Content Credentials Stopped Being Optional: Provenance Is Now A Compliance Layer
C2PA has crossed from a voluntary standard into a regulatory baseline. From 2 August 2026 the EU AI Act makes machine-readable provenance a transparency obligation, and the organisations that can sign what they produce at the point of creation are the ones who stay clean.
For years, content provenance was a virtue signal. You could bolt Content Credentials onto an image, feel good about it, and move on. Nobody was going to fine you for leaving them off. That era ended this summer. From 2 August 2026, the transparency obligations in Article 50 of the EU AI Act apply, and provenance stops being a badge you choose to wear. It becomes a control you have to be able to demonstrate. I want to be precise about what changed, what it actually requires, and why I think the winners are the organisations that can sign what they produce at the moment they produce it.
What actually became law
Article 50 of the EU AI Act carries transparency obligations that took effect on 2 August 2026. Two of them matter most for anyone who makes content. Providers of generative AI systems must mark their outputs in a machine-readable format so those outputs are detectable as artificially generated or manipulated. And deployers who use AI to produce deepfakes must disclose that the content was artificially generated. These duties are not reserved for high-risk systems. They apply across the board to the situations the Article covers.
To turn principle into practice, the European AI Office published its Code of Practice on Transparency of AI-Generated Content on 10 June 2026. The Code is voluntary, but it sets out a layered technical approach that reads almost like a specification. First, digitally-signed metadata that records whether content is AI-generated or manipulated, time-stamped and tamper-evident. The only mature technology that meets those criteria today is C2PA, the standard behind Content Credentials. Second, imperceptible watermarking woven into the content itself, robust enough to survive compression and cropping. Third, an optional fingerprinting or logging layer backed by a registry. Metadata, watermark, log. That is the shape of compliant provenance now.
Generative systems already on the market before 2 August 2026 were given breathing room until 2 December 2026 to meet the machine-readable marking requirement. That grace window is closing, not opening.
The number that concentrates the mind
Article 99 sets the penalties. Breaches of the transparency obligations can attract administrative fines of up to 15 million euro, or 3 percent of total worldwide annual turnover for the preceding financial year, whichever is higher. That is a real number, and it is the figure that moves provenance from the marketing budget to the risk register. I want to be honest about scope, because over-claiming helps nobody. The heavier 35 million euro and 7 percent band applies to the prohibited practices under Article 5, not to a missing Content Credential. But 3 percent of global turnover for a labelling failure is still the kind of exposure that gets a board's attention.
Why this is a provenance problem, not a watermark problem
Here is the trap I see teams walking into. They treat this as a watermarking task. Add an invisible mark, add a visible AI label, done. But a watermark tells you something was machine-touched. It does not tell you who made it, on what system, with which model, at what time, and whether anyone altered it afterwards. That chain of custody is the actual compliance object, and it is what a signature gives you that a watermark alone never will.
Content Credentials, done properly, bind an assertion to a cryptographic signature. The manifest says this asset was created here, by this issuer, at this moment, and the signature makes tampering detectable. The watermark is the hardening layer that survives when the metadata gets stripped. The log is the fallback when both fail. Regulators asked for all three because each one covers the weaknesses of the others. If you only do the easy one, you have a label, not a provenance record.
The organisations that come out of this clean are the ones who can sign at the point of creation. Not sign later, in a batch job, hoping nothing changed. Sign at the moment the pixel or the paragraph comes into existence, from an identity you control, with a key you hold. Provenance added after the fact is provenance you are asking a regulator to trust on faith.
Why the runtime is where signing has to live
This is the part I care about most, and it is why we built Mickai the way we did. Signing at the point of creation is not a plugin you sprinkle on top of a content pipeline. It is a property of the runtime that produces the content. If the model, the render, the export, and the publish step all happen inside a system you own, then signing can be made non-optional. Nothing leaves without a Content Credential because the runtime will not let it. That is a very different guarantee from asking every author to remember to tick a box.
Mickai is a Sovereign Intelligence Operating System. Regulated organisations own it and run it inside their own walls, air-gapped where the workload demands it, with a cryptographically-signed audit record on every action. That audit record and a Content Credential are the same instinct pointed at two surfaces. One proves what your system did. The other proves what your system made. When both are wired into the runtime rather than bolted onto the edge, provenance stops being a policy you hope people follow and becomes a physical property of the platform. You cannot produce an unsigned artefact because there is no code path that emits one.
I want to be careful and fair about the market here. Almost every regime, the EU AI Act included, permits cloud services with the right controls. There is no blanket legal bar on cloud content tooling. The genuine no-cloud constraints are workload-level: classified material, isolated operational systems, data that a privacy assessment says cannot leave the building. What is real and growing is a preference for sovereignty among media, publishing, and regulated-comms teams who have decided that the identity signing their content, and the keys behind it, should sit under their own roof. For those teams, a runtime they own is not a compliance shortcut. It is the cleanest way to make signing non-optional without trusting a third party with the one thing that proves authorship.
What I would do before December
Three moves. Inventory every system that produces content for or on behalf of your organisation, and mark which ones can already emit signed C2PA metadata and which cannot. Treat the point of creation, not the point of publication, as the place signing has to happen, because retrofitted provenance is the weakest kind. And decide, deliberately, where the signing identity and its keys should live, because that decision is really a decision about who you are asking a regulator and your audience to trust.
Content Credentials stopped being optional. The question is no longer whether you label AI-made content. It is whether you can prove, cryptographically and at the moment of creation, what your organisation produced. The teams who can sign what they make will spend the next few years demonstrating trust. The teams who cannot will spend them explaining gaps.
If you want the operational side of this, our writing on content authenticity and provenance and on the signed audit record that sits under every Mickai action goes deeper on how signing at the runtime layer works in practice, and on how a Sovereign Intelligence Operating System keeps that signing identity inside your own walls.
Frequently asked questions
When does the EU AI Act require AI-generated content to be labelled?
The transparency obligations in Article 50 apply from 2 August 2026. Providers must mark generative outputs in a machine-readable format, and deployers must disclose deepfakes. Systems already on the market before that date were given until 2 December 2026 to meet the machine-readable marking requirement.
Is C2PA legally mandatory?
The law does not name C2PA. It requires machine-readable, tamper-evident, digitally-signed marking of AI-generated content. The Code of Practice published on 10 June 2026 describes exactly the properties C2PA provides, and it is at present the only mature standard that meets them, which makes Content Credentials the practical route to compliance rather than a formal mandate.
What are the fines for getting this wrong?
Under Article 99, breaches of the transparency obligations can draw administrative fines of up to 15 million euro or 3 percent of total worldwide annual turnover, whichever is higher. The larger 35 million euro or 7 percent band applies to the prohibited practices under Article 5, not to labelling failures.
Why does signing need to happen inside a runtime you own?
Because provenance added after the fact is provenance a regulator has to take on trust. If content is produced inside a system you control, signing can be made non-optional at the point of creation, from an identity and keys you hold. That is the difference between a label you hope authors apply and a Content Credential the platform cannot omit.
By Micky Irons, founder of Mickai.


