What is EU AI Act Article 50?

EU AI Act Article 50 (Regulation EU 2024/1689) requires providers and deployers of AI systems that generate synthetic images, video, audio, or text to mark those outputs in a machine-readable format so they can be detected as artificially generated or manipulated. Enforcement starts 2 August 2026. Fines can reach EUR 15 million or 3% of global annual turnover, whichever is higher.

What is C2PA and why does it matter for EU AI Act compliance?

C2PA (Coalition for Content Provenance and Authenticity) is an open industry standard for embedding cryptographically signed provenance metadata directly into media files. It is co-developed by Adobe, Microsoft, Google, Sony, BBC, and others. EU AI Act Article 50 requires machine-readable disclosure of AI-generated content. C2PA is the primary technical mechanism adopted by the industry to satisfy this requirement, creating tamper-evident, verifiable proof that travels with the file.

What are Content Credentials and how do they relate to C2PA?

Content Credentials is the consumer-facing name for C2PA provenance data, introduced by the Content Authenticity Initiative (CAI) led by Adobe. When a file carries Content Credentials, it contains a C2PA manifest with signed claims about who created it, which AI model was used, and what modifications were made. Adobe Firefly, Bing Image Creator, Shutterstock, and many other tools now embed Content Credentials by default. NotarAI lets you add Content Credentials (C2PA) to any AI-generated asset, including those where the original tool stripped the metadata during export.

How do I add C2PA metadata to an AI-generated image?

Upload the image to NotarAI (dashboard or API), fill in the AI declaration — model name, generation type, any human modifications, and reviewer status — and download the signed output. NotarAI embeds a cryptographically signed C2PA manifest and XMP metadata block directly into the file. The process takes seconds. You can also automate it via the REST API with POST /v1/sign in any CI/CD or CMS pipeline.

How does AI watermarking differ from C2PA signing?

Traditional AI watermarking embeds an invisible perceptual signal into pixel data that can survive lossy compression, but it carries no structured identity or legal declaration. C2PA signing embeds a cryptographic manifest into the file's metadata layer with a signed, structured declaration of who created it, which AI model, and what modifications were made. C2PA is the legally-oriented approach — it provides a verifiable audit trail suitable for EU AI Act Article 50 compliance. NotarAI uses C2PA signing, not perceptual watermarking.

Does NotarAI prevent deepfakes and compliance liability?

NotarAI signs AI-generated assets with cryptographic C2PA certificates and creates permanent public verification pages, establishing a verifiable disclosure record. This protects creators and organisations from EU AI Act Article 50 liability by ensuring the machine-readable disclosure requirement is met. It does not prevent creation of deepfakes, but provides the compliance layer required by law.

Is NotarAI GDPR and EU AI Act compliant?

Yes. NotarAI is EU-hosted in Frankfurt (Supabase EU region) with GDPR-compliant infrastructure, data processing agreements, Article 50 enforcement automation, and no third-party data sharing. File uploads are deleted around 15 minutes after signing. Public verification pages are permanent but contain only declaration metadata and a file hash, not the file itself.

Do C2PA signatures survive design tool exports?

Not automatically. Tools like Figma, Photoshop, Canva, and most social export pipelines silently strip C2PA and XMP metadata during export. That's exactly the problem NotarAI is built to solve: you upload the final exported asset and NotarAI re-signs it with a fresh C2PA manifest and XMP block, restoring the disclosure trail on the file you actually publish.

What file formats does NotarAI support?

Starter plan: JPG, PNG, WebP, MP3, WAV. Business plan adds: MP4, MOV, M4A. Enterprise plan adds: AVIF, HEIC, SVG. All plans support C2PA manifest scanning on any format that carries an embedded manifest or XMP packet.

How does the C2PA signing API work?

Authenticate with a bearer token from your NotarAI account settings. POST to https://notarai.io/api/v1/sign with a multipart upload and your declaration fields (AI model, generation type, human review status). The response contains a certificate ID, a public verify URL, and a download URL for the signed file. Full API reference at notarai.io/docs.

EU AI Act · Article 50 Compliance

Sign and disclose AI-generated assets, even after Figma and export pipelines strip metadata.

Name: NotarAI — C2PA Signing and EU AI Act Article 50 Compliance
Brand: NotarAI
Price: 29 EUR
Availability: InStock

NotarAI restores verifiable disclosure with C2PA signatures, PDF audit certificates, and public verification pages for every signed asset.

Compare plans and start trial See how it works

14-day free trialCancel anytimeEU-hosted in Frankfurt

Live demo

Test your AI asset right now

Upload any image and NotarAI will scan it for C2PA manifests and XMP metadata, identify the AI model if present, and give you an instant Article 50 compliance assessment. No account required. Your file is not stored.

Reads embedded C2PA manifest store and XMP packet
Identifies AI generation claims and model names
Assesses compliance against Article 50 requirements
File processed in-memory and immediately discarded

Features

Everything you need to comply and prove it

Scanning

Detect the AI disclosure trail on any asset automatically

Upload images, video, and audio files. NotarAI reads embedded C2PA manifests and XMP metadata and surfaces model identifiers, generation timestamps, and modification history — no manual input required.

Reads C2PA manifest store and XMP packet on upload
Identifies AI-generation claims from Stable Diffusion, Midjourney, Firefly, DALL·E, and others
Flags assets with stripped or tampered metadata
Structured scan result available in the dashboard and via API

Scan result · campaign-hero.png

C2PA manifestPresent

Detected modelStable Diffusion 3

Generation date2026-04-28

Human reviewDeclared: Yes

XMP packetPresent

IntegrityBinding valid

Signing & export

Add C2PA and XMP data to your asset, then download it

Configure the declaration: AI model, generation type, modifications, and human review status. NotarAI embeds a signed C2PA manifest and XMP block directly into the output file. Download or retrieve via API.

Starter: JPG, PNG, WebP, MP3, WAV
Business adds: MP4, MOV, M4A
Enterprise adds: AVIF, HEIC, SVG
Configurable declaration fields to match your Article 50 obligations
Bulk signing workflows available on Business and Enterprise plans

Sign asset · campaign-hero.png

AI modelStable Diffusion 3

Generation typeFully AI-generated

ModificationsColor grading, crop

Human reviewYes — marketing review

Output formatC2PA + XMP embedded

↓ Download signed asset

Verification & certificates

Public proof pages and PDF audit certificates for every signature

Every completed signature generates a permanent public record at /verify/:id and a downloadable PDF audit certificate. Share the link for legal review, embed it in your content, or include it in partner handoffs.

Public /verify/:id with certificate ID, declaration, and SHA-256 fingerprint
Downloadable PDF certificate per signed asset
Collection-level records at /verify/collection/:id
Custom branding on verify pages and PDF certificates on Enterprise

Verified#a3f28c1e…

Assetcampaign-hero.png

Signed byACME Agency

ModelStable Diffusion 3

Signed at2026-04-28 · 14:32 UTC

SHA-2563a7fcb2d…

↓ PDF certificate↗ Public verify page

API

Integrate scanning and signing into any pipeline

The REST API exposes the same operations as the dashboard. Authenticate with a bearer token, POST to /api/scan or /api/sign with a multipart upload, and receive structured JSON including certificate IDs and public verify URLs.

Bearer token auth with plan-scoped hourly and monthly rate limits
POST /api/scan — detect and return disclosure metadata
POST /api/sign — sign and return download URL + certificate URL
GET /api/certificates/:id — retrieve PDF or structured JSON record

POST /api/sign

Authorization: Bearer sk-••••••••

{

"model": "stable-diffusion-3",

"type": "ai_generated",

"human_review": true

}

200 OK

{

"certificateId": "a3f28c1e…",

"verifyUrl": "notarai.io/verify/…",

"downloadUrl": "…"

}

Why this matters

Choose a plan after you understand the risk, not before.

Tools like Figma, Photoshop, Canva, and social export pipelines often strip C2PA and XMP metadata. That means your final published asset can lose the AI disclosure trail, even if the original file had it.

01

Creation

AI image generated with metadata

02

Edit / export

Design tools or platforms remove metadata

03

Publish

NotarAI re-signs and restores verifiable disclosure

Plans

Compare before you start a trial

File availability is explicit across all plans: after successful signing, your signed output and certificate PDF remain downloadable for 7 days (Starter), 21 days (Business), or 45 days (Enterprise). Original uploads are deleted around 15 minutes after signing completes. Abandoned pending or error records are cleared after 72 hours.

Starter

€29/mo

after 14-day free trial

Solo creators and small teams publishing occasional AI assets.

API accessYes
Active API keys1
Scans / month500
Signs / month500
Active storage cap5 GB
Signed file retention7 days
Multi-user organization workspaceNo
Custom branding for public verify pagesNo
Custom branding for PDF audit certificatesNo

Cancel anytime during trial.

Business

Recommended

€99/mo

after 14-day free trial

Agencies shipping AI content weekly with operational signing needs.

API accessYes
Active API keys3
Scans / month2000
Signs / month2000
Active storage cap25 GB
Signed file retention21 days
Multi-user organization workspaceNo
Custom branding for public verify pagesNo
Custom branding for PDF audit certificatesNo

Cancel anytime during trial.

Enterprise

€199/mo

after 14-day free trial

Regulated organizations that need procurement-grade controls and support.

API accessYes
Active API keys10
Scans / month12000
Signs / month12000
Active storage cap100 GB
Signed file retention45 days
Multi-user organization workspaceYes
Custom branding for public verify pagesYes
Custom branding for PDF audit certificatesYes

Cancel anytime during trial.

Compare

Feature comparison

Feature	Starter	BusinessRecommended	Enterprise
Price / month	EUR 29	EUR 99	EUR 199
Best for	Solo creators	Agencies	Regulated organizations
API access	Yes	Yes	Yes
Max active API keys	1	3	10
Scans / month	500	2000	12000
Signs / month	500	2000	12000
Active storage cap	5 GB	25 GB	100 GB
Signed file retention	7 days	21 days	45 days
Image formats	JPG, PNG, WebP	JPG, PNG, WebP	JPG, PNG, WebP, AVIF, HEIC, SVG
Video formats	-	MP4, MOV	MP4, MOV
Audio formats	MP3, WAV	MP3, WAV, M4A	MP3, WAV, M4A
Multi-user organization workspace	No	No	Yes
Custom branding for public verify pages	No	No	Yes
Custom branding for PDF audit certificates	No	No	Yes
14-day free trial · cancel anytime

FAQ

Frequently asked questions

Verification

Public proof pages for every signed asset

Every completed signature can be verified through a public record page that includes certificate ID, declaration details, and SHA-256 fingerprint. This makes legal, compliance, and partner review straightforward.

/verify/:id

Single asset verification record

/verify/collection/:id

Collection-level verification overview

Included in all plans

Cryptographic C2PA signing for supported image formats
PDF transparency certificate per signed asset
Audit vault with signed records and declaration history
EU-hosted infrastructure (Frankfurt) and GDPR-aligned handling
Plan-aware rate limits and monthly cost protection caps