For AI compliance teams
EU AI Act Article 50 transparency obligations enter substantive application August 2, 2026. China's AIGC measures are in force. ~12 US states have AI labeling laws passed or pending. The common requirement: AI-generated content must be detectable and attributable. The common gap today: there's no standard infrastructure to produce auditable evidence at scale.
AgentPKI Provenance is the cryptographic attribution layer. Every piece of AI-generated content is signed by the agent that produced it; verifiers, auditors, and regulators get machine-checkable evidence. Same protocol works for EU, China, and US regimes simultaneously.
We're not regulatory experts (talk to your counsel for definitive guidance). But the structural fit between the protocol and the disclosure regime is well-defined.
EU AI Act Article 50 §1–4
Providers and deployers must ensure AI-generated content is machine-readable as such. Detectable by automated means. Enforcement begins Aug 2, 2026.
AgentPKI Provenance v0.1
Every AI-generated content piece carries a cryptographic agentpki.declaration assertion. Machine-readable, automated detection. Published spec, open verifier — auditors can validate without your software.
EU AI Act Article 50 §2(a)–(c)
Specific obligations for synthetic image/audio/video and text materially containing public-interest topics. Marking must survive standard transformations where possible.
C2PA-compatible signing
AgentPKI Provenance is a C2PA assertion (Adobe/Microsoft/BBC standard). Survives standard transformations in C2PA-aware tooling. Both sidecar (.c2pa.json) and HTTP header (Content-Provenance) delivery.
China AIGC Measures (Aug 2023, force)
Generative AI services must label outputs and maintain logs of generation. State Cyberspace Administration audits possible.
Hash-chained audit log
Every signed piece of content is recorded in a tamper-evident hash-chained ledger. Logs are queryable by (agent_id, time range, content_type). Witnesses can mirror and verify chain integrity (RFC 6962-inspired).
US state AI labeling laws (CA, NY, IL, TX, FL, & expanding)
Varying requirements — most converge on "AI-generated content must be disclosed to consumers at point of consumption."
Same protocol, no second integration
One signing implementation satisfies multiple regimes. Verifier emits the disclosure proof on demand. No state-by-state compliance fork.
Disclaimer: this is technical architecture mapping, not legal advice. Your counsel must validate whether the protocol meets your specific obligations in your specific jurisdictions.
Where does your organization produce AI-generated content? Customer support copilots, marketing copy generators, code-gen tools, public chatbot outputs. Each becomes an "agent" with a passport.
Add the AgentPKI Provenance SDK call to each surface. One line per generation. The manifest gets attached as a sidecar, inline comment, or HTTP header — whatever your delivery model supports.
Auditor or regulator asks "show me your AI outputs from Q2 2026." You query the audit log; it returns hash-chained, signed evidence. Single source, multi-jurisdiction.
