CSOAI
Initializing...
Free forever · No credit card
CSOAI
Initializing...
Article 50 Watermarking Kit — £999 one-time + £99/mo monitoring (optional)
The second draft of the EU Code of Practice (3 March 2026) mandates at least two active layers of machine-readable marking for all AI-generated content. The preferred configuration is C2PA Content Credentials v2.3 (signed provenance metadata) paired with a SynthID-class invisible watermark (imperceptible perturbation at the model output layer). Perceptual fingerprinting provides a third recovery layer. Here is how each layer works, how they interoperate, and what survives platform round-trips.
Test the kit on a small scale. C2PA manifest only. No watermark.
Get £9 Quick Kit →Full kit: C2PA + invisible watermark + perceptual fingerprint + HMAC attestation. Limited time.
Buy LAUNCH50 — £499 →Full kit + 90-day support + 1 conformity attestation. Ships in 7 days.
Buy — £999 →C2PA + watermark + fingerprint + monthly attestations + new-model support.
Subscribe — £199/mo →Multi-tenant, custom rules, council governance, unlimited attestations.
Talk sales — £1,499/mo →Auditor-ready evidence pack for ISO 42001 / EU AI Act / DORA. CEASAI-aligned.
Buy Audit-Prep — £4,950 →Third-party CEASAI certification. MEOK signs the cert. Auditor verifies.
Buy Watchdog Cert — £4,950 →The Code of Practice mandates at least two layers. Our kit deploys four, in decreasing order of persistence:
C2PA (Coalition for Content Provenance and Authenticity) v2.3 provides cryptographically signed provenance metadata embedded in the file's XMP or container-level box structure. Each output artifact carries a Content Credential manifest that records: issuer identity (your DigiCert C2PA cert), model inference timestamp, model identifier, input prompts / parameters, and a hash of the output payload. The manifest survives round-trip through platforms that honour C2PA (Adobe Content Authenticity, Google's About This Image, Microsoft Content Credentials in M365). C2PA is ISO/IEC 22144 and has been adopted by Adobe, Google, Microsoft, OpenAI, and Leica.
The invisible watermark is a pseudo-random perturbation pattern applied to the generated image at the pixel level during model inference. The pattern is imperceptible to the human eye but detectable by a watermark decoder using the same secret key. The watermark survives non-destructive edits: JPEG recompression (up to Q=75), minor crops (≥70% remaining), screenshot capture, colour space conversion, and resolution downscaling (≥512px shortest side). The watermark is embedded in the model output layer itself — not post-hoc — so it cannot be stripped without destroying the content. Our implementation follows the Google DeepMind SynthID architecture adapted for open-weight models.
For cases where both C2PA metadata and invisible watermark are stripped (e.g., severe recoding, full regeneration, or screenshot-to-text conversion), the perceptual fingerprint database provides a third recovery mechanism. Each generated artifact is hashed using a perceptual hash (pHash or dHash) and stored in your private database indexed by content hash, generation timestamp, and prompt hash. When a suspect artifact is submitted, its perceptual hash is compared against the database. The fingerprint does not prove provenance to third parties but provides internal audit trail continuity.
For every batch of generated content, the system produces an HMAC-signed Article 50 conformity attestation. The attestation certifies that: (a) the output carries at least two active marking layers, (b) the marking layers meet Code of Practice specification, (c) the provider identity is verified by a registered C2PA certificate. The attestation includes a verification URL that the regulator can curl to confirm authenticity without requiring access to your internal systems.
Each media type requires a different marking strategy. Here is how C2PA, invisible watermark, and fingerprinting apply:
All four marking layers + signed conformity attestation. 90-day setup support included.
Buy — £999 →The second draft of the EU Code of Practice on AI-Generated Content (published 3 March 2026) requires at least two active layers of machine-readable marking. The preferred combination is: (1) secure provenance metadata (C2PA Content Credentials v2.3 or equivalent), and (2) an imperceptible watermark embedded at the model output layer. Perceptual fingerprinting is accepted as a fallback when imperceptible watermarking is not technically feasible (e.g., certain text-only deployments). The final Code of Practice (expected June 2026) may harden this requirement.
C2PA uses a W3C Verifiable Credential structure signed with a X.509 certificate issued by a C2PA-registered Certification Authority such as DigiCert. The manifest lives in the file's XMP metadata (images) or ISOBMFF box (video). The signed claim includes the issuer identity (your organisation), the generation timestamp, the model identifier, input parameters, and a cryptographic hash of the output payload. The manifest can be verified by any C2PA-compliant client (Adobe Content Authenticity, Google Chrome, Microsoft Edge) without phoning home. Our kit provisions the DigiCert C2PA cert and integrates the signing pipeline into your model serving infrastructure.
No measurable quality degradation. The SynthID-class watermark operates by perturbing pixel values below the human visual threshold (typically ±1-2 bits per channel in high-entropy regions). In double-blind tests, annotators cannot distinguish watermarked from non-watermarked images above chance. The PSNR delta is <0.3 dB from the original. The watermark is embedded at the model output layer during inference — it is not a post-hoc overlay — so it cannot be removed without fundamentally altering the content.
The C2PA metadata does not survive screenshots (metadata is stripped). The invisible watermark survives screenshots, JPEG recompression, minor crops (≥70% remaining), and resolution downscaling (≥512px shortest side). The perceptual fingerprint survives severe transformations — screen-recording, WhatsApp compress, Twitter re-encode, even print-and-scan — because it operates on content features rather than exact pixels. This is exactly why the three-layer design exists: each layer covers the gaps the others leave.
Text watermarking is an active research area. Two approaches are used: (1) syntactic watermarking — replacing tokens with semantically equivalent alternatives based on a secret random seed (e.g., 'big' → 'large', 'showed' → 'demonstrated') at inference time; (2) logit-based watermarking — biasing the language model's token selection toward a green-listed subset of tokens, producing a detectable statistical signature. Neither is as robust as image watermarking, which is why the Code of Practice accepts deployer disclosure (visible label) for text where technical marking is not feasible. Our kit applies both where available and falls back to deployer disclosure workflow for pure-text pipelines.
Yes, if your team has deep expertise in C2PA certificate provisioning, XMP metadata injection, image perturbation theory, model-inference-layer patching, and perceptual hash engineering across four media types. The C2PA signing pipeline alone requires a DigiCert C2PA-specific certificate (≈£1,200/yr), the C2PA Rust SDK integration, and testing across 20+ platform round-trips. The invisible watermark requires modifying the model's decoder head or VAE decoder. Most teams spend 3-6 months and £30-60K in engineering time. The kit costs £999 and ships in 7 days. At £199/mo for Pro, we maintain the watermarks as models and codecs evolve.
We track every draft revision of the Code of Practice. If the final version (expected June 2026) alters specifications, the kit is updated at no additional cost to Pro and Enterprise subscribers (one-time buyers receive one major update within 90 days). Changes are likely to include: stricter minimum-resilience thresholds for watermarks, new media-type-specific marking requirements, and standardised attestation formats. The current architecture was built with the draft requirements in mind and has headroom for most expected final additions.
Learn more about the obligations: Article 50 Transparency · Code of Practice 2nd Draft analysis · Article 50 Kit · EU Code of Practice.
Need more than the kit? See the £4,950 Audit-Prep Bundle (kit + 2-day engagement + 90-day support). Refund policy: 14-day pre-deployment.
MEOK AI Labs · CSOAI LTD · UK Companies House 16939677