C2PA Cameras & Phones 2026: Complete Device Support List

Software-based C2PA signing -- the kind that Adobe Firefly, OpenAI, and Photoshop use -- proves that a particular application produced or edited a file. Hardware-based signing goes further. When a camera signs an image with C2PA credentials at the point of capture, it provides cryptographic proof that light hit a physical sensor and produced that specific file. No generation model, no compositing tool, no post-processing -- a real scene, captured by a real device.

This is the strongest provenance signal available in the C2PA ecosystem. As of early 2026, four major camera manufacturers and two smartphone manufacturers ship it.

Leica: the first to ship

The Leica M11-P, announced in October 2023, was the first production camera to include C2PA Content Credentials. Leica partnered with the Content Authenticity Initiative to integrate signing into the M11-P's firmware.

When you capture an image with the M11-P, the camera embeds a C2PA manifest in the JPEG file before it is written to the memory card. The manifest is signed with Leica's certificate, and it includes assertions identifying the camera model, the capture action (c2pa.created), and the timestamp.

Leica subsequently added C2PA support to additional models. The M11, Q3, and SL3 received firmware updates enabling Content Credentials. The implementation uses Leica's signing certificate issued through the CAI's trust infrastructure, which means the credentials are recognized by conforming verifiers as coming from a trusted camera manufacturer.

The M11-P's launch was significant not because of market share -- Leica is a low-volume manufacturer -- but because it proved the concept. A camera could embed cryptographic provenance without meaningful impact on capture speed, file size, or user experience.

Nikon: professional workhorse adoption

Nikon was the first high-volume professional camera manufacturer to ship C2PA support. The Z9 (Nikon's flagship mirrorless body) and the Z8 (its high-resolution counterpart) received firmware updates enabling Content Credentials in 2024. The Zf, a retro-styled full-frame body popular with photojournalists and enthusiasts, followed.

Nikon's implementation is notable for its hardware security architecture. The signing key is stored in a Secure Processing Unit (SPU) on the camera's main processor board. The private key never leaves the secure enclave -- the manifest is signed inside the SPU, and only the signed output is written to the file. This design means that even if someone has physical access to the camera and its storage, they cannot extract the signing key to forge credentials on a different device.

Nikon's partnership with the Associated Press is instructive. The AP ran field trials with Z9 bodies equipped with C2PA firmware, testing the workflow from capture through wire distribution. The AP's interest is straightforward: in an era of AI-generated imagery and cheapfakes, wire services need a way to prove that a photograph was taken by a credentialed photojournalist at a real location, with a real camera. C2PA-signed images from a trusted camera manufacturer provide exactly that chain of attestation.

The signing process adds negligible time to the capture pipeline. Nikon reports sub-millisecond signing overhead. The manifest adds a few kilobytes to the file size -- invisible in the context of 45-megapixel RAW files.

Canon: steering committee weight

Canon is a member of the C2PA steering committee, which means it helps define the specification itself, not just implement it. Canon's EOS R1 (the flagship professional sports/news body) and EOS R5 Mark II (the high-resolution hybrid body) support C2PA Content Credentials.

Canon's approach follows the same general architecture: a secure element stores the signing key, the manifest is generated and signed at capture time, and the credentials are embedded in the output file. Canon has been deliberate about rolling out support to its professional bodies first -- the cameras most likely to be used in contexts where provenance matters: news, sports, documentary, and editorial photography.

Canon's membership on the C2PA steering committee also means it has influence over how the specification evolves with respect to camera-specific concerns. Issues like RAW workflow support, burst capture performance, and dual-card recording all have implications for how manifests are generated and stored, and Canon's engineering team contributes directly to those specification decisions.

Sony: founding member implementation

Sony was one of the founding members of the C2PA and has been involved in the standard since its inception. The a9 III (Sony's flagship sports body, notable as the first full-frame camera with a global shutter sensor) and the a1 (Sony's top-tier hybrid body) support C2PA through firmware updates.

Sony's implementation leverages the camera's existing secure boot and firmware signing infrastructure. The C2PA signing key is provisioned during manufacturing and stored in a tamper-resistant element. Sony's certificates chain through the CAI's trust infrastructure, establishing the credentials as coming from a known, trusted camera manufacturer.

Sony's professional cinema cameras (the VENICE line) are also part of the C2PA roadmap, which extends hardware-level provenance beyond still photography into motion picture production.

Smartphones: the mass-market frontier

Samsung Galaxy S25

Samsung became the first major smartphone manufacturer to ship C2PA Content Credentials with the Galaxy S25 series in early 2025. The implementation uses the Qualcomm Snapdragon 8 Elite's secure processing unit for key storage and signing, following the same hardware security model as dedicated cameras.

When enabled, the Galaxy S25 signs photographs taken with the native camera app. The C2PA manifest includes assertions for c2pa.created, the device model, and a timestamp. Samsung's signing certificate chains through the CAI trust infrastructure.

The significance is scale. Samsung ships hundreds of millions of smartphones annually. Even if C2PA signing is initially limited to the S25 flagship line, the potential for signed photographs entering circulation is orders of magnitude greater than dedicated cameras.

Google Pixel

Google added C2PA support to the Pixel smartphone line, leveraging both Qualcomm's secure element and Google's own Tensor security core. Google's implementation is notable for its integration with the broader Google ecosystem -- the same company that applies C2PA to AI-generated images via Imagen now also signs camera-captured photographs on its hardware.

Google's approach reflects a dual commitment: signing AI-generated content (via Imagen and other products) and signing camera-captured content (via Pixel). This positions Google as a C2PA signer across both the synthetic and camera-origin decision classes, with different certificates and signer types for each.

How camera-level signing differs from software-level

The distinction between camera signing and software signing is not just about who signs -- it is about the security guarantees.

Camera signing happens in a secure hardware element that is physically part of the device. The private key is provisioned at the factory and cannot be extracted. The signing occurs before the image data ever leaves the camera's internal processing pipeline. To forge a camera-signed credential, you would need to compromise the secure element of a specific physical camera -- an attack that requires hardware expertise, physical access, and significant effort.

Software signing happens in an application running on a general-purpose computer. Adobe Photoshop signs with Adobe's certificate. OpenAI's DALL-E signs with OpenAI's certificate. The signing is legitimate and trustworthy, but the security model is different. The signing key is managed in software (albeit in secure infrastructure), and the content being signed may itself be synthetic. Software signing proves "this application produced this output." Camera signing proves "this physical device captured this scene."

For content verification purposes, this distinction maps to different decision classes. When AttestTrail verifies an image signed by a Nikon Z9, the decision class is verified_camera_origin -- the highest-trust provenance signal available. When it verifies an image signed by Adobe Firefly, the decision class is verified_synthetic -- valid provenance, but indicating AI generation.

Both are valuable. Both are deterministic. But they mean different things, and content moderation pipelines should route them accordingly.

What happens when you edit a camera-signed image

This is one of the most common questions about C2PA in practice, and the answer depends on what software you use for editing.

Editing in C2PA-aware software (e.g., Adobe Photoshop, Lightroom): The original camera manifest becomes an ingredient in a new manifest. Photoshop creates a new C2PA manifest for the edited file, which references the original camera credential. The new manifest records the edits performed (cropping, color grading, retouching) as actions, and the camera origin is preserved in the provenance chain. A verifier can see: "This image was captured by a Nikon Z8, then edited in Adobe Photoshop. The camera origin is cryptographically verified. The editing history is recorded."

Editing in C2PA-unaware software (e.g., Affinity Photo, GIMP, most mobile editors): The C2PA manifest is stripped. These applications do not know about JUMBF boxes and either ignore or discard them during their save process. The resulting file has no Content Credentials. The provenance chain is broken.

This is the ecosystem gap that matters most for camera-signed provenance. A photojournalist captures an image on a Nikon Z9 with C2PA credentials, imports it into an editing tool that strips the manifest, and publishes a file with no provenance. The signing happened, but the credential did not survive the workflow.

The mitigation strategies are:

1. •Use C2PA-aware editing tools. Adobe's Creative Cloud applications have the most comprehensive C2PA support in the editing category. As the specification gains adoption, other editors will follow.
2. •Preserve the original. Keep the camera-original JPEG or HEIF with its C2PA manifest as an archival asset, even if your edited version loses the credentials.
3. •Perceptual fingerprint matching. Services like AttestTrail store perceptual hashes of verified images. If a stripped image is uploaded later, the fingerprint match can recover the original provenance data.

Limitations and gaps

Camera-level C2PA is powerful but not yet complete. Honest assessment of the current limitations:

RAW workflows are inconsistent. Most C2PA implementations sign JPEG or HEIF outputs. RAW file formats (NEF, CR3, ARW) have varying levels of C2PA support. Many professional photographers shoot RAW exclusively and convert to JPEG/TIFF in post-processing, which may or may not preserve or re-sign the credentials. The C2PA specification does support RAW formats, but implementation varies by manufacturer.

Not all models are supported. Within each manufacturer's lineup, C2PA is currently limited to high-end professional bodies. Canon's Rebel/EOS R series consumer cameras, Nikon's Z5 and Z30, Sony's a6000-series -- none of these have C2PA support yet. The feature is positioned as a professional capability, not a consumer default.

Social media strips metadata. Upload a C2PA-signed image to most social platforms and the manifest is removed during re-encoding. This is the single biggest obstacle to camera-level provenance reaching end viewers. Until platforms preserve or re-attach Content Credentials, the provenance chain breaks at the point of social sharing.

Smartphone adoption is early but accelerating. Samsung shipped C2PA support in the Galaxy S25 series, making it the first major smartphone manufacturer to include Content Credentials. Google followed with C2PA in the Pixel line, leveraging Qualcomm's Snapdragon secure element infrastructure. Both implementations sign photographs at capture time using the device's hardware security module, following the same trust model as dedicated cameras. However, C2PA remains limited to flagship devices — mid-range and budget smartphones do not yet support it. Given that smartphones capture the overwhelming majority of photographs, broader rollout across price tiers will be the most consequential expansion of the C2PA ecosystem.

Where this is headed

The trajectory is clear. C2PA in cameras will follow the same adoption curve as image stabilization, autofocus tracking, and other features that started in professional bodies and migrated to consumer models within a few product generations.

Several factors are accelerating adoption:

Regulatory pressure. The EU AI Act's transparency requirements create demand for verified provenance. Newsrooms, stock agencies, and platforms subject to the regulation need cameras that produce verifiable content. This creates market pull for C2PA across the product lineup.

Smartphone momentum. Samsung and Google have shipped C2PA in their flagship smartphones, validating that Qualcomm's Snapdragon secure element infrastructure works for mobile signing. Other Android OEMs can enable camera-level signing without custom silicon -- they just need firmware support and certificate provisioning. Apple remains the conspicuous holdout, though the secure enclave in Apple Silicon is architecturally ready for C2PA signing.

Editorial and insurance requirements. Major wire services (AP, Reuters, AFP) and stock agencies (Getty Images) are increasingly requiring or favoring provenance-verified content. For working photographers, C2PA-enabled cameras will shift from "nice to have" to "required by the client."

Trust differentiation. In a media environment saturated with AI-generated imagery, a camera-signed photograph carries a qualitative trust advantage that no AI detection classifier can match. The credential says: this image was produced by a physical device. For photojournalism, legal evidence, insurance documentation, and editorial content, that guarantee has tangible value.

Camera and smartphone-level C2PA is the foundation of content provenance. Software signing records what tools were used. Hardware signing records what actually happened in front of the lens. Dedicated cameras and flagship smartphones are shipping with C2PA support. The trust infrastructure is operational. The remaining work is ecosystem completion -- more camera models, mid-range smartphones, more editing software, and more platforms preserving credentials through their processing pipelines.

To verify a camera-signed image yourself, upload it to the C2PA Viewer. For background on how C2PA manifests and verification work, see the complete C2PA guide.