Compliance Positioning
Compliance Positioning
Verbitas provides infrastructure. Whether that infrastructure satisfies a specific regulatory obligation depends on your deployment context and qualified legal advice. This page documents the approved and prohibited language for describing Verbitas.
What Verbitas provides
| What we provide | Description |
|---|---|
| Machine-readable AI disclosure | C2PA ai_generated assertions embedded in signed manifests |
| Tamper-evident provenance records | Cryptographic signatures; any modification invalidates the manifest |
| Durable disclosure marks | Watermarks (TrustMark, AudioSeal, VideoSeal, SynthID-Text) that survive common transformations |
| Third-party verifiable records | Public verify API at https://api.verbitas.io/v1/verify and UI at https://v.verbitas.io |
| Append-only audit log | Tenant-scoped, exportable, retained per plan |
| Blockchain timestamps | Merkle-root anchoring to Bitcoin (OTS) and Arbitrum One |
What Verbitas does not provide
- Semantic truth verification. Verbitas records what was asserted, not whether the assertion is accurate.
- Automatic regulatory compliance. Verbitas is infrastructure. Compliance is a legal conclusion that requires analysis of your specific deployment.
- Proof that content is “real”, “fake”, “authentic”, or “genuine”. The verification output is a provenance state code, not a truth judgment.
- Legal admissibility. Whether a Verbitas manifest constitutes admissible evidence depends on jurisdiction and context.
- Guarantee that content cannot be re-shared with its manifest. A manifest can be extracted and re-embedded by a sophisticated actor.
Approved language
Use this language when describing Verbitas to customers, regulators, or in documentation.
Describing Verbitas:
- “Provenance, authenticity, and AI-content transparency infrastructure”
- “Cryptographic linkage between generated content and its origin record”
- “Machine-readable AI-generated assertions per C2PA 2.4”
- “Tamper-evident provenance records”
- “Explainable verification states”
- “Infrastructure that supports AI content transparency technical measures”
Describing what verification shows:
- “This content carries a C2PA manifest. The manifest has not been modified since signing.”
- “The manifest records that this content was marked as AI-generated at [timestamp].”
- “Verbitas recorded an
ai_generated: trueassertion in this manifest at sign time.” - “The signing certificate was valid and not revoked at the time of signing.”
Describing limitations:
- “Verbitas records provenance claims. The accuracy of those claims is the responsibility of the submitter.”
- “Verification confirms cryptographic provenance, not semantic truth or content accuracy.”
- “This is not a guarantee of regulatory compliance. Consult qualified legal advice.”
Prohibited language
Do not use any of the following in customer-facing materials, documentation, or regulatory submissions.
Absolute integrity claims:
- “Proves the content is unaltered”
- “Guarantees content integrity”
- “Certifies the content”
Truth claims:
- “This content is real”
- “This content is authentic”
- “This content is genuine”
- “This content is not manipulated”
- “Verifies the truth of the content”
- “Proves the content is what it claims to be”
Regulatory compliance claims:
- “Compliant with Article 50” (or any specific article/regulation)
- “Article 50 compliant”
- “GDPR compliant” (in the sense of solving all GDPR obligations)
- “Certifies compliance”
- “Meets regulatory requirements”
Deepfake/fake content claims:
- “This is a confirmed deepfake”
- “This content is fake”
- “Detected as AI-generated” (implies the detection is authoritative — use “marked as AI-generated” instead)
Article 50 positioning
The EU AI Act Article 50 requires deployers to use technical means to disclose AI-generated content. Verbitas’s C2PA + watermark implementation is a technical measure for this purpose.
Approved: “Verbitas provides technical measures that support Article 50 disclosure requirements.”
Prohibited: “Verbitas makes you Article 50 compliant.”
The difference: Verbitas provides tools. Compliance is determined by whether your use of those tools, in your specific deployment, satisfies your specific obligations under the regulation as analysed by a qualified lawyer.
See Guides: EU AI Act Implementation for implementation steps.
Sub-processors
See Compliance: Sub-Processors for the list of third-party services that process data on your behalf.
Contact
For DPA requests, data subject rights inquiries, or regulatory questions:
- DPA: [email protected]
- Security: [email protected]
- General compliance: [email protected]