C2PA vs. Invisible Watermark vs. Blockchain: Which Provenance Layer Does What?
If you've been reading about AI image compliance, you've encountered all three: C2PA, invisible watermarking, blockchain anchoring. They get mentioned together. They sometimes get confused with each other. And vendors — including us — say you need all of them. That last claim deserves a proper explanation.
The problem all three are trying to solve
When you publish an AI-generated image, you need to be able to answer one question later: Can I prove this image came from me, was generated by AI, and hasn't been tampered with?
That sounds simple. It isn't, because images don't travel in controlled environments. They get uploaded to social platforms that strip metadata. They get downloaded, re-uploaded, screenshotted, converted. By the time someone questions the provenance of an image, the original proof may be long gone — often within minutes of first publication.
Each of the three layers tries to solve a different part of this problem.
Layer 1: C2PA — the cryptographic signature
C2PA (Coalition for Content Provenance and Authenticity) is an open standard for embedding a cryptographically signed manifest into an image file. The manifest contains assertions: who created the image, when, with which tool, and whether AI was involved.
Your private key signs a hash of the image content and the assertion data. Anyone with your public certificate can verify the signature is valid and that the image hasn't been altered since signing. The manifest is stored inside the file and optionally at a Remote Manifest URL — a separate server that holds the proof even if the file metadata is stripped.
What it proves
✅ Publisher identity (cryptographic)
✅ Timestamp of signing
✅ Content integrity — alteration invalidates signature
✅ AI generation status (via assertions)
Where it breaks
❌ Instagram, LinkedIn, WhatsApp strip all metadata on upload
❌ Screenshots lose everything immediately
❌ Without Remote Manifest URL: entirely dependent on the file staying intact
C2PA is the strongest form of publisher proof available. The problem is that it's structurally fragile the moment an image enters a social distribution pipeline. Without a recovery mechanism, it doesn't survive the most common publishing workflows.
Layer 2: Invisible watermarking — the pixel-level signal
An invisible watermark encodes a payload — in our case, a unique record ID — directly into the pixel values of the image, in a way that's imperceptible to human eyes but detectable by a trained algorithm. For the technical details of how TrustMark works, we have a separate article on that. The short version: neural networks, pixel-level encoding, SSIM above 0.99, survives JPEG and format conversion.
What it proves
✅ This image was processed by MarkMyAI
✅ Which proof record it corresponds to
✅ Survives social media re-encoding, JPEG compression, format conversion
Where it breaks
❌ Heavy cropping (>30% of image area)
❌ Adversarial attacks specifically targeting the watermark
❌ Doesn't prove who published — only which record it links to
The watermark is the resilience layer. It doesn't replace cryptographic identity — it survives the scenarios that destroy metadata. Think of it as the recovery path that kicks in when C2PA has already been stripped.
Layer 3: Blockchain anchoring — the immutable timestamp
At the time of marking, a hash of the proof record — image fingerprint, publisher ID, timestamp — is written to Polygon, a proof-of-stake Ethereum sidechain. The transaction costs roughly €0.005. Once confirmed, it's permanently visible on the public ledger. No one, including us, can alter or delete it.
This is genuinely different from the other two layers. C2PA and watermarking both depend on the image itself surviving in some form. The blockchain record doesn't. It proves a proof existed at a specific point in time, independent of whether the image is still accessible.
What it proves
✅ A proof record existed at a specific time
✅ The record hasn't been backdated
✅ Survives MarkMyAI shutting down — the on-chain record stays forever
Where it breaks
❌ The record is a hash — proves that something existed, not what the image contains
❌ Doesn't help recover a stripped image — you still need the watermark or fingerprint
❌ Publisher fields are pseudonymised for GDPR compliance
Blockchain anchoring is the long-term evidence layer. It's not useful for real-time verification, but it's the strongest possible proof of existence and non-tampering over time — and it outlasts any centralised service, including ours.
How the three layers work together in practice
A practical scenario: you publish an AI-generated product image today. Six months later, a regulator asks you to prove it was properly marked under EU AI Act Article 50. Here are the four paths that exist:
Path 1
C2PA intact
If the image still has its metadata, the C2PA manifest verifies publisher identity, AI generation assertion, and timestamp. The Remote Manifest URL confirms nothing has been altered. Clean, fast, unambiguous.
Path 2
C2PA stripped, watermark intact
The image was re-uploaded somewhere that stripped the metadata — common in press coverage or social sharing. The watermark payload is still in the pixels. POST /v1/detect extracts it, retrieves the original record, returns a 'recovered' status with the full proof data.
Path 3
Both stripped, fingerprint match
The image has been significantly processed. The perceptual fingerprint — a Block-Mean-Hash stored at marking time — may still match closely enough to retrieve the record via database lookup.
Path 4
Image unrecoverable, blockchain confirms
Even if the image itself is beyond recovery, the blockchain anchor provides a timestamped, tamper-proof record that a proof existed at a specific time. Not enough for full verification, but meaningful as corroborating evidence.
This is the multi-layer architecture the EU Draft Code of Practice (December 2025) describes when it says "no single active marking technique suffices". Each layer is a fallback for the one before it.
Which layer do you actually need?
If you're trying to figure out where to start, here's a simplified decision view:
| Your requirement | Best layer |
|---|---|
| Prove I published this image | C2PA |
| Proof that survives social media sharing | Invisible watermark |
| Proof that can't be backdated or deleted | Blockchain anchor |
| Find a record from an unknown modified image | Perceptual fingerprint |
| Meet EU AI Act Article 50 in full | All of the above |
The last row is the honest answer for most organisations. The Draft Code explicitly requires a multi-layered approach. C2PA alone covers the easy case — the image that travels directly from your server to a viewer without touching a social platform. The other layers cover the cases that actually happen in production.
What this means if you're integrating
If you're using the MarkMyAI API, all four layers are applied automatically by POST /v1/mark. You don't need to orchestrate them separately or decide which layers to enable. The complexity is handled server-side.
If you're using the WordPress plugin, same thing — every image that passes through the plugin gets all four layers at upload time, before the image ever reaches a CDN or social platform.
The three-level proof status you see in the dashboard and API response — verified, recovered, no_verifiable_provenance — directly reflects which layers are still intact for that image at the time of checking. "Recovered" means C2PA is gone but at least one other layer came through. That's not a degraded state — it's the system doing what it was built for.
Three layers, three jobs
C2PA, invisible watermarking, and blockchain anchoring aren't competing approaches. They protect against different failure modes — and those failure modes all occur routinely in real publishing workflows.
C2PA is your primary proof: cryptographic, machine-readable, unambiguous when intact. The watermark is your recovery path: it survives the social distribution pipeline that destroys metadata. The blockchain anchor is your long-term evidence: it outlasts any service provider, including us.
The goal isn't redundancy for its own sake. It's making sure that when someone asks for proof six months from now — after an image has been through WhatsApp, Instagram, a screenshot, and a re-upload — there's still something left to show them.
See all four layers applied to a real image
Mark an image via the dashboard or API and inspect the proof record — C2PA manifest, watermark payload, fingerprint hash, and Polygon transaction.