MICKAI
Article · 4 July 2026

Article 50 Lands in August: Machine-Detectable AI Provenance, and Why We Sign It At Source

The EU AI Act transparency duty starts on 2 August 2026 and the draft Code names C2PA Content Credentials as the pathway. We tie that marking to the signed audit record Mickai already writes on every action, so an owned SIOS produces attributable output natively.

Article 50 Lands in August: Machine-Detectable AI Provenance, and Why We Sign It At Source
Author
Micky Irons
Published
4 July 2026
Follow Micky Irons
LinkedInX
EU AI ActArticle 50C2PAContent CredentialsAI provenance

By Micky Irons

There is a date now, and it is close. From 2 August 2026, Article 50 of the EU AI Act obliges providers and deployers of generative systems to make synthetic content transparent. Text, images, audio and video produced or manipulated by AI must be marked in a form that machines, not just people, can detect and attribute. The draft EU Code of Practice on AI-Generated Content, with a final version expected around June 2026, points at a specific technical pathway to satisfy that duty: C2PA Content Credentials. So the standard is no longer a debate. It is a deadline with a named mechanism attached.

Most organisations are about to discover that they are holding this problem at the wrong end. They generate content through a cloud API, get an artefact back, and then reach for a watermark or a credential to staple on afterward. That works until someone asks the only question that matters in an audit: can you prove this mark reflects what actually happened when the content was made? A credential applied after the fact is a label. It is not evidence. We built Mickai so that provenance is not a label you add later. It is a property of the act of creation itself.

What Article 50 actually asks for

Strip the legalese and Article 50 wants two things. First, machine-detectable marking, so that downstream platforms, regulators and other systems can identify AI-generated or AI-manipulated content without a human squinting at it. Second, attribution that survives, so the mark carries information about how the content came to exist and does not simply fall off when a file is re-saved or re-shared.

C2PA answers this by wrapping content in a cryptographically signed manifest. The manifest records what tool made the asset, what was done to it, and who stands behind the signature, and it is bound to the content so tampering is detectable. This is genuinely good engineering, and we are glad the draft Code names it rather than inventing a bespoke EU-only scheme. But a C2PA manifest is only ever as trustworthy as the process that produced the claims inside it. If those claims are generated by a cloud service you cannot inspect, on infrastructure you do not control, your provenance rests on somebody else's word.

We already sign every action, and C2PA is the same signature pointed outward

Here is the intersection nobody else is serving: model provenance plus on-premise ownership. Mickai is a sovereign intelligence operating system. Regulated organisations own it and run it inside their own walls, air-gapped where the workload demands it, and every action it takes is written to a cryptographically-signed audit record. That record is not a feature we added for this regulation. It is how the system was built to work, because a sovereign system that cannot prove what it did is not sovereign, it is just private.

So when a media desk, a legal team or a public-sector communications unit generates content on their own Mickai instance, the signed audit entry for that generation already exists: which model produced it, what prompt and inputs were involved, which policy applied, when, and under whose authority. Emitting a C2PA Content Credential is not a second, separate act of trust. It is the same signature, pointed outward. The manifest that ships with the file and the internal audit record that never leaves your walls are two views of one signed event. That is what we mean by signing it at source.

The practical difference shows up under pressure. When a regulator, a court or a platform integrity team challenges a piece of content, an organisation running Mickai does not have to reconstruct a story. It can produce the external credential and, if it chooses, the matching internal record, both signed, both from the moment of creation, both under its own key rather than a vendor's. Attribution stops being a claim and becomes a chain.

Classical marble scene, Argus Panoptes, gold rim light on void black

Why owning it is the honest position here

We are careful about how we frame the market, because the diligence matters. It is not true that regulated organisations are legally barred from cloud AI. DORA, the FCA and PRA, the EBA, the NHS DSP Toolkit and GDPR almost all permit cloud with the right controls. The genuine no-cloud bar is workload-specific: classified material at SECRET and above, ITAR-controlled data, isolated operational technology, and cases where a data protection impact assessment comes back negative. For the vast majority, the driver is preference, not prohibition. Sovereignty of control, cost, and the plain reluctance to let sensitive material leave the building.

Provenance is exactly where that preference becomes concrete. Under Article 50 you are being asked to sign a durable claim about content your organisation is accountable for. Doing that with a key you hold, on a system you own, using an audit record you can inspect, is simply a stronger position than trusting a marking function inside a service you rent. The signing key is yours. The manifest points back to you. Nothing about the moment of creation lives on infrastructure you cannot see. For the roughly 16,092 UK and EU institutions in the register-backed sovereign market, 7,933 regulated core and 8,159 in the large-private adjacency, that is the difference between compliance you can defend and compliance you have to hope holds. It is worth being plain that this is a preference-led market rather than a legal mandate, and provenance is one of the clearest places that preference pays for itself.

The patents behind the record

The signed-at-source architecture is not incidental. It sits inside our filed intellectual property. Mickai holds 104 UK patent applications spanning around 2,340 claims across 13 families, with Mickarle Wagstaff-Irons as named inventor, moving through the process toward examination and grant. Those filings describe how a sovereign system binds actions to a tamper-evident, cryptographically-signed record and how that record can be surfaced as external attestation without exposing the internal audit trail. When we say provenance is native rather than bolted on, that is what the filings contain, not a claim about what any office has yet granted.

Classical marble scene, Argus Panoptes, gold rim light on void black

The takeaway

Article 50 is not asking whether you can watermark a file. It is asking whether you can prove, in a form a machine trusts, how that file came to exist and who stands behind it. A credential added after a cloud API hands you an artefact answers the letter and misses the point. When the system that creates the content is one you own, and it signs every action as a matter of course, the C2PA Content Credential is not extra work. It is the same signature you were already making, now facing outward. That is the position we built Mickai to give you before the deadline, not after it.

Frequently asked questions

Does Mickai's approach satisfy Article 50 and the draft Code of Practice?

Article 50 requires machine-detectable marking and durable attribution for AI-generated content, and the draft Code of Practice names C2PA Content Credentials as a technical pathway. Mickai emits C2PA-compatible Content Credentials at the moment of generation, bound to the same signed audit record we write on every action. You hold the signing key, so the credential attributes back to your organisation rather than to a cloud vendor.

Why is signing at source better than adding a credential after generation?

A credential applied afterward is a label about content whose creation you cannot fully evidence. Because Mickai signs every action as it happens, the external credential and the internal audit entry are two views of one signed event. Under challenge you can produce provenance that reflects what actually occurred, not a reconstruction.

Do we have to run Mickai air-gapped to get this?

No. Air-gapped operation is available where a workload demands it, but the signed audit record and C2PA emission work on any owned Mickai instance inside your walls. The point is that the signing key and the record stay under your control. Cloud is not prohibited for most regimes, so this is about sovereignty preference and defensibility rather than a legal bar.

Is provenance tied to a blockchain or token?

No. Attribution rests on the cryptographically-signed audit record and C2PA manifests. On-chain attestation is an optional supporting capability for organisations that want an external anchor, and there is no token involved. The core guarantee is the signature at source.

Related reading from us: our work on the cryptographically-signed audit record on every action, our sovereign intelligence operating system architecture inside your own walls, and our filed patent portfolio of 104 UK applications.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/eu-ai-act-article-50-content-credentials-c2pa-provenance-inside-your-walls. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
Alex Karp Is Right: You Are Paying For Tokens You Cannot Audit
Alex Karp said hosted-AI vendors capture your data and bill you for unproductive tokens that create no value. He is right. We built Mickai so regulated organisations own the substrate instead of renting it, with a signed audit record on every action.
4 Jul 2026
The EU Just Pushed High-Risk AI to December 2027. Here Is What We Are Building Instead of Waiting
The Digital Omnibus provisional agreement moves the EU AI Act high-risk deadlines from August 2026 to December 2027. Most coverage frames the delay as relief. We frame it as the window to own your compliance stack outright, so you are compliant on day one in 2027 instead of retrofitting logging, oversight and traceability under a live deadline.
4 Jul 2026
Under Oath, They Said They Could Not Say No. That Sentence Is the Whole Market
Microsoft France told the French Senate under oath that it cannot guarantee European data will never reach US authorities under the CLOUD Act, even inside a French sovereign region. We think that single sentence defines the market. Sovereign cloud is a real engineering improvement, but while the parent is US-domiciled the legal gap stays open. The only structure where the answer to a foreign subpoena is genuinely no is one you own and run inside your own walls.
4 Jul 2026
Schrems III Is Coming. Do Not Bet Your AI Pipeline on an Adequacy Decision
A single US Supreme Court ruling has put every AI stack that routes personal data to a US processor back on the wrong side of legal certainty. We explain why the Data Privacy Framework is now shaking, why a third adequacy invalidation is a live risk, and why owning your inference in-territory is the only hedge that does not depend on how Brussels or Luxembourg rules.