Sooner or later, somebody will ask if your photo is real. Your answer cannot be “uh, I think so.”
This is not a philosophical debate. It is an operations problem. Provenance is how you show where a piece of content came from, how it changed, and why a sane person should trust it.
What changed (and why you should care)
On May 19, 2026, OpenAI described new provenance work for images generated in ChatGPT, including C2PA metadata (aka “Content Credentials”) and watermarking using SynthID, plus a verification tool you can use to check images. Read the source, not the hot takes: OpenAI: Advancing content provenance.
That matters because it is a signal that the big platforms expect a world where “Is this real?” is a normal question. Marketing teams are going to get hit first because they publish a lot and they publish fast.
Provenance basics, minus the hand-waving
Most provenance talk boils down to two approaches:
- Metadata. Information attached to the file about how it was created or edited. Useful, but easy to strip by accident or on purpose.
- Watermarking. A signal embedded in the content itself, designed to survive normal edits. Not perfect. Still useful.
If you want a simple overview of SynthID from the people who built it, start here: Google DeepMind: SynthID.
If you want the standard behind Content Credentials, start here: C2PA.
Without provenance, every asset becomes a vibes-based argument.
The minimum viable provenance policy (steal this)
You do not need a governance committee. You need a short rule set and a folder structure that keeps you out of trouble.
Rule 1: Decide what must be real
If a reasonable person could interpret it as evidence, treat it like evidence:
- Before/after results
- Testimonials
- Event photos
- Product photos
- Staff photos and bios
For those categories, use real source material. If you must use AI to illustrate something, label it plainly and avoid “documentary” vibes.
Rule 2: Keep originals and keep receipts
This is boring. Good.
- Keep the original file (camera export, screen recording, raw audio, source doc).
- Keep the final file you published.
- Keep a tiny note that explains what changed and why (one paragraph, not a memoir).
If you sell a service, this also makes your work easier to prove. Pair it with a clean case study structure: Case Studies That Close Deals: A Simple Proof Asset Template.
Rule 3: Use credentials when your tools support them
When your design or AI tools can attach Content Credentials, turn them on for assets that might get questioned. It is not a magic shield, but it is better than nothing and it adds friction to bad-faith edits.
Rule 4: Add one line of disclosure when it matters
You do not need to tattoo “AI” on every icon. You do need to disclose when the content could be mistaken for reality. Examples:
- Illustration: “Illustration generated with AI.”
- Composite: “Composite image. Background enhanced.”
- Voiceover: “Voice generated with AI.”
Make the disclosure part of the brief, not a last-second debate in Slack.
Rule 5: Ban “AI-proof” claims and hype language
If a vendor claims their AI can target people by listening to their phones, you should not need a policy. You need better instincts. Keep your public claims tight, testable, and boring.
Need a refresher on why regulators care about this stuff? Start here: FTC Targets “Active Listening” AI Marketing Claims.
How this actually plays out on a busy team
If you want a simple workflow that does not collapse under deadlines, use a three-step handoff:
- Creator: Saves source + export + a short provenance note.
- Approver: Checks that any “evidence-like” assets are real and that disclosures exist where needed.
- Publisher: Publishes and stores the final URL next to the asset.
That is it. No theatrics. When a client, journalist, board member, or internet stranger asks questions, you have an answer.
Want content people trust?
We can help you build a simple content system with proof, process, and guardrails so your marketing stays credible.