The C2PA standard is moving from specification documents into actual hardware. Cameras, smartphones, and camcorders are beginning to ship with the ability to sign images at the moment of capture, creating a cryptographic record of provenance that starts at the sensor. For photographers and organizations building authenticity workflows, knowing which devices support this feature matters. It also matters to understand what camera-level signing does and does not accomplish.
This guide covers every device currently shipping with C2PA support, what that support entails, and how it fits into a broader verification workflow. We update this page as new devices and firmware releases are announced.
What Camera-Level C2PA Actually Does
When a camera with C2PA support captures an image, it generates a manifest and embeds it in the file before the image ever leaves the device. This manifest typically includes the identity of the signing device (a certificate tied to the camera's hardware), a timestamp of when the capture occurred, and basic metadata about the capture conditions.
The manifest is cryptographically signed, meaning any subsequent modification to the file (cropping, color correction, re-saving) will break the signature unless the editing software is itself C2PA-aware and adds its own manifest entry to the chain. Software like Adobe Photoshop and Lightroom can read and extend C2PA chains, recording what changes were made and by which tool.
The practical result is that someone receiving a C2PA-signed image can verify that it came from a specific device at a specific time. If the chain is intact, they can also see what edits were applied downstream.
Leica
Leica was the first camera manufacturer to ship C2PA support in a production model.
The Leica M11-P, released in late 2023, was the first camera in the world to embed C2PA content credentials at capture. It signs every image with a manifest tied to Leica's certificate authority, recording the camera serial number, capture timestamp, and lens information. The feature is enabled by default and requires no additional configuration.
The Leica SL3-S, released in January 2025, followed, extending C2PA support to Leica's mirrorless system camera line. Notably, the earlier Leica SL3 does not support C2PA because it lacks the dedicated hardware encryption chip required for on-device signing. The SL3-S was designed from the ground up with this capability.
For the M11-P, C2PA signing is enabled by default. For the SL3-S, content credentials can be activated in the camera settings.
Nikon
Nikon has taken a more cautious approach, working with wire services and news agencies to validate C2PA in editorial workflows before broader deployment.
In February 2025, Nikon and AFP completed a certification test using a prototype Nikon camera, validating the technical feasibility of C2PA-signed images flowing through a wire service's editorial pipeline. The test demonstrated that C2PA credentials could survive the editorial process from capture to publication when all tools in the chain support the standard.
The Nikon Z6III includes C2PA support via firmware, following Nikon's pattern of delivering provenance features through software updates. The Nikon Z8 and Z9 are expected to receive C2PA-capable firmware updates, though specific release dates have not been confirmed as of this writing.
Nikon's implementation focuses on the professional news photography market. The integration with AFP signals that Nikon sees wire services and news agencies as the primary initial use case, with broader deployment likely to follow as the ecosystem matures.
Sony
Sony has pursued C2PA across both its still photography and video product lines.
Sony has pursued C2PA across both its still photography and professional video product lines. The PXW-Z300 camcorder was the first video camera in the world to support C2PA content credentials, launching Sony's "camera authenticity solution" for broadcast and documentary workflows.
Sony initially shipped C2PA support on five cameras: the Alpha 1 II, Alpha 9 III, FX3, FX30, and the PXW-Z300. Four additional models received support through firmware updates: the Alpha 7R V, Alpha 7 IV, Alpha 1, and Alpha 7S III. This brings the total to nine cameras spanning Sony's professional video and hybrid mirrorless lines.
Sony's broad rollout reflects its position as a supplier to both broadcast news (where video provenance matters) and photojournalism and hybrid shooting (where still image authenticity is the priority).
Canon
Canon joined the Content Authenticity Initiative and has shipped C2PA support on several professional bodies. In July 2025, Canon released firmware updates bringing content credentials to the EOS R1 and EOS R5 Mark II. Additional models, including the EOS R5 C, EOS C70, EOS R3, and EOS R6 Mark II, have also received or are receiving C2PA-capable firmware.
Canon's rollout has focused on its professional and advanced amateur bodies first, with broader consumer adoption expected to follow as the editorial and agency workflows these cameras serve increasingly adopt C2PA across the full chain.
Google Pixel
Google brought C2PA to smartphones with the Pixel 10 series, launched in August 2025. Google detailed the C2PA implementation in a September 2025 security blog post. The Pixel 10 uses the Tensor G5 chip and Titan M2 security module to achieve hardware-backed signing at C2PA Assurance Level 2 (the highest defined level), making it the first smartphone to ship hardware-level content credentials for all captured photos.
Samsung's Galaxy S25 series, announced in January 2025, had earlier introduced C2PA support on Android, but Samsung's implementation applies content credentials only to AI-edited images rather than to all captures, and operates at the software level without dedicated hardware signing.
When a Pixel 10 user takes a photo, the device embeds a C2PA manifest signed using Google's hardware-backed certificate authority, recording the device identity and capture timestamp. Google has also integrated C2PA reading into its broader ecosystem: Google Images, Google Lens, and Circle to Search can now display "About this image" information sourced from C2PA manifests.
The Pixel implementation is significant because it extends hardware-level C2PA beyond professional photography equipment and into the device category that captures the majority of the world's photographs. It also means that Google's search infrastructure can surface provenance information to billions of users, creating demand-side awareness of content credentials.
What Camera-Level C2PA Does Not Do
Camera-level signing is a significant step forward, but it is important to understand its boundaries.
A camera-level C2PA manifest proves that a specific device captured an image at a specific time. It does not prove that the content of the image has not been manipulated after capture. If a photographer exports the RAW file, edits it in non-C2PA-aware software, and exports a JPEG, the camera's original C2PA signature applies to the RAW file, not to the edited JPEG. The chain of custody is broken at the point where a non-compliant tool touches the file.
Camera-level signing also does not verify that the scene being photographed is itself authentic. A C2PA-signed photo of a printed image, a screen, or a staged scene carries valid credentials that accurately record the capture event, but say nothing about whether the subject matter is genuine. Recapture attacks, where someone photographs a manipulated image displayed on a screen, produce files with legitimate camera signatures.
These limitations are not flaws in the C2PA standard. The standard is designed to record claims about provenance, not to validate the semantic truth of content. That distinction matters when building workflows where authenticity, not just provenance, is the requirement.
The Role of Post-Capture Verification
For workflows that require both provenance and content verification, camera-level C2PA is best understood as one layer in a broader system.
Lumethic's verification adds the analytical layer that camera signing alone does not provide. When a photographer submits both a JPEG and its original RAW file, Lumethic runs eight independent forensic checks: sensor authenticity, EXIF consistency, structural similarity, perceptual hashing, histogram analysis, face detection, RAW integrity, and recapture detection. These checks verify that the JPEG is a legitimate derivative of the camera RAW, that no synthetic content has been introduced, and that the image was not recaptured from a screen or print.
If the image already carries a camera-level C2PA manifest, Lumethic preserves it as an ingredient in its own C2PA signing, maintaining the full chain of custody. The result is an image with both hardware-level provenance (from the camera) and analytical verification (from Lumethic). For contexts like photojournalism, legal evidence, and insurance documentation, this combination provides the strongest available assurance of authenticity.
For photographers whose cameras do not yet support C2PA, Lumethic provides the same verification and signing workflow independently. You do not need a C2PA-enabled camera to benefit from forensic verification and content credentials. Any camera that shoots RAW is compatible with Lumethic's verification process.
Frequently Asked Questions
Do I need to buy a new camera to use content credentials? No. Lumethic can verify and sign images from any camera that shoots RAW. Camera-level C2PA support adds an additional layer of provenance at capture, but it is not a prerequisite for creating content credentials on your images.
Which cameras have C2PA enabled by default? Leica's M11-P has C2PA enabled by default. The Leica SL3-S supports C2PA but may require activation in settings. Other manufacturers generally require firmware updates or manual activation. The earlier Leica SL3 does not support C2PA.
Will more cameras support C2PA in the future? The trend is clearly in that direction. The Content Authenticity Initiative now has over 6,000 members, and all major camera manufacturers have either shipped C2PA features or announced plans to do so. As the software ecosystem (editors, CMSes, social platforms) adds C2PA support, the incentive for camera manufacturers to embed signing at capture grows.
Does C2PA survive editing in Lightroom or Photoshop? Yes. Adobe's Creative Cloud applications are C2PA-aware and will extend the manifest chain, recording what edits were applied and by which tool. The Lumethic Lightroom plugin adds forensic verification to this workflow, creating a verified and signed image during your normal Lightroom export.
What about video? Sony's PXW-Z300 was the first video camera to support C2PA, and eight additional Sony cameras (spanning both video and hybrid mirrorless bodies) have since received support. Video provenance is a newer area, but the same principles apply: the camera signs the file at capture, and downstream tools must be C2PA-aware to maintain the chain.
Related Articles
- What is C2PA? Understanding the Content Authenticity Standard
- Verify, Then Sign: A High-Trust Approach to C2PA Implementation
- Photo Verification in Adobe Lightroom: Plugin Guide
This page was last updated on March 1, 2026. If you know of a device we've missed, let us know.