C2PA and SynthID: How AI Watermarking Changes What Happens When You Convert a File

AI-generated images now carry invisible watermarks and provenance metadata via C2PA and SynthID. Learn what happens to these markers when you convert files between formats, and why it matters before the EU AI Act deadline.

Published April 17, 2026 · Updated April 17, 2026

Every major AI image generator now tags its output. When you create an image with Midjourney, DALL-E, Google Gemini, or Adobe Firefly, that image carries metadata identifying it as AI-generated. Some of this metadata is visible if you know where to look. Some of it is invisible, embedded in the pixel data itself. And some of it is designed to survive the exact kind of format conversions, screenshots, and re-encoding that people routinely perform on every image they handle.

This is not a hypothetical future. It is the current state of AI-generated media in 2026, and it is about to become legally mandated. The EU AI Act, which takes full effect in August 2026, requires that AI-generated content be machine-detectably marked. Platforms, tools, and workflows that handle AI content need to understand what these markings are, how they work, and critically, what happens to them when files move through conversion pipelines.

If you have ever converted an AI-generated image from PNG to JPEG, resized it for social media, or stripped its metadata for privacy — you may have unknowingly altered or destroyed provenance information that someone (or some regulation) expected to be preserved. Let us look at what is actually going on inside these files.

Two Systems, Two Approaches

The AI watermarking ecosystem has consolidated around two fundamentally different approaches: metadata-based provenance and signal-based watermarking. Understanding the distinction is essential because they behave very differently during file conversion.

C2PA: The Metadata Approach

C2PA stands for Coalition for Content Provenance and Authenticity, and it is backed by Adobe, Microsoft, Google, Intel, the BBC, and dozens of other organizations through the Content Authenticity Initiative. C2PA works by attaching a cryptographically signed manifest to a file. This manifest contains a chain of assertions describing how the content was created or modified — which AI model generated it, what edits were applied, what camera captured it, and so on.

Think of it like a notarized chain of custody for a digital file. Each step in the content's history is recorded, signed with a certificate, and attached to the file. Anyone who receives the file can verify the signatures and see the full provenance chain.

The key technical detail is that C2PA manifests are stored as metadata alongside the pixel data, typically in JUMBF (JPEG Universal Metadata Box Format) containers embedded in the file. They do not modify the actual image pixels. This makes them powerful — they can carry rich, detailed provenance information — but also fragile in ways that matter for conversion.

SynthID: The Signal Approach

SynthID is Google DeepMind's watermarking technology, and it takes a completely different approach. Instead of attaching metadata to a file, SynthID embeds an imperceptible signal directly into the content itself. For images, this means subtle modifications to pixel values that are invisible to the human eye but detectable by SynthID's verification algorithms. Google has extended SynthID to cover text (by biasing token selection during language model generation), audio (modifying spectral components), and video (frame-level watermarking).

The critical property of signal-based watermarking is that it is inseparable from the content. You cannot strip a SynthID watermark by deleting metadata, changing file formats, or editing EXIF data. The watermark is in the pixels themselves. It is designed to survive compression, resizing, cropping, and even screenshots — though each of these operations degrades the signal to some degree, and aggressive enough modification can destroy it.

What Happens When You Convert a File

This is where the practical implications become concrete. File conversion is one of the most common operations performed on images, and the two watermarking approaches respond to it very differently.

Metadata Survival During Format Conversion

C2PA manifests are metadata. When you convert a JPEG to PNG, or a PNG to WebP, the conversion tool has to make a decision about what to do with the metadata embedded in the source file. There are three possible outcomes:

Preserved. The conversion tool reads the C2PA manifest from the source file and writes it into the output file. This requires the tool to understand C2PA's JUMBF containers and know how to embed them in the target format. Very few conversion tools do this today. Adobe's tools (Photoshop, Lightroom) preserve C2PA across supported formats. A handful of specialized libraries handle it. Most general-purpose conversion tools do not.

Silently dropped. The conversion tool does not recognize or does not support C2PA metadata, so it simply omits it from the output file. This is what happens with the vast majority of image conversion tools, including most online converters, most command-line tools like ImageMagick (without specific configuration), and most browser-based converters. The provenance information vanishes without warning.

Partially preserved. Some tools preserve standard EXIF and IPTC metadata but do not handle the JUMBF containers that C2PA uses. The output file may retain the camera make, GPS coordinates, and creation date from the original EXIF data, but the C2PA provenance chain is lost.

For browser-based conversion tools like Fileza.io, which use the Canvas API or WebAssembly-based encoders, the default behavior is that metadata is not carried through the conversion pipeline. The Canvas API in particular works at the pixel level — it decodes the source image into a raw pixel buffer, then re-encodes that buffer into the target format. Metadata from the source file is not part of the pixel buffer and is not automatically included in the output.

This is actually a privacy feature in many contexts. When you convert a personal photo, you probably do not want its GPS coordinates, camera serial number, and editing history carried into the converted file. But for AI provenance tracking, this same behavior means that conversion can strip the markers that identify content as AI-generated.

Signal Survival During Format Conversion

SynthID and similar signal-based watermarks behave differently because they are embedded in the pixel data. When you convert a PNG to JPEG, the pixels are decoded and re-encoded. The watermark signal, being part of the pixel values, goes through this process along with the image content. Whether the watermark survives depends on how much the re-encoding process alters the pixel values.

Lossless format conversion (e.g., PNG to BMP, or TIFF to PNG) preserves pixel values exactly, so signal-based watermarks survive perfectly.

Lossy re-encoding (e.g., PNG to JPEG, or JPEG to WebP at reduced quality) modifies pixel values through quantization and other compression techniques. SynthID is specifically designed to be robust against this, and Google reports that the watermark remains detectable after lossy compression at reasonable quality levels. However, extremely aggressive compression (very low JPEG quality, heavily optimized WebP) can degrade the signal below the detection threshold.

Resizing changes pixel values through interpolation, which also degrades signal-based watermarks. Moderate resizing (50% or larger) generally preserves detectability. Severe downscaling (reducing a 4K image to a thumbnail) can destroy the watermark.

Cropping removes portions of the watermark signal along with the cropped pixels. If enough of the image remains, the watermark is still detectable in the remaining area. Aggressive cropping (keeping only a small portion of the original) may eliminate it.

Screenshots are particularly interesting because they involve a full re-render and re-capture pipeline. The image is displayed on screen, captured by the screenshot mechanism, and saved as a new file. SynthID is designed to survive this, but the combination of display rendering, possible scaling, and screenshot compression introduces multiple degradation steps.

The Regulatory Context

Understanding the technical behavior of these watermarks matters more now because of regulatory pressure. The EU AI Act, which enters full enforcement in August 2026, includes specific requirements for marking AI-generated content.

Under the Act, providers of AI systems that generate synthetic audio, image, video, or text content must ensure that the outputs are marked in a machine-readable format as artificially generated or manipulated. This applies to all AI-generated content distributed within the EU, regardless of where the AI system is based.

The regulation does not specify which watermarking technology must be used — it is technology-neutral. But it does require that the marking be machine-readable, which means human-visible labels alone are insufficient. The content itself must carry detectable markers.

This creates a tension with file conversion. If a user generates an AI image, converts it from PNG to JPEG using a tool that strips C2PA metadata, and then shares the JPEG — the provenance information required by regulation may be gone. Signal-based watermarks like SynthID provide better resilience here, but only 38% of AI systems currently include machine-readable markings according to Stanford's AI Index report. The gap between regulatory requirements and technical implementation is significant.

What This Means for File Conversion Tools

The convergence of AI watermarking standards and regulatory mandates is creating new expectations for file conversion tools. Historically, conversion tools focused on one job: take pixels in format A, produce pixels in format B. Metadata was secondary — often dropped, sometimes preserved if explicitly configured, rarely a primary concern.

That model is shifting. As AI-generated content becomes more prevalent and provenance tracking becomes legally required, conversion tools face a choice: preserve provenance metadata through the conversion pipeline, or explicitly inform users that provenance information will be lost.

The Privacy Paradox

There is a genuine tension here that deserves honest acknowledgment. Many people use file conversion specifically to strip metadata from images before sharing them. Converting a photo from JPEG to PNG (or vice versa) through a tool that drops metadata is a common privacy technique — it removes GPS coordinates, camera information, editing software details, and other potentially sensitive data.

AI provenance metadata occupies an awkward position in this context. From a privacy perspective, you might not want an image to carry information about which AI tool generated it, what prompt was used, or your account details. From a regulatory and social responsibility perspective, the argument is that AI-generated content should be identifiable as such.

Browser-based tools like Fileza.io, which process files entirely on your device without uploading anything, already address the most serious privacy concern: your files never leave your control. The question of which metadata to preserve through conversion is a design decision that will become increasingly important as these watermarking standards mature.

The Dual-System Future

The practical reality is that the industry is converging on a dual-system approach: metadata-based provenance (C2PA) for detailed chain-of-custody tracking, and signal-based watermarking (SynthID and similar) for resilient detection that survives format conversion and manipulation.

C2PA provides the rich provenance information — who created the content, with what tools, what modifications were made. But it is fragile and easily stripped. Signal-based watermarks provide the resilient detection — a binary answer to "was this AI-generated?" — but cannot carry detailed provenance chains.

Together, they cover more ground than either system alone. A C2PA manifest tells you the full story when it is present. A signal-based watermark tells you the content is AI-generated even when the manifest has been stripped. The combination means that casual conversion or sharing may lose the detailed provenance but retain the basic AI detection marker.

Practical Advice

If you are working with AI-generated images today, here are concrete steps to consider:

Know what your tools do with metadata. Before converting an AI-generated image, understand whether your conversion tool preserves, strips, or partially preserves metadata. If provenance tracking matters for your use case (journalism, legal proceedings, regulatory compliance), use tools that explicitly support C2PA preservation.

Understand that format conversion is not metadata laundering. Converting an AI-generated image to strip its C2PA metadata does not remove signal-based watermarks like SynthID. If the image was watermarked at the pixel level, that watermark persists through conversion, resizing, and most common image operations. The intent to disguise AI-generated content by converting it is increasingly likely to fail.

Consider your obligations. If you distribute AI-generated content professionally — for marketing, publishing, social media management — the EU AI Act and similar emerging regulations may require you to maintain provenance markings. Stripping metadata through conversion could create compliance issues.

For personal use, the privacy tools still work. If you are converting images to remove personal metadata (GPS, camera info, timestamps) before sharing, browser-based conversion tools remain effective for that purpose. The distinction is between personal metadata you want to strip and provenance metadata that regulations may require you to preserve.

Watch the standards evolve. C2PA is at version 2.1 and still maturing. SynthID's coverage is expanding. The tooling for preserving provenance through conversion pipelines is being actively developed. What is difficult today — maintaining C2PA manifests through arbitrary format conversions — will likely become standard functionality in conversion tools over the next year.

The era of treating file conversion as a purely technical pixel-shuffling operation is ending. Every image now potentially carries information about its origins, and the tools we use to convert between formats are becoming participants in a provenance ecosystem whether they intend to be or not. Understanding what your conversion tool does with that provenance information is no longer optional — it is part of responsible file handling in 2026.