News

by Andy Parsons, Sr. Director, CAI

October 9, 2025

Raising the bar for trust: introducing the C2PA Conformance Program

This summer brought with it a defining step forward for the future of content authenticity. In June, the Coalition for Content Provenance and Authenticity (C2PA) soft-launched the C2PA Conformance Program during the Content Authenticity Summit at Cornell Tech in New York City. The program is now fully up and running, accepting submissions and encouraging participation from software developers, device makers, and certification authorities. This means we have a formal mechanism to ensure that implementations of the C2PA standard for Content Credentials are both secure and interoperable — establishing the technical and trust foundation the ecosystem needs to scale up.

Just as the Bluetooth® or Wi-Fi® programs verify that devices communicate reliably and securely across manufacturers, the C2PA Conformance Program provides baseline assurance for content provenance. It validates that an implementation correctly creates, signs, and reads C2PA manifests, while protecting those manifests and their associated assets through proven cryptographic methods and certificate validation. The program ensures that devices and software implementing the now-mature Content Credentials specification do so correctly and with full compatibility.

A foundation for security and interoperability

At launch, the program introduces two security levels, offering flexibility for a diverse set of implementers while establishing a clear path toward more rigorous, hardware-backed assurance. Notably, Google has already achieved the highest conformance level for the Pixel 10, making it the first device to meet the strongest requirements for secure provenance capture and signing.

This milestone represents the culmination of years of intentional design. As adoption accelerates, we now have all the core components in place to build a durable and trustworthy authenticity infrastructure:

  • An open standard (Content Credentials from the C2PA) defining how content authenticity data is bound to digital assets through manifests, cryptographic signing, and verification
  • Open-source tools and SDKs, such as those provided by the Content Authenticity Initiative (CAI), that enable developers to implement these capabilities consistently and transparently
  • A conformance and interoperability framework to ensure that those implementations meet common expectations for correctness and security
  • A trust model underpinned by a new C2PA certificate infrastructure, enabling participants to obtain, manage, and verify digital signing certificates with confidence

With the introduction of the Conformance Program, all these elements — the standard, the tools, the conformance process, and the trust model — now work together as a unified system for establishing digital provenance at scale.

Built by the community, for the ecosystem

This program is the product of more than a year of dedicated collaboration within the C2PA Conformance Task Force, which I have the privilege of co-chairing alongside Yogesh Deshpande (Arm) and Sherif Hanna (Google). Week after week, a committed group of contributors has worked through the nuances of security levels, testing protocols, and implementation guidance — all with a shared goal of making content authenticity reliable, repeatable, and trustworthy.

Their efforts exemplify what makes the C2PA unique: a truly open, multi-stakeholder coalition advancing a global standard for authenticity and transparency in digital media. And there’s much more inspiring work ahead.

An invitation to learn more and get involved

Developers, platform builders, and media partners can begin exploring the requirements, certification process, and trust infrastructure today.

Read more and access full program details at c2pa.org/conformance.