India AI Impact Summit Insights
All sessions

Trust in the Age of Synthetic Media

Contents

Executive Summary

This panel discussion explores how content provenance standards, particularly the Coalition for Content Provenance and Authenticity (C2PA), can establish trust and transparency in an era of rapidly proliferating synthetic media. Rather than a single "silver bullet," C2PA is presented as foundational infrastructure enabling cryptographic proof of content origin and creation methods—critical for empowering users, platforms, and regulators across India and globally to make informed decisions about digital authenticity.

Key Takeaways

  1. Content provenance standards like C2PA provide cryptographic proof of origin and creation method—enabling users, platforms, and governments to make informed trust decisions without requiring prescriptive mandates on which tools creators use.

  2. India's regulatory moment is significant and global: The country's approach—emphasizing citizen empowerment, principle-based rules, and multi-stakeholder coordination—can model effective synthetic media governance that avoids the fragmented regulatory landscape seen in the U.S. and EU.

  3. Technical solutions alone are insufficient: C2PA must be paired with user-facing tools that make provenance information understandable across languages, devices, and literacy levels, plus sustained media literacy investment—particularly critical in India's linguistically diverse, mobile-first population.

  4. Phased implementation and realistic timelines matter more than aggressive compliance deadlines: The 10-day window acknowledged as overly ambitious; success requires iterative stakeholder dialogue, testing across device types, and gradual adoption to ensure meaningful impact rather than superficial compliance.

  5. Risk properly belongs to individuals, not just platforms: The framework should prioritize individual rights—to know content's origin, protection against impersonation, and remedy when harm occurs—rather than treating this primarily as a platform content moderation challenge.

India AI Impact Summit 2026

Key Topics Covered

  • Content Provenance Standards (C2PA): Technical framework, adoption challenges, and implementation pathways
  • Synthetic Media & AI-Generated Content: Definition, detection mechanisms (SynthID), and regulatory implications
  • Trust Ecosystem Development: Role of platforms, governments, users, and media literacy
  • Indian Regulatory Context: New government rules (10-day implementation timeline), IT Rules, privacy law, and AI governance guidelines
  • Global Policy Harmonization: Avoiding fragmented regulatory approaches across jurisdictions
  • Practical Implementation: Phased rollout, multi-stakeholder coordination, and technical interoperability
  • Digital Literacy & User Empowerment: Making provenance information accessible across diverse populations and devices
  • Risk Attribution: Who bears responsibility—platforms, citizens, or content itself
  • Cryptographic Security: Tamper-proof metadata and immutable credentials

Key Points & Insights

  1. C2PA is Not Perfect But Essential: Multiple panelists emphasized C2PA is "not a silver bullet" but represents "the best solution available now" and "a step in the right direction" compared to status quo alternatives like watermarking or manual verification alone.

  2. Principle-Based Over Prescriptive Regulation: To achieve global convergence (as seen with privacy law harmonization), regulations should establish principles (security, privacy preservation, citizen empowerment) rather than mandating specific technologies, allowing flexible implementation across jurisdictions.

  3. Multi-Layered Trust Approach Required: Trust requires three complementary layers—(a) technical tools like C2PA and SynthID for content identification, (b) user-facing tools for understanding context, and (c) media literacy investments across all literacy levels.

  4. 10-Day Implementation Timeline Is Unrealistic: Samir Boru emphasized the ambitious nature of India's proposed compliance window, recommending a "phased approach" with multi-stakeholder dialogue involving C2PA, watermarking solutions providers, and platforms—acknowledging technical complexity in India's diverse, mobile-first, billion-user ecosystem.

  5. AI-Generated Content Is Not Inherently Untrustworthy: Gail Kent stressed critical distinction: marking content as AI-created should provide context, not stigma, since AI tools enhance productivity and creativity. The goal is understanding origin, not vilifying AI.

  6. Citizen-Centric Risk Model Missing: Deepak Goyal highlighted that current frameworks don't adequately address individual risk—voice cloning, deepfakes targeting specific people, and identity theft threaten citizens directly, yet most regulation focuses on platform liability.

  7. Interoperability Is C2PA's Key Strength: Because C2PA is an open standard with no intellectual property restrictions, it enables adoption from startups to civil society to multinational companies (Google, Adobe), creating ecosystem-wide benefits that proprietary solutions cannot.

  8. Metadata Immutability & Cryptographic Proof: C2PA's cryptographic protection prevents tampering with provenance metadata, addressing critical cybersecurity concerns—a feature distinguishing it from simpler labeling approaches.

  9. Dissemination & Virality as Regulatory Targets: Deepak Goyal introduced the concept that the risk lies not in creation but in amplification; regulations should address mechanisms of viral spread rather than restricting private creation between individuals.

  10. Holistic Policy Framing Prevents Fragmentation: Rather than siloing synthetic media as purely a "content moderation" issue under IT Rules, integration with privacy law, cybersecurity regulations, and AI governance guidelines prevents conflicting mandates—a lesson learned from U.S. fragmentation across 50 states.

Notable Quotes or Statements

"C2PA is not a silver bullet, but it is a foundational building block for transparency, attribution, and accountability—not as moderation or censorship, but as verifiable context." — John Miller, ITI General Counsel

"Content provenance can itself be characterized as foundational infrastructure for transparency, attribution, and accountability." — John Miller, ITI

"It's not about content moderation. It is the verifiability, accountability and keeping the citizen at the center of trust model." — Deepak Goyal, Ministry of Electronics and Information Technology

"The individual is bearing the risk. My likeness is getting cloned. My voice is getting synthesized. My credibility is getting undermined. How do we empower the individual?" — Deepak Goyal

"Just because something is created by AI doesn't mean it's not trustworthy... we need to be really careful to get away from that belief." — Gail Kent, Google

"If we are creating laws which are principle-based, leaving the industry to implement on their own, then there would be convergence... as we've seen with privacy law principles across 20-30 years." — Deepak Goyal

"Companies aren't trying to run away from responsibility. If that was the case, C2PA probably wouldn't even exist." — Samir Boru, ITI Policy Director

"We need to think about these issues holistically rather than just as a content moderation issue... Privacy, cybersecurity, and AI governance all intersect here." — Samir Boru

Speakers & Organizations Mentioned

RoleNameOrganization
ModeratorAndy ParsonsC2PA / Adobe (Global Head of Content Authenticity)
Opening RemarksJohn MillerITI (Information Technology Industry Council) – General Counsel & SVP Policy
PanelistGail KentGoogle – Global Public Policy Director
PanelistSamir BoruITI – Senior Policy Manager
PanelistDeepak GoyalMinistry of Electronics and Information Technology, India – Cyber Laws

Key Organizations:

  • C2PA (Coalition for Content Provenance and Authenticity): Multi-industry standard body founded ~5 years ago by Adobe, Microsoft, Google, and others
  • ITI (Information Technology Industry Council): Global tech trade association with offices in Delhi, Washington DC, Brussels, Singapore
  • Google: Active C2PA member; has deployed SynthID and C2PA credentials on Pixel phones and Google Photos
  • Ministry of Electronics and Information Technology (India): Regulating across Information Technology Act, Digital Personal Data Protection Act, Aadhaar, online gaming
  • Adobe: Co-founder of C2PA; tools read C2PA credentials

Technical Concepts & Resources

ConceptDefinition / Application
C2PA (Coalition for Content Provenance & Authenticity)Open-source technical standard embedding cryptographic metadata (credentials) into images, video, audio, documents proving origin, creation method, and creation date; tamper-proof and interoperable across platforms
SynthIDGoogle's tool identifying AI-generated content across multimodal formats (images, text, audio, video); complements C2PA
Content CredentialsMetadata embedded by C2PA indicating how, when, and with what tool content was created
Reverse Image SearchGoogle tool (15+ years old) enabling users to find origin of images
Circle to SearchGoogle Pixel feature (2 years old) allowing visual search of images
WatermarkingAlternative provenance technique mentioned as complementary to C2PA
Metadata & ImmutabilityCryptographically protected information that cannot be tampered with or altered post-embedding
InteroperabilityAbility of C2PA credentials to be read by multiple platforms (Adobe, Google, Gemini, third-party tools) rather than proprietary silos
MultimodalitySupport across different content types (images, video, audio, text)
Cryptographic ProofMathematical verification of authenticity without requiring centralized authority

Key Tools/Platforms Implementing C2PA:

  • Google Pixel phones (automatic C2PA embedding)
  • Google Photos
  • YouTube
  • Adobe tools
  • Google Gemini

Regulatory Frameworks Referenced:

  • India's new IT Rules (audio-visual synthetic content; 10-day implementation)
  • Digital Personal Data Protection Act (India)
  • EU AI Act
  • California Privacy Act (CCPA)
  • GDPR (EU privacy baseline)

Policy & Regulatory Insights

Indian Regulatory Approach (Novel Elements):

  • Citizen-centric: Framwork emphasizes individual rights (right to know, protection from impersonation, right to remedy)
  • Principle-based: Avoiding prescriptive mandates on specific technologies
  • Holistic integration: Coordinates across IT Rules, privacy law, cybersecurity guidelines, and AI governance rather than siloing synthetic media regulation
  • Technology-agnostic: Government defines problems; industry proposes solutions (precedent: UPI, Aadhaar operating at billion-transaction-per-day scale)

Global Convergence Model: Privacy law demonstrates 20-30 year convergence on principles (data minimization, transparency, user rights) while allowing implementation flexibility—same approach recommended for synthetic media governance.

Implementation Challenges:

  • Scale diversity: India's 1+ billion internet users, multiple languages, mobile-first ecosystem, and IoT devices require phased rollout
  • Platform fragmentation: WhatsApp, Instagram, Meta platforms not yet implementing C2PA at messaging scale (unlike Pixel/Photos)
  • Device fragmentation: Solutions must work across phones, laptops, IoT—different technical requirements
  • Compressed timelines: 10-day compliance window unrealistic; multi-stakeholder coordination requires months

Conclusion Note

The panel concludes optimistically that synthetic media governance is solvable through (1) open standards like C2PA, (2) principle-based regulation avoiding fragmentation, (3) citizen empowerment and media literacy, and (4) global coordination—positioning India as a potential model for responsible AI governance in the Global South.