In a C2PA "asset journey," what happens to the provenance chain if someone edits the file with non-C2PA-compliant software?
The chain gets a gap — the credentials become "incomplete," and a viewer is alerted that part of the history is missing or unverifiable.
C2PA records provenance only when each tool in the pipeline writes a signed manifest. If a step uses a tool that doesn't support C2PA (e.g. "Edit 2: edited using non-C2PA-compliant software"), no manifest is added for that step, so the continuous chain breaks.
The verifier then calls out the incomplete C2PA data — it doesn't silently pass. This is a feature: C2PA doesn't prevent editing or even prevent stripping the data; it makes any discontinuity visible, so missing history is itself a signal.
Key nuance: C2PA is tamper-evident, not tamper-proof. You can strip or break the credentials, but you can't forge a valid continuous chain you weren't part of — and gaps are flagged.
Tip: Absence of credentials ≠ proof of fakery, but it does mean "history unverifiable — treat with caution."