Provenance API for the EU AI Act.
One API. Sign at capture or generation. Verify and recover anywhere. EU-hosted and C2PA-conformant.
Machine-readable provenance is required under Article 50(2).
From 2026-08-02, AI-generated and AI-manipulated content placed on the EU market must carry machine-readable provenance under EU AI Act Article 50(2). The marking has to be readable by automated detectors and has to survive distribution. Inteqral signs, recovers, and verifies that marking through one API.
Machine-readable marking is enforceable from 2026-08-02. Systems already on the EU market get a transitional grace period to 2026-12-02 under the Digital Omnibus provisional agreement of 7 May 2026.
CA and Trust-Listed signing handled for you
Article 50(2) signing needs a CA relationship and HSM-backed keys. Inteqral provides a Trust-Listed certificate chain and signs every file inside an HSM partition. You call one endpoint.
Recovery after a platform strips the manifest
Most platforms remove C2PA on upload. Inteqral indexes each signed file by perceptual fingerprint and returns the original manifest for a stripped copy, so the marking survives distribution.
A callable API over the C2PA specification
C2PA is published as an open specification. Inteqral exposes it as three endpoints with EUR billing, so a developer signs, recovers, and verifies provenance today.
Every C2PA verifier returns valid or invalid. We return the vector.
An AI provider needs the marking to be readable and to survive distribution. We return origin, identity, and durability. The consumer runs its own policy. The same file passes or fails per buyer.
Same file, consumer policy
Three endpoints. One trust boundary.
Sign at capture or generation. Verify anywhere. Recover the original after a platform strips the manifest.
Attach a manifest
Attaches a C2PA manifest to any file. Signed inside the HSM partition.
Recover the original
Most platforms strip C2PA on upload. We match a stripped upload against a perceptual fingerprint and return the original manifest.
Manifest store indexed by perceptual fingerprintReturn the vector
Reads the manifest and returns a trust vector for origin, identity, and durability.
# sign a file at generation curl -X POST https://api.inteqral.com/sign \ -H "Authorization: Bearer $KEY" \ -F "[email protected]" \ -F "identity=x509" \ -F "durability=2" # verify anywhere and read the vector curl -X POST https://api.inteqral.com/verify -F "[email protected]" => { "o": 3, "i": 2, "d": 2 } // origin · identity (x509) · durability
A claims aggregator takes email, social X.509, Sumsub KYC, or an EUDI Wallet credential and emits an identity tier.
Every file is signed inside an EU-hosted HSM partition on a Trust-Listed certificate chain.
A manifest store indexed by perceptual fingerprint. pHash plus an ISCC-compatible learned embedding. Optional chain anchor.
One API. Usage-based plans.
Usage-based and EUR-denominated. One Article 50 obligation, one signed file, one fee.