C2PA Attaches Provenance to Content. The Content Itself Has No Identity.
by Nick Clark | Published March 27, 2026
The Coalition for Content Provenance and Authenticity built a standard for attaching signed metadata to media files, recording who created content, what tools were used, and how it was modified. Adobe, Microsoft, Intel, and major camera manufacturers adopted it. The standard is real. But C2PA provenance is attached metadata. If the metadata is stripped, the content has no identity. If the content is re-encoded, the attachment breaks. The structural gap is between provenance attached to content and identity derived from the content itself.
C2PA represents a serious cross-industry effort. The technical specification for signed manifests, ingredient tracking, and claim chains is thorough. The gap described here is not about the quality of the standard. It is about the architectural assumption that provenance is metadata attached to content.
Attached provenance is strippable provenance
C2PA embeds a signed manifest in the media file's metadata container. The manifest records creation information, editing history, and a chain of custody. The signature ensures the manifest has not been tampered with.
But the manifest is metadata. Social media platforms routinely strip metadata during upload and re-encoding. A screenshot of an image carries no C2PA manifest. A re-encoded video loses its manifest. A copy-paste of an image into a document does not transfer the manifest. In every case where content is separated from its metadata container, the provenance disappears.
Identity depends on the container, not the content
C2PA identifies content through cryptographic hashes of the media file. If the file is modified in any way, including lossless format conversion or resolution change, the hash no longer matches. The identity is bound to the specific binary representation, not to what the content structurally is.
Two visually identical images encoded at different quality levels have different hashes and cannot be recognized as the same content. A crop of a verified image is unverifiable. The identity model does not survive the transformations that content routinely undergoes.
What content anchoring provides
Content anchoring derives identity from the content's own structural properties: its entropy distribution, spatial frequency patterns, and structural signatures. The identity is not attached metadata. It is computed from what the content structurally is.
In this model, stripping metadata does not remove identity because the identity was never in the metadata. Re-encoding does not break identity because the structural properties that define identity are preserved through standard transformations. A cropped image retains partial identity because the structural properties of the retained region are intact.
C2PA's signed manifest chain would serve as complementary provenance: rich creator and editing information attached to content that also has intrinsic identity. When the manifest is present, both provenance and identity are available. When the manifest is stripped, the content's intrinsic identity persists.
The remaining gap
C2PA built a provenance standard. The remaining gap is in content identity: whether content can be identified from its own structural properties rather than depending on attached metadata that routine handling removes.
