Contact us
Contact us
Menu
Close
Contact us
Menu
Close
Industries
Video games
Securing video games against leaks, piracy and cheating
Pre-release game protection
Gaming-grade anti-leak solutions
Game piracy protection
E2E anti-piracy for games and beyond
Game cheat prevention
Advanced anti-cheat solutions
video
Video entertainment
Solutions for streaming, broadcast and hybrid
Irdeto Experience
Video streaming aggregation platform
Anti-piracy and cybersecurity
E2E security for digital platforms against pirates
Content protection
Best in class security across broadcast and OTT
Broadband security
CPE security lifecycle management
Managed services and solutions
Streamline operations across new and legacy platforms
Primary
Smart mobility
Enabling scalable operations across fleets, automotive OEMs and EVs
Digital keys for fleets
Scalable and secure digital fleet access
EV charging
Future-ready, open, seamless and secure
Knowledge base
Blog
Keep up with the latest cybersecurity insights
Resources
Level up your cybersecurity knowledge with us
About us
about us
About us
Get to know our people, values and commitments
Diversity and inclusion
Diversity, equity, inclusion and belonging priorities
Sustainability
Sustainable commitments, progress and achievements
Careers
Secure your future career at Irdeto
news
News
Follow our most recent activities
Irdeto and Ateme integrate TraceMark™
The integration simplifies watermark enablement
Irdeto and ContentWise join forces
AI-powered, user-centric entertainment solution
Irdeto expands portfolio
High-Frequency Key Cycling
events
Events
Meet up and speak with our cybersecurity professionals
AMER
Connect with our experts across North and South America
EMEA
Join us throughout Europe, the Middle East, and Africa
APAC
Engage with our teams in Asia-Pacific
partners
Partners
Better together at Irdeto
Support
Contact us
Menu
Close
Video Entertainment
4 min
January 09, 2026

Extending trust into live video with C2PA

When we published our first blog on C2PA in May 2025, the focus was clear: restoring trust in a digital world increasingly shaped by AI-generated and manipulated content. Since then, momentum behind content provenance has continued to grow across the industry. With the release of the Pixel 10, Google has enabled millions of consumers to enrich their photos with provenance information. Similarly, at IBC 2025, Sony launched the first professional C2PA-enabled video camera for journalism.

Now, with version 2.3 of the specification, C2PA takes an important step forward by defining a protocol to sign live and broadcast media, a long-awaited capability.

Before exploring why this matters, it is worth briefly revisiting what C2PA is and why it exists. For a deeper overview, our earlier post How C2PA is bringing authenticity back to the Internet explores this in more detail.

Understanding Content Credentials in context

Content Credentials are the standardized, user-facing expression of C2PA provenance and are already adopted across parts of the digital content ecosystem, including cameras, editing tools and AI systems. They allow digital media to carry verifiable information about how it was created and whether it has been altered, helping viewers understand the context behind what they see. Identity extensions, defined by the Creator Assertions Working Group (CAWG), can also indicate the individual or organization a piece of content originates from.

irdeto-blog-extending-trust-with-c2pa-content-credentials-logo

Rather than labeling content as real or fake, Content Credentials provide transparency through cryptographically protected metadata. To date, most implementations have focused on static media, such as photos and video-on-demand assets, while applying the same approach to live content has remained a far more complex challenge.

Why live media raises the stakes for authenticity

Live media sits at the center of today’s video ecosystem, from breaking news and live sports to linear TV and large-scale streaming events. Its real-time nature makes it highly influential, but also more exposed to risk.

Those same characteristics make live media particularly vulnerable:

  • News, where manipulated or spoofed live feeds can rapidly spread misinformation.
  • Live sports, where unofficial or misattributed streams can undermine trust and rights value.
  • Pay TV operators, telcos and streaming platforms, where brand integrity depends on audiences trusting the source of live content.

Until recently, there was no standardized way to apply content provenance to live broadcasts without disrupting real-time workflows. C2PA specification version 2.3 closes this gap by enabling provenance to be asserted and validated as content flows through the video pipeline, supporting trust without interrupting delivery.

Bringing provenance into live and broadcast media

The bump to the minor version of the C2PA specification, from 2.2 to 2.3, may suggest only a small adjustment. For the video ecosystem, however, the latest version introduces a major capability: support for live streaming, particularly for media distributed using widely adopted technologies such as DASH and HLS.

Until now, provenance information could only be added to monolithic, static assets such as pre-recorded content and video-on-demand (VOD). In these cases, a cryptographic construction known as a Merkle tree provides strong assurance of media integrity without introducing delays when playback starts or when seeking backward and forward.

irdeto-blog-extending-trust-with-c2pa-diagram-1 Binding of C2PA provenance to a static ISO BMFF asset

However, the originator of the media can create the Merkle tree only once the full asset is known, from the first to the last byte. This is not possible when streaming content in real time. One cannot anticipate what will be said next in a live interview, nor predict when an opportunity to insert an advertisement may arise. In other scenarios, such as video captured by a security camera, future events are inherently unknown.

What’s the bandwidth for provenance?

Bandwidth constraints further complicate the challenge. Modern streaming architectures such as DASH and HLS are designed to adapt video quality dynamically based on available bandwidth, while increasingly efficient codecs continue to be deployed. Provenance information must not undermine these optimizations by introducing excessive metadata or, more critically, by forcing clients to switch to lower-quality representations.

C2PA addresses this challenge by weaving provenance information directly into modern video delivery, at the level of CMAF segments, typically representing one to ten seconds of video. Each segment is cryptographically hashed and signed independently, allowing players to detect any manipulation in the sequence of segments that make up a media track.

C2PA-blog-diagram-2 Binding of C2PA provenance to a CMAF live stream

In the most bandwidth-efficient approach, the Verifiable Segment Info method, C2PA provenance information is carried in the initialization segment for each track, as is done for VOD. Each live segment then includes a small, standardized Event Message Box (emsg), defined for C2PA, which contains the segment’s signature and its position within the track. A new class of asymmetric intermediate keys, referred to as session keys, is used to generate these signatures. These keys can be rotated frequently and diversified across different media tracks.

Alternatively, the originator may include the full C2PA provenance information in every segment. This approach is intended for scenarios where bandwidth is not a limiting factor.

Provenance in real-world streaming environments

Crucially, addressing bandwidth constraints is only part of the challenge. For provenance to work in live media, it must also integrate smoothly into the streaming architectures already used at scale across the industry.

In practice, the C2PA approach aligns well with existing streaming environments:

  • No changes required to HLS M3U8 or DASH MPD manifests; works track by track using standard CMAF.
  • No changes to codecs.
  • Compatible with DRM, where used.
  • Works seamlessly with CDNs, with provenance carried in-band, although it can be hosted externally in certain cases.
  • Ignored safely by non-C2PA-aware players.
  • Supports normal seeking and representation switching while preserving per-segment verification.

Taken together, this gives broadcasters, pay TV operators and streaming platforms a low-risk way to begin introducing C2PA into live workflows. As C2PA-aware players and platforms emerge, provenance can increasingly be verified and surfaced to audiences through Content Credentials.

For media brands navigating this shift, there is value in exploring how content provenance can be applied in practice to live and broadcast environments. We invite you to continue the conversation with Irdeto’s experts about what this evolution could mean for your business.