Why content provenance needs an open standard

A provenance record is only useful if someone other than its author can verify it. A newsroom signs a photo; a social platform, a fact-checker, and a reader all need to confirm that signature without calling the newsroom. The moment verification depends on a single vendor staying online and cooperative, the guarantee is gone.

This is the property that separates provenance from logging. Logs answer questions for the party that owns them. Provenance has to answer questions for parties who do not trust each other and may never communicate directly.

The straightforward way to build provenance is a database: store who created what, expose a lookup API, and let callers query it. This works until the asset leaves the system. A file downloaded, re-uploaded, and shared on three platforms is now disconnected from the database row that described it. Worse, the verifier has to trust that the database operator has not edited the row.

Closed databases also fragment. If every platform keeps its own provenance store, a claim made in one is invisible in the others. The verifier has to know which database to ask before asking, which defeats the point.

C2PA defines a manifest format: a signed, self-contained record that travels with the asset or can be re-associated with it. Because the format is open, a manifest signed by one tool verifies in any other tool that implements the spec. The trust decision moves from the operator to the signature and the certificate behind it.

C2PA is a Linux Foundation specification with over 500 member organizations across media, hardware, and software. That breadth is the reason it is worth building on. The value of a provenance format scales with the number of independent parties that can read it, and no single vendor can manufacture that.

Hashproof issues and verifies C2PA manifests through one HTTP API. We do not invent a parallel format or ask you to trust a private ledger. A manifest we sign follows the C2PA 2.x specification and can federate with peer registrars.

The standard is the part that has to be neutral. Our job is to make it practical to issue at scale, resolve after re-encoding, and batch into Merkle trees for inclusion proofs. The interoperability is not ours to own.