Blog
Provenance, C2PA, and verifiable content
Field notes from Folsom Holdings, LLC on content provenance, the C2PA standard, AI-content disclosure under the EU AI Act, and how to keep authenticity attached to content after it leaves the CMS.
Category
Headless CMS + Content Provenance: The Missing Layer
Headless CMS made content portable; provenance made it verifiable — but the two rarely meet. What a headless CMS with built-in content provenance looks like.
Jun 19, 2026 · 8 min read
Compliance
EU AI Act Article 50: Labeling AI-Generated Content
From 2 August 2026, EU AI Act Article 50 requires machine-readable marking of AI-generated content. What it requires, who it covers, and how provenance helps.
Jun 18, 2026 · 9 min read
Deep dive
Why Content Credentials Get Stripped (and the Fix)
Why embedded C2PA manifests get stripped, how soft bindings help, and how controlled APIs keep the canonical signed record available.
Jun 17, 2026 · 8 min read
Standards
C2PA Explained for Developers
A developer's guide to C2PA: manifests, claims, assertions, hard vs soft bindings, verification, and how to produce and validate Content Credentials.
Jun 16, 2026 · 8 min read
Engineering
Cryptographic Content Signing with Ed25519
How cryptographic content signing works: Ed25519, content binding, canonicalization, and verifying against an independently resolved public key.
Jun 13, 2026 · 8 min read
Provenance 101
What Is Content Provenance? A 2026 Guide
Content provenance is verifiable, tamper-evident information about where digital content came from. What it means, why it matters in 2026, and how it works.
Jun 12, 2026 · 7 min read