CAP Status: DRAFT v0.1 — This specification is open for public comment. Feedback welcome.
VAP PROFILE: CONTENT & CREATIVE

CAP - Content / Creative AI Profile

Evidence Framework for AI in Creative Industries

"Not to prohibit AI, but to leave evidence"

— The problem is not AI itself, but its black-box nature

" AI is already widely used in content industries, and stopping its use is not realistic. What matters is leaving cryptographically undeniable records of "who," "what," "with what authority," and "when" assets were ingested, trained, generated, or exported — enabling post-hoc verification when disputes arise. "

Rights infringement. Confidential leaks. Personality violations. Deepfakes.

When disputes arise, how can you prove what happened in the AI workflow?

CAP provides the answer — a tamper-proof evidence trail for creative AI.

View Event Model Threat Model Join Development

CAP Basic Specification v0.1

VSO-CAP-SPEC-001 — Full Technical Specification

Why CAP is Needed

Structural challenges in AI-powered creative workflows

Opaque Rights Provenance

The rights basis of materials ingested into AI workflows is untraceable. When disputes arise, proving legitimate use becomes impossible.

Ambiguous Consent

Whether consent was obtained for training or generation is unclear. Voice cloning, likeness use, and style mimicry happen without proper authorization records.

Confidentiality Breach Risk

Unreleased characters, story settings, and assets are ingested into AI without confidentiality classification, risking leaks through training data.

How CAP Solves These Challenges

Challenge Description CAP Solution
Rights Opacity Rights basis of AI-ingested materials untraceable RightsBasis field records rights foundation
Consent Ambiguity Consent status for training/generation unclear ConsentBasis fixes consent state cryptographically
Confidentiality Gap Unreleased materials' sensitivity unmanaged ConfidentialityLevel classifies sensitivity
Liability Uncertainty Responsible parties unidentifiable in disputes User/Role records executor identity
Tampering Risk Post-hoc record alteration possible Hash Chain provides cryptographic guarantee

Target Industries

CAP application scope by industry priority

Priority A Highest Priority
🎮

Games

AAA studios, publishers, outsourcing

Risk: IP dilution, confidential leaks, character mimicry

🎬

Film / Animation / Streaming

Production, VFX, post-production, OTT

Risk: Actor likeness, voice actor audio, unreleased footage

Priority B High Priority
📚

Publishing

Manga, books, editorial production

Risk: Style mimicry, manuscript leaks, translation quality

🎵

Music

Labels, streaming, MV production, rights management

Risk: Voice cloning, song mimicry, rights processing

Priority C Reference
🏢

Corporate Branding

Web, IR, financial reports, design

Risk: Tone mimicry, brand damage

🎓

Education / Training

Universities, research, corporate training

Risk: Paper plagiarism, unauthorized material training

⚠️

Adult Content

Production, distribution, platforms

Risk: Deepfakes, non-consensual generation

Threat Model

Five categories of threats CAP addresses

TH-1 IP Dilution

Unique expression styles and worldviews easily mimicked by AI, diluting brand value and market differentiation.

Addressed by: AssetID, RightsBasis
TH-2 Reverse Flow

Third parties use AI trained on your materials, producing market outputs similar to your products.

Addressed by: AssetID, ModelContext
TH-3 Confidential Leakage

Unreleased characters, settings, footage, and code ingested into AI, leaking through training data.

Addressed by: ConfidentialityLevel, User
TH-4 Deepfake / Persona Abuse

Private images/videos used without consent for generation: defamation, sexual content, harassment.

Addressed by: ConsentBasis, AssetID
TH-5 Brand/Style Mimicry

Corporate HP/IR/financial report design and tone mimicked, creating outputs confused with official materials.

Addressed by: RightsBasis, PermittedUse

Attack Surface by Lifecycle Stage

Asset Ingest Training Generation Export (INGEST) (TRAIN) (GEN) (EXPORT) │ │ │ │ ▼ ▼ ▼ ▼ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ Rights │ │ Consent │ │ Similarity│ │ Leakage │ │ Unclear │ │ Violation│ │ Issues │ │ Paths │ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │ │ │ │ ▼ ▼ ▼ ▼ TH-1,TH-3 TH-2,TH-3 TH-1,TH-4 TH-2,TH-5

CAP Event Model

Four core events in the creative AI lifecycle

CAP Event Lifecycle

┌─────────────────────────────────────────────────────────────────────────┐ │ CAP Event Lifecycle │ ├─────────────────────────────────────────────────────────────────────────┤ │ │ │ INGEST ──────► TRAIN ──────► GEN ──────► EXPORT │ │ │ │ │ │ │ │ ▼ ▼ ▼ ▼ │ │ Asset Input Training Generation External │ │ Execution Execution Output │ │ │ │ • Images • Full Train • Image Gen • Delivery │ │ • Videos • Fine-tune • Video Gen • Distribution │ │ • Audio • LoRA/PEFT • Audio Gen • Publication │ │ • Text • Embedding • Text Gen • Internal Share │ │ • Code • Code Gen │ │ • 3D Models │ │ │ └─────────────────────────────────────────────────────────────────────────┘

INGEST

Code: 1 — Asset Ingestion

Records materials, data, and references input into AI workflows.

Required Fields:

  • • AssetID, RightsBasis, ConfidentialityLevel
  • • User, Timestamp

TRAIN

Code: 2 — Model Training

Records model training, fine-tuning, and additional training activities.

Required Fields:

  • • ModelContext, TrainingType, InputAssetIDs
  • • User, Timestamp

GEN

Code: 3 — Content Generation

Records AI-generated content creation.

Required Fields:

  • • ModelContext, OutputAssetID, PromptHash
  • • User, Timestamp

EXPORT

Code: 4 — External Output

Records generated content output, distribution, and delivery.

Required Fields:

  • • AssetID, Destination, PermittedUse
  • • User, Timestamp

Data Model

Key field categories in CAP events

Rights & Consent

RightsBasis Enum

  • OWNED — Self-created/copyright held
  • LICENSED — Third-party license obtained
  • PUBLIC_DOMAIN — Public domain
  • CREATIVE_COMMONS — CC license
  • FAIR_USE — Fair use claim
  • UNKNOWN — Rights relationship unknown

ConsentBasis Enum

  • EXPLICIT_WRITTEN — Explicit written consent
  • EXPLICIT_DIGITAL — Explicit digital consent
  • IMPLIED — Implied consent
  • STATUTORY — Statutory permission
  • NOT_REQUIRED — Consent not required
  • NONE — No consent
  • REVOKED — Consent revoked

Confidentiality & Context

ConfidentialityLevel Enum

  • PUBLIC — Public information
  • INTERNAL — Internal only
  • CONFIDENTIAL — Confidential
  • SECRET — Top secret
  • PRE_RELEASE — Pre-release

Role Enum

  • CREATOR — Content creator (artist, designer)
  • ENGINEER — Technical staff (ML engineer, developer)
  • MANAGER — Manager (producer, director)
  • REVIEWER — Reviewer (legal, compliance)
  • SYSTEM — System automated processing
  • EXTERNAL — External party (contractor, partner)

INGEST Event Example 

{
  "EventID": "01934f2a-8b3c-7f93-9f3a-1234567890ab",
  "ChainID": "01934e3a-6a1b-7c82-9d1b-0987654321dc",
  "Timestamp": "2025-12-27T10:00:00.000Z",
  "EventType": "INGEST",
  
  "Asset": {
    "AssetID": "urn:cap:asset:studio-a:char-design-001",
    "AssetType": "IMAGE",
    "AssetHash": "sha256:a7ffc6f8bf1ed76651c14756a061d662..."
  },
  
  "Rights": {
    "RightsBasis": "OWNED",
    "ConsentBasis": "NOT_REQUIRED",
    "PermittedUse": {
      "Training": true,
      "Generation": true,
      "Distribution": false
    }
  },
  
  "Confidentiality": {
    "ConfidentialityLevel": "PRE_RELEASE",
    "ReleaseDate": "2026-04-01T00:00:00.000Z"
  },
  
  "Context": {
    "UserID": "user-12345",
    "Role": "CREATOR"
  }
}

Compliance Philosophy

Comply-or-Explain and Evidence-Based Accountability

Comply-or-Explain Principle

CAP does not force compliance. It requires organizations to either comply or explain their reasons for deviation.

  • Provides a framework for accountability to regulators, auditors, and rights holders
  • Organizations can document deviations with justification
  • Enables graduated adoption based on organizational readiness

Negative Proof Capability

CAP enables not only proof of use, but also negative proof — demonstrating that specific assets were NOT used.

Key Benefits:

  • • Counter "unauthorized use" allegations with log completeness
  • • Prove independent creation against "mimicry" claims
  • • Demonstrate "confidential asset non-usage" in internal investigations

Evidence-Based Accountability

Scenario Without CAP With CAP
Rights Infringement Allegation Can only claim "we didn't use it" INGEST logs prove use/non-use
Confidential Leak Investigation Leak path identification difficult EXPORT destination and timing traceable
Consent Verification Vague verbal confirmation ConsentBasis cryptographically recorded
Audit Response Post-hoc record creation Real-time Evidence Pack

Regulatory Alignment

CAP's connection to global regulations

Regulation Jurisdiction CAP Relevance
EU AI Act EU Art.12 Logging, Art.53 Transparency
Digital Services Act (DSA) EU Generative AI content disclosure
GDPR EU Processing records, consent management
Copyright Directive EU TDM exception, opt-out rights
Copyright Act Art. 30-4 Japan AI training exception provisions
AI Business Guidelines Japan Transparency, accountability requirements

Relationship with VAP/VSO

CAP's position in the framework hierarchy

┌────────────────────────────────────────────────────────────────────────────┐ │ │ │ VAP (Verifiable AI Provenance) │ │ Cross-domain upper framework for all domains │ │ │ └────────────────────────────────────────┬───────────────────────────────────┘ │ │ defines & maintains │ ┌────────────────────────────────────────▼───────────────────────────────────┐ │ │ │ VSO (VeritasChain Standards Organization) │ │ Standards body that develops and maintains VAP │ │ │ └────────────────────────────────────────┬───────────────────────────────────┘ │ │ publishes profiles │ ┌──────────┬───────────────────┼───────────────────┬──────────┐ │ │ │ │ │ ▼ ▼ ▼ ▼ ▼ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │ VCP │ │ CAP │ │ DVP │ │ MAP │ │ EIP │ │ Finance │ │Content/ │ │Automotive│ │ Medical │ │ Energy │ │ Profile │ │Creative │ │ Profile │ │ Profile │ │ Profile │ └────┬────┘ └────┬────┘ └─────────┘ └─────────┘ └─────────┘ │ │ ▼ ▼ v1.0 v0.1 Draft Released Domain-specific "concrete protocol implementations"

CAP vs VCP Comparison

Aspect VCP (Finance) CAP (Content/Creative)
Subject Transaction Content/IP Asset
Target Industry Finance, Trading Games, Film, Publishing, Music
Core Events SIG/ORD/EXE/CXL INGEST/TRAIN/GEN/EXPORT
Regulatory Reference MiFID II, EU AI Act EU AI Act, DSA, Copyright Law
Timestamp Precision Nanoseconds ~ Milliseconds Seconds ~ Minutes
Common Foundation VAP Integrity Layer (Hash Chain, Merkle Tree, Digital Signature)

Get Involved

Join the development of CAP and shape the future of AI governance in creative industries

View VAP Framework

Understand the upper framework that CAP extends

VCP Specification (Finance)

See the released VCP v1.0 as reference implementation

Participate in CAP Development

For game studios, publishers, and content creators
"The question is not whether to use AI in creative work.
The question is whether you can prove what happened when disputes arise."

— VeritasChain Standards Organization

"Not to stop AI — but to leave evidence."

This work is licensed under CC BY 4.0 International