What C2PA Actually Records

C2PA attaches a signed manifest to a file. The manifest contains assertions. Each assertion is a statement about something that was done to the data or about properties the data is claimed to have.

The most common starting point is an action labeled c2pa.created. It can include a digitalSourceType that indicates the broad category of the source material. Later assertions can record adjustments, edits, or other operations. The entire set is signed by a key. Verification checks that the signature matches the content and that the chain of assertions has not been altered since signing.

This is a record of process, not of origin in the artistic sense. It can say that a file was produced through a certain tool or sequence of tools at a certain claimed time. It cannot say whether the decisions inside that sequence reflected sustained human judgment or were mostly delegated to a statistical model.

The format also supports a metadata assertion. Inside it, fields such as title, description, creator name, and subject can be placed. These fields are ordinary text or structured values. They carry whatever the signer chooses to write. They are not independently verified by the standard itself.

Because the manifest lives inside or alongside the file, it travels with the bytes. When the bytes are copied or re-encoded in a supported format, the manifest can move with them. When the file is re-saved through many common tools, the manifest can disappear. The signature only protects what was signed at the moment of signing. It does not prevent later removal or replacement of the entire manifest.

In short, C2PA binds claims to a particular binary object at a particular moment. It does not bind those claims to the identity of a human author in any stronger sense, nor does it guarantee that the object will retain those claims after it leaves the signer's control.