C2PA adoption in 2026 is best described as broad but shallow. The major actors in every relevant industry — cameras, smartphones, AI generators, editing software, wire services, social platforms, browsers — have announced support. The depth of that support varies enormously. Some are shipping signed capture in flagship hardware; some have a single product line with the feature toggleable; some have published a roadmap without yet shipping anything user-visible. This page tries to give a working snapshot.
Adoption is moving fast enough that any printed snapshot is partially obsolete. The trajectory matters more than any single line item. Three patterns are stable: high-end professional capture devices are converging on default-on C2PA, consumer flagship phones are converging on opt-in C2PA, and the large commercial AI generators have made backend signing standard. The middle of the market — midrange phones, prosumer cameras, smaller AI tools — lags substantially.
Cameras
The camera industry was the earliest non-Adobe segment to ship C2PA. The Leica M11-P, released October 2023, was the first commercial camera with built-in C2PA signing using a hardware-protected key. The implementation produces signed DNG files with capture-time assertions including device, photographer (linked to a Leica account), and optional GPS.
Sony added C2PA support to the α-series (α1, α7R V, α9 III) through Imaging Edge firmware updates during 2024. The implementation requires tethering or a companion-app flow for some operations; later firmware released in 2025 brought standalone signing to additional bodies. Canon's EOS R5 Mark II added C2PA in 2024 with a similar implementation pattern. Fujifilm's GFX line added a beta in early 2025.
Nikon shipped C2PA in the Z6 III in 2024, encountered a firmware-level signing vulnerability in mid-2025, and suspended C2PA signing while the issue was remediated. The 2025 incident — affected certificate chains were marked untrusted in the C2PA Trust List during the remediation — became a teaching case in the practical importance of trust-list revocation infrastructure. Service was restored with corrected firmware in late 2025.
| Camera | C2PA since | Status mid-2026 |
|---|---|---|
| Leica M11-P | October 2023 | Default-on, hardware-rooted |
| Sony α1 / α7R V / α9 III | 2024 (Imaging Edge) | Available, varies by body |
| Canon EOS R5 Mark II | 2024 firmware | Available, opt-in |
| Nikon Z6 III | 2024 (suspended 2025, restored late 2025) | Available with corrected firmware |
| Fujifilm GFX series | 2025 beta | Beta program |
Smartphones
The Samsung Galaxy S25 (January 2025) was the first major flagship to ship C2PA signing for camera capture, using the Samsung Knox secure environment for key protection. The Google Pixel 10 (September 2025) followed with C2PA-on-by-default for photos taken with the stock Camera app, using the Titan M2 security chip for hardware-rooted signing. Both implementations include capture-time C2PA assertions and additional Android-platform-level signing for any AI features (Pixel's Magic Editor, Samsung's Generative Edit) used on the image.
Apple's position as of mid-2026 is observer-level participation in C2PA without a shipping implementation in iPhone Camera. iOS 26 added the ability to inspect Content Credentials in Photos and Safari, but does not produce them at capture. The asymmetry — Apple users can verify others' credentials but not produce their own — is widely noted and has been the subject of recurrent rumor about a future shipping date.
The Truepic mobile SDK provides C2PA-compliant capture for any iOS or Android app that integrates it, used in insurance, real estate, and humanitarian documentation workflows where capture-side provenance is operationally required. Truepic's deployments are the largest mobile C2PA capture footprint by volume of signed images outside the flagship-phone segment.
AI generators
The large commercial AI image generators have, with one major holdout, made C2PA signing standard. Adobe Firefly has emitted C2PA manifests since its first commercial release in 2023; OpenAI's DALL·E 3 and Sora include C2PA manifests by default; Google's Imagen does the same. Anthropic's image-generation offering, on its public release, included C2PA marking from launch. The manifests typically include c2pa.ai_generated assertions identifying the model and generation parameters.
The major open-weights ecosystem — Stable Diffusion and its derivatives, Flux, the various community fine-tunes — does not produce C2PA manifests by default. Some integrations (ComfyUI plugins, certain forks) add C2PA emission, but the typical local-deployment user produces unmarked images. This is the gap that the EU AI Act's marking obligation, applicable from 2 August 2026, will be tested against: large commercial providers will comply; individual users running open weights will not, and the enforcement question is unresolved.
Editors
Adobe's Creative Cloud applications (Photoshop, Lightroom, Premiere, Illustrator) are the dominant C2PA-aware editing surface. Content Credentials are toggleable per asset and, in newer releases, default-on for AI-assisted edits. Affinity Photo added beta C2PA support in 2024 and stabilized it in 2025. Capture One added ingestion-side C2PA preservation in 2024 without yet emitting its own claims at export.
DaVinci Resolve, Final Cut, and Premiere are the main video editors with active C2PA development; the video story is more complex due to the timeline-edit nature of the workflow, and the relevant spec work is part of the C2PA 2.4 and ongoing 3.0 development.
Wire services and publishers
The Associated Press, Reuters, and AFP have all run C2PA pilots since 2023. AP's pilot, in cooperation with Project Origin partners, ran credentialed wire photographs through major downstream platforms and demonstrated end-to-end validation including durable-credential recovery after platform stripping. The pilots are not yet universal across the wire feed; specific story types (election coverage, conflict imagery) have been prioritized for credentialed delivery, with broader rollout staged.
The BBC, CBC, and the New York Times have led Project Origin's editorial-side work, surfacing Content Credentials inline on selected published pieces. The user-facing display patterns established in these pilots have influenced the broader Content Credentials UI conventions.
Platforms
Platform support for C2PA is the most uneven part of the ecosystem. The platform policies page covers the current state in detail. LinkedIn and TikTok preserve C2PA manifests on most upload paths. X strips manifests by default with no inline display. Meta's behavior varies by surface and has evolved several times since 2023; as of mid-2026, Instagram preserves manifests on direct uploads but the third-party automation surface continues to strip. YouTube has no production C2PA pipeline for still-image content.
The Adobe-operated Content Credentials Verify site (verify.contentauthenticity.org) remains the primary fallback for users wanting to validate an image they have downloaded, regardless of where it came from. Browser-native validation has been the subject of standards discussion in the W3C Web Performance Working Group through 2024 and 2025 but has not produced a shipping default-on feature in any major browser.
Browsers and consumer surfaces
Browser support is the bottleneck for mass-market visibility. Chrome and Edge have both shipped experimental flags for native C2PA display through 2024 and 2025; neither has flipped them on by default. Firefox has expressed interest but has not shipped a flag. Safari's iOS 26 inspection support is the closest thing to mainstream consumer display, but the surface is opt-in via a long-press menu rather than an always-visible badge.
The browser-extension ecosystem provides a workaround. The Content Credentials extension from Adobe, the Internet Society's open-source extension, and several research-group extensions all provide on-page badges for C2PA-enabled images. Aggregate install counts are modest — high tens of thousands in mid-2026 — meaning the vast majority of readers encounter C2PA-credentialed images with no visible signal that the credentials exist.
What this map implies
For producers, the implication is that emitting C2PA pays off in editorial and evidentiary contexts even when consumer-side visibility is limited. A wire service that ships credentialed images has them validatable by other newsrooms and by courts, even if a typical reader sees no badge. For consumers, the implication is that the absence of a credential is almost always a non-signal — the consumer's tooling probably could not display one anyway — and that verification workflows have to assume a non-credentialed default.
Where the field is moving
The next twelve to eighteen months will determine whether C2PA reaches mass-market visibility through the browser layer. If Chrome, Edge, or Safari ships default-on display, consumer awareness will jump and producer incentives will shift accordingly. If they do not, C2PA remains a specialist tool — important in evidentiary and editorial workflows, invisible in casual consumption. The signaling from the major browser vendors through 2025 has been ambiguous; the most likely outcome is partial display (badges on supported file formats, no warnings on unsupported ones) at some point in 2026 or 2027.
The other inflection point is the EU AI Act's marking obligation taking effect on 2 August 2026. Commercial AI providers operating in the EU will need to ensure machine-readable marking on synthetic outputs. C2PA is the de facto answer for image generators; the enforcement experience over the second half of 2026 will reveal how the regulation interacts with the messy reality of provider-side compliance and consumer-side detection.