Scale Has Arrived

For the past three years, C2PA has been described as an emerging standard. Last week, it had a growth spurt.

On May 19, Google announced a coordinated expansion of content credential infrastructure across its entire product surface. C2PA credential checking launched in Google Search the same day. It is rolling into Chrome in the coming weeks. The Gemini app, used by 50 million people globally, already has it. Users can ask “Is this made with AI?” and get a direct answer from the provenance metadata embedded in the content itself. If the credentials are present, Google reads them. If they are not, the content has no verifiable origin story, and that absence is increasingly the point.

The hardware layer moved at the same time. The Pixel 10 is the first smartphone to ship with native C2PA credentials baked into the camera app, with video credentials expanding to Pixel 8 and 9 in the coming weeks. Every photo taken on a credentialed Pixel now carries a verifiable record of how it was captured and whether it was subsequently modified. That is a hell of a start.

Google’s watermarking technology, SynthID, has now been embedded in over 100 billion pieces of content: images, videos, and 60,000 years of audio. The text watermarking model was open-sourced on GitHub the same week. OpenAI, ElevenLabs, Kakao, and NVIDIA are among the companies embedding SynthID in their generative outputs. NVIDIA is watermarking its Cosmos video models through the integration. Google Cloud added a new AI Content Detection API to the Gemini Enterprise Agent Platform, giving enterprise teams a programmatic way to verify content at scale.

Then Meta moved. The world’s largest photo-sharing platform announced it will label Instagram camera content with C2PA credentials. Meta has been on the C2PA steering committee for some time. Its adoption means that credentials are now being written at the point of capture on both the leading smartphone platform and the leading social platform simultaneously.

What this adds up to is a shift in what it means to publish content without credentials. Until recently, the absence of provenance metadata was invisible. Content without credentials looked identical to content with them. That is no longer true. Search, Chrome, Gemini, and Instagram are all reading or writing credentials now. Content that cannot be verified is not neutral: it is simply unverifiable, and the infrastructure to notice that is live at scale.

The IAB’s AI Transparency and Disclosure Framework, released in January 2026, already requires C2PA metadata on every AI-involved advertising asset. California, New York, and the EU have enforcement deadlines arriving this year and next. The regulatory pressure and the platform infrastructure have now arrived at the same moment.

Google is now checking for C2PA credentials every time someone searches for your content. Limbo implements those credentials across your creative and publishing workflows so your content shows up verified rather than unverifiable. Get in touch.