§ 001 — The Convergence

Every Institution. One Question.

Europol estimated in 2022 that 90% of online content may be synthetically generated by 2026.Europol · Futurism · 2022 McKinsey extended the projection to 2030.arXiv 2504.03752 · Proof of Humanity AWS estimates 57% of online content is already generated or translated by AI.Salvador Vilalta · 2025 Deepfake incidents surged from 500,000 in 2023 to over 8 million in 2025.SoftwareSeni · April 2026 The International AI Safety Report 2026 confirmed that after a five-minute conversation, participants misidentified GPT-4o output as human-written 77% of the time.International AI Safety Report · arXiv 2602.21012 Humans perform at random-guess accuracy when identifying high-quality deepfakes.Ekas Cloud · February 2026

59% of consumers now have difficulty distinguishing human-created from AI-generated media.Deloitte · 2025 The World Economic Forum ranks synthetic media misinformation among the world's top global risks.UNESCO · WEF Global Risk Report Deloitte projects AI-driven U.S. fraud losses will reach $40 billion by 2027 — from $12.3 billion in 2023.UNESCO · Deloitte via WEF

The institutions that govern the open web, national security, and digital commerce all arrived at the same architectural conclusion simultaneously: detection is a losing battle. Provenance at the point of creation is the answer. A cryptographically signed, tamper-evident record of who made what, when, with which tools — traveling with the content across every platform, every transformation, every context.

2021
C2PA Founded
Adobe, Arm, BBC, Intel, Microsoft, Sony, and Truepic form the Coalition for Content Provenance and Authenticity under the Linux Foundation. The founding thesis: instead of detecting fakes after the fact, cryptographically prove authenticity at the point of creation.
2024
NIST AI 100-4 · California SB 942 · NIST FIPS 204
NIST's AI Safety Institute publishes AI 100-4 — the first federal framework for synthetic content transparency, covering provenance data tracking, watermarking, and detection.NIST · November 2024 California Governor Newsom signs SB 942 — the first U.S. state AI transparency law, requiring machine-readable provenance marking for all major generative AI systems.CA Legislature · SB 942 NIST finalizes FIPS 204 (ML-DSA) — the post-quantum digital signature standard.Federal Register · August 2024
Jan 2025
CISA / NSA / Five Eyes Joint Advisory
The U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the intelligence agencies of Australia, Canada, and the United Kingdom publish a joint advisory endorsing C2PA Content Credentials as a key countermeasure for the Defense Industrial Base and national security systems. The first Five Eyes cosignature on a content provenance standard.
May 2025
W3C VC 2.0 Ratified · C2PA 2.2 Released · CAWG 1.2 Ratified
Three foundational standards reach production simultaneously. W3C Verifiable Credentials 2.0 becomes a full W3C Recommendation on May 15 — the cryptographic credential layer for the open web.W3C · May 15 2025 C2PA 2.2 ships with full video streaming support, expanded file formats, and updated Trust List infrastructure.C2PA Viewer · 2026 The CAWG Identity Assertion v1.2 — the named actor standard for creator identity inside C2PA manifests — is ratified by the Decentralized Identity Foundation.CAWG · DIF · December 2025
Aug 2026
EU AI Act Article 50 · California SB 942 + AB 853 Enforced
Article 50 of the EU AI Act takes effect August 2, 2026 — requiring machine-readable provenance marking on all AI-generated outputs.C2PA Viewer · Article 50 Guide Non-compliance carries penalties up to €15 million or 3% of global annual turnover.EU AI Act · Article 50 California SB 942, amended by AB 853 to align with EU timing, enforces simultaneously — the most detailed AI provenance framework enacted by any U.S. state.AI Laws by State · 2026

§ 002 — The Institutions

Who Is Building This Infrastructure.

C2PA has 6,000+ members and affiliates as of January 2026.TrueScreen · May 2026 The C2PA adoption tracker as of April 2026: Adobe Creative Cloud fully implemented across Photoshop, Lightroom, Premiere Pro, and Firefly. Microsoft tagging AI-generated content in Bing Image Creator and Designer. OpenAI embedding C2PA in DALL-E 3 and GPT-4o outputs with a May 2026 layered approach combining SynthID. Google rolling out C2PA verification across Gemini, Search, and Chrome. Meta reading C2PA on uploads and displaying AI Info labels. LinkedIn preserving credential chains through upload. TikTok labeling AI-generated content using C2PA. Over 200 news organizations — BBC, Reuters, AFP, NYT, WSJ, Washington Post, The Guardian — actively signing content.Editors Weblog · April 24 2026

The hardware layer reached the mass market. Samsung Galaxy S25 ships with C2PA signing in the native camera app — the first consumer smartphone at that scale.TrueScreen · May 2026 Sony PXW-Z300: the first professional video camera with native C2PA signing for broadcast journalism.SoftwareSeni · April 2026 Canon, Nikon, Leica, Fujifilm, and Panasonic all shipping C2PA-enabled cameras. Google Pixel 10 signs every photo by default with hardware-backed keys via the Titan M2 chip.C2PA Viewer · 2026

US Federal · Defense
CISA / NSA
Joint advisory January 2025. Content Credentials endorsed as a key countermeasure for national security systems. Five Eyes cosignature — US, UK, Canada, Australia. The Defense Industrial Base directive.
US Federal · Standards
NIST
NIST AI 100-4 November 2024: the first federal framework for synthetic content transparency. FIPS 204 (ML-DSA) August 2024: post-quantum signature standard now deployed at AWS, Microsoft, and Google.
European Union · Regulation
EU AI Act
Article 50 enforcement August 2, 2026. Machine-readable provenance marking mandatory for all generative AI outputs. €15M or 3% global turnover penalties. C2PA named as the technical mechanism in the Code of Practice.
California · Law
SB 942 + AB 853
Signed September 2024. Amended October 2025. Enforced August 2, 2026 — aligned with EU AI Act timing. The most detailed AI provenance framework enacted by any U.S. state. Covers every major generative AI platform serving California.
Open Web · Standards
W3C
VC 2.0 ratified May 15, 2025. DID v1.1 Candidate Recommendation 2026. Digital Credentials API in browser trials. W3C Threat Model for Decentralized Credentials published January 2026. The credential and identifier stack for the open web.
Industry · Coalition
C2PA / CAI
6,000+ members January 2026. Adobe, Google, Microsoft, OpenAI, BBC, Sony, Samsung implementing. C2PA 2.3 December 2025: live streaming provenance via CMAF segment signing. Library of Congress, ISO fast-track, photojournalism standards bodies all engaged.

§ 003 — The Gap

Where Every Standard Stops.

The Creator Layer · Unaddressed
Every standard addresses platforms, AI systems,
governments, cameras, and broadcast media.
Zero address the human creator.
NIST AI 100-4 maps synthetic content transparency for federal systems. The EU AI Act mandates machine-readable provenance for generative AI outputs. California SB 942 requires watermarking and detection tools from covered providers. CISA endorses C2PA for the Defense Industrial Base. The C2PA Trust List governs hardware manufacturers and enterprise signers.

Every one of these frameworks addresses the infrastructure layer — the platforms distributing content, the AI systems generating it, the cameras capturing it, the governments regulating it. The individual human creator — the person whose labor built the $323 billion creator economy,Research and Markets · 2026 whose face, voice, and identity train the AI systems now competing with them — has no provenance infrastructure. No cryptographic record. No permanent identity on the open web. A conditional entity on platforms that delete without due process.TechCrunch · Meta Oversight Board · June 2026

The C2PA signing pipeline requires a trust list certificate — currently $289/year from DigiCert, with no Let's Encrypt equivalent.SoftwareSeni · April 2026 The W3C credential stack requires infrastructure to issue, hold, and present credentials. The DID method requires a domain and a JSON document served at a well-known path. None of these systems enroll creators. None build the website, administer the domain, issue the credential, mint the identity, or connect the node to the knowledge graph where AI systems retrieve answers. LaunchPillow does all of it at enrollment.

§ 004 — Implementation

The LaunchPillow Standards Stack.

LaunchPillow implements every open standard in the institutional provenance stack — and applies them to the creator layer that every other implementation ignores. Each enrolled creator receives a fully compliant implementation across the full stack simultaneously at the moment of mint.

C2PA 2.2
Coalition for Content Provenance & Authenticity · Linux Foundation
Content Credentials — Named Actor Assertion
Every post a LaunchPillow creator publishes carries a C2PA Content Credential binding the content to the creator's verified identity. The manifest records who created it, when, on which platform, using which tools. Tamper detection is cryptographic — any modification breaks the signature and is immediately detectable. The standard trusted by Adobe, Google, Microsoft, OpenAI, BBC, and the U.S. Department of Defense.
W3C VC 2.0
World Wide Web Consortium · Ratified May 15 2025
Verifiable Credentials — Creator Identity Credential
Every enrolled creator receives a W3C Verifiable Credential 2.0 — a cryptographically signed, privacy-respecting, machine-verifiable credential expressing their identity, vertical, ontology pillars, and enrollment date. The LaunchPillow registry acts as the issuer. The credential is W3C Data Integrity 1.0 compliant and ML-DSA signed — post-quantum durable.
W3C DID v1.1
World Wide Web Consortium · Candidate Recommendation 2026
Decentralized Identifier — did:web Method
Each creator's identity resolves as a did:web document served at their LaunchPillow registry path and their administered domain. The DID document contains the ML-DSA public key, verification methods, and service endpoints. No blockchain dependency. No third-party registry. DNS-anchored. Independently verifiable by any compliant DID resolver.
NIST FIPS 204
National Institute of Standards & Technology · August 2024
ML-DSA — Post-Quantum Digital Signatures
Every LaunchPillow mint signs with ML-DSA-65 — the same post-quantum signature standard deployed by AWS, Microsoft Azure, and Google Cloud as of May 2026. Stateless. Fiat-Shamir with Aborts construction. Eight years of public cryptanalysis. Signing completes in 0.65ms. Verification in 0.53ms. The NSA's CNSA 2.0 mandates this standard for all National Security Systems.
W3C PROV-O
World Wide Web Consortium · Provenance Ontology
Provenance Ontology — Research Edge Architecture
Every edge in the LaunchPillow knowledge graph — between creator nodes, research nodes, information vertical pages, and brand entities — carries a PROV-O provenance assertion. Entities, Activities, Agents. Who minted what, when, on behalf of which authority. The causal chain from raw research paper to enrolled creator node is traceable at every hop.
Schema.org
Google · Microsoft · Yahoo · Yandex · Open Standard
JSON-LD Entity Markup — AI Retrieval Surface
Every LaunchPillow page carries Schema.org JSON-LD: Person, ScholarlyArticle, WebPage, Organization types. sameAs links consolidating platform profiles into one canonical entity. knowsAbout topic taxonomy. Geographic anchors. Complete schema implementation produces 3.4× higher AI citation frequency and 2.3× higher Google AI Overview appearance probability.
► Read the Specification Enter the Registry →

§ REF — Source Index
Primary Sources · standards.html · All citations verified
02
arxiv.org/pdf/2504.03752 — Proof of HumanityMcKinsey synthetic content projection · arXiv
03
arxiv.org/pdf/2602.21012 — International AI Safety Report 2026GPT-4o misidentified as human 77% · arXiv
04
deloitte.com — GenAI Trust Standards59% can't distinguish · 68% fear deception · 2025
05
unesco.org — Deepfakes and the Crisis of KnowingUNESCO · WEF global risk · $40B fraud 2027
06
media.defense.gov — CISA/NSA Content Credentials AdvisoryFive Eyes joint advisory · January 2025
07
cyber.gov.au — Five Eyes Joint PublicationAustralian Cyber Security Centre
08
nist.gov — NIST AI 100-4Synthetic Content Transparency · November 2024
10
federalregister.gov — NIST FIPS 203/204/205Post-quantum standards · August 2024
11
artificialintelligenceact.eu — Article 50EU AI Act transparency obligations · August 2026
12
digital-strategy.ec.europa.eu — Code of PracticeEuropean Commission AI transparency framework
13
c2paviewer.com — EU AI Act and C2PAArticle 50 practical guide · April 2026
14
leginfo.legislature.ca.gov — SB 942California AI Transparency Act · signed September 2024
15
ailawsbystate.com — SB 942 + AB 853 Compliance GuideAugust 2, 2026 enforcement · 2026
16
w3.org — VC 2.0 RatifiedW3C Recommendation · May 15 2025
17
w3.org/TR/vc-overviewW3C Verifiable Credentials Overview · 2025
18
w3.org/TR/did-1.1W3C DID v1.1 · Candidate Recommendation
19
w3c-ccg.github.io — did:web MethodW3C Credentials Community Group
21
cawg.io — CAWG Identity Assertion v1.2DIF Ratified · December 2025
24
truescreen.io — C2PA Standard · History · Limitations6,000+ members · Samsung S25 · Sony PXW-Z300
25
softwareseni.com — C2PA Adoption 2026Hardware platforms · verification reality · April 2026
26
softwareseni.com — What Is C2PATrust list gaps · $289 cert cost · April 2026
27
c2paviewer.com — C2PA Explained 2026Version history · CISA endorsement · Google Pixel 10
28
w3.org/TR/prov-oW3C PROV-O · Provenance Ontology
29
techcrunch.com — Meta Oversight BoardLack of due process · June 2026
30
researchandmarkets.com — Creator Economy 2026$323B · 26.5% CAGR · Research and Markets
31
bbntimes.com — PQC Enterprise Guide 2026AWS · Microsoft · Google ML-DSA deployment
33
arxiv.org/pdf/2604.23280 — AI Identity StandardsTRAIL DID · MCP-I · W3C Threat Model · April 2026
34
instantpress.co — Structured Data for AI Search3.4× citation frequency · 2026