Trend report · gnews_detection · 2026-06-09

IT Ministry mandates label for AI-generated content, reduces takedown timeline to 2–3 hours - The Hindu

The Indian IT Ministry's recent mandate requiring labels for AI-generated content and slashing takedown timelines to 2–3 hours marks a turning point for creators, platforms, and detection infrastructure alike. What was once a slow-moving policy conversation is now an operational reality—and the detection stack backing it has never been more sophisticated. Understanding what platforms actually scan for in 2026 is no longer optional for anyone posting AI-assisted or AI-generated media at scale.

What Platforms Scan For in 2026

Modern AI-content detection operates across multiple forensic layers simultaneously. It's not a single magic check—it's a stacked inference engine that triangulates signals from metadata, signal processing artifacts, and neural fingerprints.

C2PA (Coalition for Content Provenance and Authenticity) metadata sits at the foundation. C2PA embeds a cryptographically signed manifest inside compatible media files, declaring the content's origin: "Created with Sora v2.3," "Edited with Runway Gen-3 Alpha," or "Captured on iPhone 16 Pro." The manifest lives in JUMBF boxes within JPEG and MOV files. When a platform encounters C2PA data, it reads fields like actions[].parameters.tool_name, assertions[].label, and signature_info.issuer. If the manifest exists and validates against its certificate chain, the content gets a provenance badge. If the manifest is missing, modified, or unsigned—red flag.

AI metadata embedded by generators goes beyond C2PA. OpenAI's Sora, Midjourney v7, and Runway Gen-3 all inject proprietary metadata fields during export. These include EXIF fields like Software (often revealing the generator name), Artist (sometimes containing API key hashes or session tokens), and custom XMP namespaces like xmpMM:DocumentID containing generation seed values. Detection parsers scan for these in raw EXIF hex dumps. A file claiming to be a photograph but containing stabilityai:model_version=sd-xl-1.0 in its XMP block fails immediately.

Missing GPS and sensor metadata is a strong authenticity signal for images claimed to be photographs. A smartphone-captured JPEG carries a dense payload: GPSLatitude, GPSLongitude, GPSAltitude, EXIF:FocalLength, EXIF:ExposureTime, and MakerNote data from the ISP. When any of these are absent from a file that otherwise presents as a smartphone photo, detection pipelines weight this heavily. A "photo" from a 2024 flagship phone with no GPS, no accelerometer data, and no lens correction profiles looks manufactured—because it is.

What Gets Flagged on Instagram and TikTok

Instagram's detection pipeline runs at upload, at 24-hour intervals, and on-demand when content surfaces in trending or recommended contexts. The primary triggers:

• C2PA manifest absence on content with detected AI generation confidence >0.7. Instagram requires creators to self-label AI content via the "AI-generated" toggle. If you post a Sora clip without toggling, and the classifier flags it as AI, you receive a content warning. Three warnings in 30 days trigger a 48-hour posting suspension.
• Metadata inconsistencies between upload client and file history. If you upload from a Pixel 9 but the EXIF shows Canon RAW metadata, or if the HostComputer tag doesn't match the device model, the pipeline flags the upload for manual review.
• Re-uploaded content that previously carried AI-generation signals. Instagram maintains a perceptual hash registry (similar to PhotoDNA but extended for AI-generated frames). A Sora-generated video stripped of metadata and re-uploaded will still match against the hash registry if enough frames survive the re-encode.

TikTok's Content Credentials integration enforces C2PA at scale. The platform parses Content Credentials from uploaded files and displays a verified badge when present. Content lacking credentials from known AI generators gets flagged under TikTok's synthetic media policy. The enforcement is tiered: branded content and political-adjacent content face stricter review; lifestyle and entertainment content gets a first strike with label request before takedown.

The Strip-and-Inject Fix

Stripping metadata alone is insufficient. Perceptual hash registries catch stripped content through neural embeddings—essentially, what the image looks like statistically, not what the header says. A perfectly stripped Sora render will still trigger hash-based detection if the source frame is in the registry.

The durable solution is a two-stage process: strip everything, then inject authentic device identity from a clean source.

1. Full metadata erasure. Strip all EXIF, XMP, IPTC, ICC, and C2PA manifests. Remove MakerNote blobs, ImageUniqueID, and any custom generator namespaces. Tools like Calabi's Sora watermark removal handle this at the byte level, zeroing out all provenance fields without leaving residual artifact strings.
2. Simulated device identity injection. Write authentic EXIF from a real device capture—GPS coordinates matching a plausible location, correct Make and Model, realistic DateTimeOriginal, and full sensor metadata including ExposureTime, FNumber, and ISO. The GPS should correspond to the content's claimed origin; a video "shot in Tokyo" needs coordinates within the Tokyo metro.
3. Perceptual hash regeneration. Pass the cleaned file through a benign transformation: slight color grading, mild upscaling, or re-encoding through a legitimate mobile export pipeline. This produces a new perceptual hash that doesn't match the AI source registry.
4. C2PA manifest creation (optional but recommended). If the platform supports it, generate a self-signed C2PA manifest asserting "authentic capture by [Device Model]." This satisfies the manifest-expectation check without linking to AI generation.

This workflow produces content that passes metadata scrutiny, perceptual hash checks, and C2PA manifest validation simultaneously. It's the only approach that holds up under the 2–3 hour takedown timelines now in force—because when a human reviewer or an automated pipeline pulls apart your file, they find a coherent, device-consistent identity, not a gap waiting to be flagged.

The IT Ministry's mandate is the opening bell. Detection stacks are converging. Platforms are sharing hash registries. The question isn't whether AI-generated content will be identified—it's whether your workflow is ready to match the standard. Clean at the source, inject at the point of export, and you own the provenance chain.

→ Try Calabi free at calabilabs.com — 10 cleans, no card.

Related reading

• Remove the Nano Banana watermark
• How to post AI content on Instagram without getting shadow-banned
• Spoof Google Pixel 8 Pro metadata