C2PA Metadata in Video: What It Is, Who Embeds It, and How to Remove It
Published April 2026
C2PA (Coalition for Content Provenance and Authenticity) is an open technical standard for embedding signed provenance metadata into media files. Most people encounter it in images first, where it appears as a JUMBF block in JPEG or special chunks in PNG. But video is increasingly where C2PA matters, and the implementation is fundamentally different.
Understanding how C2PA works in video files versus photos is essential for anyone publishing AI-generated video content. The containers are different, the detection methods are different, and the removal process is different. This guide covers all three.
C2PA in Photos vs. C2PA in Video
In image formats, C2PA uses established image metadata containers. JPEG stores C2PA data in the APP11 marker (byte sequence FF EB), which contains a JUMBF (JPEG Universal Metadata Box Format) block. PNG stores it in dedicated chunks with type codes caBX, caMs, and caSt.
Video uses a completely different storage model. MP4 files are structured as ISOBMFF (ISO Base Media File Format) boxes. There are no APP markers or chunk sequences. Instead, C2PA is stored as a uuid box at the top level of the MP4 container, identified by a standardized 16-byte UUID.
Photo (JPEG/PNG)
- JPEG: APP11 segment (FF EB byte marker)
- PNG: caBX / caMs / caSt chunks
- Removed by walking the segment/chunk chain
- No re-encoding needed
Video (MP4/MOV)
- ISOBMFF UUID box at top-level container
- UUID: d8fec3d6-1b0e-483c-9297-5828877ec481
- Removed by patching the box structure
- No re-encoding needed
The C2PA UUID Atom
The C2PA UUID is standardized. Any video file carrying this UUID at the top-level ISOBMFF container has been C2PA-signed:
C2PA UUID (hex):
d8 fe c3 d6 1b 0e 48 3c 92 97 58 28 87 7e c4 81
ISOBMFF box representation:
[size: 4 bytes] [type: 'uuid'] [uuid: 16 bytes above] [C2PA manifest data...]
Example: Sora export box header (first 24 bytes):
00 00 xx xx 75 75 69 64 d8 fe c3 d6 1b 0e 48 3c 92 97 58 28 87 7e c4 81
^size ^'uuid' ^--------- C2PA UUID starts here ---------^
The manifest inside this box contains software agent assertions (identifying the generating tool), a timestamp, a hash of the video content, and a cryptographic signature. Platforms read this UUID from the file header during upload processing, before the video is ever decoded or played.
Which AI Video Generators Embed C2PA
| Tool | C2PA | UUID Atom | Notes |
|---|---|---|---|
| OpenAI Sora | Yes, full C2PA | Yes | Full C2PA manifest with software agent assertion (OpenAI), timestamp, and cryptographic signature. |
| Runway Gen-3 | Yes, full C2PA | Yes | C2PA credentials plus redundant ©swr software string identifying Runway. |
| Pika 2.0 | Yes, C2PA | Yes | C2PA UUID atom present. Also embeds ©swr string in moov header. |
| Adobe Premiere / After Effects | Yes, full C2PA | Yes | Adobe is a founding C2PA member. All AI-assisted exports include full C2PA manifest. |
| Kling (Kuaishou) | No | No | Uses ©too encoding tool string and proprietary Kuaishou atoms. No C2PA UUID present. |
| Hailuo (MiniMax) | No | No | Embeds software strings but does not implement C2PA standard. Detected via ©swr field. |
How Platforms Use Video C2PA
Platform C2PA checking in video is fast and happens at upload time, before the video is published or visible to any viewers. Platforms do not need to decode the video to read the C2PA UUID. They open the file, parse the top-level ISOBMFF box structure, check for the UUID identifier, and if found, read the manifest assertions.
| Platform | Detection Method | Result |
|---|---|---|
| Reads UUID atom from ISOBMFF container | 'Made with AI' badge on post | |
| Same as Instagram (Meta infrastructure) | 'Made with AI' label | |
| C2PA UUID atom scan | AI disclosure label on post | |
| TikTok | C2PA UUID atom + CapCut ByteDance fields | 'AI-generated' tag |
| YouTube | C2PA where present (policy-based disclosure) | AI disclosure requirement surfaced |
How to Remove C2PA from Video
C2PA removal from video is a binary-level ISOBMFF box operation. The process does not involve decoding or re-encoding the video stream. It involves parsing the MP4 box structure, identifying the UUID box carrying the C2PA identifier, and writing the output file without that box.
This is different from using FFmpeg, which does not specifically target the C2PA UUID atom. FFmpeg's metadata stripping flags (-map_metadata -1) strip standard metadata tracks but often leave the C2PA UUID box intact because it is not a standard metadata track. It is a top-level box that FFmpeg treats as an unknown box and may preserve unchanged.
StripShot processes the ISOBMFF container directly. It identifies the C2PA UUID box by its 16-byte identifier, excludes it from the output, and writes the remaining boxes in the correct sequence. The video bitstream (mdat), movie header (moov), and all timing data are preserved exactly. The result is a valid MP4 with no C2PA credentials and zero quality difference.
FAQ
What is the difference between C2PA in photos and C2PA in video?
In photos, C2PA lives in JPEG APP11 segments (the JUMBF block, identified by byte marker FF EB) or PNG caBX/caMs/caSt chunks. In video, C2PA lives in an ISOBMFF UUID box at the top-level container of the MP4 file. The UUID is standardized: d8fec3d6-1b0e-483c-9297-5828877ec481. Both use the same manifest format and signing scheme, but the storage container differs completely between photo and video formats.
How do I know if my video has C2PA embedded?
The most reliable method is to inspect the ISOBMFF box structure of your MP4 file and look for a UUID box with the C2PA identifier. You can also use the C2PA Verify tool at verify.contentauthenticity.org, which accepts video files. StripShot's video tool also reports detected metadata types before stripping.
Does removing the C2PA UUID atom affect video playback?
No. The C2PA UUID atom is a metadata container at the top-level ISOBMFF structure. It contains no video or audio data. Removing it has zero effect on playback in any player. The video stream, audio stream, and all timing data remain intact.
Does FFmpeg remove the C2PA UUID atom?
Not reliably. FFmpeg's -map_metadata -1 flag strips standard metadata tracks but does not specifically target the C2PA UUID atom in the ISOBMFF container. The UUID box often survives a copy pass. Even -c:v copy with metadata stripping flags may leave the C2PA atom intact because FFmpeg does not have specific C2PA UUID awareness built in.
Which AI video generators do NOT use C2PA?
Kling (Kuaishou) and Hailuo (MiniMax) do not implement C2PA. They use proprietary software identification strings in the ©too and ©swr atoms instead. This means they are not detectable via C2PA verification tools, but platforms like TikTok and Instagram may still flag them based on the software strings. StripShot removes both C2PA atoms and software strings.