Thought Leadership

AI images that prove what they are

From August 2026, EU rules require AI-generated images to carry a machine-readable label. Here's the Content Credentials layer we built and proved before the AI photography feature that will need it, and why that feature cannot run without it.

Omniops TeamEngineering12 July 20265 min read

Shoppers have started asking a question that did not exist five years ago: "is that photo real?"

It is a fair question. AI-generated product imagery is everywhere now, and most of it carries no answer at all. The picture looks like a photograph, sits where a photograph would sit, and says nothing about where it came from. Every time a customer spots the difference on their own, a little trust leaks out of the page.

We think the answer should live inside the image itself. Not in a caption someone might delete, not in a policy page nobody reads. In the file.

The rule that arrives in August

From 2 August 2026, the EU AI Act's transparency rules apply to AI-generated content. In plain terms: if an image was made or meaningfully altered by AI, that fact must be marked in a machine-readable way, and realistic images of people get the strictest treatment. If you sell into the EU, this applies to your product pages whether or not your business is based there. We wrote a fuller guide to the Act for shop owners in our EU AI Act guide.

Most companies will treat this as a compliance chore and bolt something on in July. We took it as a design brief.

The certificate inside the picture

The standard we adopted is called Content Credentials, built on C2PA, the open provenance standard developed by Adobe, Google, Microsoft, and the camera manufacturers. It works like a wax seal on an envelope, pressed into the image file itself.

The seal records what made the image, when, and that it is AI-generated. It is invisible in the picture and adds around 13KB to the file. Crucially, it is cryptographically bound to the exact pixels it was issued for. Edit the image and present it with the old seal, and the seal visibly breaks when checked.

We did not take that on faith. When we built our signing pipeline, we tested it by cheating: we signed an image, changed a single byte, and read the file back. The verification flagged the tamper immediately. And because a seal only vouches for the exact bytes it was issued for, we designed the pipeline to sign the final stored file, after our image conversion has already run, so the certificate matches the file exactly as it will be served.

Anyone can check a credentialed file using free public tools such as the Content Credentials verifier. No account, no Omniops involvement. That is the point: the proof belongs to the file, not to us.

The part we are most proud of

Here is the design decision that matters more than the technology.

Omniops Studio is growing from product and scene imagery into full creative work, including AI-generated fashion models for shoots. Before building that feature, we wired in a hard rule: it refuses to run unless the certification layer is switched on.

That is not a policy document or a setting someone could forget. It is code, already merged and tested ahead of the feature it protects, and it fails closed. If the signing machinery is missing or misconfigured, the generation simply does not start.

We built the lock before the door.

What is true today

We hold ourselves to saying only what we can show, so here is the current state, plainly:

  • Live now: every image generated in Omniops Studio carries a visible "AI-generated" label, and we store a provenance record alongside it recording the tool, the model, and when it was made.
  • Built and proven in testing: the cryptographic Content Credentials pipeline, including tamper detection on read-back, in a standalone test rig. It is not yet signing production images, because the feature that needs it has not shipped.
  • Coming: AI model photography for fashion brands. When it ships, cryptographic signing is on from the first image, because the feature cannot run without it.

Why this is good for your shop, not just for regulators

It would be easy to read all this as legal housekeeping. We think it is the opposite.

Your customers are getting better at spotting AI imagery, and their default reaction to unlabelled AI is suspicion. A shop that can answer "is that photo real?" with "it's AI-generated, and the image itself will tell you so" is not admitting a weakness. It is demonstrating that it does not need to hide anything, which is the same signal an honest returns policy sends.

Trust compounds. The shops that treat AI transparency as part of their brand, rather than a box to tick, will be the ones whose product pages still feel trustworthy in five years, when nobody can tell real from generated by eye alone.

And the August deadline? If your imagery runs through a system that seals the label in automatically, July stops being a scramble. The box is ticked before you knew there was a box.

You can read exactly what we sign and how to verify it in our documentation, and our wider commitments on the trust page.

content-credentialsc2paeu-ai-actai-transparencyproduct-photographytrust

Ready to stop answering the same questions?

14-day free trial after setup. £500/month, every capability included.

See pricing