Standardizing Trust: Inside the C2PA Movement

Discussion with Scott Perry

As Conformance Program Administrator at the Coalition for Content Provenance and Authenticity (C2PA), Perry is helping lead a global effort to restore trust in digital media. His focus is on building the technical and governance infrastructure that allows people to verify the origin, integrity, and intent behind every piece of content they encounter online.

At the center of this effort are Content Credentials, a core component of the C2PA standard. These are embedded data layers that travel with digital files. Whether it’s a photograph, a video, or a piece of AI-generated art, Content Credentials document who created the file, what tools were used, whether AI was involved, and how the content has changed over time.

“This is about creating a verifiable record of what actually happened”, said Perry during a recent presentation. “From the moment content is captured or edited, we can make that process visible, traceable, and trustworthy”.

From Invisible Metadata to Public Transparency

The way Content Credentials work is simple but powerful. When creators choose to activate the feature, their content is indelibly affixed with data that captures key moments in the creation and editing process, much like a nutrition label. This information becomes part of the file itself and can be accessed by anyone who views it online. On platforms that support C2PA, a small icon or pin allows users to click and inspect the file’s history and details.

For end users, this means they can see whether a photo was taken by a journalist or generated by a machine. For publishers, it means being able to confidently share third-party content with a clear understanding of where it came from and how it was altered. For creators, it’s a way to prove ownership, receive proper credit, and assert their rights in a digital landscape that often overlooks attribution.

Perry highlighted how this technology can also help answer critical questions that arise in fast-moving media environments. For example, when a controversial video surfaces online, Content Credentials can help determine whether it originated from a legitimate source, whether it was manipulated, and how it evolved before reaching the public.

Strengthening Trust, Layer by Layer

The C2PA standard is more than a technical feature. It is backed by a comprehensive governance framework. Certification authorities issue signing credentials to trusted participants, while a conformance program, overseen by Perry, ensures that products claiming to implement the standard are doing so correctly and securely.  

This dual-layer system helps balance openness and accountability. It ensures that participants follow clear protocols, while still giving creators flexibility in how they express their intent and control their work. Perry’s oversight of the conformance program means he is directly involved in setting expectations, reviewing implementations, and shaping how these standards evolve.

He is also co-leading the Creator Assertions Working Group under the Decentralized Identity Foundation. This initiative extends the C2PA framework by allowing creators to make specific, machine-readable assertions about how their content can be used. These include permissions for redistribution, rules around AI training, and additional identity bindings that connect digital assets to verified individuals or organizations.

“In a world where AI can copy styles and voices with near perfection, creators need to be able to assert ownership and set boundaries”, Perry explained. “These assertions help make that possible”.

A Trusted Name in Digital Governance

Perry’s authority in this space is not accidental. He brings decades of experience in cybersecurity, digital identity, and compliance. His career spans audit leadership roles at Schellman and his own CPA firm, where he became a go-to expert for public key infrastructure (PKI), WebTrust, and ISO 27001 certifications. He also founded the Digital Governance Institute to support government agencies and tech companies in designing accountable systems for identity and risk.

Today, he splits his time between leading C2PA’s conformance efforts, advising decentralized identity initiatives, and helping creators, publishers, and platforms navigate the rapidly evolving world of digital authenticity. But at the heart of all his work is a simple idea: trust needs structure.

Without clear standards, without traceability, and without proper tools, users are left guessing. Creators are left unprotected. Platforms are forced to play defense. Perry and the C2PA are working to change that, one credential at a time. We live in a world where seeing is no longer believing. AI-generated videos, manipulated images, and synthetic news stories are spreading faster than ever. And while content creation has become more powerful and accessible, the ability to verify what’s real and who made it has not kept pace. Scott Perry is working to change that., he said.

In an era defined by speed, noise, and synthetic media, Scott Perry is helping rebuild the one thing that makes digital content worth believing in: credibility.