C2PA Interim Trust List Frozen - Conformance Programme Now the Only Path

As of January 1, 2026, the C2PA Interim Trust List (ITL) has been frozen. No new entries will be added and no updates will be made. The ITL served as a transitional mechanism while the official Conformance Programme was being developed - now that the programme is fully operational, it replaces the ITL as the sole path to trusted signing certificates.

What this means

Existing certificates on the ITL remain valid for legacy support. Content signed during an ITL certificate's validity period will continue to be considered valid against the legacy trust model. However, the certificates will eventually expire and will not be renewed or replaced through the ITL.

For new implementations, the only path to a trusted signing certificate is through the C2PA Conformance Programme. This requires products to demonstrate compliance with the Content Credentials specification and meet security requirements. Products that pass are listed on the Conforming Products List and receive certificates linked to the official C2PA Trust List.

Practical impact

Verification tools - including the official Verify site at contentcredentials.org - are being updated to distinguish between credentials signed with ITL-based certificates (typically tied to the older C2PA 1.4 specification) and those from conforming products using the official Trust List. The C2PA recommends that all implementers begin making this distinction in their own verification displays.

For organisations that have been using ITL certificates, the transition path is clear: apply for conformance evaluation before your ITL certificate expires. The Conformance Programme details and expression-of-interest form are available at c2pa.org/conformance.

For developers, see our Developer Implementation Guide for details on certificate management and trust validation.