formats, run our own validation engine, and are our own trusted Certificate Authority and Time Stamp Authority on the official C2PA trust lists, so content we sign verifies as trusted with no borrowed root. Erik Svilich co-chairs the C2PA Text Provenance Task Force and authored the specification for provenance in unstructured text.
Key takeaways
- •Provenance binds proof of origin and rights to your content, and it travels with the content.
- •It flows through the existing ad stack via a one-line Prebid config, to SSPs and DSPs, into the auction.
- •Publishers get a premium-inventory signal, legal leverage, and free signing.
- •The deadline is real: EU AI Act Article 50 applies August 2, 2026.
Questions about this talk
Transcript
This transcript was generated by AI and lightly edited for readability. It may contain mistakes, including in wording and speaker labels. Two clarifications have been added inline in brackets. The recording is the source of record.
Rob Beeler 00:00
Now on to Erik, who's going to talk a little about C2PA. Erik, I'll turn things over to you.
Erik Svilich 00:09
Thank you so much, Rob. You set it up nicely: publishers taking their own destiny into their hands. That's part of why I'm here, using content authenticity and provenance as that backbone. C2PA is an acronym, c2pa.org, it stands for the Coalition for Content Provenance and Authenticity. It's a standards organization backed by the BBC, The New York Times, Google, Meta, Microsoft, OpenAI, Adobe, and many others, focused on how we embed machine-readable cryptographic data into images, video, audio, and text. There's a huge problem right now, especially with how easily accessible AI has become. There are sites spinning up entire websites that are just made-for-advertising (MFA) junk, AI slop built to grab revenue. Brands are very concerned about brand identity and brand safety. Coca-Cola, for example, doesn't want its ad next to AI-generated, deepfaked, or politically charged content tied to some unknown source. Without a machine-readable signal that says "this is legitimate publisher content," buyers can't separate your content from scraped archival content or low-value AI slop. Today there's really no source signal. If your content gets copied, pasted, scraped, or pulled into Common Crawl, it no longer links back to you. C2PA fundamentally changes this. It's a machine-readable way to embed license and rights information plus organizational identity, down to the individual journalist if you want. So when content is copied, pasted, scraped, or lands in another database, the proof that it came from your organization travels with the content itself. That changes the legal landscape between media companies and AI companies, where there are dozens of lawsuits right now. So there are two things: proving content is legitimate and proving it came from you, then using that proof to support licensing and the ad tech ecosystem.
Erik Svilich 04:26
So how does this provenance signal enter the midstream? The first step is to sign your content. Typically content is signed when it's created or when you hit publish, and the signal is embedded into the content itself, so it follows the content as it moves. This works for text, images, video, and audio across your pages and archives. The next step, for the ad tech audience, is detecting the signal using something like Prebid header bidding. We built a Real-Time Data (RTD) module that reads these signals and injects provenance into the midstream. Prebid reads the provenance signal on page load, with a caching layer, so there's very little lift for publishers. It's a one-line config in your Prebid setup. That signal then travels to SSPs and DSPs: verification is passed in the bid request, and every buyer can see it in the auction. On the revenue side, buyers can bid on authentic inventory, which is the basis for a potential CPM uplift, or at the very least premium ad dollars coming to you over someone else. The other side of detection: if your content is copied into Common Crawl or into an AI system, we're working on verifying that your content has entered that system, and on attaching the licensing rights so you get analytics and get paid based on the C2PA signal. C2PA is an open standard, anyone can implement it for free. OpenAI and Google already support C2PA in their AI outputs, and they're working on reading the signal natively on ingest. So what do publishers get? CPM uplift and a differentiation signal: authenticated inventory gives buyers a reason to bid toward verified content. It's also a machine-readable quality signal, proof it came from a real publisher, which makes it good data to train on. You also get much stronger leverage in a court of law: you have machine-readable rights embedded in the content itself, cryptographically bound to your organization so it can't be spoofed. We offer free signing for publishers using C2PA-based technology and watermarking. You keep the licensing revenue, and we take a fee as the independent third-party verification layer that makes sure you get paid and your license is respected.
Rob Beeler 09:06
Appreciate it, Erik. There's integration at the front end. You said something gets "stamped," correct me on terminology, when my editorial team hits publish. Is that a WordPress plugin? A script? How does it get applied?
Erik Svilich 09:47
Great question. We have a WordPress plugin that signs images, video, audio, and text. Whenever you hit post or update, it signs automatically, and you can bulk-sign your archives. For WordPress users it should be fairly plug-and-play. For other CMS or headless CMS systems, we've written integrations on an ad hoc basis or in partnership with the platforms publishers increasingly use. "Stamping" is a good analogy, it's like a notary stamp. It can be a script, it's an API, so anyone can integrate it into any platform, but the WordPress plugin is fairly turnkey.
Rob Beeler 10:47
You mentioned some large companies are behind this. One thing that would be amazing to do as a community is to start tracking this: if we get volume, that signal becomes something SSPs and DSPs start to look for. It changes the conversation around MFA. There's a buildup here that could be really powerful.
Erik Svilich 11:22
Two important points. The more people who do this, the more value there is for publishers. The more publishers can assert "this is my legitimate content," and work with groups like RSL (Really Simple Licensing) on group licensing, the better terms and analytics everyone gets.
Erik Svilich 12:02
We're part of about a dozen standards organizations, and IPTC is one of them. Someone from the 4A's (American Association of Advertising Agencies) presented at the IPTC Spring Summit about a month ago, and they have said they want C2PA on websites by the end of the year if possible, because brands are so concerned that they have increased brand-safety budgets and are willing to require this signal to survive through the ecosystem. We've worked with Prebid on the Prebid module, and provenance is now officially part of AdCP (Ad Context Protocol) in the newest spec. We've been talking with the IAB, and we'll work with anyone who wants to be interoperable with this standard. This is coming from the brands' mouths. The more publishers provide authentic, verified inventory, the more dollars go to legitimate publishers, and hopefully the higher CPMs we can command.
Rob Beeler 13:25
Brian has a couple of questions. Is the intent to confer reputation to the source domain, or are downstream participants expected to continuously verify content? And if it's the latter, what's the latency cost for signature verification?
Erik Svilich 13:43
Good technical questions. There are different levels of what you can assert and what identity you can assert: website level, even individual reporter level, and per asset on the page. Say you bought an image from Getty Images: you don't own the rights to it, but maybe you wrote the article, and maybe you also quoted a politician. You can't claim rights over the quote, and someone else owns the image. So you need to embed that granularly into your content, which is what we do. When the content moves across the internet, those markers survive. [Clarification: today, platforms such as LinkedIn, Instagram, and TikTok read and display Content Credentials to label content, but most still strip the C2PA manifest when they re-encode an upload. Durable preservation through re-encoding is the next frontier, which is why Encypher pairs C2PA metadata with watermarking so the signal survives.] On latency: verification is free and fairly low. We have a free Chrome plugin that doesn't even need an account, you visit a page and it tells you if there are signals on it. There's also caching in the Prebid server, so you're not verifying on every page load, it runs once and caches for a period. And C2PA verification is being integrated into Chrome. [Clarification: at Google I/O 2026, Google confirmed C2PA verification is coming to Google Search and Chrome in the coming months, and is already live in the Gemini app.]
Rob Beeler 16:06
Last question: CPM uplift. Is it too early to measure? Do you have anything to report?
Erik Svilich 16:28
We're in the early stage of proving the market on CPM, which is why I said "might." If I had a hard percentage, I'd have shown it. We're working on making sure the signal is survivable through the entire ad tech ecosystem, which is why we're working with Prebid, AdCP, and the IAB. But content has to be marked for any of that to happen, and there are several reasons to mark it anyway, including CPM uplift. We're in early pilot, so I don't have enough numbers to state a figure publicly with confidence. By the way, I wrote the C2PA standard for text and co-chair the Text Task Force; that was published in January this year. So this is very new. The more people who sign, the faster we can prove it out. If you're interested, please contact me.
Rob Beeler 17:48
As we transition: the CPM question is spot on, and this is also a bigger thing. I don't see a future where publishers aren't having to license and defend their content and intellectual property, and I love that you framed it as IP, not just "content." Doing the work now means that when precedent is set, you'll already have done it. This is an immediate signal to my editorial team that we're protecting ourselves, and being able to pass that signal on helps us push the buy side: why spend on tools to detect whether I'm real when here it is? Great stuff.
Resources
Take back control of your content.
Start with the free report, then sign your content for free with Encypher.