What is the AI Provenance Protocol?

The AI Provenance Protocol (APP) is an open standard for recording, embedding, and verifying the provenance of AI-generated content.

Think of APP as a nutritional label for AI-generated content. Just as food labels tell you what’s inside, APP tells you how content was produced — which AI model created it, what inputs were used, and whether a human reviewed it.

The problem

AI-generated content is proliferating across every industry. Today, there is no widely adopted, interoperable standard for answering basic provenance questions:

Was this content generated by AI? — No universal machine-readable signal
Which system/model produced it? — Provider-specific logs, if they exist
What were the inputs? — Typically lost after generation
Has a human reviewed it? — No standard way to record this
Can a third party verify the claim? — No interoperable verification mechanism

The solution

APP defines three things:

1. A metadata schema

A JSON object with five required fields that records provenance:


{
  "app_version": "1.0.0",
  "ai_generated": true,
  "generator": {
    "platform": "your-platform",
    "model": "anthropic/claude-sonnet-4"
  },
  "generated_at": "2026-03-06T14:22:00Z",
  "generation_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

2. Embedding modes

Three ways to associate metadata with content:

Inline: _ai_provenance key in JSON output
HTTP headers: X-APP-* response headers
Linked: Link header pointing to a metadata document

3. A verification protocol

Public REST endpoints for third-party confirmation:


GET  {verification_uri}/{generation_id}    → Provenance lookup
POST {verification_uri}/match              → Content hash matching

Design principles

Simplicity — Five required fields. Implement in minutes.
Embeddability — Works with JSON, HTTP, HTML, and any content type.
Verifiability — Optional verification endpoints for independent confirmation.
Extensibility — Domain-specific metadata via namespaced extensions.
Privacy-aware — Records roles, not identities. Pseudonymous generation IDs.
Regulation-ready — Maps directly to EU AI Act Article 50 obligations.

Relationship to other standards

Standard	APP’s relationship
C2PA	Complementary — C2PA covers images/video/audio, APP covers text and structured data
MCP	Complementary — MCP connects AI to tools, APP records provenance of AI output
Schema.org	Interoperable — APP coexists with `CreativeWork` metadata
W3C PROV	Compatible — APP maps to the PROV data model
IPTC	Complementary — APP extends provenance beyond photojournalism

Next steps

Get started with implementing APP
Read the full specification
Understand embedding modes
Learn about EU AI Act compliance