Watermarks are no longer just logos on press photos

In 2026, image-provenance techniques are a response to three parallel developments: the ubiquity of AI-generated images, the EU AI Act with its labeling obligation (see our image rights post), and the cross-industry C2PA standard for cryptographic proof of origin. Three technically different layers complement each other:

Layer 1 — visible watermarks

The classic: brand name, domain, or copyright notice laid visibly into the image. Function: deterrent, not cryptographically provable. Removing the watermark is a clear copyright infringement — which makes it an evidentiary aid.

Practical recommendations:

  • Position: for press photos central (crop-resistant), for brand marketing lower-right (discreet).
  • Opacity: 30–50% for press photos, 60–80% for stock previews.
  • Size: 5–8% of the image height.
  • Font: sans-serif for legibility, on both light and dark images (often with an outline).

Browser-local creation with our watermark tool — no upload, no server processing.

Layer 2 — invisible watermarks (steganography)

Steganography hides information in the image without affecting visual perception. Technical approaches in 2026:

  • LSB (Least Significant Bit): classic, manipulates the lowest bits of the pixel data. Very fragile — even a JPG re-compression destroys the content.
  • DCT-based: hides information in the frequency coefficients of JPEG compression. Survives JPG re-encoding, fails on crop and resize.
  • Wavelet-based (Imatag, Digimarc): more robust against editing, commercial solutions.
  • AI-trained watermarking (Google SynthID, Meta Stable Signature): neural networks embed information so it survives even generative-model re-synthesis. The state of the art in 2026.

Google SynthID

Presented by Google DeepMind in August 2023, standard in Imagen 3 and Veo models since 2024. Pixel changes invisible to the human eye but reliably identified by a detection model — even after JPG compression, resize, a light crop. Available as an open-source variant for third-party developers since 2025.

Meta Stable Signature

Built into Stable Diffusion models in 2024. A similar approach to SynthID, but less robust against aggressive compression.

300 × 250 — Rectangle
Cookie-Banner ausstehend

Layer 3 — C2PA Content Credentials

C2PA (Coalition for Content Provenance and Authenticity) has been an industry consortium since 2021 with Adobe, Microsoft, BBC, Intel, Sony, Truepic. Specification 1.4 (2025) is the current state.

How it works: each image is given a cryptographically signed manifest that documents the provenance — who made the image (or with which AI model), what edits were made, from which software. The manifest is embedded in the image (an XMP block, sometimes a sidecar file) and signed with a publicly verifiable certificate.

Hardware implementations 2026: Leica M11-P (since 2023), Sony Alpha 1 II (since 2024), Nikon Z9 (firmware update 2024). These cameras sign images directly in the body — inextricably bound to the hardware identity.

Software implementations: Adobe Photoshop (Content Credentials, since 2023), Lightroom Classic, Microsoft Designer, OpenAI DALL-E 3 (since September 2024), Midjourney v6 (since October 2024).

What the three layers protect — and what not

An honest overview:

  • Visible watermark: protects against unauthorized re-sharing (recognizable), but can be removed with image editing. Also easily attacked by cropping.
  • Invisible watermark (classic): reliably recognizes the original source, fails on aggressive re-encoding or editing.
  • SynthID/Stable Signature: robust against most typical image edits. Weak against targeted adversarial attacks.
  • C2PA: proves origin cryptographically. But: if someone re-encodes the image without keeping the C2PA manifest, the provenance is gone. So it's evidentiary, not enforcing.

Use cases 2026

Press photography

Reuters, AP, and AFP have used the hardware C2PA pipeline since 2024. Press photos are delivered to the editorial desk with cryptographic provenance data. Publishers show the C2PA badge on publication — they can inform readers about the provenance path.

Stock photography

Adobe Stock and Shutterstock have integrated C2PA since 2024. In license disputes the manifest documents the creator. On delivery to end customers, the manifest details are often anonymized for privacy reasons.

AI-generated images

OpenAI DALL-E, Midjourney, Adobe Firefly, and Google Imagen all mark their outputs with a C2PA manifest plus an invisible watermark. The EU AI Act has required this since 2024. Anyone distributing AI images without this labeling risks sanctions from 2026.

Photojournalism and whistleblowers

C2PA has two sides: for press photos it's an evidentiary tool, for whistleblowers a risk, because the manifest often reveals the hardware identity. Tools like Project Origin (BBC, Microsoft) optionally offer anonymized signatures.

300 × 250 — Rectangle
Cookie-Banner ausstehend

Implementation in your own workflow

  1. Visible watermark with our watermark tool or a Photoshop action.
  2. Maintain IPTC copyright so Schema.org and Google image search show the creator. More in our image SEO post.
  3. Embed a C2PA manifest via Adobe Photoshop CC 2024+, Lightroom Classic, or the open c2patool (CLI).
  4. For AI-generated images: keep the provenance labeling of the generating platform (don't delete it!).

Showing it on the website

C2PA manifest display works in any browser via the JavaScript library @contentauth/content-cards or dedicated web components:

<cai-icon image-url="/photo.jpg"></cai-icon>
<script src="https://cdn.contentauth.com/cai-icon.js"></script>

On hover a provenance panel appears: the capture camera, software edits, the AI model if relevant.

Limits and an honest assessment

No watermark technique is 100% uncrackable. A motivated attacker with current technology can remove any known watermark layer — the question is always effort vs. value. For most use cases the combination of a visible watermark + IPTC copyright + C2PA manifest is deterrent enough. For high-security applications (press evidence, evidence in court) a forensic pipeline must be set up that includes hash chains and independent certificate authorities.

300 × 250 — Rectangle
Cookie-Banner ausstehend

Sources

C2PA — Specifications · Content Credentials · Google DeepMind — SynthID · Meta — Stable Signature · c2patool — Open Source · Leica M11-P — C2PA camera · Project Origin · Wikipedia — Steganography.