A manifest assertion is a structured, cryptographically signed claim embedded within a C2PA manifest that declares a specific fact about a piece of digital content. Each assertion, such as the creativeWork or action assertion, is a discrete, verifiable statement that, when combined with others, forms the complete provenance chain of the asset.
Glossary
Manifest Assertion

What is Manifest Assertion?
A structured, digitally signed statement within a C2PA manifest that makes a specific claim about the content, such as its creator, creation date, or an action performed on it.
These assertions are digitally signed using the creator's private key, backed by an X.509 Certificate, ensuring non-repudiation and integrity. A validator engine parses these assertions, checking their claim signature against a trust list to confirm the content's origin and edit history are authentic and tamper-evident.
Key Characteristics of Manifest Assertions
A manifest assertion is the atomic unit of truth within a C2PA content credential. Each assertion is a structured, digitally signed claim that makes a specific, verifiable statement about the content's provenance.
Structured Claim Format
Every assertion follows a strict, machine-readable schema defined by the C2PA specification. This ensures interoperable validation across different tools and platforms.
- Label: A unique identifier for the claim type (e.g.,
stds.schema-org.CreativeWork) - Data: The payload containing the actual claim, formatted as a JSON-LD object
- Schema Reference: A pointer to the formal definition that governs the data structure
This structure allows validators to programmatically parse and verify claims without human interpretation.
Cryptographic Binding
An assertion is not merely a text tag; it is cryptographically bound to the content and the signer's identity through a digital signature.
- The assertion data is hashed and included in the manifest's claim signature
- The signature is generated using the private key associated with an X.509 certificate
- Any post-signing modification to the assertion data invalidates the signature
This creates a non-repudiable link between the claim, the content, and the identified party making the assertion.
Assertion Types & Hierarchy
C2PA defines a taxonomy of assertion types to cover the full content lifecycle. Key categories include:
- Creative Work Assertions: Claims about authorship, copyright, and the nature of the work itself, often using schema.org vocabularies
- Action Assertions: Document specific edits performed, such as
c2pa.croppedorc2pa.color_adjusted, including software agent and parameters - Ingredient Assertions: Reference source media used in composites, forming the backbone of the provenance chain
- Identity Assertions: Link the content to a verified real-world identity via a trusted certificate chain
Hard vs. Soft Binding
Assertions can be attached to content using two distinct methods, each with different resilience characteristics:
- Hard Binding: The manifest containing all assertions is embedded directly into the asset's binary file structure using the JUMBF container format. This ensures the provenance data travels with the file but increases file size.
- Soft Binding: The manifest is stored externally as a sidecar file or cloud URL, referenced by a content hash. This is lighter but risks metadata stripping if the asset is transferred without its sidecar.
The choice depends on the distribution pipeline and resilience requirements.
Trust List Validation
An assertion's credibility is only as strong as the signer's identity. Validation relies on a Trust List—a cryptographically signed roster of approved issuers and Certificate Authorities.
- The validator engine checks the signer's X.509 certificate chain against the trust list
- It performs a revocation check via OCSP to ensure the certificate hasn't been invalidated
- Only assertions signed by entities on the trust list are displayed as verified
This prevents self-signed or compromised certificates from producing convincing but fraudulent provenance claims.
Redaction & Privacy Controls
Assertions support selective disclosure to balance transparency with privacy. Sensitive metadata can be redacted without breaking the cryptographic chain.
- A pre-redaction hash is included in the signed manifest
- Redacted fields are replaced with a placeholder, and a zero-knowledge proof can optionally demonstrate the redaction was valid
- This allows, for example, a photojournalist to assert their identity while redacting the exact GPS coordinates of a sensitive location
The verifier can still confirm the manifest's integrity even with redacted fields.
Frequently Asked Questions
Clear answers to common questions about the structured, digitally signed statements that form the backbone of C2PA content credentials.
A manifest assertion is a structured, digitally signed statement within a C2PA manifest that makes a specific, verifiable claim about a piece of digital content. It is the atomic unit of provenance, carrying a single fact such as the creator's identity, the creation date, or a specific edit action performed. Each assertion is a JSON-LD data object that is cryptographically hashed and then signed by the actor making the claim, using their private key. This signature binds the claim to a specific identity backed by an X.509 Certificate, ensuring non-repudiation. When a validator processes the manifest, it checks the signature on each assertion against the signer's public key and verifies the certificate chain against a Trust List. This mechanism creates a tamper-evident record: any modification to the assertion's data after signing will invalidate the cryptographic hash, immediately alerting the verifier to potential manipulation.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
A manifest assertion is one component within a broader cryptographic provenance framework. These related terms define the structures, signatures, and validation mechanisms that give assertions their trustworthiness.
Claim Signature
A cryptographic digital signature generated over a set of assertions, binding them to a specific identity. It ensures integrity (the assertions haven't been altered) and non-repudiation (the signer cannot deny signing).
- Uses the signer's private key from an X.509 certificate
- Validated by the verifier using the corresponding public key
- Forms the mathematical proof that a manifest assertion is authentic
Ingredient Assertion
A specialized assertion type that documents a piece of source media used in creating a composite asset. It records the relationship between a final output and its constituent parts.
- Creates a verifiable lineage chain back to original captures
- Includes the hash of the ingredient asset for integrity verification
- Enables viewers to trace every element in a composite image or video
- Essential for proving content was not generated from whole cloth by AI
Identity Assertion
A cryptographically signed claim that links content to a verified, real-world identity. Unlike a generic creator assertion, this is backed by an X.509 certificate issued by a trusted Certificate Authority.
- Binds a legal entity or individual to the content
- Validated against the C2PA Trust List during verification
- Provides the strongest form of creator attribution
- Often used by news organizations and professional photographers
Action Assertion
Documents a specific operation performed on the content, such as cropping, resizing, color correction, or AI-based generative fill. Each action becomes a node in the provenance chain.
- Includes parameters describing the transformation
- Records the software agent that performed the action
- Enables full edit transparency: what was done, by what tool, in what order
- Critical for distinguishing minor corrections from deceptive manipulations
Provenance Data Model
The abstract graph-based structure that represents entities, agents, and activities involved in content creation. Often aligned with the W3C PROV standard.
- Defines three core node types: Entity (the asset), Agent (creator/tool), Activity (action)
- Provides the semantic framework that manifest assertions populate
- Ensures interoperability across different provenance implementations
- Enables machine-readable querying of the full creation history
Validator Engine
The software component that performs cryptographic verification of a content credential. It checks every assertion's integrity and authenticity.
- Validates signature chains back to a trust anchor
- Checks certificate revocation status via OCSP
- Confirms signers are on the configured Trust List
- Returns a pass/fail determination that a consumer-facing app displays
- The final arbiter of whether a manifest assertion is trustworthy

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us