Verifying photos for EU content rules
European law is moving toward requiring AI-generated images to be labelled, but it does not yet provide a standard way to show that a photograph is a real camera capture. Lumethic compares a photo against its original RAW file and issues a C2PA credential that records what was checked, so you can show an image is genuine when a regulation or a client asks for proof.
The first mile
What a C2PA signature does and does not prove
A C2PA credential shows that a file has not changed since it was signed. It does not show that the original image was a real photograph rather than a generated one. A tool that signs whatever it receives will sign a synthetic image as readily as a real one.
Lumethic runs its forensic checks before signing. It compares the exported photo against the RAW file the camera recorded, and only then writes a C2PA credential describing the result. The credential therefore reflects an image that has been checked against its source rather than one that was trusted on submission.
Regulatory background
How this relates to current EU law
Several pieces of EU legislation are increasing the need for verifiable image provenance. Each summary below links to a fuller explanation.
EU AI Act, Article 50
Providers must label AI-generated images in a machine-readable way. The rules cover marking synthetic content but do not set out how to confirm that content is a real human capture. A verified C2PA credential gives editors a way to document that an image is genuine.
Read about the AI ActEcodesign for Sustainable Products Regulation
Products such as textiles, furniture, and tyres will carry a Digital Product Passport, and marketplaces have to verify the compliance evidence sellers provide. Lumethic can check that photos of certificates, labels, and batch numbers are genuine before they are attached to a passport.
Read about ESPR and product passportsDigital Services Act
Large platforms are responsible for limiting systemic risks such as disinformation while avoiding the removal of legitimate content. Machine-readable provenance gives moderation systems a way to tell verified reporting from fabricated images.
Read about platform obligationsEuropean Media Freedom Act
Platforms may not arbitrarily remove content from recognised media, which creates a risk of impersonation. A verification credential turns that legal status into a signal a platform can check.
Read about editorial verificationCopyright and AI training opt-outs
A 2025 ruling in the Kneschke v. LAION case found that a text-only reservation is not enough to opt out of text and data mining, and that the opt-out has to be machine-readable. Lumethic can embed a machine-readable opt-out in the image credential.
Read about TDM opt-outsWhere this is used
Common compliance use cases
The same verification works across several settings where an organisation has to show that an image is genuine.
Supply chains and product passports
Manufacturers and marketplaces can authenticate photos of certificates and product markings at volume before they are recorded against a Digital Product Passport.
ESPR and visual documentationInsurance and legal evidence
Claims handlers and legal teams can establish that a photograph records a real scene and was not edited or rephotographed from a screen, which matters when an image is used as evidence.
Insurance photo verificationNewsrooms and agencies
Editors can ask contributors to submit a verification alongside their files, which gives a record of where an image came from before it is published.
Editorial verificationPhotographers and rights holders
Photographers can attach a machine-readable opt-out to their work so that automated crawlers can read their preferences about text and data mining.
Prove authorship and opt outAt volume
Verifying images at scale
If you need to check many images automatically, the REST API and the MCP server run the same verification programmatically, which suits product and compliance photos that are processed in large numbers. For individual photos, you can verify a RAW and JPEG pair directly in the browser.
Verify your first photo
You can run a verification in the browser without an account. Upload a RAW file and its JPEG export, and you will receive a report and a C2PA credential that records the result.