The key idea is understanding when and how to attach data in a provenance chain. A Sony camera produces a hardware‑rooted C2PA signature at capture time, signing the EXIF and proprietary metadata inside a secure element. This proves the image was taken on a real Sony device and not generated by AI.Additional manifests such as location, organizational identity, workflow metadata, or edit history can be added later as separate signed assertions. Each added layer must be intentional, privacy‑aware, and auditable, because it expands the legal and trust surface. The result is not a blockchain, but a hardware anchored, append only provenance chain that carries legal weight similar to other cryptographically signed declarations, such as NIP‑62’s “Request to Vanish,” though the mechanisms and goals are different. https://nips.nostr.com/62