The IPTC Media Provenance Summit held at Reuters in Toronto on April 16 drew 109 attendees from 67 organizations, including the BBC, Adobe, Sony, CBC/Radio-Canada, the European Broadcasting Union, the World Privacy Forum, Activo, Imatag, and PixelStream.
What made this edition different from earlier gatherings was its tone. The debates about whether content provenance matters or which standard should win are largely over. The discussion in Toronto was all about implementation: about trust architecture, workflow design, organizational identity, and audience response. For practitioners trying to understand what the past year has actually changed, four signals from the summit stand out.
1. The trust model has tightened
For most of C2PA’s short life, anyone with a certificate could sign content. The Content Authenticity Initiative maintained what it called an “interim trust list,” and being added to it required little more than emailing in a certificate. That permissive arrangement was useful for early experimentation, but it was never going to scale into an ecosystem anyone could rely on.
As of 2026, the model has been locked down considerably. Only hardware and software that has passed the new C2PA Conformance Program can produce signatures that will validate as trusted. The program sets stringent requirements on how tools handle keys, how they construct manifests, and what metadata they are allowed to sign automatically. Andy Parsons of Adobe and Brendan Quinn of IPTC walked attendees through the program’s architecture and its 2026 release schedule, which includes support for what IPTC calls a “minimal generator product”, a reference implementation designed to show what a compliant signing tool looks like without requiring every publisher to build one from scratch.
Alongside the conformance program, IPTC has also launched its Origin Verified News Publisher List, a curated registry of certificates known to belong to real news organisations. To note, the list does not vouch for the truthfulness of any content. It verifies only that the organisation signing an asset is who it claims to be. That distinction matters, because it marks the point at which identity and editorial trust are being treated as separate problems rather than a single tangled one.
2. Identity is now a parallel track
The second major signal from Toronto is that organizational identity has been formally split out from the core C2PA signature. Under the new trust model, the signature on a manifest attests only to the tool that produced it: the camera, the editing application, the signing service. It says nothing about the publisher or creator standing behind the asset.
That gap is now filled by a separate specification from the Creator Assertions Working Group, known as CAWG. A CAWG Identity Assertion is a second cryptographic signature, attached alongside the core manifest, in which an organization or individual claims authorship and editorial responsibility. Tim Murphy of PixelStream explained how the two layers fit together and why they are complementary rather than redundant.
The Toronto summit also surfaced a draft alignment statement from what Bruce MacCormack, chair of the IPTC Media Provenance Committee, called the MEAN industries: Music, Entertainment, Advertising, and News. The statement’s core position is blunt: C2PA alone is insufficient, and CAWG must be adopted alongside it in any tool used to create, modify, or distribute creative work. For practitioners, that means any provenance conversation focused only on C2PA manifests is already out of date. The working assumption across four major creative sectors is that two signatures are the baseline, not a premium feature.
3. The hardest problem is the workflow
If the trust and identity layers are now reasonably well-specified, the layer that remains genuinely difficult is operational. Marcos Armstrong of CBC/Radio-Canada and Marianne Fjellhaug of Media Cluster Norway presented what is likely to become one of the most practically important outputs from the summit: a Standardized Framework for Media Asset Workflows for Provenance, developed with input from more than 20 international media organizations.
The framework’s central diagnosis is one that anyone operating a real pipeline recognizes. The cryptography works; the plumbing does not. Legacy tools strip metadata on ingest. Transcoding invalidates the hash that C2PA depends on. Content delivery networks deliver the file without its manifest. In most production environments today, a glass-to-glass chain from camera to consumer is simply not achievable.
The framework does not pretend otherwise. It offers a three-phase map — Capture, Production, Publish — that teams can lay alongside their tool stack to identify where the chain breaks. It introduces a useful concept called the Continuum of Trust, which distinguishes between “pushed” content from verified internal sources and “pulled” content from UGC or external feeds that requires manual verification before it enters the trusted asset pool. And it recommends that organizational signatures be applied at publication rather than at ingestion, so that the final signature actually means something rather than being overwritten at every step, something that workflow editing tools, like Photo Mechanics, have already implemented.
A joint CBC/Radio-Canada and EBU demonstration, presented by Armstrong, Sébastien Testeau, and Mohamed Badr Taddist, showed what a working glass-to-glass video workflow looks like today: a Sony camera with hardware C2PA signing, editing in Adobe Premiere Pro with manifest preservation, a CBC-built stamping tool for final publishing, and an EBU player for consumer validation. It was a working system, but it also illustrated how much of the industry still needs to catch up.
4. The audience side is no longer a guess
The fourth signal is briefer but consequential. Media Cluster Norway’s Project Reynir presented results from a study of roughly 2,000 news consumers across three countries, testing how audiences respond to Content Credentials on news images. The finding that matters for practitioners is simple: provenance information measurably increases trust in both the image and the source, with the largest gains going to outlets that start from a lower trust baseline.
The study also raised interesting complications , around icon recognition, placement, and how much detail audiences actually want , but the headline result holds. For anyone weighing whether to invest in provenance infrastructure, there is now evidence that the signal works at the audience end. The question is no longer whether the investment produces a perceptible effect. It is whether the infrastructure between the camera and the consumer can deliver the signal reliably enough to realize it.
What it adds up to
Read together, the four signals describe an industry moving from specification to operation. The cryptographic architecture is largely in place. The organizational identity layer has been formalized. A practical workflow framework now exists. And there is evidence from the audience that the effort produces real trust gains. What remains is the unglamorous work of retrofitting real pipelines to preserve manifests, deploying recovery mechanisms where the chain breaks, and configuring DAM and CMS systems to differentiate trusted from unverified content at ingest.
For practitioners, the implication is encouraging. The conversation has moved beyond abstract debate about standards. The tools exist. The framework exists. The audience demand has been measured. The organizations that engage now, mapping their own workflows against the Toronto framework, asking their vendors concrete questions, testing soft-binding recovery where the hard chain fails, will shape what becomes standard practice. Those who wait for a finished product will find the defaults have already been set by others.
Author: Paul Melcher
Paul Melcher is a highly influential and visionary leader in visual tech, with 20+ years of experience in licensing, tech innovation, and entrepreneurship. He is the Managing Director of MelcherSystem and has held executive roles at Corbis, Gamma Press, Stipple, and more. Melcher received a Digital Media Licensing Association Award and has been named among the “100 most influential individuals in American photography”