What a MarkMyAI Signature Really Means — It's Not a Text Label
"So you just add a tag that says 'AI-generated' to the file?" We hear this a lot. The answer is: no, that's not what we do at all. And the difference matters more than you might think.
TL;DR
A MarkMyAI publisher proof consists of three layers: a cryptographic C2PA signature embedded inside the image (like an HTTPS certificate, not a text tag), a tamper-proof audit record with SHA-256 hashes and perceptual fingerprints, and an immutable blockchain anchor on Polygon. Even when the embedded signature gets stripped (and it will — we tested it 10 different ways), the external proof survives.
The misconception: "It's just a text field"
When most people hear that we "sign" an image, they imagine something like this:
What people imagine (EXIF metadata)
EXIF:UserComment = "AI-generated by DALL-E"
EXIF:Copyright = "Published by Acme Corp"
This is an EXIF tag. It's a plain text string stored in the file's metadata. Anyone can write it. Anyone can change it. Anyone can remove it. It proves nothing. It's the digital equivalent of writing "this is true" on a Post-it note and sticking it on a document.
If this were all that was required by the EU AI Act, compliance would be trivial — and completely meaningless. The regulation wouldn't need to exist.
What a MarkMyAI signature actually is
A MarkMyAI publisher proof has three distinct layers. Each one works differently, protects against different threats, and serves a different purpose in an audit scenario.
1Layer 1: Cryptographic C2PA Signature
C2PA (Coalition for Content Provenance and Authenticity) is an open standard developed by Adobe, Microsoft, Intel, and others. It's the technical foundation behind "Content Credentials" and is referenced by the EU AI Act as the standard for machine-readable AI content labeling.
When MarkMyAI signs your image, we embed a C2PA manifest that contains:
C2PA Manifest — MarkMyAI publisher proof
claim_generator: "MarkMyAI/1.0"
action: c2pa.published
softwareAgent: "MarkMyAI/1.0"
author: "Your Organization"
signature: ECDSA P-256 (ES256)
certificate_chain: Signing Cert → Intermediate CA → Root CA
This is fundamentally different from an EXIF tag:
| Property | EXIF Tag | C2PA Signature |
|---|---|---|
| Content | Plain text string | Cryptographically signed manifest |
| Who signed it? | Unknown — anyone can write it | Verified via certificate chain |
| Tamper detection | None — silently editable | Signature breaks if content is modified |
| Machine-readable? | Not standardized | C2PA open standard, readable by any C2PA verifier |
| Analogous to | A Post-it note on a document | A notarized stamp with a traceable seal |
Think of it like the difference between typing "https://" in front of a URL versus actually having an SSL certificate. Both say "this is secure" — but only one of them is cryptographically verifiable.
2Layer 2: Audit Record with Fingerprint
The embedded C2PA signature is powerful — but fragile. Our own robustness tests showed that every single image manipulation destroys the embedded proof: re-compression, crop, resize, rotation, format conversion, metadata stripping. All of them. 0 out of 10 survived.
This isn't a MarkMyAI limitation — it's how C2PA works by design. The signature covers the exact bytes of the file. Change a single byte, and the signature becomes invalid.
That's why Layer 2 exists. When we sign your image, we also:
- →Compute a SHA-256 hash of the published image (exact byte-for-byte fingerprint)
- →Compute a perceptual fingerprint (a visual fingerprint that survives moderate image transformations)
- →Store both in a hash-chained audit log where each record references the previous one
The audit log is tamper-proof by construction: changing any past record would break the hash chain, making the manipulation detectable. And the perceptual fingerprint means we can re-identify your image even after it's been compressed, cropped, or converted to a different format.
3Layer 3: Blockchain Anchor
Layers 1 and 2 depend on MarkMyAI as a trusted party. Layer 3 removes that dependency.
For every proof record (on paid plans), we compute a cryptographic hash of the combined proof data and write it as a transaction on the Polygon blockchain. This creates:
- ⬡An immutable timestamp — the blockchain records when the proof was created
- ⬡Independent verifiability — anyone can check the proof on Polygonscan, without trusting MarkMyAI
- ⬡Survivability — even if MarkMyAI were to disappear, the blockchain record remains
The anchor hash is deterministic: anyone with the original proof data can independently recompute the hash and verify it matches the blockchain transaction. No trust in us required.
We tested it: 10 ways to destroy a C2PA signature
We took a real, MarkMyAI-signed PNG image and ran it through 10 common image processing operations — the same operations that happen every time an image passes through a CMS, a messenger app, or a social media platform.
| Operation | Embedded C2PA | Audit Record | Blockchain |
|---|---|---|---|
| PNG re-compression | destroyed | intact | intact |
| Resize (50%) | destroyed | intact | intact |
| Crop (center 80%) | destroyed | intact | intact |
| Rotate 90° | destroyed | intact | intact |
| Rotate 15° (arbitrary) | destroyed | intact | intact |
| PNG → JPEG (quality 90) | destroyed | intact | intact |
| PNG → JPEG (quality 50) | destroyed | intact | intact |
| PNG → WebP | destroyed | intact | intact |
| Metadata strip | destroyed | intact | intact |
| Social media pipeline | destroyed | intact | intact |
Result: 0 out of 10 — the embedded C2PA signature was destroyed every single time. Even a simple re-compression of the same PNG, at the same resolution, in the same format, wiped the signature completely.
Why this validates the MarkMyAI approach
This isn't a bug — it's the exact scenario our product was designed for. The embedded C2PA is valuable when it's intact: it gives any C2PA verifier instant machine-readable proof. But in the real world, that proof gets destroyed on the first platform hop. That's when Layers 2 and 3 take over: the audit record and blockchain anchor remain accessible and verifiable regardless of what happens to the image file itself.
Why this matters for EU AI Act compliance
The EU AI Act Article 50 requires publishers to ensure AI-generated content is "marked in a machine-readable format" and "detectable as artificially generated." A simple EXIF tag doesn't meet this standard — it's not machine-readable in any standardized way, it's trivially removable, and it carries no cryptographic proof of who placed it or when.
More importantly: when the marking inevitably gets stripped during distribution, the publisher needs to be able to demonstrate that they did mark the content correctly at the time of publication. That requires an external proof record — not just an embedded tag that vanished on the first upload.
MarkMyAI provides exactly this: the embedded proof (when intact), plus the retrievable external proof (when it's not), plus the blockchain anchor (which doesn't depend on either MarkMyAI or the image file).
The bottom line
Anyone can remove it.
Proves nothing.
Machine-readable standard.
But fragile — doesn't survive processing.
External proof survives stripping.
Independently verifiable.
We built MarkMyAI because we realized that the compliance challenge isn't signing an image — it's proving you signed it, six months later, when the metadata is long gone and someone is asking questions.
Want to see how it works in practice? Try our free compliance checker or explore the API documentation.
← Back to Blog