MICKAI
Article · 4 July 2026

Content Credentials Stopped Being Optional: Provenance Is Now A Compliance Layer

C2PA has crossed from a voluntary standard into a regulatory baseline. From 2 August 2026 the EU AI Act makes machine-readable provenance a transparency obligation, and the organisations that can sign what they produce at the point of creation are the ones who stay clean.

Content Credentials Stopped Being Optional: Provenance Is Now A Compliance Layer
Author
Micky Irons
Published
4 July 2026
Follow Micky Irons
LinkedInX
content authenticityC2PAEU AI Actprovenancecompliance

For years, content provenance was a virtue signal. You could bolt Content Credentials onto an image, feel good about it, and move on. Nobody was going to fine you for leaving them off. That era ended this summer. From 2 August 2026, the transparency obligations in Article 50 of the EU AI Act apply, and provenance stops being a badge you choose to wear. It becomes a control you have to be able to demonstrate. I want to be precise about what changed, what it actually requires, and why I think the winners are the organisations that can sign what they produce at the moment they produce it.

What actually became law

Article 50 of the EU AI Act carries transparency obligations that took effect on 2 August 2026. Two of them matter most for anyone who makes content. Providers of generative AI systems must mark their outputs in a machine-readable format so those outputs are detectable as artificially generated or manipulated. And deployers who use AI to produce deepfakes must disclose that the content was artificially generated. These duties are not reserved for high-risk systems. They apply across the board to the situations the Article covers.

To turn principle into practice, the European AI Office published its Code of Practice on Transparency of AI-Generated Content on 10 June 2026. The Code is voluntary, but it sets out a layered technical approach that reads almost like a specification. First, digitally-signed metadata that records whether content is AI-generated or manipulated, time-stamped and tamper-evident. The only mature technology that meets those criteria today is C2PA, the standard behind Content Credentials. Second, imperceptible watermarking woven into the content itself, robust enough to survive compression and cropping. Third, an optional fingerprinting or logging layer backed by a registry. Metadata, watermark, log. That is the shape of compliant provenance now.

Generative systems already on the market before 2 August 2026 were given breathing room until 2 December 2026 to meet the machine-readable marking requirement. That grace window is closing, not opening.

The number that concentrates the mind

Article 99 sets the penalties. Breaches of the transparency obligations can attract administrative fines of up to 15 million euro, or 3 percent of total worldwide annual turnover for the preceding financial year, whichever is higher. That is a real number, and it is the figure that moves provenance from the marketing budget to the risk register. I want to be honest about scope, because over-claiming helps nobody. The heavier 35 million euro and 7 percent band applies to the prohibited practices under Article 5, not to a missing Content Credential. But 3 percent of global turnover for a labelling failure is still the kind of exposure that gets a board's attention.

Classical marble scene, Tyche, gold rim light on void black

Why this is a provenance problem, not a watermark problem

Here is the trap I see teams walking into. They treat this as a watermarking task. Add an invisible mark, add a visible AI label, done. But a watermark tells you something was machine-touched. It does not tell you who made it, on what system, with which model, at what time, and whether anyone altered it afterwards. That chain of custody is the actual compliance object, and it is what a signature gives you that a watermark alone never will.

Content Credentials, done properly, bind an assertion to a cryptographic signature. The manifest says this asset was created here, by this issuer, at this moment, and the signature makes tampering detectable. The watermark is the hardening layer that survives when the metadata gets stripped. The log is the fallback when both fail. Regulators asked for all three because each one covers the weaknesses of the others. If you only do the easy one, you have a label, not a provenance record.

The organisations that come out of this clean are the ones who can sign at the point of creation. Not sign later, in a batch job, hoping nothing changed. Sign at the moment the pixel or the paragraph comes into existence, from an identity you control, with a key you hold. Provenance added after the fact is provenance you are asking a regulator to trust on faith.

Why the runtime is where signing has to live

This is the part I care about most, and it is why we built Mickai the way we did. Signing at the point of creation is not a plugin you sprinkle on top of a content pipeline. It is a property of the runtime that produces the content. If the model, the render, the export, and the publish step all happen inside a system you own, then signing can be made non-optional. Nothing leaves without a Content Credential because the runtime will not let it. That is a very different guarantee from asking every author to remember to tick a box.

Mickai is a Sovereign Intelligence Operating System. Regulated organisations own it and run it inside their own walls, air-gapped where the workload demands it, with a cryptographically-signed audit record on every action. That audit record and a Content Credential are the same instinct pointed at two surfaces. One proves what your system did. The other proves what your system made. When both are wired into the runtime rather than bolted onto the edge, provenance stops being a policy you hope people follow and becomes a physical property of the platform. You cannot produce an unsigned artefact because there is no code path that emits one.

I want to be careful and fair about the market here. Almost every regime, the EU AI Act included, permits cloud services with the right controls. There is no blanket legal bar on cloud content tooling. The genuine no-cloud constraints are workload-level: classified material, isolated operational systems, data that a privacy assessment says cannot leave the building. What is real and growing is a preference for sovereignty among media, publishing, and regulated-comms teams who have decided that the identity signing their content, and the keys behind it, should sit under their own roof. For those teams, a runtime they own is not a compliance shortcut. It is the cleanest way to make signing non-optional without trusting a third party with the one thing that proves authorship.

Classical marble scene, Tyche, gold rim light on void black

What I would do before December

Three moves. Inventory every system that produces content for or on behalf of your organisation, and mark which ones can already emit signed C2PA metadata and which cannot. Treat the point of creation, not the point of publication, as the place signing has to happen, because retrofitted provenance is the weakest kind. And decide, deliberately, where the signing identity and its keys should live, because that decision is really a decision about who you are asking a regulator and your audience to trust.

Content Credentials stopped being optional. The question is no longer whether you label AI-made content. It is whether you can prove, cryptographically and at the moment of creation, what your organisation produced. The teams who can sign what they make will spend the next few years demonstrating trust. The teams who cannot will spend them explaining gaps.

If you want the operational side of this, our writing on content authenticity and provenance and on the signed audit record that sits under every Mickai action goes deeper on how signing at the runtime layer works in practice, and on how a Sovereign Intelligence Operating System keeps that signing identity inside your own walls.

Frequently asked questions

When does the EU AI Act require AI-generated content to be labelled?

The transparency obligations in Article 50 apply from 2 August 2026. Providers must mark generative outputs in a machine-readable format, and deployers must disclose deepfakes. Systems already on the market before that date were given until 2 December 2026 to meet the machine-readable marking requirement.

Is C2PA legally mandatory?

The law does not name C2PA. It requires machine-readable, tamper-evident, digitally-signed marking of AI-generated content. The Code of Practice published on 10 June 2026 describes exactly the properties C2PA provides, and it is at present the only mature standard that meets them, which makes Content Credentials the practical route to compliance rather than a formal mandate.

What are the fines for getting this wrong?

Under Article 99, breaches of the transparency obligations can draw administrative fines of up to 15 million euro or 3 percent of total worldwide annual turnover, whichever is higher. The larger 35 million euro or 7 percent band applies to the prohibited practices under Article 5, not to labelling failures.

Why does signing need to happen inside a runtime you own?

Because provenance added after the fact is provenance a regulator has to take on trust. If content is produced inside a system you control, signing can be made non-optional at the point of creation, from an identity and keys you hold. That is the difference between a label you hope authors apply and a Content Credential the platform cannot omit.

By Micky Irons, founder of Mickai.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/content-credentials-become-regulatory-baseline. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
Spain Just Made AI Provenance a Legal Duty. Owning the Stack Settles It
Spain has moved to one of the strictest national AI regimes in the EU, making the labelling of AI-generated and AI-altered content a legal duty backed by its supervisory agency AESIA and fines up to 35 million euros. When AI runs inside your own walls with a cryptographically-signed audit record on every action, provenance and disclosure stop being a promise and become something you can prove.
4 Jul 2026
The GPAI Enforcement Switch Flips On 2 August 2026: What Regulated Buyers Should Actually Do
On 2 August 2026 the European Commission can start fining general-purpose AI providers up to 15 million euros or 3 percent of global turnover. Most coverage treats this as a model-maker story. For the regulated buyer it is a supply-chain story. I explain why, and what changes when the model runs inside your own walls with a signed audit record on every action.
4 Jul 2026
The Omnibus Bought You Time On High-Risk AI. It Did Not Buy You Control
On 16 June 2026 the European Parliament adopted the Digital Omnibus and on 29 June the Council signed it off, pushing most high-risk AI obligations to 2 December 2027. The deadline moved. The accountability did not. We make the honest case for building governed, on-premise infrastructure while the pressure is off.
4 Jul 2026
CADA Draws A Line Through The Public-Sector Cloud. Here Is Where Owned Infrastructure Sits
On 3 June 2026 the European Commission proposed the Cloud and AI Development Act, a four-tier sovereignty framework for public-sector procurement. It is not a blanket cloud ban. It is a graduated preference that runs from EU data residency at the baseline to effective immunity from foreign law at the top. I explain where each tier sits, and where owned infrastructure belongs.