AI provenance labels are not board-level audit evidence

AI Trust & Governance

15 May 2026 | By Ashley Marshall

The label is useful. The mistake is treating it as proof that the board can rely on.

A provenance label answers a narrow question

Provenance labels are a good idea, and boards should not dismiss them. Standards such as C2PA and Content Credentials give organisations a way to attach signed information to media, including origin, edits, tools used and claims about AI involvement. The C2PA explainer is explicit about the aim: to help people verify the origins and history of digital content in a tamper-evident structure.

That is valuable, especially for public communications, journalism, brand safety and supplier accountability. If a marketing image, executive video or product photograph carries a trusted credential, the business has more information than it would have from a bare JPEG or MP4. It can see whether the file claims to have been generated, edited, signed by a known implementation, or altered since the credential was attached.

But the label answers a narrow question: what does this asset say about its own provenance? It does not answer the questions a UK board, audit committee, DPO, customer outcomes lead or regulator will ask after something goes wrong. Who approved the use case? Was a DPIA completed? Was the model suitable? Were outputs reviewed? Did the supplier terms allow this use? Did the organisation monitor errors, bias, hallucinations and security issues after launch?

What this means in practice is simple. Treat provenance labels as one evidence field in a larger AI control record. They can support a decision, but they cannot replace the decision record itself. If the board pack only says "content carried a provenance label", it is not audit evidence. It is an indicator that should point auditors towards the underlying governance file.

UK regulators care about accountability, not just disclosure

The UK governance direction is not built around a single magic label. It is built around accountability, context and proportionate evidence. The UK Government's pro-innovation AI regulation white paper set out cross-cutting principles including safety, transparency, fairness, accountability, contestability and redress. That framing matters because transparency is only one part of the control environment.

The ICO's AI audit toolkit is even more direct for organisations processing personal data. Its governance and accountability section says senior management should see and sign off AI risks, DPIAs should be completed before processing starts, audit reports should be shared with senior management, and information flows across the supply chain should be mapped. The same ICO material says organisations should log changes, patches and new versions so historical information is easy to locate.

A provenance label can help with one slice of that picture, particularly where the asset itself matters. It does not show whether Article 5 accountability has been met, whether Article 35 DPIA duties have been considered, whether a lawful basis was selected, or whether supply chain records were maintained. If the AI output influenced an employment, lending, healthcare, insurance, public sector or vulnerable customer decision, the evidence burden moves far beyond "was the content labelled?"

What this means in practice: boards should ask for a short AI evidence pack, not a screenshot of a label. The pack should connect the use case to a named owner, risk assessment, DPIA where required, supplier due diligence, prompt and output logs where proportionate, human approval, incident handling and post-deployment monitoring. Labels help attach identity to content. Accountability requires a chain of decisions.

Audit evidence must survive platform changes and workflow gaps

The uncomfortable operational problem is that content rarely stays inside one pristine system. A file may be generated in Adobe Firefly, edited in Photoshop, exported to a DAM, resized for LinkedIn, pasted into a sales deck, compressed by a platform, downloaded by a partner and reused in a customer proposal. Somewhere in that journey, metadata can be stripped, an exported version can lose a manifest, or a human can use an unapproved tool because it is faster.

C2PA is aware of this challenge. Its specification discusses hard binding through cryptographic hashing and soft binding through techniques such as watermarking or fingerprinting. The point is to make provenance more durable, including where a manifest is removed but can be matched to a provenance store. That is a strong technical direction, and major participants such as Adobe, BBC, Microsoft, Google, OpenAI, Meta, Amazon, Sony and Truepic have helped push the standard into the mainstream.

Even so, board-level evidence cannot depend on every downstream platform preserving the right metadata forever. Auditors will want records that survive content transformation. That means storing the original credentialed asset, the final published asset, the approval record, the system logs, the model or tool version, the user who generated it, the policy exception if any, and the control owner who accepted the risk.

For UK businesses, the practical control is not difficult, but it must be designed. Put AI-generated external content through a controlled workflow, not ad hoc desktop exports. Use a content register for high-risk or high-visibility assets. Capture the label evidence at creation, but also capture approval, usage rights, review notes and publication location. If the label disappears later, the organisation still has a defensible internal record.

The counterargument is right, but incomplete

The strongest counterargument is that provenance labelling is the only realistic scalable control. Businesses cannot manually audit every generated image, document, advert, synthetic voiceover or internal slide. A standardised label, verified automatically, gives platforms and organisations a common way to signal origin at scale. Without that, companies are left with manual review, inconsistent supplier statements and unreliable AI detection tools.

That argument is largely right. Labels are better than guesswork. AI detectors are fragile, especially once content has been edited, compressed or mixed with human work. Staff declarations are inconsistent. Supplier questionnaires are slow. A machine-readable provenance layer is exactly the sort of infrastructure the market needs. The EU AI Act also points in this direction through transparency obligations around AI-generated content and deep fakes, with Article 50 encouraging codes of practice for detection and labelling.

The mistake is turning a scalable control into the whole assurance model. A label is comparable to a receipt, not a complete set of accounts. It can show that something passed through a recognised system, but not whether the business used it appropriately. It can support transparency, but not fairness, contestability, security, lawful basis, customer outcome testing, or board oversight.

What this means in practice is that organisations should automate provenance capture, then route exceptions and high-risk use cases into deeper review. Low-risk marketing experiments may only need labelling, brand approval and asset retention. A customer-facing chatbot answer, HR screening summary, investment note or clinical communication needs a fuller evidence trail. The counterargument should make boards invest in better automation, not lower the standard of assurance.

Security guidance points to lifecycle evidence

The NCSC's Guidelines for secure AI system development are useful because they move the conversation away from content marking alone and towards lifecycle security. The guidance covers secure design, secure development, secure deployment, and secure operation and maintenance. It urges providers, managers, decision-makers and risk owners to consider AI-specific vulnerabilities alongside standard cyber threats.

That lifecycle lens is exactly what board evidence needs. A label on an output does not explain whether the AI system was threat modelled, whether model supply chain risks were assessed, whether sensitive data could leak through prompts, whether logging is adequate, or whether update management is controlled. The secure design material also points to the provenance and supply chains of components, including models, foundation models, training data and associated tools.

For an audit committee, this changes the question. Do not ask only "was this AI content labelled?" Ask "can we reconstruct how this AI-enabled process worked at the time the decision or publication happened?" That reconstruction should include the model or service used, configuration, prompt or input class, source data, output review, human decision, risk acceptance, exception handling and subsequent monitoring. If the system has changed since then, the organisation should still be able to explain what was true at the point of use.

This is especially important for regulated sectors and public-facing services. A board may not need to read every prompt log, but it should know that logs exist, retention periods are defined, sensitive information is protected, access is controlled and evidence can be produced quickly. Provenance labels are helpful artefacts inside that lifecycle record. They are not the lifecycle record.

A practical board evidence model for AI content

The right answer is not to reject provenance labels. It is to put them in the correct layer of evidence. For board-level assurance, UK organisations should define an AI content evidence model with four layers: asset provenance, workflow approval, risk governance and lifecycle monitoring. Each layer answers a different question and should have a named owner.

Asset provenance records the label, manifest or credential, plus the original and final files. Workflow approval records who created the asset, who reviewed it, what policy applied, what edits were made and where it was published. Risk governance records the DPIA or risk assessment where relevant, supplier due diligence, lawful basis, equality or fairness considerations, IP and usage rights, and any customer impact assessment. Lifecycle monitoring records incidents, complaints, model or vendor changes, takedown decisions, retraining triggers and lessons learned.

The board does not need a hundred-page dossier for every social image. It needs a risk-tiered approach. Tier one might be low-risk internal drafts, with light retention and staff guidance. Tier two might be public marketing or sales content, with provenance capture and approval records. Tier three might be regulated, personal data, high-impact or decision-support use, with formal risk assessment, audit logs and periodic review.

Good governance also means making this easy for people. Build the evidence into the workflow rather than asking staff to remember it later. Use approved tools such as Microsoft Purview, Adobe Content Credentials, enterprise DAM systems, GRC platforms, ticketing systems and model gateways where appropriate. The final board message is clear: labels are part of the control stack. They are not the control stack.

Frequently Asked Questions

Are AI provenance labels legally required in the UK?

Not as a single universal UK requirement. UK organisations should still consider transparency, data protection, consumer protection, sector regulation and contractual obligations. If they trade into the EU, EU AI Act transparency obligations may also matter.

Does a C2PA credential prove content is safe to use?

No. It can provide tamper-evident provenance information, but it does not prove the content is accurate, fair, lawful, secure, approved or appropriate for a specific business context.

What should a board ask for instead of a label screenshot?

Ask for an AI evidence pack: use case owner, risk tier, DPIA where needed, supplier record, tool and model details, approval trail, retained original and final assets, incident process and monitoring evidence.

Can metadata be stripped from AI-generated content?

Yes, metadata can be lost through exports, platform processing or file conversion. That is why organisations should retain the original credentialed asset and internal approval evidence separately.

Are AI detectors a substitute for provenance labels?

No. Detection tools can be useful signals, but they are not reliable enough to act as the only control. Provenance, workflow evidence and human accountability are stronger together.

Do low-risk marketing assets need the same evidence as regulated AI decisions?

No. Use a risk-tiered approach. Low-risk assets may need basic labelling and approval records, while regulated or personal data use cases need formal risk assessment, logging and periodic review.

Who should own AI content audit evidence?

Ownership should sit with the business function using the content, supported by legal, data protection, information security and marketing operations. The board should require clear accountability, not a vague shared responsibility.

What is the biggest misconception about AI labels?

The biggest misconception is that disclosure equals assurance. Disclosure tells people AI may have been involved. Assurance shows the organisation managed the risks of that involvement.