A Manifest is the core data structure in the C2PA specification that aggregates a set of assertions about a content asset and contains a cryptographic signature binding those assertions directly to the asset. It functions as a tamper-evident digital record, defining who created an asset, how it was created, and what transformations it has undergone. Each manifest is a self-contained unit of provenance that can be chained to document the complete lifecycle of a piece of content.
Glossary
Manifest

What is a Manifest?
The foundational container within the C2PA specification that cryptographically binds provenance assertions to a digital asset, establishing a tamper-evident chain of custody.
The manifest structure relies on a hard binding mechanism, typically embedding the provenance metadata inseparably within the asset's bitstream or maintaining a secure hashlink. This ensures the attribution chain cannot be stripped or lost during redistribution. By providing a standardized, machine-readable format for cryptographic provenance, the manifest enables downstream systems to automatically verify the integrity and origin of content before relying on it for training data or publication.
Key Features of a Manifest
The Manifest is the foundational, tamper-evident container within the C2PA specification that cryptographically binds a set of verifiable assertions to a specific digital asset.
Cryptographic Binding
The Manifest establishes a hard binding between the asset and its provenance metadata. It contains a cryptographic hash of the asset, ensuring that any subsequent modification to the pixel data or audio waveform invalidates the signature. This creates a mathematically verifiable link, proving that the assertions contained within the Manifest were intended for that exact file and no other.
Assertion Container
A Manifest acts as a structured container for multiple signed assertions. Each assertion is a discrete, verifiable claim about the asset, such as:
- Creative Assertions: Author name, creation date, copyright.
- Action Assertions: Edits performed (e.g., cropped, color-adjusted).
- Thumbnail Assertions: A trusted visual preview. These assertions are serialized in a standardized format (like JSON-LD) for machine-readability.
Ingredient Composition
Manifests explicitly track the lineage of composite works through an ingredient list. If an image is created by combining multiple source files, each source's Manifest becomes an ingredient. This creates a directed acyclic graph of provenance, allowing a validator to recursively walk back through every component asset to verify the complete provenance trail of the final composite.
Signature Verification
The integrity of the entire Manifest is protected by a digital signature generated using the signer's private key. Verification involves:
- Checking the signature against the signer's public certificate.
- Validating the certificate chain back to a trusted root Certificate Authority.
- Confirming the asset hash matches the current bitstream. This process ensures the Manifest has not been tampered with since it was signed.
Embedding vs. Remote Referencing
The C2PA specification supports two storage models for the Manifest:
- Embedded: The JUMBF-encoded Manifest is injected directly into the file's metadata (e.g., JPEG, PNG, MP4), ensuring it travels with the asset.
- Remote: The Manifest is stored on a cloud service, and the asset contains a hashlink URL pointing to it. This allows for dynamic updates but requires network access for verification.
Tamper-Evident Update Mechanism
When a legitimate edit is made (e.g., a newsroom crops a photo), a new Manifest is generated. This new Manifest:
- Includes the previous Manifest as an ingredient.
- Contains a new action assertion describing the edit.
- Is signed with the editor's credential. This creates a transparent, auditable chain of custody where any unauthorized alteration breaks the chain and is immediately detectable.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Frequently Asked Questions
Clear answers to the most common questions about the C2PA Manifest, the foundational data structure for cryptographic content provenance.
A C2PA Manifest is the core data structure in the C2PA specification that contains a set of cryptographically signed assertions about a content asset. It functions as a tamper-evident digital 'nutrition label' by binding provenance metadata—such as the creator's identity, the device used, and the edit history—directly to the asset. The manifest is structured as a JSON-LD document that includes a unique claim, a set of assertions, and a cryptographic signature. This signature, generated using the signer's private key, mathematically binds the assertions to the asset's hash, making any subsequent alteration detectable. The manifest can be embedded directly into supported file formats (a hard binding) or stored externally and referenced via a secure link.
Related Terms
The Manifest is the cryptographic core of the C2PA architecture. Understanding these adjacent concepts is essential for implementing end-to-end content provenance.
Signed Assertion
The fundamental building block within a manifest. A signed assertion is a cryptographically signed statement made by an entity about a content asset. Examples include:
- Creative Work Assertion: Declares the author and creation date
- Thumbnail Assertion: Provides a verifiable visual reference
- Training Data Assertion: Claims whether AI was used in generation Each assertion is individually verifiable without unpacking the entire manifest.
Hard Binding
A method of embedding the manifest directly into the bitstream of the asset file itself. Unlike sidecar metadata files that can be lost during transfer, hard binding ensures the provenance data is cryptographically inseparable from the content. For JPEG files, this uses the JUMBF (JPEG Universal Metadata Box Format) standard to store the manifest within the image's binary structure.
Attribution Chain
A sequential, verifiable record of every actor and process that contributed to an asset's creation. Each link in the chain contains:
- The identity of the actor (signer)
- The specific action performed (capture, edit, publish)
- A cryptographic signature over the previous state This creates a directed acyclic graph of provenance that auditors can traverse from final output back to original capture.
Content Credential
The user-facing implementation of a C2PA manifest. Often described as a 'digital nutrition label,' it surfaces the cryptographically verified attribution and edit history in a human-readable format. Platforms like Adobe Photoshop and Microsoft Designer display these credentials as a pin icon, allowing consumers to inspect the provenance trail of any compliant asset before trusting it.
Transparency Log
An append-only, publicly auditable ledger that records manifest signatures. By publishing signed assertions to a transparency log, content creators enable third-party monitoring of their provenance claims. This prevents backdating or silent modification of manifests, as any observer can detect discrepancies between a claimed signature timestamp and the log's immutable record.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us