AI Images & Content Credentials

How Omniops labels AI-generated images, what a provenance record stores, and how anyone can verify a credentialed file.

Overview

Images generated by Omniops Studio are labelled as AI-made, and a provenance record is stored with each one. Both of those are live today.

For the upcoming features that will generate realistic images of people (AI model photography), Omniops goes further: those images will be cryptographically signed with Content Credentials, and the features are already wired so they cannot run without signing switched on. That signing layer is built and tested; it switches on with the feature it protects, which has not shipped yet.

This page explains what each layer means and how to check it yourself.

The visible label

Every image generated in Studio is marked "AI-generated" where it appears in your dashboard. This label is on by default and reflects our position that AI imagery should never pretend to be photography.

The provenance record

Alongside each generated image we store a provenance record containing:

  • That the image is AI-generated
  • Which Omniops tool produced it
  • Which model generated it
  • When it was generated

This record supports the transparency obligations in the EU AI Act, which apply from 2 August 2026, and gives you an audit trail for any generated asset in your library.

Content Credentials (C2PA)

For AI-generated images of realistic people, a capability Omniops is building now and has not yet shipped, we have adopted Content Credentials, the open provenance standard (C2PA) developed by Adobe, Google, Microsoft, and camera manufacturers.

A Content Credential is sealed into the image file itself:

  • It records that the image is AI-generated, what produced it, and when.
  • It is cryptographically bound to the exact bytes of the file. If the image is altered afterwards, verification shows the seal as broken. We proved this in our own testing by changing a single byte of a signed image; the check flagged it immediately.
  • It adds roughly 13KB to the file and does not change how the image looks.
  • It travels with the file wherever the file goes.

Our signing pipeline is built and tested. It begins signing production images the day the AI model photography feature ships, because that feature cannot run without it.

Fail closed, by design

The gate is already in our codebase, ahead of the feature it protects: AI model photography checks for an active signing configuration before running, and if signing is unavailable for any reason, generation refuses to start. It fails closed rather than falling back to unsigned output.

Verifying a file yourself

You will not need Omniops to check a credentialed image. Open the Content Credentials verifier and drop the file in. The tool reads the seal and shows what made the image and whether the file has been altered since it was signed.

Questions

If anything on this page is unclear, or you need detail for your own compliance records, contact us at [email protected].