CAP Status: DRAFT v0.2 — Now includes SRP (Safe Refusal Provenance) Extension. Feedback welcome.
VAP PROFILE: CONTENT & CREATIVE

CAP - Content / Creative AI Profile

Evidence Framework for AI in Creative Industries

"Leave Evidence, Not Barriers"

— The problem is not AI itself, but its black-box nature

" AI is already widely used in content industries, and stopping its use is not realistic. What matters is leaving cryptographically undeniable records of "who," "what," "with what authority," and "when" assets were ingested, trained, generated, or exported — enabling post-hoc verification when disputes arise. "

Rights infringement. Confidential leaks. Personality violations. Deepfakes.

When disputes arise, how can you prove what happened in the AI workflow?

CAP provides the answer — a tamper-proof evidence trail for creative AI.

View Event Model SRP Extension Join Development

CAP Official Repository

veritaschain/cap-spec — Specification, Schemas, Examples & Test Vectors

CAP Specification v0.2

VSO-CAP-SPEC-001 — Full Technical Specification

Safe Refusal Provenance PoC

Verifiable evidence pack for refused requests

What SRP (Safe Refusal Provenance) Proves

  • Produces a verifiable evidence pack proving that a generation request was received AND refused.
  • Does NOT contain unsafe prompts or generated NSFW outputs.
  • Any third party can verify integrity and completeness using hash-chain + Ed25519 signatures (+ optional Merkle anchor).
VeriCapture iOS App

VeriCapture

CAP-compliant evidence capture app for iOS — Verify, Don't Trust.

Professional evidence generation tool that cryptographically records capture events with SHA-256 hashing, ES256 digital signatures, and RFC 3161 timestamps.

Why CAP is Needed

Structural challenges in AI-powered creative workflows

Rights Provenance Opacity

Unable to trace rights basis for materials fed to AI. When disputes arise, proving legitimate use becomes impossible.

Consent Ambiguity

Unclear whether consent was given for training/generation. Voice cloning, likeness use, and style mimicry happen without proper authorization records.

Confidentiality Gap

Unreleased materials lack classification management. Pre-release characters, designs, footage ingested into AI without confidentiality controls.

How CAP Solves These Challenges

Challenge Description CAP Solution
Rights Provenance Opacity Unable to trace rights basis for materials fed to AI RightsBasis field records rights justification
Consent Ambiguity Unclear whether consent was given for training/generation ConsentBasis captures consent state
Confidentiality Gap Unreleased materials lack classification management ConfidentialityLevel for classification
Accountability Boundaries Cannot identify responsible parties when disputes arise User/Role records actors
Tampering Possibility Records can be altered post-facto Hash Chain provides cryptographic integrity

Target Industries

CAP application scope by industry priority

Priority A Highest Priority
🎮

Games

AAA / Publishers / Studios / Outsourcing

Risk: IP dilution, confidential leaks, character mimicry

🎬

Film / Animation / Streaming

Production / VFX / Post-production / OTT

Risk: Actor likeness, voice cloning, unreleased footage leaks

Priority B Secondary
📚

Publishing

Manga / Books / Editorial Production

Risk: Style mimicry, manuscript leaks, translation quality

🎵

Music

Labels / Distribution / MV Production

Risk: Voice cloning, song imitation, rights processing

Priority C Reference
⚠️

Adult Content

Production / Distribution / Platforms

Risk: Deepfakes, non-consensual generation

🏢

Corporate Branding

Web / IR / Design

Risk: Tone mimicry, brand dilution

Threat Model

Five categories of threats CAP addresses

TH-1 IP Dilution

Unique style/worldview easily mimicked by AI. Brand value erosion, market differentiation difficulty.

Addressed by: AssetID, RightsBasis
TH-2 Reverse Flow

Third parties use AI trained on proprietary materials. Near-identical generated outputs appear in market.

Addressed by: AssetID, ModelContext
TH-3 Confidential Leakage

Unreleased characters/designs/footage/code fed to AI. Leakage via training data pathways.

Addressed by: ConfidentialityLevel, Timestamp
TH-4 Deepfake / Persona Abuse

Private images/video used without consent. Defamation, sexual content, harassment.

Addressed by: ConsentBasis, User
TH-5 Brand/Style Mimicry

Corporate web/IR/design tone imitated. Generated content mistaken for official.

Addressed by: AssetHash, PromptHash

Attack Surface by Lifecycle Stage

Asset Input Training Generation Distribution (INGEST) (TRAIN) (GEN) (EXPORT) │ │ │ │ ▼ ▼ ▼ ▼ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ Rights │ │ Consent │ │ Similarity│ │ Leak │ │ Unclear │ │ Violation│ │ Issues │ │ Path │ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │ │ │ │ ▼ ▼ ▼ ▼ TH-1,TH-3 TH-2,TH-3 TH-1,TH-4 TH-2,TH-5

CAP Event Model

Core events and SRP extension events in the creative AI lifecycle

CAP Core Event Flow

┌─────────────────────────────────────────────────────────────────────────┐ │ CAP Core Event Flow │ ├─────────────────────────────────────────────────────────────────────────┤ │ │ │ INGEST ──────► TRAIN ──────► GEN ──────► EXPORT │ │ │ │ │ │ │ │ ▼ ▼ ▼ ▼ │ │ Asset Input Model Content Output │ │ (Material Training Generation Delivery │ │ intake) │ │ │ │ [Optional stages - not all workflows use all events] │ │ │ └─────────────────────────────────────────────────────────────────────────┘

Event Type Registry

Code Event Type Phase Description Required
0x0100 INGEST Input Asset ingestion into AI workflow SHOULD
0x0200 TRAIN Training Model training/fine-tuning MAY
0x0300 GEN Generation Content generation (allowed) MUST
0x0310 GEN_ATTEMPT Pre-generation Generation request received [SRP] SHOULD*
0x0311 GEN_DENY Decision Generation refused [SRP] SHOULD*
0x0312 GEN_WARN Decision Allowed with warning [SRP] MAY*
0x0313 GEN_ESCALATE Decision Escalated to human review [SRP] MAY*
0x0314 GEN_QUARANTINE Decision Generated but quarantined [SRP] MAY*
0x0400 EXPORT Output Asset delivery/publication SHOULD
0x0F00 AUDIT_ANCHOR System External anchoring event MAY

* Part of SRP Extension (Safe Refusal Provenance)

INGEST

Code: 0x0100 — Asset Ingestion

Records the ingestion of assets into an AI workflow.

Required Fields:

  • • AssetID, AssetHash, AssetType
  • • RightsBasis, ConsentBasis (SHOULD)
  • • ConfidentialityLevel (SHOULD)

TRAIN

Code: 0x0200 — Model Training

Records model training or fine-tuning activities.

Required Fields:

  • • TrainingType: PRETRAIN, FINETUNE, LORA, RLHF, OTHER
  • • InputAssetIDs, OutputModelID
  • • BaseModelID (SHOULD if fine-tuning)

GEN

Code: 0x0300 — Content Generation

Records content generation activities (when allowed).

Required Fields:

  • • PromptHash, OutputAssetID, OutputAssetHash
  • • ModelContext (ModelID, ModelVersion, ModelType)
  • • AttemptID (SHOULD if SRP enabled)

EXPORT

Code: 0x0400 — External Output

Records asset delivery or publication.

Required Fields:

  • • AssetID, Destination
  • • DestinationType: DELIVERY, PUBLICATION, ARCHIVE, OTHER
  • • PermittedUse (SHOULD)
CAP v0.2 NEW

SRP Extension

Safe Refusal Provenance

Cryptographic evidence that harmful content was NOT generated

The Core Problem SRP Solves

The December 2025–January 2026 Grok incident exposed a critical weakness in AI content moderation: there is no standard way to prove that dangerous content was NOT generated.

Event Type Current Systems With SRP
Generation allowed Logged Logged
Generation refused No record Cryptographically proven

When regulators ask "Prove your safeguards worked," existing systems cannot answer. SRP closes this gap.

SRP Event Lifecycle

┌─────────────────────────────────────────────────────────────────────────┐ │ SRP Event Lifecycle │ ├─────────────────────────────────────────────────────────────────────────┤ │ │ │ Request Received │ │ │ │ │ ▼ │ │ ┌─────────────────┐ │ │ │ GEN_ATTEMPT │ ← MUST be recorded for every request │ │ └────────┬────────┘ │ │ │ │ │ ▼ │ │ ┌─────────────────┐ │ │ │ Risk Assessment │ │ │ │ ├─ CSAM check │ │ │ │ ├─ NCII check │ │ │ │ ├─ Violence │ │ │ │ └─ Policy match │ │ │ └────────┬────────┘ │ │ │ │ │ ├─────────────────────┐ │ │ │ │ │ │ ▼ ▼ │ │ Risk < Threshold Risk >= Threshold │ │ │ │ │ │ ▼ ▼ │ │ ┌─────────┐ ┌─────────┐ │ │ │ GEN │ │ GEN_DENY│ │ │ │ (allow) │ │ (refuse)│ │ │ └─────────┘ └─────────┘ │ │ │ │ INVARIANT: count(GEN_ATTEMPT) == count(GEN) + count(GEN_DENY) │ │ │ └─────────────────────────────────────────────────────────────────────────┘

GEN_ATTEMPT

Code: 0x0310 — Request Received

Records that a generation request was received (before risk assessment).

Required Fields:

  • • PromptHash (SHA-256 of prompt)
  • • PolicyID, ModelVersion
  • • PreviousHash (hash chain)
  • • ReferenceImageHash (MAY)
  • • ActorHash (anonymized user)

GEN_DENY

Code: 0x0311 — Request Refused

Records that a generation request was refused.

Required Fields:

  • • AttemptID (reference to GEN_ATTEMPT)
  • • RiskCategory, RiskScore (0.0-1.0)
  • • ModelDecision: DENY, WARN, ESCALATE, QUARANTINE
  • • HumanOverride (boolean)
  • • RefusalReason (SHOULD)

Risk Categories

CSAM_RISK

Child sexual abuse material risk

NCII_RISK

Non-consensual intimate imagery

MINOR_SEXUALIZATION

Sexualization of minors

REAL_PERSON_DEEPFAKE

Unauthorized real person imagery

VIOLENCE_EXTREME

Extreme violence/gore

HATE_CONTENT

Hate speech or discrimination

Completeness Verification Invariant

For every GEN_ATTEMPT event, there MUST exist exactly one outcome event (GEN, GEN_DENY, GEN_WARN, GEN_ESCALATE, or GEN_QUARANTINE) with a matching AttemptID.

No Unmatched Attempts

Every request has a recorded decision

No Orphan Outcomes

Every decision corresponds to a real request

Count Invariant Holds

Complete audit trail exists

Data Model

Key field categories in CAP events

CAP-RIGHTS: Rights & Consent

RightsBasis Enum

  • OWNED — Own original work
  • LICENSED — Licensed from third party
  • PUBLIC_DOMAIN — No copyright restrictions
  • FAIR_USE — Fair use/dealing claim
  • STATUTORY_EXCEPTION — Statutory exception applies
  • UNKNOWN — Rights unclear

ConsentBasis Enum

  • EXPLICIT_WRITTEN — Written consent obtained
  • EXPLICIT_VERBAL — Verbal consent recorded
  • IMPLIED — Consent implied by contract
  • NOT_REQUIRED — Own materials, no consent needed
  • OPTED_OUT — Subject explicitly opted out
  • UNKNOWN — Consent state unclear

CAP-CONFIDENTIALITY: Classification

ConfidentialityLevel Enum

  • PUBLIC — Public information (no restrictions)
  • INTERNAL — Internal only (internal environments)
  • CONFIDENTIAL — Confidential (named recipients only)
  • SECRET — Top secret (strict access control)
  • PRE_RELEASE — Pre-release (embargoed until release)

Role Enum

  • CREATOR — Content creator (artist, designer)
  • ENGINEER — Technical staff (ML engineer)
  • REVIEWER — Reviewer (legal, compliance)
  • MANAGER — Manager (producer, director)
  • SYSTEM — System automated processing

INGEST Event Example (v0.2) 

{
  "EventID": "01945f2a-8b3c-7f93-9f3a-1234567890ab",
  "ChainID": "01945e3a-6a1b-7c82-9d1b-0987654321dc",
  "PrevHash": null,
  "Timestamp": "2026-01-10T10:00:00.000Z",
  "EventType": "INGEST",
  "HashAlgo": "SHA256",
  "SignAlgo": "ED25519",
  
  "Asset": {
    "AssetID": "urn:cap:asset:studio-a:char-design-001",
    "AssetType": "IMAGE",
    "AssetHash": "sha256:a7ffc6f8bf1ed76651c14756a061d662...",
    "AssetName": "Main Character Design Draft A"
  },
  
  "Rights": {
    "RightsBasis": "OWNED",
    "RightsHolder": "studio-a",
    "ConsentBasis": "NOT_REQUIRED",
    "PermittedUse": {
      "Training": true,
      "Generation": true,
      "Distribution": false,
      "Commercial": true
    }
  },
  
  "Confidentiality": {
    "ConfidentialityLevel": "PRE_RELEASE",
    "ReleaseDate": "2026-04-01T00:00:00.000Z"
  },
  
  "Context": {
    "UserID": "user-12345",
    "Role": "CREATOR",
    "Department": "Character Design"
  },
  
  "EventHash": "sha256:b8ffc7f9cf2fe87762d25867b172e773...",
  "Signature": "ed25519:MEUCIQDh..."
}

Regulatory Alignment

CAP's connection to global regulations

Regulation Jurisdiction CAP Relevance
EU AI Act EU Art.12 Logging, Art.53 Transparency
Digital Services Act (DSA) EU Art.35 systemic risk mitigation, audit trails
GDPR EU Processing records, consent management
Copyright Directive EU TDM exception, opt-out rights
TAKE IT DOWN Act [NEW in v0.2] USA NCII evidence requirements, 48-hour response proof
Copyright Law Art. 30-4 Japan AI training exception documentation

SRP Extension Regulatory Alignment

EU AI Act Art.12

  • Automatic logging (GEN_ATTEMPT + outcomes)
  • Lifetime retention (hash chain + anchoring)
  • Human oversight records (HumanOverride)

EU DSA Art.35

  • Risk mitigation evidence (GEN_DENY)
  • Complete audit trail
  • Reporting (refusal_stats.json)

TAKE IT DOWN Act

  • 48-hour response timestamp proof
  • "Never generated" proof via GEN_DENY
  • Shareable evidence pack

Implementation Levels

Graduated adoption based on organizational readiness

L1 Basic

Small studios, individuals

  • INGEST/GEN events
  • Local JSON storage
  • SHA-256 event hashing

Event creation: <100ms

L2 Standard

Mid-size production companies

  • All 4 core events
  • Hash Chain integrity
  • Digital signatures

Event creation: <50ms

L3 Enterprise

Major publishers, studios

  • L2 + Merkle Anchor
  • External verification
  • SRP Extension

Event creation: <10ms

Position within VAP Framework

CAP's position in the framework hierarchy

┌────────────────────────────────────────────────────────────────────────────┐ │ │ │ VAP (Verifiable AI Provenance Framework) │ │ Conceptual framework for AI decision audit trails │ │ Defines cross-domain minimum requirements │ │ │ └────────────────────────────────────────┬───────────────────────────────────┘ │ │ defines & maintains │ ┌────────────────────────────────────────▼───────────────────────────────────┐ │ │ │ VSO (VeritasChain Standards Organization) │ │ Standards body maintaining VAP and profiles │ │ │ └────────────────────────────────────────┬───────────────────────────────────┘ │ │ publishes profiles │ ┌──────────┬───────────────────┼───────────────────┬──────────┐ │ │ │ │ │ ▼ ▼ ▼ ▼ ▼ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │ VCP │ │ CAP │ │ DVP │ │ MAP │ │ ... │ │ Finance │ │Content/ │ │Automotive│ │ Medical │ │ │ │ Profile │ │Creative │ │ Profile │ │ Profile │ │ │ └────┬────┘ └────┬────┘ └─────────┘ └─────────┘ └─────────┘ │ │ ▼ ▼ v1.1 v0.2 Draft Released + SRP Ext Domain-specific protocol implementations

CAP vs VCP Comparison

Aspect VCP (Finance) CAP (Content/Creative)
Subject Transaction Content/IP Asset
Industries Finance, Trading Games, Film, Publishing, Music
Core Events SIG/ORD/EXE/CXL INGEST/TRAIN/GEN/EXPORT
Regulations MiFID II, EU AI Act EU AI Act, DSA, Copyright Law
Time Precision Nanosecond–Millisecond Second–Minute
Shared Foundation VAP Integrity Layer (Hash Chain, Merkle Tree, Ed25519 Signature)

Get Involved

Join the development of CAP and shape the future of AI governance in creative industries

VAP Framework

Parent framework that CAP extends

CPP (Capture)

Capture Provenance Profile for verifiable capture records

CPP Spec (GitHub)

Technical specification for Capture Provenance Profile

Join Development

For game studios, publishers, and content creators
"The question is not whether to use AI in creative work.
The question is whether you can prove what happened when disputes arise."

— VeritasChain Standards Organization

"Leave Evidence, Not Barriers."

This work is licensed under CC BY 4.0 International

CAP Specification v0.2.0 — Last Updated: 2026-01-10