C2PA Specification Latest Version 2026

The C2PA (Coalition for Content Provenance and Authenticity) specification continues to evolve rapidly as AI-generated content becomes ubiquitous. In February 2026, the latest reference implementation — c2patool v0.26.27 — was released, bringing the most up-to-date support for the C2PA specification version 2.1. In this article, we break down everything you need to know about the latest C2PA standard, what changed, and how AI Photo Check's C2PA Checker stays at the cutting edge.

What Is the C2PA Specification?

The C2PA Technical Specification is an open standard developed by the Coalition for Content Provenance and Authenticity — a joint effort by Adobe, Microsoft, Google, Intel, BBC, Sony, and other major technology companies.

The specification defines how content credentials (tamper-evident, cryptographically signed metadata) are embedded into media files. These credentials provide a transparent record of:

Who created the content — The issuer identity (e.g., Google LLC, Adobe Inc., OpenAI)
How it was created — Camera capture, AI generation, or manual editing
What tools were used — Specific software, AI model, or device
Edit history — A chain of actions performed on the content
Digital source type — Standardized classification like trainedAlgorithmicMedia for AI-generated content

C2PA Specification Version 2.1 — The Latest Standard

The current latest version of the C2PA specification is version 2.1, released in September 2024. This is the version that all major AI providers — including Google, Adobe, OpenAI, and Midjourney — are implementing in their products as of February 2026.

Version 2.1 represents a significant evolution from previous versions, with a strong focus on security hardening, validation improvements, and expanded format support. All publicly disclosed security vulnerabilities have been addressed.

C2PA specification architecture showing manifest structure, claims, assertions, and cryptographic signatures — C2PA specification architecture — manifests, claims, assertions, and signature verification

What's New in C2PA 2.1

The C2PA 2.1 specification introduces numerous improvements across security, validation, format support, and usability. Here are the key changes:

1. Clear Manifest & Asset State Definitions

Version 2.1 introduces precise definitions for manifest and asset states:

Well-formed Manifests — Manifests that conform to the structural requirements of the specification
Valid Manifests — Manifests that pass all validation checks including signature verification
Trusted Manifests — Manifests signed by issuers on a recognized trust list
Valid Assets — Assets whose content bindings match and haven't been tampered with

These clear state definitions enable more precise and reliable verification results.

2. New Ingredients v3 Assertion

The updated ingredients v3 assertion supports richer models of ingredient-based workflows:

Support for dataTypes and claimSignature fields
Fields renamed for consistency with other assertions
New validation status fields for more detailed status reporting
dc:title and dc:format are now optional, providing more flexibility

3. Enhanced Validation System

The validation system received the most extensive improvements in version 2.1:

Detailed validation instructions for all standard assertions
Required ingredient validation — Validation of ingredients is now mandatory when using the ingredients assertion
Extended ingredient validation with more detailed status information
Redacted assertion support — Validation of redacted assertions in ingredients
Time-stamp validation — Detailed requirements for time-stamp verification
Data box validation — Hashed URIs to data boxes and custom boxes are now validated
Orphaned manifest handling — Defined procedure for dealing with orphaned manifests
New validation status codes — Including a new "informational" code type

4. Improved Time-Stamping

New time-stamp manifest — Establishing a "time of existence" for a given asset
sigTst2 & CTT time-stamping — Improved model for RFC 3161 time-stamping
C2PA TSA Trust List — New dedicated trust list for Time Stamping Authorities

5. New C2PA URN Namespace

A new c2pa URN namespace for labelling manifests, complete with a fully specified ABNF grammar. This provides a standardized way to reference and identify C2PA manifests across different systems.

6. Expanded Format Support

JPEG-XL support — Added embedding support for the next-generation JPEG-XL format
PDF embedding — Improved support for embedding manifests into PDFs
BMFF-based assets — New c2pa.hash.bmff.v3 assertion supporting hashing of fixed and variable block sizes
ZIP-based formats — Improved hashing methods for ZIP-based assets

7. Action Assertion Improvements

Either c2pa.created or c2pa.opened is now mandatory in a standard manifest
New standard action types added
Multiple action assertions now allowed in a single manifest
Action templates better explained with more examples
RFC 3339-based regions of interest

8. ISO Standardization Preparation

The specification has undergone extensive editorial improvements to prepare the document for standardization by ISO, signaling C2PA's path toward becoming an international standard.

c2patool v0.26.27 — The Latest Reference Implementation

The c2patool v0.26.27, released on February 9, 2026, is the latest version of the official C2PA reference tool built on the c2pa-rs Rust SDK by the Content Authenticity Initiative (CAI).

Detail	Information
Tool	c2patool
Latest Version	v0.26.27
Release Date	February 9, 2026
Underlying SDK	c2pa-rs (Rust)
C2PA Spec Version	2.1
Repository	github.com/contentauth/c2pa-rs

The c2patool is the foundation that powers many C2PA verification tools, providing the core parsing, validation, and signing capabilities defined in the C2PA specification.

AI Photo Check's C2PA Checker — Updated to the Latest Version

AI Photo Check's C2PA Checker has been updated to use c2patool v0.26.27 — the latest version released on February 9, 2026. This ensures the most accurate, complete, and standards-compliant C2PA verification available anywhere.

AI Photo Check C2PA Checker tool interface showing full content credential analysis with process details, assertions, and validation status — AI Photo Check's C2PA Checker — powered by c2patool v0.26.27, the latest C2PA implementation

Why the Latest Version Matters

Using the latest c2patool version means aiphotocheck.com/c2pa-checker benefits from:

Full C2PA 2.1 spec compliance — Complete support for all features defined in the latest specification version
Enhanced validation — All the new validation improvements including ingredient validation, orphaned manifest handling, and new status codes
Latest security patches — All publicly disclosed vulnerabilities addressed
Broadest format support — JPEG, PNG, WebP, TIFF, JPEG-XL, and more
Newest provider compatibility — Full support for the latest credential formats from Google, Adobe, OpenAI, Midjourney, and all major AI providers

What AI Photo Check's C2PA Checker Displays

Thanks to the latest implementation, the C2PA Checker provides the most comprehensive credential display available:

Issuer identity — Full certificate chain with issuer name (e.g., Google LLC, Adobe Inc.)
Claim generator — The software that created the C2PA manifest (e.g., Google C2PA Core Generator Library, Adobe Content Authenticity)
Signature time — Cryptographically verified timestamp of when credentials were created
Digital source type — With human-readable annotations (e.g., trainedAlgorithmicMedia → "AI Generated")
Actions — Full action history including created, edited, and composite actions
Ingredients — Source images and their own C2PA manifests (nested credential chains)
Assertions — All assertions with raw data for advanced analysis
Validation status — Cryptographic signature verification with detailed status codes

C2PA Checker verifying a Google AI-generated image showing issuer, claim generator, digital source type, and validation status — Verifying a Google AI-generated image — full C2PA 2.1 compliant analysis

C2PA Version History at a Glance

Version	Release	Key Changes
1.0	Jan 2022	Initial specification — core manifest structure, claims, assertions, signatures
1.2	Jan 2023	Enhanced ingredient assertions, improved soft bindings
1.3	Jun 2023	Cloud data assertions, metadata assertion, external manifests
1.4	Feb 2024	Regions of interest, font information assertion, depthmap assertion
2.1	Sep 2024	Major security hardening, ingredients v3, new validation system, time-stamp manifests, JPEG-XL support, ISO preparation

Who Is Using C2PA in 2026?

As of February 2026, the C2PA standard has been adopted by virtually every major AI image generator and an increasing number of camera manufacturers:

AI Image Generators

Google — Gemini, Imagen, Nano Banana (via Google C2PA Core Generator Library)
Adobe — Firefly and all Creative Cloud applications
OpenAI — DALL-E and ChatGPT image generation
Midjourney — All generated images include C2PA credentials
Stability AI — Stable Diffusion through official platforms

Camera Manufacturers

Google Pixel — Hardware-level C2PA support
Samsung Galaxy — C2PA-enabled cameras
Sony — Professional and consumer cameras
Leica — Content Credentials in M-series cameras

Platforms

YouTube, Instagram, X (Twitter) — Increasing C2PA integration for content provenance

How to Verify C2PA Credentials

The fastest and most comprehensive way to verify C2PA content credentials is using AI Photo Check's C2PA Checker:

Go to aiphotocheck.com/c2pa-checker
Upload any image (JPEG, PNG, WebP supported)
Get instant, comprehensive C2PA analysis:
- Issuer and signature verification
- Digital source type with human-readable explanation
- Full action history and ingredient chain
- Detailed assertion data
- Cryptographic validation status

The tool is completely free, requires no registration, and has no usage limits. Powered by c2patool v0.26.27 (released February 9, 2026), it provides the most up-to-date C2PA verification available.

Frequently Asked Questions

What is the latest C2PA specification version?

The latest C2PA specification version is 2.1, released in September 2024. It is the current standard being implemented by all major AI providers and camera manufacturers as of February 2026.

What is c2patool and what is its latest version?

c2patool is the official command-line tool for working with C2PA content credentials, built on the c2pa-rs Rust SDK by the Content Authenticity Initiative. The latest version is v0.26.27, released on February 9, 2026. You can find it on GitHub.

Does aiphotocheck.com use the latest C2PA version?

Yes. AI Photo Check's C2PA Checker has been updated to c2patool v0.26.27 (released February 9, 2026), ensuring full compliance with the C2PA 2.1 specification and support for all latest credential formats.

What file formats does C2PA 2.1 support?

C2PA 2.1 supports embedding content credentials in: JPEG, PNG, WebP, TIFF, GIF, JPEG-XL, HEIF/HEIC, AVIF, MP4, MOV, PDF, and various BMFF-based and ZIP-based formats.

What are the main improvements in C2PA 2.1?

Key improvements include: enhanced validation system with detailed status codes, new ingredients v3 assertion, time-stamp manifests, c2pa URN namespace, expanded format support (JPEG-XL), improved security addressing all known vulnerabilities, and preparation for ISO standardization.

Is the C2PA Checker free?

Yes, AI Photo Check's C2PA Checker is completely free with no registration required. It provides the most comprehensive C2PA credential display available, supporting all major AI providers including Google, Adobe, OpenAI, and Midjourney.

Conclusion

The C2PA specification version 2.1 represents the most mature and comprehensive standard for content provenance and authenticity. With the release of c2patool v0.26.27 on February 9, 2026, the reference implementation is more robust than ever.

AI Photo Check's C2PA Checker is always updated to the latest version, providing you with the most accurate, complete, and standards-compliant C2PA verification available — completely free.

Try the Latest C2PA Checker Now →