OpenAI signed onto the European Commission's new Code of Practice on transparency of AI-generated content. The commitment is real, but the technical methods behind it, C2PA metadata and SynthID watermarks, break in ordinary use. Here is what actually changes and what does not.
On June 11, 2026, OpenAI announced its support for the European Commission's Code of Practice on Transparency of AI-Generated Content. The Code is one of the implementing instruments for the EU AI Act, and OpenAI's signature follows its 2025 move to become the first US company to sign the EU's General-Purpose AI Code of Practice. The announcement is mostly a policy statement, but buried inside it is a refreshingly honest admission: the technology meant to make AI content traceable does not yet work reliably, and OpenAI says so directly.
What's claimed
The headline is straightforward. OpenAI is endorsing a voluntary Code that sits underneath the AI Act's transparency obligations. The company frames this as the continuation of provenance work it started in 2024, when it began attaching C2PA metadata to images from DALL-E 3. Since then it has joined the C2PA Steering Committee, added watermarking to generated images, and shipped a public verification page at openai.com/verify where you can check whether a supported image carries OpenAI provenance signals.
The stated goal is an ecosystem where people can understand where a piece of content came from, how it was created or edited, and whether it is what it claims to be. Provenance, in OpenAI's framing, also serves a defensive purpose: making it easier to detect coordinated disinformation and support election integrity.
What's actually new
Not much in the engineering, and the announcement does not pretend otherwise. The substantive part is the regulatory commitment. Endorsing the Code means OpenAI is signaling it will comply with the AI Act's content-marking requirements as they apply to its products, and that it will keep contributing to the standards bodies defining how those marks work.
The technical picture OpenAI describes is a layered one rather than a single mechanism. Images generated through ChatGPT, Codex, and the OpenAI API carry two distinct signals: C2PA metadata and a SynthID watermark. These solve different problems. C2PA metadata is a cryptographically signed manifest that can carry rich information about a file's origin and edit history, including who signed the claim. SynthID embeds a statistical pattern into the pixels themselves, which is meant to survive operations that strip metadata.
That dual approach matters because of how each method fails. Metadata travels alongside the file, not inside the image content, so it is easy to lose. The SynthID watermark lives in the pixel data, so it can survive a screenshot or a re-upload that wipes the metadata clean. Neither is sufficient alone, which is the entire reason for stacking them.
How the pieces actually work
C2PA, the Coalition for Content Provenance and Authenticity, is the standard doing most of the heavy lifting here. It is a cross-industry effort that includes camera manufacturers, news organizations, software vendors, and AI providers. The idea is that a content credential is a signed assertion attached to a file. When DALL-E 3 or the image model in ChatGPT produces a picture, it writes a manifest saying this was AI-generated, by this tool, signed with this key. A verifier can then check the signature against the issuer.
The weakness is structural, not a bug. Metadata is a sidecar. Upload an image to most social platforms and the metadata is stripped during re-encoding. Take a screenshot and you have a brand new file with no manifest at all. Resize it, convert PNG to JPEG, or run it through any transformation pipeline, and the credential can break or vanish. OpenAI lists exactly these failure modes in its own post: metadata can be stripped, lost through uploads and downloads, or broken by format changes, resizing, or screenshots.
Watermarking is the answer to that fragility, and it has its own limits. A statistical watermark embedded in pixels degrades as the image is compressed, cropped, or filtered. Heavy editing or adversarial manipulation can weaken the signal below the detection threshold. So the honest summary is that you have two leaky buckets, and the bet is that water rarely leaks out of both at the same moment.
Limitations the announcement names out loud
What is genuinely worth reading in OpenAI's post is the candor. The company calls provenance a nascent field, says signals can be lost as content moves online, and notes that labels only help where people actually encounter the content. That last point is the one most often glossed over in marketing copy. A perfect, unbreakable provenance signal does nothing if the surface where a user sees the image does not read and display it. Provenance is a chain that runs from generation through every platform, app, and device in between, and it is only as strong as the least cooperative link.
There are gaps the Code cannot close on its own. Text is the obvious one. The marking story is built around images, and watermarking generated text remains far less reliable than watermarking pixels, because text has much lower entropy to hide a signal in and paraphrasing destroys it. Open-weight models are another. Anyone running a local image model with the safety and provenance layers removed produces content with no credential at all, and no voluntary Code reaches them.
There is also the verification asymmetry. A tool like openai.com/verify can confirm that an image carries an OpenAI signal. It cannot prove a negative. An image with no detectable credential might be human-made, might be from a model that does not mark its output, or might be a marked image that lost its signal in transit. Absence of a watermark is not evidence of authenticity, and treating it that way would be its own failure mode.
Why it still matters
None of this makes the effort pointless. Imperfect provenance raises the cost and friction of passing off synthetic media as real, particularly for the high-volume, low-effort disinformation that depends on cheap reuse. A signal that survives 80 percent of the time still meaningfully changes the economics for a bad actor who needs to move fast and at scale. And interoperable standards are the only version of this that can work, because a provenance scheme proprietary to one vendor is useless the moment content crosses to another platform.
The regulatory angle is the part that gives the technical work teeth. Voluntary watermarking has existed for two years and has not produced an ecosystem where platforms reliably read and surface the signals. The AI Act and its Codes of Practice are an attempt to make the downstream reading of provenance a shared obligation rather than a courtesy, which is the only way the chain holds together.
The useful framing for practitioners is to treat content credentials the way you treat any signed claim in a distributed system. They are a verifiable assertion when present and intact, not a guarantee, and not a substitute for the policy, classifier, and enforcement layers OpenAI lists alongside them. The Code points in a sensible direction. Whether it produces transparency in practice depends entirely on whether the rest of the value chain, the platforms and devices where people actually look at content, decides to read what the generators are writing.
For the underlying standards, the C2PA specification and Google DeepMind's SynthID documentation are the primary technical references. The EU's own AI Act transparency provisions spell out the obligations the Code is meant to implement.
Comments
Please log in or register to join the discussion