We Sent an AI Image via WhatsApp. Here's What Happened to the Compliance Metadata.
A DALL·E image. Full C2PA metadata intact. Verified on contentcredentials.org. Then we sent it via WhatsApp, saved it on the other end, and ran it through our compliance checker again. Here's what we found — and what it means for your EU AI Act compliance strategy.
The experiment
We used a DALL·E 3 generated image — a photorealistic golden retriever sitting in afternoon light, the kind of thing a pet brand might post on Instagram. Before sending it anywhere, we verified the baseline on contentcredentials.org: C2PA manifest present, signer identified as OpenAI, AI-generated action recorded. EXIF and XMP both intact.
Then we sent it via WhatsApp from an iPhone 15 to an Android device, default quality setting, no "Document" workaround. The recipient saved the image normally. Sent it back. We ran it through /check.
We expected some metadata loss. Not a complete wipeout.
BEFORE (original)
✅ C2PA manifest: present
✅ Signer: OpenAI, Inc.
✅ Generator: DALL·E 3
✅ XMP metadata: present
✅ EXIF: present
File size: ~2.1 MB
AFTER WhatsApp
❌ C2PA manifest: stripped
❌ Signer: unknown
❌ Generator: unknown
❌ XMP metadata: stripped
❌ EXIF: stripped
File size: ~340 KB (re-encoded)
Complete wipeout. The image that emerged from WhatsApp was indistinguishable from a human-taken photograph in terms of metadata. C2PA manifest: gone. XMP provenance: gone. EXIF: gone. The file was re-encoded as a new JPEG at roughly 85% quality — 2.1 MB down to 340 KB. It looked identical to the eye. A compliance checker saw nothing.
We ran the same test via Instagram DM and X (formerly Twitter). Same result. LinkedIn was the only platform where we weren't able to fully confirm the behavior — it seems to depend on how the image is shared (post vs. message vs. article). We'll update this when we have cleaner data.
Why do platforms do this?
It's not malicious — it's infrastructure. When WhatsApp receives an image, it re-encodes it through its own pipeline: resize if over their dimension threshold, recompress to their target quality level, strip anything that isn't the pixel data and a few basic metadata fields. This reduces bandwidth and storage costs at enormous scale (WhatsApp delivers ~100 billion messages per day).
The JUMBF container that holds C2PA manifests in JPEG files is simply discarded during re-encoding — the re-encoder doesn't know about C2PA and doesn't need to. XMP metadata (stored in the APP1 segment) gets similar treatment. What survives depends on the platform's specific pipeline, but in general: anything in a non-standard segment gets dropped.
Platform-by-platform: what survives?
We tested five major platforms. Here's what happens to C2PA, EXIF, and XMP when you upload and download an image:
| Platform | C2PA | EXIF | XMP | Re-encodes | Notes |
|---|---|---|---|---|---|
| ✗ stripped | ✗ stripped | ✗ stripped | yes | Full re-encode. ~340 KB from 2.1 MB original. All metadata gone. | |
| ✗ stripped | ✗ stripped | ✗ stripped | yes | JPEG re-encode to ~1080px max dimension. All metadata stripped. | |
| X (Twitter) | ✗ stripped | ✗ stripped | ✗ stripped | yes | Re-encodes all images. GPS, device, and provenance data removed. |
| ✗ stripped | ~ partial | ✗ stripped | yes | Strips GPS. May retain some camera EXIF for internal ad targeting, not accessible to users. | |
| ? unknown | ~ partial | ? unknown | no | Does not re-encode at publication. Limited testing — behavior may vary by file type. |
Note: Platform behavior can change at any time without notice. These observations are based on testing in Q1 2026.
The deeper problem: where do AI images actually travel?
Think about the lifecycle of a typical AI-generated marketing image:
Generated in DALL·E or Adobe Firefly → C2PA embedded ✅
Downloaded and edited in Canva or Photoshop → C2PA may be stripped ❌
Uploaded to social media scheduler (Buffer, Hootsuite) → re-encoded ❌
Published on Instagram/X/Facebook → re-encoded again ❌
Screenshot by a user → no metadata in screenshot ❌
Shared via WhatsApp → re-encoded one more time ❌
Saved and re-shared → complete metadata loss ❌
By step 4, the C2PA is almost certainly gone. By step 6, everything that was embedded in the file is gone. Yet the image — an AI-generated piece of content — continues circulating, completely indistinguishable from a human-created photograph to anyone looking at it.
This is exactly the scenario the EU AI Act is trying to address. And it's exactly why the Draft Code of Practice explicitly requires a fingerprint/logging layer as a fallback: because metadata stripping is the rule, not the exception.
The perceptual fingerprint solution
When MarkMyAI marks an image, it doesn't just embed C2PA. It computes a perceptual fingerprint — a 64-bit hash derived from the visual content of the image, not from the file bytes — and stores it in our audit database.
A perceptual fingerprint works by reducing the image to an 8×8 grayscale grid (64 pixels), computing the median brightness, and producing a 1 or 0 for each pixel based on whether it's brighter or darker than the median. This produces a 64-bit string that represents the visual "shape" of the image.
JPEG re-compression at 85% quality shifts pixel values by 1–5 units on average. On an 8×8 grid, this typically changes 0–3 of the 64 bits — a Hamming distance of 0–3. We use a matching threshold of ≤10 bits, which catches re-encoded, slightly resized, and lightly cropped versions while avoiding false positives between genuinely different images.
What the fingerprint matching looks like in practice
Original: f0e1d2c3b4a59687 (64-bit hash)
After WhatsApp: f0e1d2c3b4a59685 (2 bits differ — Hamming distance: 2)
After Instagram: f0e1d2c3b4a59683 (3 bits differ — Hamming distance: 3)
Different image: a1b2c3d4e5f60718 (30+ bits differ — not a match)
Threshold: ≤10 bits = match. All three variants are identified as the same original image.
This means: even after your image has been through WhatsApp, Instagram, and a screenshot, anyone who uploads it to our checker can still retrieve the original publish record — who marked it, when, for what purpose — via the audit database. The embedded C2PA is gone. The provenance is not.
What this means for your compliance strategy
The lesson from this experiment is architectural: compliance for AI images in the real world cannot rely solely on metadata embedded in the file. The distribution infrastructure is hostile to that metadata by design.
A robust compliance strategy needs two independent paths to provenance:
Path 1: Embedded (in-file)
C2PA manifest signed by the publisher. Works perfectly if the image stays in its original container. Survives PDF embedding, direct download, and professional content management systems that preserve metadata.
✓ survives: direct download, CMS, PDF
✗ fails: WhatsApp, Instagram, X, screenshot
Path 2: External (database-backed)
Perceptual fingerprint stored in an audit database, linked to a permanent verify URL. Works regardless of what happens to the file. Survives any level of re-encoding as long as the visual content is recognizable.
✓ survives: WhatsApp, Instagram, X, re-encoding, screenshot
✗ fails: severe cropping (>50%), extreme filter transformations
The two paths are complementary. Neither alone is sufficient. Together, they cover the full distribution lifecycle of an AI-generated image — from initial publication to seventh-generation WhatsApp forward.
Try the experiment yourself
Take any AI-generated image. Send it via WhatsApp. Upload the received version to our checker.
Then mark it with MarkMyAI, repeat the experiment, and see how the audit trail survives.