C2PA UX v2.2 Compliance
Lens implements the C2PA UX v2.2 recommendations as a capture-only iOS camera app. This page provides auditors, security teams, and partners with a transparent view of how Lens aligns with the C2PA UX v2.2 guidance.
30/31 Implemented1 scoped out per product decision (2.8)
Context
Lens is a camera-only iOS app that captures photos and videos from the device camera. Because the C2PA UX v2.2 specification targets a broad range of implementers (editing tools, publishing platforms, streaming video players, forensic tools), not all recommendations are applicable to a capture-only camera app.
✓Captures photos and videos from the device camera
✓Uses a single manifest per capture (no ingredient graphs)
✓Stores signed masters as embedded manifests in Files
✗Does not provide editing/compositing tools
✗Does not function as a social media or publishing platform
✗Plays back monolithic video files (no HLS/DASH streaming)
This matrix clarifies which requirements are:
- Applicable and implemented
- Not Applicable (N/A) for a camera app
- Optional for future expansion
Summary
Total C2PA UX v2.2 requirements reviewed
42
Applicable to Lens camera app
30Implemented (30/31). Section 2.8 (Continuous Feedback) scoped out per product decision; it is a standard principle in the spec, not optional.
Not Applicable to camera app
11Marked N/A with rationale
Lens implements 30 of 31 applicable C2PA UX v2.2 requirements; Section 2.8 (Continuous Feedback) was scoped out per product decision; it is a standard principle in the spec, not optional.
Not-Applicable Requirements (Scoped Out for Camera App)
These items are part of the C2PA UX v2.2 spec but do not apply to Lens given its scope.
| Requirement | Section | Applicability | Remark |
|---|---|---|---|
| L4 Forensic View | 3.1.4 | N/A | L4 forensic inspection is handled by external verifier tools (e.g., desktop C2PA viewers), not by the capture app. |
| Regions of Interest | 3.3.3 | N/A | Lens does not provide region-based editing; there are no "edited regions" to visualize. |
| Redactions & Updates | 3.5.2 | N/A | Lens does not support manifest redaction workflows; it only captures and signs content. |
| Remote Storage UX | 3.6.2 | N/A | Lens uses embedded manifests in local files; no remote manifest storage is exposed to the user. |
| Watermarks / Fingerprinting | 3.7 | N/A | Lens embeds manifests directly; recovery via watermarks/fingerprints is not required for its capture workflow. |
| Ingredient Validation | 3.8.4 | N/A | Lens does not composite multiple assets; there are no ingredient manifests to validate. |
| Video Streaming UX (delivery, loading, segment validation) | 3.9.1–3.9.3 | N/A | Lens records and plays monolithic video files; there is no streaming player or segment-level validation UI. |
| L1 Source Disclosures | 4.3 | N/A | As a camera app, all captures originate from the device camera. Source is disclosed at L2; L1 labeling is redundant. |
| Identity Assertions (CAWG) | 3.4.3 | Optional | Human/organizational identities are not required for basic camera provenance; may be added for future professional workflows. |
| Localization | 3.2.2 | Optional | Current app is English-only; localization is a cross-cutting product decision, not specific to C2PA. |
| Remote Storage-Specific Output Options | 3.8.5 (remote branch) | N/A | Remote manifest storage is not implemented, so related options are intentionally omitted. |
Applicable Requirements (Implemented)
All of the following are applicable to a camera app and are implemented in Lens.
Principles
| Requirement | Section | Status | Notes |
|---|---|---|---|
| Designing for trust | 2.1 | Pass | Transparent trust signals, clear warnings, no "magic" validation states. |
| Quality | 2.2 | Pass | Native SwiftUI, premium transitions, performance-aware. |
| Consistency | 2.3 | Pass | C2PA UI follows Lens design system and iOS HIG (see HUD/HIG docs). |
| Accessibility | 2.4 | Pass | VoiceOver labels, hints, section grouping across L1/L2/L3. |
| Screen Adaptability | 2.5 | Pass | Mobile-first layout, touch targets, safe areas respected. |
| Progressive Disclosure | 2.6 | Pass | L1 → L2 → L3 flow implemented. |
| Education & Communication | 2.7 | Pass | Onboarding and Content Credentials help in L2/L3. |
| Continuous Feedback | 2.8 | Not implemented | Removed (2026-01-26) — scoped out per product decision; §2.8 is a standard principle in the spec, not optional. |
Patterns & Components (Camera-Applicable Subset)
| Requirement | Section | Status | Notes |
|---|---|---|---|
| L1 Indicator | 3.1.1, 4.2 | Pass | Content Credentials indicator (shield + icon) in camera HUD. |
| L2 Summary | 3.1.2, 4.4 | Pass | Status sheet with summary view (signer, timestamp, key warnings). |
| L3 Detailed View | 3.1.3, 4.4 | Pass | Full manifest view with per-assertion provenance. |
| Language / Terminology | 3.2 | Pass | "Content Credentials" everywhere user-facing. |
| Branding | 3.2.1 | Pass | Correct use of Content Credentials branding. |
| Actions Display | 3.3.1 | Pass | Created action and digital capture source type shown in L2/L3. |
| Source Disclosures | 3.3.2 | Pass | Camera-capture source disclosed in L2. |
| Created vs Gathered | 3.4.1 | Pass | System/User badges in L3. |
| Custom Assertions | 3.4.2 | Pass | Device metadata and Lens-specific assertions in L3. |
| Offline Signing | 3.5.1 | Pass | Offline signing allowed with informed choice; timestamp authority awareness and clear warnings. |
| Storage (Embedded) | 3.6.1 | Pass | Embedded manifests in master copies (Files app). |
| Creator Experience (3.8.1–3.8.5) | 3.8 | Pass | Onboarding, preview, settings, save preview, info views. |
| Content Credentials Icon | 4.1 | Pass | Official icon asset, unmodified. |
| Validation States & Warnings | 4.5.1–4.5.4 | Pass | All validation states surfaced with clear messaging. |
How to Interpret Scores in the Main Audit
In the main C2PA UX compliance audit:
- "Applicable" score (30/31) counts only the requirements that make sense for a capture-only camera app; Section 2.8 (Continuous Feedback) was scoped out per product decision; it is a standard principle in the spec, not optional.
- The spec-level denominator (42) is retained to show that some recommendations are intentionally scoped out, not forgotten.
- Each Not-Applicable item above has a documented rationale, so auditors can see why it was excluded.