Back to Blog

How AI Images Are Tracked -- The Complete Guide to C2PA and Metadata

May 28, 20267 min read

Every AI-generated image you create carries an invisible passport. It records who made it, when it was made, what tool was used, and whether the content is synthetic. This tracking system -- powered by the C2PA standard -- is rapidly becoming the backbone of how platforms, governments, and forensic tools identify AI content. If you create, share, or publish AI images, understanding how this tracking works is no longer optional. It directly affects your content's reach, your privacy, and your compliance with emerging regulations.

What Is C2PA and Why It Matters

The Coalition for Content Provenance and Authenticity (C2PA) is an open technical standard developed by a joint foundation established by Adobe, Microsoft, Google, ARM, Intel, and the BBC. Launched in 2021, C2PA defines a standardized way to embed cryptographically signed provenance information directly into digital media files. As of 2026, the C2PA coalition includes over 3,000 member organizations spanning camera manufacturers, software companies, news agencies, and social media platforms.

C2PA does not just add a label. It creates a tamper-evident chain of custody. Each action -- creation, editing, export -- can be recorded as a signed assertion linked to the previous state. This means an AI image generated in DALL-E 3, opened in Photoshop, and uploaded to a website carries a complete, verifiable history that any C2PA-aware tool can read.

The standard is now embedded in major tools and platforms. Adobe Photoshop and Lightroom support C2PA natively. Microsoft integrates C2PA into its Content Integrity tools. Google has begun surfacing C2PA content credentials in Search and on YouTube. ARM's upcoming chip architectures include hardware-level support for secure provenance signing on mobile devices.

C2PA Is Not Optional Anymore

The EU AI Act (effective August 2025) requires that AI-generated content be clearly labeled. C2PA is the primary technical mechanism platforms are adopting to comply. Images without C2PA labels may still be flagged by detection algorithms, but images with C2PA labels are guaranteed to be identified as AI-generated by any compliant platform.

How C2PA Embeds Itself in Your Images: The JUMBF Container

C2PA provenance data is stored inside image files using the JPEG Universal Metadata Box Format (JUMBF). JUMBF is an ISO standard (ISO 19566) that provides a structured way to embed arbitrary metadata boxes within JPEG, PNG, and TIFF files.

When you generate an image with a C2PA-compliant tool, the following happens behind the scenes:

  1. Assertion creation: The tool generates a set of assertions -- structured claims about the image's origin. These include the generator identity, the claim generator (software name and version), the timestamp, and the action type (e.g., "com.created" for original creation).

  2. Signing: Each assertion is cryptographically signed using a certificate chain rooted in a trusted Certificate Authority. The signature is embedded alongside the assertion data.

  3. JUMBF packaging: The signed assertions are packaged into JUMBF boxes following the C2PA specification. These boxes are then inserted into the image file -- typically in the APP11 segment for JPEG files, or in dedicated chunks for PNG files.

  4. Manifest store: Multiple manifests can coexist in a single image. Each editing step can add a new manifest that references the previous one, creating a chain of provenance.

The result is invisible to the human eye but fully readable by any tool that parses JUMBF containers. File size impact is typically between 5KB and 30KB depending on the number of assertions and the certificate chain length.

JUMBF Data Survives Most Operations

Simply renaming a file, converting formats through basic tools, or uploading to social media does not reliably remove JUMBF-embedded C2PA data. Many platforms preserve the JUMBF boxes during re-encoding. Only tools specifically designed to strip metadata from the binary level can remove C2PA provenance data.

Case Study: What DALL-E 3 Actually Embeds

To understand the depth of C2PA tracking, consider a concrete example. A DALL-E 3 generated image contains over 47 individual C2PA assertion fields. Here is a breakdown of what is embedded:

Identity assertions: The claim generator is identified as "OpenAI Media Service API" with a specific build version. The certificate chain traces back to a C2PA-registered CA, confirming the image was generated by OpenAI's infrastructure.

Action assertions: The primary action is tagged as "com.created" with a sub-type of "com.ai.generated", explicitly marking the content as AI-generated. The timestamp records the exact moment of generation in UTC.

Ingredient assertions: If the image was created from a text prompt, the prompt text itself may be recorded as an ingredient assertion. This means your creative prompt -- which may contain proprietary or sensitive information -- is permanently embedded in the image file.

Thumbnail assertions: C2PA embeds a hashed thumbnail of the image as a reference, enabling forensic validation that the file has not been altered since generation.

Binding assertions: A cryptographic hash binds all assertions to the specific pixel content of the image, making it computationally infeasible to transfer the provenance chain to a different image.

PlatformC2PA FieldsXMP FieldsEXIF FieldsTotal Metadata Size
DALL-E 347+12+8+~28 KB
Adobe Firefly38+15+6+~24 KB
Midjourney v604+10+~6 KB
Stable Diffusion0015+~4 KB
Google Imagen 342+10+7+~26 KB

The data above reveals a significant disparity. Platforms that have fully adopted C2PA -- DALL-E 3, Adobe Firefly, and Google Imagen 3 -- embed substantially more metadata than those that have not. Midjourney and Stable Diffusion currently rely on simpler EXIF and XMP tags, but industry pressure and regulatory requirements are pushing them toward C2PA adoption as well.

The Tracking Ecosystem: How Platforms Read Your Metadata

C2PA metadata is only useful if platforms actually read it. As of 2026, the tracking ecosystem has matured significantly:

Social media platforms: Meta (Facebook, Instagram) reads C2PA content credentials and applies "AI-generated" labels to content that contains synthetic assertions. TikTok similarly reads C2PA data and has mandatory labeling for AI content. Pinterest scans for C2PA provenance and applies visibility penalties to AI-tagged content.

Search engines: Google Search has begun displaying content credentials directly in image search results. Images with C2PA "com.ai.generated" assertions are flagged with an "AI-generated" badge. This affects click-through rates significantly -- early data suggests a 30-40% reduction in clicks for labeled AI images.

Forensic tools: Tools like InVID, FotoForensics, and the C2PA's own validation tools can extract and display the full provenance chain. Law enforcement agencies, journalists, and fact-checkers increasingly rely on C2PA data to verify or debunk image authenticity.

Content management systems: WordPress, Drupal, and other CMS platforms are beginning to integrate C2PA reading capabilities. Plugins that automatically flag AI-generated uploads are becoming standard in newsroom and publishing environments.

You Can Remove C2PA Data

Despite the cryptographic sophistication of C2PA, the metadata is stored within the file itself -- it is not stored on a remote server or blockchain. This means you can remove it. Tools like RemoveAI Image strip C2PA assertions, JUMBF containers, XMP blocks, EXIF data, and GPS coordinates from images, leaving only the pixel data behind.

What Happens When C2PA Data Is Removed

Removing C2PA provenance data from an image does not alter the visual content. The pixels remain identical. What changes is the metadata envelope surrounding those pixels. After removal:

  • The image file size decreases by 5-30 KB depending on how much metadata was embedded.
  • No C2PA-aware tool can identify the image as AI-generated from the file alone.
  • The image becomes indistinguishable from a photograph taken with a traditional camera in terms of its metadata profile.
  • The image will not trigger automated AI-content-labeling on social media platforms that rely on C2PA scanning.

It is important to note that AI detection tools that analyze pixel patterns (rather than metadata) may still classify the image as AI-generated. C2PA removal addresses metadata-based identification, not algorithmic detection. However, the vast majority of current platform-level labeling relies on metadata, not pixel analysis, making metadata removal the most impactful step.

FAQ

In most jurisdictions, removing metadata from your own images is legal. The EU AI Act requires that AI-generated content be labeled at the point of generation, but it does not impose obligations on individual users who modify their own files. However, removing metadata from images you do not own, or doing so to deceive in contexts where authenticity is legally required (such as evidence in court, news reporting, or financial disclosures), may violate specific laws. Always consult local regulations and consider the ethical context.

Can C2PA data be added back after removal?

No. Once C2PA provenance data is removed, the cryptographic chain is broken. C2PA assertions are bound to specific pixel content through hashes. Even if someone re-signed the image, the resulting provenance would show a different creation timestamp, a different certificate, and a different claim generator -- it would not replicate the original C2PA chain. The original provenance is irrecoverable once stripped.

Does compressing or resizing an image remove C2PA data?

Not reliably. Simple compression (saving as JPEG at a different quality level) often preserves JUMBF containers. Resizing may strip some metadata depending on the software used, but many tools -- especially C2PA-aware editors like Photoshop -- will regenerate and re-embed provenance assertions after a resize operation, recording the edit as a new step in the provenance chain. Only dedicated metadata removal tools guarantee complete stripping.


Your AI images carry more identifying information than you might expect. C2PA provenance, JUMBF containers, XMP blocks, and EXIF tags create a comprehensive digital fingerprint that platforms, search engines, and forensic tools can read automatically. If you want to control what metadata travels with your images, RemoveAI Image strips C2PA data, EXIF tags, GPS coordinates, IPTC information, and XMP metadata -- entirely in your browser, with no uploads to any server.

Ready to clean your images?

Try our free browser-based tool to detect and remove AI metadata from your images.

Open Metadata Cleaner