Essay · Working draft · June 2026

The licensing layer below CoMP, RSL, and C2PA

CoMP V1, RSL 1.0, and C2PA each leave the same downstream gap: the signed, counterparty-bound, verifiable, revocable instance of a licence. An analysis of the credential layer the three standards collectively point at, why a separate layer is structurally correct, and how it composes with each protocol.

Three machine-readable standards now define how AI systems and content owners are supposed to talk to each other about content. They were authored by three different coalitions over three different windows, with three different starting motivations. None of them competes with the other two. None of them, individually, completes the work. And the gap they collectively leave — the same gap, in each case — is the gap a credential layer fills.

The three standards are CoMP, RSL, and C2PA. CoMP V1 — the IAB Tech Lab’s Content Monetization Protocols — was published on 28 April 2026. It standardises the request and response a CoMP-aware bot exchanges with a publisher’s content infrastructure at request time. RSL 1.0 — Really Simple Licensing, backed by a coalition of infrastructure players including Cloudflare, Akamai, Fastly, and Creative Commons — extends robots.txt with publisher-side rights declarations. C2PA — the Coalition for Content Provenance and Authenticity, founded by Adobe, Microsoft, BBC, NYT, Sony, Intel, and others — defines the tamper-evident provenance manifest embedded in image, video, and document files at the moment they are created.

Read together, the three standards cover a substantial fraction of the AI-content interaction surface. Each one solves a different part of the problem. None of them solves the part the others leave behind. That part is the signed, counterparty-bound, verifiable, revocable instance of a licence — the artefact the standards collectively point at without trying to be.

This essay is about that shared boundary. The IAB Tech Lab’s Bot & Crawler Management Guidance went through public comment in mid-2026, which makes it a natural moment to step back from any single standards conversation and look at the stack as a whole. The licensing layer is the part of the stack that has not yet been standardised by any of the three coalitions, and the reason for that is structural, not accidental.


What each of the three standards does

It is worth describing each of the three carefully before reaching for what they share, because the framing in the trade press has been imprecise enough that the actual division of labour is sometimes missed.

CoMP V1 is a transaction protocol. When a CoMP-aware AI system sends a request to a publisher’s content infrastructure, CoMP defines the shape of the conversation that follows. The publisher responds with a Package object — a machine-readable description of what is on offer: the seller and packager domains, allowed-use categories (ause), pricing fields (pricetype, unitprice, cur, pricetier), licence duration in days (licensedur), jurisdiction (country), an attribution-required flag (citation), a usage-reporting endpoint (reporturl), retrieval authorisation type, and per-asset metadata that includes provenance flags referencing C2PA. The protocol is exhaustive about what gets exchanged when a transaction is requested. It is explicit, however, about what it does not define: the field licenseurl within the Package object is the doorway to wherever licensing terms actually live, and CoMP V1 does not specify the response shape at that endpoint. The auth field in the Package’s retrieval block tells the AI system whether to act on a credential it already holds or to navigate to package.licenseurl first. Token issuance and payment are explicitly out of scope for the API. There is a paradox worth naming: a protocol called Content Monetization Protocols that does not itself issue the licence or move the money — deliberately, because CoMP standardised the offer and the negotiation and left the settlement to the layer on the other side of the doorway. The protocol stops at the doorway. What lives on the other side is the licensing layer’s problem.

RSL 1.0 is a declaration layer. It extends robots.txt — the long-standing publisher-side instruction file at the root of every site — with a License: directive that points to a machine-readable rights document. A publisher using RSL declares, to all crawlers, what kinds of use are permitted under what conditions across which paths. This is the standing offer a publisher makes before any specific bot arrives. The IAB Tech Lab’s own Bot Guidance describes RSL as “partially addressing the conditional access limitation” of plain robots.txt, and the word partially is doing real work: RSL is a step beyond binary allow/deny, but it is a publisher’s statement of intent, not a signed transactional record between the publisher and a particular AI lab on a particular date.

C2PA is a provenance protocol. Its specification, now in production across Adobe’s creative tools, Microsoft’s content pipelines, and the in-camera signing modules of flagship Sony, Nikon, and Leica camera bodies, defines a tamper-evident manifest embedded in the media file itself. The manifest carries assertions about the asset — who created it, when, with which tools, with what edit history, whether AI generation was involved. C2PA signatures bind those assertions to certificate authorities, and the manifest can be verified offline by any tool that understands the standard. C2PA’s working group is explicit that it is a provenance protocol, not a rights-expression language: it answers what is this content and where did it come from, not who may use it and for what. The specification extension points are designed so that licensing assertions can be added as a new manifest type — but the specification deliberately does not define what those assertions should look like.

These descriptions are not contested by the three coalitions themselves. CoMP V1’s specification text is explicit that token issuance and payment at the licenseurl endpoint are out of scope for the API. RSL’s specification is explicit about being a declaration mechanism rather than a transaction layer. C2PA’s specification is explicit about the rights question being downstream of the provenance question. The three coalitions agree on what they do not do. They have so far not coordinated on what should sit in the space they jointly leave.


The shared dependency

The three standards differ in scope, motivation, and technical shape. They do not differ in what they punt downstream.

In CoMP, the punt is structural: the licenseurl field within the Package object is a first-class part of the specification, but the response shape at that endpoint is explicitly out of scope for the API. In RSL, the punt is implicit: the License: directive points to a rights document, but the document’s binding to a specific transaction with a specific counterparty on a specific date sits outside what RSL describes. In C2PA, the punt is by design: the provenance manifest is the wrong place for licensing terms, and the working group has been clear about that since the protocol’s earliest drafts.

The result is that all three standards, read carefully, depend on the same downstream artefact. That artefact is a cryptographically signed, counterparty-bound, time-anchored, revocable record stating that a specific AI system has been granted a specific licence to a specific asset on a specific date — and that this record can be verified by any third party in milliseconds, offline, without phoning home to any vendor.

This is the licensing layer. It is not a feature of any of the three standards. It is the layer on which the three standards depend in order for their downstream guarantees to hold.

The IAB Tech Lab’s own Bot Guidance names the gap precisely in #6, in language we did not write and could not have written better:

“A common thread across all existing controls: they are enforcement tools without a citation or evaluation layer.”

Citation and evaluation are exactly what a credential delivers — citation through a signed counterparty-bound record, evaluation through a published framework that scores the credential’s completeness against legal and standards-aligned criteria. The Guidance correctly diagnoses what is missing across the existing enforcement stack. The licensing layer is the standards-aligned answer.


Why a separate layer is structurally correct

A reasonable question at this point: if all three standards point at a credential layer, why didn’t one of the three absorb it?

The answer is that each of the three has a structural reason not to. CoMP is a transaction protocol, owned by a standards body whose remit is interoperability rather than custody. A protocol can describe the shape of a credential; it cannot itself be the trusted third party that issues, signs, revokes, and audits one. RSL is a declaration mechanism — a way for a publisher to state intent. It cannot be the receipt that records what was actually agreed, because by design RSL operates before any specific request has occurred. C2PA is a provenance protocol — it binds the asset to its origin. It is the wrong place for rights terms because the rights question is downstream of the provenance question, requires different trust relationships, and changes over time in ways the provenance manifest is not designed to track.

The same structural argument applies to the layers below and above the credential. The CDN tier — Cloudflare, Akamai, Fastly — is the right place for enforcement, but a CDN cannot credibly be a neutral attestor of licensing because the CDN sits in the request path and has commercial relationships with both sides of the licensing transaction. Marketplaces — Microsoft, ProRata, TollBit, Cloudflare’s own marketplace, and the publisher consortia now forming — are the right place for matching buyers and sellers, but a marketplace cannot credibly attest to its own transactions because the marketplace’s revenue depends on those transactions occurring.

The credential layer therefore settles around a neutral attestor: a third party with no commercial stake in any individual transaction, no position in the enforcement path, no marketplace cut from any deal it attests to. The same pattern recurs across every two-sided market that has matured at scale: ASCAP and BMI in music, Visa and Mastercard in payments, DSP/SSP intermediation in ad-tech, third-party auditors in finance. Two-sided markets stabilise around neutral attestors. They always have.

This is not a vendor pitch for that role. It is an observation about the shape of the layer. The layer rewards a structurally independent operator. There may end up being multiple such operators — that would be healthy. What it cannot be is one of the three coalitions absorbing the work, because each of the three has a structural reason it cannot credibly act as the neutral attestor for its own protocol.


What the credential layer looks like

The credential layer is not a hypothetical. The open standards it composes are mature and widely implemented.

Credential format. The W3C Verifiable Credentials Data Model 2.0, encoded as JWT-VC compact JWS — the W3C Securing Verifiable Credentials using JOSE and COSE recommendation — signed with Ed25519. The specification became a W3C Recommendation in 2025 and is broadly implemented across the identity ecosystem.

Issuer identity. A DNS-anchored, portable identifier (did:web) resolvable by any standards-compliant client. No proprietary lookup layer, no phone-home dependency, no vendor-specific resolution protocol.

Verification. Offline, in milliseconds, against a publicly fetchable key set. The verifier caches the issuer’s key material with a TTL no longer than twenty-four hours; the verification logic is the same regardless of which publisher’s licence the credential covers.

Revocation. The W3C Bitstring Status List v1.0 specification. A compressed bitstring fetchable from a well-known URL, scalable to a million credentials, allowing real-time revocation checks without per-credential network calls.

Audit anchoring. Periodic cryptographic anchors of the issuer’s state into a public L2 settlement layer, producing a tamper-evident timeline that a court, a regulator, or a counterparty’s lawyer can independently audit five years after issuance.

Evaluation framework. A published, versioned, third-party-auditable framework that scores credentials against legal and standards-aligned criteria — rights coverage, scope specificity, PII handling, lawful basis, data-subject rights, provenance integrity, temporal/jurisdictional fit, attribution and downstream obligations. The framework is the evaluation half of what the Bot Guidance identified as the missing citation-and-evaluation layer.

These standards are not waiting to be invented. They are mature and widely implemented. The work the licensing layer does is operational — running a neutral issuer, maintaining the revocation list, anchoring the audit timeline, publishing the framework, integrating with the three protocols above. The substrate underneath is, and should remain, open.


How the credential layer composes with the three protocols

The composition is concrete enough to describe in three sentences.

With CoMP V1. A CoMP-aware AI system requests content; the publisher returns a Package object. When the Package’s auth field signals that no authorisation currently covers the request, the AI system navigates to package.licenseurl — the doorway within the Package that points to where licensing is actually negotiated. At that endpoint, a credential issuer returns a JWT-VC bound to the specific AI lab making the request, scoped to the specific asset, time-stamped to the moment of issuance, revocation-tracked. The AI lab caches the credential locally and presents it on subsequent requests; the Package’s auth field then signals authorisation, and the retrieval endpoint becomes the access path. Downstream auditors verify the credential offline.

With RSL 1.0. A publisher’s robots.txt carries a License: directive pointing to a rights document. The document describes the standing offer in machine-readable form. When an AI system wishes to act on the offer for a specific use case, the rights document points at a credential issuer that produces a counterparty-bound, signed instance of the offer for that specific transaction. RSL declares; the credential layer transacts.

With C2PA. A C2PA manifest embedded in an image, video, or document file already binds the asset to its provenance. A C2PA manifest extension carries a reference — or an embedded JWT-VC — pointing at the credential layer’s record of the rights granted for that asset. Provenance and licensing are independently verifiable and stack cleanly; a downstream consumer can check both with the same offline tooling.

In none of the three compositions does the credential layer compete with the protocol it composes with. In each case, the credential layer fills the same structural slot the protocol explicitly leaves to a downstream layer.


Three observations, one for each coalition

The above is the technical argument. There are three additional observations worth surfacing for the three coalitions, because the strategic questions facing each are different, and each is a different sentence of the same paragraph.

For the IAB Tech Lab and the CoMP working group. The licenseurl field within the Package object — the doorway CoMP standardises but whose response shape it leaves out of scope for the API — is the most consequential undefined surface in the V1 specification. A future revision of CoMP, or a companion technical note, should recommend a normative response shape — not picking a vendor, but constraining the response to standards-aligned formats (W3C VC, RSL, or a future CoMP-defined LicenseTerms schema) accessible via content negotiation. This is what we have proposed as a public-comment item against the Bot Guidance and as a companion GitHub issue against the CoMP repository.

For the RSL coalition. RSL’s structural position — extending robots.txt, operating at the site level, declaring the standing offer — is correct. The strategic question is the boundary between RSL’s declaration scope and the transactional credential scope. The cleanest framing is that RSL says what is on offer to whom under what conditions and the credential layer says what was actually agreed with whom on what date. A positioning sentence in RSL’s own materials acknowledging this composition would resolve the RSL or CoMP? question the trade press keeps posing as if it were a choice between competing standards, when in fact it is a question about adjacent layers.

For the C2PA coalition. C2PA’s provenance manifest is the right place for what is this content and where did it come from, and the working group’s discipline in keeping rights terms out of the manifest is correct. The extension point for licensing assertions exists in the specification; it has not yet been populated with a recommended schema. A C2PA assertion type that references a verifiable licensing credential — without prescribing a specific issuer or vendor — would close the loop between provenance and rights for the substantial fraction of AI-relevant content that already carries C2PA signatures. This is the natural next standards conversation, and we would welcome it.

These are three different conversations. They are also three views of the same underlying argument: the credential layer is the missing piece across all three protocols, and standards-aligned recommendations would benefit all three coalitions simultaneously.


What to do next

If you are a publisher: you are likely already touching one or more of the three protocols. C2PA may be in your creative pipeline through Adobe Content Credentials or in-camera signing on professional photo equipment. RSL may be in your robots.txt if you have engaged with the RSL coalition (Cloudflare, Akamai, Fastly, Creative Commons). CoMP will arrive in your traffic this year as AI labs begin to honour it. None of those three answers the question your legal team and your finance team are about to ask: can you prove what was licensed, to whom, on what date, with revocation state, in a format an auditor will accept five years from now? That is the credential layer’s job. The right time to evaluate it is now, while the standards stack is still settling.

If you are an AI lab: the procurement question has shifted. Provenance metadata on content tells you it was made by who it claims. A verifiable licence tells you that you are allowed to train on it. Those are independent verifications, your auditor will treat them independently, and your compliance posture in any downstream regulatory or court proceeding will rest on both. The credential layer is what produces evidence that survives a hostile reading by a court, a regulator, or a counterparty’s lawyer in 2030.

If you are a participant in one of the three coalitions — IAB Tech Lab, RSL, C2PA — the standards window is wider in 2026 than it will be in 2027. The composition between your coalition’s protocol and the credential layer is the kind of cross-coalition standards work that benefits every participant. We have submitted public comment on the IAB Bot Guidance to that effect, posted a GitHub issue on the CoMP repository to the same end, and would welcome similar conversations in RSL and C2PA working groups.

If you are at one of the regulators or policy institutes watching this stack settle: the credential layer is where the auditable evidence lives. EU AI Act enforcement, FTC consent-decree compliance, copyright-litigation discovery, GDPR data-subject-access requests — each of these ultimately resolves into a question of what record exists, signed by whom, anchored when. The standards-aligned answer is the one the three coalitions above are jointly pointing at without filling in. Pointing your own technical-implementation guidance at the same standards-aligned answer would reduce the fragmentation cost across the rest of the stack.


CoMP V1 standardised the transaction. RSL 1.0 standardised the declaration. C2PA standardised the provenance. The credential layer — the signed, counterparty-bound, verifiable, revocable, time-anchored record on the other side of the licenseurl doorway — is what the three protocols collectively point at without trying to be. It is the next interoperability problem in the stack, and the standards that compose it (W3C VC 2.0, JWT-VC, did:web, Bitstring Status List v1.0) are mature, widely-implemented open standards.

We are building that layer openly. The substrate is open infrastructure; the commercial product is the operational work on top. That is the only way the licensing layer becomes a layer rather than another lock-in surface — and it is the only way the three coalitions above get the downstream guarantees they each, separately, depend on.


The author runs LicenseFoundry, an open infrastructure layer for issuing, verifying, and auditing AI content licences. The framework referenced above lives at licensefoundry.com/framework/v1.0. Public comment on the IAB Bot & Crawler Management Guidance closed 25 June 2026; the LicenseFoundry submission is on the public-comment thread at github.com/IABTechLab/CoMP/issues/11.