Digital provenance

Lisa Braswick

AI Research & Content Strategy

Digital provenance is the verifiable record of where a piece of content came from, how it was created, and what happened to it along the way. In a media landscape flooded with AI-generated images, cloned voices, and synthetic video, establishing provenance is the foundation for knowing whether what you are looking at is real.

The concept is borrowed directly from the physical world. In art authentication, provenance means the documented history of ownership: who made it, who bought it, where it has been stored. In digital forensics, provenance means the verifiable record of how content was created and modified. The challenge is that digital files are trivially easy to copy, alter, and redistribute without leaving obvious traces, making provenance verification both more important and more difficult than it is in the physical world.

What is digital provenance

Provenance in the physical world: art, archives, legal evidence

Provenance is not a new concept. Art dealers have tracked the ownership history of paintings for centuries. Archivists maintain chain-of-custody records for historical documents. Legal systems require provenance documentation for physical evidence to be admissible in court.

In each of these domains, provenance serves the same purpose: it answers the question "can we trust this thing?" by providing a verifiable history. A painting with an unbroken chain of documented ownership back to the original artist commands a higher price and a higher level of trust than one with gaps in its record. The same principle applies to digital content.

The transition to digital media provenance

The digital world introduced both advantages and challenges for provenance tracking. On the advantage side, digital files can carry embedded metadata that physical objects cannot. A JPEG file includes EXIF data describing the camera, settings, GPS location, and timestamp. A PDF can include authorship and revision history. An audio file can contain recording device information.

On the challenge side, digital files can be perfectly copied, and metadata can be easily stripped or forged. When you share a photo on social media, the platform typically re-encodes the image and removes most or all of the metadata. The original provenance information is lost, and there is no way to recover it from the metadata alone.

Why provenance matters for trust in 2026

The explosion of AI-generated content has made provenance verification urgent. In 2025, researchers at Stanford's Internet Observatory estimated that AI-generated images accounted for a significant and growing share of visual content circulating on social platforms. When anyone with a text prompt can generate a photorealistic image of an event that never happened, the ability to verify whether content is authentic becomes a public safety issue.

Provenance matters for journalism, where reporters need to verify the images and video they publish. It matters for legal proceedings, where digital evidence must be authenticated. It matters for businesses, where brand impersonation and fake product images cause financial harm. And it matters for individuals, whose likenesses can be used without consent in deepfake content.

How digital provenance works

There are three fundamentally different approaches to establishing digital provenance. Each has strengths and significant limitations.

Metadata-based provenance (EXIF, XMP, IPTC)

EXIF (Exchangeable Image File Format) is the most common form of embedded provenance data. When a camera captures a photo, it writes metadata including the camera model, focal length, shutter speed, ISO, and often GPS coordinates. XMP (Extensible Metadata Platform) provides a more flexible framework for embedding arbitrary metadata, and IPTC (International Press Telecommunications Council) standards are widely used in photojournalism for caption and credit information.

The limitation of metadata-based provenance is fragility. Metadata can be stripped by any software that re-saves the file. Most social media platforms remove EXIF data during upload. And metadata can be forged: it is trivial to edit EXIF fields to claim a photo was taken by a different camera, at a different time, in a different location.

Cryptographic provenance (hash chains, digital signatures)

Cryptographic provenance uses digital signatures and hash chains to create a tamper-evident record. The creator signs the content with a private key, and anyone can verify the signature with the corresponding public key. If even a single bit of the file is changed after signing, the signature becomes invalid.

C2PA (the Coalition for Content Provenance and Authenticity) is the most prominent implementation of cryptographic provenance. It attaches a manifest to the file that includes signed assertions about how the content was created and modified. The strength is strong tamper detection. The weakness is the same as metadata: the manifest can be stripped, and participation is voluntary.

Forensic provenance (signal analysis without metadata)

Forensic provenance takes a fundamentally different approach. Rather than relying on information that was intentionally attached to the file, it examines the content itself for signals that reveal its origin. Camera sensor noise patterns can identify the specific device that captured an image. Compression artifacts reveal what codec was used and how many times the file was re-encoded. AI generation models leave statistical fingerprints in the pixel data that distinguish synthetic content from captured content.

The strength of forensic provenance is that it works even when all metadata has been removed. It cannot be opted out of, because the signals it analyzes are inherent to the content. The limitation is that forensic analysis is probabilistic rather than deterministic: it provides confidence levels, not absolute certainty.

The metadata stripping problem

The single biggest obstacle to metadata-based provenance is that most of the internet's content distribution infrastructure actively removes it.

How social media platforms remove provenance data

When you upload a photo to most social media platforms, the platform re-encodes the image (typically converting to JPEG or WebP at a specific quality level and resolution) and strips the original metadata. This is done for a combination of privacy, storage, and performance reasons. The result is that any provenance information embedded in the original file is lost.

This table illustrates the core problem with any provenance system that relies on embedded data. Even platforms that support C2PA today only preserve it in limited contexts, and the vast majority of content sharing still strips all provenance information.

Format conversion and re-encoding losses

Beyond social media stripping, ordinary file operations destroy provenance metadata. Converting a RAW photo to JPEG removes the raw sensor data that carries the most detailed provenance signals. Transcoding a video from one codec to another discards the original compression fingerprint. Even something as simple as taking a screenshot of an image creates a new file with no connection to the original's metadata.

Each step in the content sharing chain introduces another potential point of metadata loss. A photo might be captured on a phone (full EXIF), shared via messaging app (EXIF stripped), screenshotted by the recipient (new file, no metadata), and uploaded to a news site (re-encoded again). By the time a fact-checker needs to verify it, there is no metadata trail left to follow.

Why metadata-only approaches fail at scale

The metadata stripping problem is not a bug that can be patched. It is a structural feature of how content moves across the internet. Platforms strip metadata for legitimate reasons, including user privacy, storage optimization, and format standardization. Asking every platform, messaging app, and email client in the world to preserve metadata is not a practical solution.

This is why forensic provenance is essential. It provides a verification pathway that works after metadata has been stripped, because it analyzes the content itself rather than data attached to it.

Self-declared vs forensic provenance

The C2PA content credentials approach

C2PA, developed by a coalition of major technology companies including Adobe, Google, Microsoft, and Intel, provides a standardized way to attach cryptographic provenance to digital content. When enabled, C2PA records what application created or edited the content, what actions were performed, and whether the content was generated by AI.

The system works well in controlled environments. A photographer using a C2PA-enabled camera produces images with a verifiable chain of custody. A designer using Adobe Photoshop with Content Credentials enabled creates a documented edit history. The challenge comes when content leaves these controlled environments and enters the open web.

The AFIP forensic integrity approach

AFIP's approach starts from a different premise: assume that metadata will be missing, and build verification on evidence that cannot be removed. Forensic analysis examines sensor noise patterns, compression fingerprints, statistical distributions, and AI generation artifacts to determine what the content is and where it likely came from.

This does not make C2PA unnecessary. When C2PA data is available, it provides valuable provenance information. But forensic analysis provides a fallback that works in the vast majority of cases where C2PA data is absent, which, given current adoption rates and the metadata stripping problem, is most of the content on the internet today.

Why both are needed: complementary models

The most robust provenance verification combines both approaches. When C2PA data is present and the signature validates, that provides strong evidence of authenticity. When C2PA data is missing (which is the norm for shared content), forensic analysis fills the gap. And when C2PA data is present but forensic analysis contradicts it, that discrepancy itself is important evidence, potentially indicating a sophisticated forgery.

Applications of digital provenance

Journalism and media verification

For newsrooms, provenance verification is part of the editorial workflow. When a photo or video arrives from a source, editors need to confirm it was captured where and when the source claims. The verification process typically starts with metadata examination, moves to reverse image search, and escalates to forensic analysis for high-stakes stories. Organizations like the AFP, Reuters, and the BBC have invested in verification teams that use provenance tools daily.

Legal and regulatory compliance

Digital evidence in legal proceedings requires authenticated provenance. Courts need to know that video surveillance footage has not been altered, that digital documents are genuine, and that photographic evidence accurately represents what it claims to show. The Federal Rules of Evidence in the US and similar frameworks internationally require authentication as a precondition for admissibility.

Academic integrity and research

Scientific journals face a growing problem with manipulated images in published research. A 2022 analysis estimated that over 2% of biomedical papers contained problematic images, ranging from innocent errors to deliberate fabrication. Provenance verification tools help journal editors and reviewers detect image duplication, splicing, and enhancement that could indicate data manipulation.

Supply chain and brand protection

Businesses use provenance verification to combat counterfeit product images, unauthorized use of brand assets, and AI-generated fake reviews that include manipulated product photos. Digital provenance tracking helps identify when brand images have been altered or repurposed without authorization.

The future of digital provenance

Several trends are converging to make digital provenance increasingly important and increasingly sophisticated.

Regulatory pressure is accelerating adoption. The EU AI Act requires that AI-generated content be labeled as such, creating a legal mandate for provenance tracking. Similar legislation is advancing in the US, UK, and other jurisdictions. These regulations will drive both voluntary adoption of systems like C2PA and demand for forensic verification to enforce compliance.

Hardware-level provenance is emerging in new camera systems. Leica, Sony, Nikon, and Canon have all announced or shipped cameras with built-in C2PA signing capabilities. When provenance is established at the hardware level, before any software can modify the file, the chain of custody starts stronger.

Cross-platform provenance standards are being developed to address the metadata stripping problem. The C2PA coalition is working with social platforms to preserve manifests during upload, though adoption remains limited. In the meantime, forensic analysis remains the most reliable cross-platform verification method.

The future of digital provenance is not a single system or standard. It is a layered approach where cryptographic signing, metadata preservation, and forensic analysis each contribute to a more complete picture of content authenticity. AFIP's role in this ecosystem is to ensure that the forensic layer, the one that works regardless of voluntary cooperation, remains robust, accessible, and scientifically grounded.

Frequently asked questions

Related research

References: W3C PROV-DM: The PROV Data Model (2013). | C2PA Technical Specification v2.1. | NIST SP 800-86: Guide to Integrating Forensic Techniques into Incident Response. | ISO/IEC 27037:2012 Digital Evidence Guidelines.