AI Watermark Adder

What this AI watermark adder does

Two things, both required by the EU AI Act Article 50 starting 2 August 2026: a visible machine-readable label on the surface of the image, and invisible machine-readable provenance data baked into the file. Both must indicate the content was generated by an AI system, and both must be reasonably durable against common modifications. This tool produces both, in a single download, in your browser, without ever uploading your image.

The visible badge

The visible label is the obvious one — a "AI-generated" pill, bar, or corner stripe drawn onto the image with Canvas. You pick position, style, color, opacity, and size; the preview updates live. The default position (bottom-right pill) is the most-cited compliant pattern in the EU Commission's draft Article 50 guidance and matches the conventions Meta, TikTok, and YouTube adopted in late 2024.

What "good enough" looks like under the Act: the marking has to be "clearly visible" and survive ordinary cropping and compression. A badge sized at ≥3% of the image's shorter dimension and placed at least 1% inset from any edge usually passes both reviews and the practical test of "would a moderator see it on a thumbnail." The medium-size preset is calibrated to that.

The invisible metadata

The tool embeds two layers of invisible provenance:

• C2PA-style manifest — a JSON document modeled on the Coalition for Content Provenance and Authenticity (C2PA) 2.x spec. Includes the generator model, author, creation timestamp, and an optional prompt summary. For PNG output, the manifest is stored in a tEXt chunk with key c2pa.manifest; for JPEG, in an APP1 EXIF marker. This is the same field structure Adobe Firefly, OpenAI DALL-E, and Microsoft Designer use for their Content Credentials.
• LSB steganographic mark — a tiny binary tag ("AI-LBL") encoded into the least-significant bits of pixel values across a deterministic 1024-point pattern. Survives JPEG re-compression at quality ≥80, screenshot capture, and most one-pass platform processing. Doesn't survive heavy filters or AI upscaling — that's not the goal; the LSB layer is a fallback for when the manifest is stripped by a careless re-encode.

Why invisible and visible?

Visible labels are for humans; invisible ones are for machines. The EU AI Act Article 50 requires both. The visible one tells a viewer "this is AI" before they consume it. The invisible one tells downstream systems — moderation pipelines, news verification tools, search ranking — long after the image has been screenshotted, shared, and cropped. Neither alone is enough.

What this tool is not

This is not a full C2PA signing tool. Real C2PA manifests are cryptographically signed by an issuer with an X.509 certificate chain rooted in a trust list. We embed the manifest structure in the file's metadata, which gives downstream tools the right shape to read, but it's not a signed assertion. For full signed C2PA you need a certificate from a C2PA-recognized authority (Truepic, Adobe, etc.). That's a paid, identity-bound service.

If you're a professional outlet that publishes AI imagery and needs cryptographic provenance, treat this tool as the visible-labeling step plus a draft of the manifest you'll later sign through a paid C2PA issuer. For most casual creators publishing AI images on social media, the unsigned manifest plus visible label is what platforms actually look for.

Compliance map

• EU AI Act Article 50(2) — providers of generative AI systems must mark outputs as artificially generated in a "machine-readable format" and "detectable as artificially generated." Our invisible manifest + LSB satisfies the machine-readable side.
• EU AI Act Article 50(4) — deployers (the people using generated content) must disclose to viewers when content has been generated or manipulated. Our visible badge satisfies this.
• FTC Section 5 — undisclosed AI-generated promotional or testimonial content can be a deceptive practice. Visible badge mitigates.
• NYC Local Law 144 (hiring AI) — out of scope; this tool is for image content, not hiring decisions.
• Platform rules — Meta, TikTok, YouTube, Pinterest, X all detect Content Credentials and either auto-label or accept your label. Embedding the manifest pre-empts their auto-labeler from miscategorizing.

FAQ

Will the watermark survive screenshots? The visible badge will (it's pixels). The C2PA manifest in metadata won't (screenshots strip metadata). The LSB stegano mark survives screenshots and most lossy re-saves down to about JPEG quality 75.

Can someone remove the watermark? A determined attacker can crop or paint out a visible badge and re-encode to strip metadata. No watermark technology is robust to a knowledgeable adversary. This tool is for honest disclosure, not adversarial protection.

What format should I export? PNG keeps every byte but doubles file size. JPEG is fine for photos but compression strips a percentage of the LSB mark. The tool defaults to keeping the input format; for compliance-critical work, choose PNG.

Is the manifest readable by Adobe Content Credentials? The shape is C2PA-compliant, but Content Credentials only displays manifests it can cryptographically verify. Without a certificate, expect Adobe Verify to show "this image has provenance data but the issuer is unverified." That's accurate.

What's the smallest image you can watermark? 200 × 200 pixels — below that the visible badge crowds the image. The LSB mark works down to 64 × 64 but isn't useful below that.

Roadmap

Coming soon: video frame watermarking (one badge per N frames + per-frame manifest), batch mode for folders of images, ProPub-Hat / IPTC field embedding for newsroom workflows, and ONNX-runtime invisible watermark detection for the inverse problem.