The first 200 days on the proof layer: what we learned in production

Two hundred days in

We took Shield to production in January 2026. As of today, we have shipped roughly 200 days of operations. Twenty million certificates issued. Forty-seven brand contracts active. Four jurisdictions reviewed for compliance integration. When we started, we assumed Shield would primarily sell to enterprise platforms looking for AI Act compliance. The product was designed for that buyer. The first 200 days taught us we were partly right and significantly wrong.

What we built versus what got used

The product we shipped on day one had three tiers: Basic (minimal C2PA signing, anonymous creator), Verified (real-name binding, identity verified), and Brand (trademark-backed enterprise certification). We expected Verified to be the dominant tier. Creators want their work attributed to them. We were sure of it. We were 60% wrong.

• Basic: 71% of certificates
• Verified: 12% of certificates
• Brand: 17% of certificates
• Brand outperformed Verified by a 40% margin in revenue terms

Two reasons we did not see coming. Brand customers are budget-allocated. They have legal and compliance lines on the P&L. Verified individual creators have neither. Brand customers ship more volume per account. One fashion house at the brand tier generates more certificates per month than 500 verified individual creators.

The platform mix shifted accordingly. We deprioritized creator marketing in month four and doubled down on brand sales. The annual recurring revenue follows that pivot.

The compliance arbitrage we did not anticipate

Article 50 of the EU AI Act takes effect tomorrow. Six months ago, in February, the regulation was theoretical. Compliance officers were still benchmarking implementations. What we did not expect was that compliance officers, before the regulation even took effect, would use Shield certificates as evidence in non-AI-Act disputes.

The certificate format was designed for Article 50 specifically. It turns out it is useful across the entire regulatory and contractual landscape that touches AI-generated content.

In the past 200 days, Shield certificates have been cited in three trademark disputes (as evidence the AI output did not infringe), one GDPR processing audit (as evidence the identity verification was lawful), two unauthorized-likeness claims (as evidence the synthetic likeness was generated with documented consent), and one platform content moderation appeal (as evidence the content was certified at creation). The proof layer is a general-purpose mechanism, not a single-statute compliance tool.

The technical surprise

We assumed the bottleneck would be the verification endpoint. Public URLs serving millions of certificate lookups per day. We over-provisioned the verification infrastructure by 4x. The actual bottleneck was the watermark embedding. Adobe TrustMark watermarking adds approximately 200 milliseconds per image at our quality settings.

• At peak, we were processing 30 generations per second across the brand tier
• The watermark pipeline was the latency floor at 280ms median
• We migrated the TrustMark embedding to GPU acceleration in month two
• Median latency dropped from 280ms to 180ms; verification endpoint runs at 8ms p95 and is barely under load

What we got wrong

Three mistakes we made and corrected. We over-engineered the certificate schema. The first version included 47 optional fields, anticipating every future use case. Verifiers and integrating platforms got lost. We shipped a schema v2 with 12 required fields and 8 optional. Adoption tripled in the following month. We underestimated press relations. Journalists were our highest-leverage adopters in the first 200 days, not enterprise sales. A single Reuters integration unlocked seven follow-on brand conversations within a month. We launched in five languages on day one. We should have shipped in one and localized as customers asked. Localizing French, Spanish, German, Italian, and Dutch on day one cost us roughly four weeks of engineering for languages the early customer base did not need yet.

What comes next

Three priorities for the next 200 days. Audio and video coverage. Shield's image and text coverage is operational. Audio watermarking is mature (Adobe Speech Watermark, Microsoft DARTS). We are starting with audio in Q4 2026, then video. The brand contract registry. We are building a public registry where brands can publish their AI-generation policies, trademark portfolios, and certification standards. This is the brand-tier-as-public-good. Jurisdictional expansion. Article 50 is the regulation that drove adoption in Europe. The equivalent regulations are emerging in California, the UK, Singapore, and Japan. Shield certificates are designed to be regulation-portable. We are starting the first three jurisdictional integrations.