Key terms in this module(18)
Quick definitions for the terms used here. Open any term for the full entry.
- Attribution
Assignment of credit to contributors or rights holders. Distinct from authorship; an asset can have multiple attributions (declared, derived, computed).
- C2PA
Coalition for Content Provenance and Authenticity. The standards body and assertion-format specification for content provenance metadata embedded in media file binaries. Used by Output-Provenance Architecture as the canonical mechanism for Class B multimedia OPB emission.
- CDR
Core Data Record. A structured record capturing key information about a creative asset, including the rights, consent, and provenance information attached to it. The CDR is the primary provenance infrastructure for AI pipeline entry.
- cip.md
The framework's declaration file format. A plain-text Markdown file at https://[domain]/.well-known/cip.md declaring rights, consent, and certification status in machine-readable form. Specified in the v3.18 consolidated cip.md Specification page; AI Generation field set added v3.24.
- Data Dividend
Payment for use of personal or contributed data, broader than Training Data Dividend (which is AI-specific). Includes general data-monetisation patterns where individuals receive remuneration for their contributed data.
- Distribution
Dissemination, sale, licensing, or transfer of copies to the public. Includes movement of content through APIs, feeds, search, recommendation systems, syndication. Foundational rights category.
- Licensing
Permission to use IP under conditions, the operational mechanism for rights monetisation. Distinct from sale (which transfers ownership).
- NILP
Name, Image, Likeness, Publicity. Rights over the commercial use of a person's identity markers, name, face, voice, persona, likeness. Engaged by voice cloning, deepfakes, AI-generated likenesses, synthetic impersonation.
- NILP Downstream Obligation
The framework's position that commercial deployers of AI-generated identity content carry the rights-holder claim where the deployment proceeds without explicit consent verification. The obligation flows downstream from training-data ingestion through output generation to commercial deployment.
- Platform
System that hosts models + applies governance, policies, ranking logic, and monetisation rules. Distinct from Model Provider (which makes the model) and Host (which serves it).
- Platform Certification
The track-specific certification for AI platforms covering six audit areas: (1) rights-aware ingestion, (2) algorithmic amplification compliance, (3) synthetic content governance, (4) revenue share compliance, (5) agentic system governance, (6) ongoing audit-readiness.
- Provenance
The documented history of where content comes from and how it has been transformed. Captured in the Core Data Record and evidenced through the Rights Registry.
- Rights Payload
The rights-related information attached to a content record or asset, including the input licence class, transformation permissions, output licence, and CDR linkage. Platform Certification requires 95% Rights Payload coverage across ingested content.
- Rights Registry
The verification system used to confirm rights-related status, credentials, and recognised outputs. Five capabilities: (1) lookup by CDR ID, (2) historical verification at timestamp, (3) operator-identity verification, (4) provenance-chain resolution, (5) bulk URL-to-rights-position lookup.
- Rights-aware Ingestion
Practice of identifying and recording the subsisting rights in a creative work before it is used in an AI training pipeline, storage system, or generative context. The pre-ingestion rights-discovery discipline.
- Synthetic Content
AI-generated output, broader category than Synthetic Media (which is the multimedia subset). Includes synthetic text, code, data, and other AI-produced artefacts.
- Training Data
Inputs used to train models, the operational input category that engages training-data liability. CIP-AI-Training-Data-Source field declares the operator's position.
- Training Data Dividend
TDD. The compensation owed to a rights holder whose creative work has been used as training data. CIP's training markets pay per contribution path rather than per dataset inclusion.
7.1 The six Platform Certification audit areas
As a creator, understanding what certified platforms must do tells you what to expect from them — and what you can enforce when they fall short.
Audit area 1: Rights-aware ingestion — certified platforms must query the Rights Registry at ingestion time and exclude content with CIP-Training-Ingestion: Prohibited status. This is the primary protection your cip.md declaration provides.
Audit area 2: Algorithmic amplification compliance — distribution algorithms must account for rights conditions on surfaced content, not just engagement signals. Attribution requirements and licensing restrictions must be factored in.
Audit area 3: Synthetic content governance — certified platforms must identify, label, and govern AI-generated content with machine-readable C2PA Content Credentials and human-visible on-platform disclosure.
Audit area 4: Revenue share compliance — royalty and revenue distribution must account for Training Data Dividend obligations, not just usage volume.
Audit area 5: Agentic system governance — automated AI agents must be governed with the same rights-aware rigour as human-operated systems. Provenance Certificates must be attached to all agent outputs.
Audit area 6: Regulatory readiness — compliance with UK, EU, and US obligations.
7.2 The 95% Rights Payload threshold
Platform Certification requires 95% Rights Payload coverage: 95% of content ingested must carry a traceable CDR or equivalent provenance record. As a creator with a CDR, your content should be in the verified 95%. Content without a CDR is in the remaining 5% — at higher risk of misuse even on certified platforms.
7.3 If a platform ignores your declarations
- Verify your cip.md is hosted correctly at your domain root and your CDR is registered
- Contact the platform using the rights contact email from their cip.md
- Assert a formal rights failure notice through the CIP Rights Registry — creating a documented evidence trail
- Seek advice from a CIP Legal Practitioner Designation holder
- Consider a Training Data Dividend claim or NILP Downstream Obligation claim through the Rights Registry enforcement pathway
Summary
Key Takeaways
- Certified platforms must query Rights Registry, honour CDR declarations, maintain 95% Rights Payload
- A certified cip.md (generated after completing certification) carries a verifiable badge URL — a stronger basis for enforcement than a pre-certification draft
- Distribution algorithms must account for rights conditions, not just engagement
- If declarations are ignored: verify, contact, assert, escalate
- A CIP Legal Practitioner can assist with formal enforcement through the Rights Registry
- Platform Certification is annual — non-compliant platforms lose the Platform Mark
Self-check
Check Your Understanding
- How many audit areas does the CIP Platform Certification assessment cover?
- What must a certified platform do when it encounters content marked CIP-Training-Ingestion: Prohibited?
- What is the 95% Rights Payload threshold?
- If a certified platform ignores your rights declarations, what is the recommended first step?
- How often must platforms renew their CIP Platform Certification?