By Jerry Heinz, CIO, Genvid
In eight weeks, marking AI-generated content stops being good practice and becomes European law. Article 50 of the EU AI Act applies on August 2; systems already in the market get until December 2 to fall in line. If you run a content pipeline that touches the EU, you now have a date on the calendar and a requirement you can read in one sentence: every synthetic output has to be marked in a machine-readable format and detectable as artificially generated.
The obvious move is to reach for a single mark. Sign the file with a C2PA manifest, or embed a watermark, and call the box checked. I’d read the latest research before you do, because it takes that assumption apart.
A cryptographic manifest is authoritative; it proves who signed and what they signed. It also gets stripped the first time an asset is resized, screenshotted, or pushed through a social pipeline that re-encodes on upload. A pixel-level signature is the opposite kind of layer: it rides in the image itself, so it survives the screenshot and the crop that strip the metadata, but the pixels carry an identifier, not the record. That signature only means something if it resolves to a record held somewhere. The declared record and the durable signature each cover the ground the other one cedes.
A paper out this spring, “Authenticated Contradictions from Desynchronized Provenance and Watermarking,” goes further. A standard verifier reads the manifest, a separate detector reads the watermark, and neither one checks the other. So you can construct a file that passes signature validation while its own watermark says “AI-generated,” and the contradiction stays invisible because nothing reconciles the two. The result is an authenticated fake. The authors close the gap with a cross-layer audit that scored 100% across 3,500 images, which tells me the fix isn’t exotic; it just has to be someone’s job.
Three different groups are arriving at the same place from three directions. The EU’s draft Code of Practice tells providers their detectors can’t only read embedded watermarks; they have to catch unmarked synthetic content too, because the regulator already assumes the mark won’t be there. Adobe’s Durable Content Credentials now pair the manifest with an invisible watermark and a fingerprint that recovers the record from a repository after the mark is gone. Researchers, regulators, and the company that co-founded the standard all concede the same thing: the metadata gets stripped, and something has to hold the record when it does.
A mark is a claim. Proof is the ability to reconcile the claims and recover the record after an asset has been stripped, edited, and re-uploaded a dozen times. Proof needs a place where the record lives, independent of the file. The standards work is winning, as it should. The harder question is who operates the thing behind the standard.
If you own a content pipeline, August 2 is the easy date. The one I’d put on your calendar is the first time an asset comes back through your system with its mark gone and you have to prove what it is anyway. When that happens, what reconciles the layers, and what holds the record for you? I don’t think the file can answer for itself. That’s the question I’d be asking every vendor in your stack between now and August.
Genvid is one of the vendors I’d put that question to. If you want to talk through how we help keep provenance attached to every asset, reconciled across layers, and compliant by August, contact our sales team.