How Is This Bill Enforced
Verbatim statutory text on the left; plain-language analysis and a per-section checklist on the right. Numbered markers cross-link to the matching checklist row.
(a)(1)–(5) The following definitions apply to this act: (1) Synthetic mediaSynthetic mediaContent that has been partially or fully generated, altered, or manipulated by artificial intelligence or machine learning technologies, including but not limited to video, audio, text, and images.Section 1.(a)(1). – Content that has been partially or fully generated, altered, or manipulated by artificial intelligence or machine learning technologies, including but not limited to video, audio, text, and images. (2) ProvenanceProvenanceVerifiable information about the origin, creation, and modification history of a piece of digital content, including any transformations applied.Section 1.(a)(2). – Verifiable information about the origin, creation, and modification history of a piece of digital content, including any transformations applied. (3) Cryptographic authenticationCryptographic authenticationThe use of secure digital methods, such as watermarking or signatures, to confirm the origin and integrity of content.Section 1.(a)(3). –The use of secure digital methods, such as watermarking or signatures, to confirm the origin and integrity of content. (4) State-generated contentState-generated contentAny official communication, media, or digital file created or disseminated by a State agency, department, or official in the course of their duties.Section 1.(a)(4). – Any official communication, media, or digital file created or disseminated by a State agency, department, or official in the course of their duties. (5) False attributionFalse attributionDigital content that inaccurately represents itself as originating from a government official or agency.Section 1.(a)(5). – Digital content that inaccurately represents itself as originating from a government official or agency.
This subsection establishes the five defined terms used throughout the bill: synthetic media, provenance, cryptographic authentication, state-generated content, and false attribution. These definitions scope the Initiative's mandate to state government digital content and AI-generated media threats, but do not impose obligations on private parties.
(b) There is established the Digital Content ProvenanceProvenanceVerifiable information about the origin, creation, and modification history of a piece of digital content, including any transformations applied.Section 1.(a)(2) Initiative (Initiative). The Initiative shall be implemented in phases.
This subsection formally establishes the Digital Content Provenance Initiative and specifies that it will be implemented in phases. It is a legislative directive creating a government program — it imposes no compliance obligations on private parties.
(c) 1 Phase I shall be coordinated jointly by the Department of Commerce and the Department of Information Technology to protect North Carolina residents from the growing threats posed by synthetic mediaSynthetic mediaContent that has been partially or fully generated, altered, or manipulated by artificial intelligence or machine learning technologies, including but not limited to video, audio, text, and images.Section 1.(a)(1) and AI-generated content. This initiative shall develop and implement cryptographic authenticationCryptographic authenticationThe use of secure digital methods, such as watermarking or signatures, to confirm the origin and integrity of content.Section 1.(a)(3) standards for digital content across State platforms, official communications, and election-related public information, to mitigate digital misinformation that poses an escalating threat to consumers, the public trust, election integrity, and information authenticity. The initiative shall also study methods to detect and deter false attribution of synthetic mediaSynthetic mediaContent that has been partially or fully generated, altered, or manipulated by artificial intelligence or machine learning technologies, including but not limited to video, audio, text, and images.Section 1.(a)(1) to public officials, election authorities, or government agencies. Where feasible, the Initiative will lead the State's effort to adopt or align with existing open technical standards for content provenanceProvenanceVerifiable information about the origin, creation, and modification history of a piece of digital content, including any transformations applied.Section 1.(a)(2) and authenticity, including but not limited to the standards developed by the Coalition for Content ProvenanceProvenanceVerifiable information about the origin, creation, and modification history of a piece of digital content, including any transformations applied.Section 1.(a)(2) and Authenticity (C2PA), the World Wide Web Consortium (W3C), and other relevant multistakeholder or international organizations. The Initiative may pilot implementations of C2PA-compliant metadata, watermarking, or signature protocols in collaboration with industry partners.
This subsection directs the Department of Commerce and the Department of Information Technology to jointly coordinate Phase I, which focuses on developing and implementing cryptographic authentication standards for digital content across state platforms, official communications, and election-related public information. The Initiative is directed to adopt or align with existing open technical standards — specifically naming the C2PA and W3C standards — and may pilot C2PA-compliant implementations with industry partners. The subsection also directs study of methods to detect and deter false attribution of synthetic media to public officials and government agencies. While this creates government agency mandates, it imposes no obligations on private-sector entities.
(d) 2 To ensure transparency and accountability, the Initiative shall establish a Digital Content ProvenanceProvenanceVerifiable information about the origin, creation, and modification history of a piece of digital content, including any transformations applied.Section 1.(a)(2) Advisory Board. The Board shall include representatives from civil liberties organizations, academic institutions, media organizations, cybersecurity experts, and the technology industry. The Board shall advise on technical standards, privacy safeguards, civil liberties impacts, and implementation strategies. The Initiative shall also publish quarterly progress updates and a public comment portal.
This subsection requires the Initiative to establish a Digital Content Provenance Advisory Board with multistakeholder representation from civil liberties organizations, academic institutions, media organizations, cybersecurity experts, and the technology industry. The Board advises on technical standards, privacy safeguards, civil liberties impacts, and implementation strategies. The Initiative must also publish quarterly progress updates and maintain a public comment portal — transparency measures directed at the government program itself.
(a)(1)–(4) Effective July 1, 2025, there is appropriated from the General Fund to the Department of Commerce the sum of five hundred thousand dollars ($500,000) for the 2025-2026 fiscal year to carry out the purposes of Phase I, including the development of comprehensive content authentication framework for North Carolina's digital communications infrastructure that: (1) Implements cryptographic verification protocols for all state-generated media. (2) Creates a secure content provenanceProvenanceVerifiable information about the origin, creation, and modification history of a piece of digital content, including any transformations applied.Section 1.(a)(2) registry for official State communications. (3) Develops public education resources on identifying potential synthetic content. (4) Partners with technology companies to integrate provenanceProvenanceVerifiable information about the origin, creation, and modification history of a piece of digital content, including any transformations applied.Section 1.(a)(2) standards.
(b) These funds may be used to engage consultants, develop technical infrastructure, increase staff expertise, conduct public education campaign, and to support ongoing threat assessment.
Section 2 appropriates $500,000 from the General Fund to the Department of Commerce for fiscal year 2025–2026 to carry out Phase I, specifying four core infrastructure deliverables: cryptographic verification protocols for state-generated media, a secure content provenance registry for official state communications, public education resources on identifying synthetic content, and partnerships with technology companies to integrate provenance standards. Subsection (b) authorizes the funds for consultants, technical infrastructure, staff expertise, public education campaigns, and ongoing threat assessment.
3 By December 1, 2025, the Department of Commerce and the Department of Information Technology shall submit an interim Phase I report to the General Assembly and publish it on a public website. This report shall include a summary of technical progress, public input received, initial recommendations for election-year implementation, and early indicators of public risk. A final Phase I report, with recommendations for Phase II, shall be submitted by March 1, 2026.
Section 3 imposes reporting deadlines on the Department of Commerce and the Department of Information Technology. An interim Phase I report is due to the General Assembly and to a public website by December 1, 2025, covering technical progress, public input received, initial election-year implementation recommendations, and early public risk indicators. A final Phase I report with Phase II recommendations is due by March 1, 2026. These are government-to-legislature reporting obligations — they do not create private-sector compliance duties.
Except as otherwise provided, this act is effective when it becomes law.
Standard effective date provision specifying that the act takes effect when it becomes law, except as otherwise provided (the appropriation in Section 2(a) is effective July 1, 2025).