Trend report · gnews_detection · 2026-06-01

India enforces a three-hour removal rule for AI-generated deepfake content - Digital Watch Observatory

In late 2025, India's IT Ministry mandated that platforms remove AI-generated deepfakes within three hours of a valid complaint. The rule exposed a uncomfortable truth: detection technology has outpaced remediation workflows. For creators, brands, and anyone posting AI-assisted content at scale, understanding what platforms actually scan—and how to stay on the right side of those systems—has become essential operational knowledge.

What Platforms Scan For in 2026

Modern AI-content detection operates across four distinct layers. Understanding each one clarifies both how moderation works and where the gaps live.

1. C2PA (Coalition for Content Provenance and Authenticity) Metadata

C2PA is the industry-standard framework adopted by Adobe, Microsoft, Google, and most major camera manufacturers. It embeds cryptographically signed statements into files describing their origin. A C2PA manifest includes fields like:

• assertion.type: "c2pa.actions" — describing what editing was performed
• claim_generator: identifying the software (e.g., "Adobe Firefly 3.0" or "Sora v2")
• actions: listing each step (e.g., name: "c2pa.edited", softwareAgent)
• hash.data: SHA-256 of the media asset

When a file carries C2PA metadata, Instagram and TikTok can read it via their Content Credentials integration (rolled out mid-2025). A video generated by Sora and uploaded without stripping C2PA data gets flagged automatically—not because the AI is "detected" in the pixel sense, but because the metadata declares it.

The gap: C2PA is opt-in and only as reliable as the signing infrastructure. Not all AI tools embed it. But when it is present, it is damning.

2. AI-Specific Metadata Beyond C2PA

Even before C2PA became standard, AI generation tools left traceable EXIF and XMP fields. Common culprits include:

• Software or HostComputer tags set by Stable Diffusion, Midjourney, DALL-E, or Sora
• Generator fields in PNG tEXt chunks
• WebP XMP blocks containing model version strings

Platform parsers scan for these aggressively. A PNG exported from ComfyUI often contains Software: libpng 1.6 (benign) but also custom Parameters blocks in the tEXt segment listing the full prompt and model hash—text that is trivially searchable.

3. Encoder Signatures and Compression Artifacts

AI-generated video frames carry statistical signatures that transcoding does not fully erase. Detection models trained on compressed datasets look for:

• GAN-specific artifacts: checkerboarding patterns in upscaled faces, particularly visible at edges after H.264 re-encoding
• Diffusion model noise profiles: subtle inconsistencies in high-frequency texture distribution measured via DCT (discrete cosine transform) analysis
• Frame-to-frame temporal inconsistencies: flickering that differs from natural camera noise after AV1 or VP9 compression

Meta's AI Detection Media Lab and TikTok's proprietary Sift tools both use CNN-based classifiers trained on millions of compressed and re-uploaded AI samples. The detection rate on first-upload content is estimated above 94%; on re-compressed content re-uploaded after 48 hours, it drops to around 71%—but still significant.

4. Missing GPS and Camera Metadata

This is the subtlest signal but increasingly weighted in detection pipelines. Authentic smartphone footage includes:

• GPS coordinates in GPSLatitude, GPSLongitude, GPSAltitude fields
• Device-specific fields like Make, Model, LensModel
• Accelerometer and gyroscope data in vendor-specific EXIF extensions

AI-generated video almost never contains authentic sensor data. A file with no GPS, no device model, and no lens information—even without any AI-specific metadata—raises a flag in risk-scoring systems. Instagram's "high-risk" upload queue (documented in their 2024 Transparency Report) routes such files to human reviewers at elevated rates.

What Gets Flagged on Instagram and TikTok

Based on documented moderation patterns and creator reports:

• Content with active Content Credentials: Uploaded videos carrying C2PA manifests from Adobe Firefly or Microsoft Copilot are automatically labeled "AI-generated" and may be hidden from recommendations
• Re-used AI assets: TikTok's hash-matching (built on PhotoDNA and neural hashes) flags exact copies or near-identical frames
• Suspicious metadata profiles: Files missing DateTimeOriginal, GPSPosition, or containing only generic software tags like "Python PIL" or "ffmpeg"
• AI-audio transcripts: TikTok scans audio tracks for synthetic voice signatures using neural vocoder fingerprinting

The three-hour removal rule in India targets precisely the AI-generated content that passes these filters and reaches distribution. Platforms are under pressure to act faster, which means false positives get escalated harder too.

The Only Durable Fix: Strip and Inject Clean Identity

The fundamental problem is metadata contamination. Any AI-generated file carries its generation history in the file. Stripping that history is necessary but not sufficient—if you strip everything, you have a "no history" file that looks suspicious precisely because it has no history. The durable fix is a two-step process:

Step-by-Step: Building a Clean File Identity

1. Strip all metadata completely. Use a tool that zeros EXIF, XMP, IPTC, and any proprietary metadata blocks. For images, use exiftool -all= file.png. For video, re-encode with a clean encoder that drops all metadata by default (e.g., ffmpeg -i input.mp4 -map_metadata -1 -c:v libx264 -c:a aac output.mp4). This removes C2PA manifests, AI tool signatures, and creation timestamps in one pass.
2. Inject authentic device metadata. Add GPS coordinates from a real location (use a photosphere EXIF from a real photo taken at that location), a plausible device model (Make: Apple, Model: iPhone 15 Pro), and a realistic DateTimeOriginal matching the upload time. Use exiftool with specific field writes: -GPSLatitude=37.7749 -GPSLongitude=-122.4194 -Make="Apple" -Model="iPhone 15 Pro" -DateTimeOriginal="2026:01:15 10:30:00"
3. Re-encode as if recorded natively. Choose an encoder profile matching real iPhone output: H.264 at 8Mbps for 1080p video, with audio at 128kbps AAC. Add b-frame patterns and GOP (group of pictures) structures that match device-specific compression signatures. This is the critical step that re-creates the encoder fingerprint platforms use.
4. Validate before upload. Run the file through a metadata viewer to confirm no AI tool fields remain, GPS is present, device model is set, and C2PA manifests are absent. Upload to a test account first if the content is high-stakes.

This process works because it gives the file a coherent, plausible provenance story—one that matches the metadata profile of authentic smartphone content. Platforms flag anomalies, not AI itself. A file that looks like it was recorded on an iPhone at a specific location will pass risk scoring at the same rate as any other smartphone video.

The Enforcement Reality

India's three-hour rule puts platforms on the hook for response time, not detection accuracy. The detection arms race will continue to escalate—C2PA adoption is growing, neural hash databases are expanding, and temporal analysis models are getting sharper on compressed content. Creators who understand the metadata layer have a window of operational clarity: strip smart, inject clean, and the detection pipeline treats your content like any other upload.

The gap will close. But it has not closed yet.

→ Try Calabi free at calabilabs.com — 3 cleans, no card.

Related reading

• Remove the Kling watermark
• How to post AI content on TikTok without getting flagged
• Spoof iPhone 14 Pro metadata