AN ACT creating the digital content provenance initiative and appropriating funds for that purpose.

The General Assembly of North Carolina enacts:

SECTION 1.(a)  The following definitions apply to this act:

(1)        Synthetic media. – Content that has been partially or fully generated, altered, or manipulated by artificial intelligence or machine learning technologies, including but not limited to video, audio, text, and images.

(2)        Provenance. – Verifiable information about the origin, creation, and modification history of a piece of digital content, including any transformations applied.

(3)        Cryptographic authentication. –The use of secure digital methods, such as watermarking or signatures, to confirm the origin and integrity of content.

(4)        State‑generated content. – Any official communication, media, or digital file created or disseminated by a State agency, department, or official in the course of their duties.

(5)        False attribution. – Digital content that inaccurately represents itself as originating from a government official or agency.

SECTION 1.(b)  There is established the Digital Content Provenance Initiative (Initiative). The Initiative shall be implemented in phases.

SECTION 1.(c)  Phase I shall be coordinated jointly by the Department of Commerce and the Department of Information Technology to protect North Carolina residents from the growing threats posed by synthetic media and AI‑generated content. This initiative shall develop and implement cryptographic authentication standards for digital content across State platforms, official communications, and election‑related public information, to mitigate digital misinformation that poses an escalating threat to consumers, the public trust, election integrity, and information authenticity. The initiative shall also study methods to detect and deter false attribution of synthetic media to public officials, election authorities, or government agencies.

Where feasible, the Initiative will lead the State's effort to adopt or align with existing open technical standards for content provenance and authenticity, including but not limited to the standards developed by the Coalition for Content Provenance and Authenticity (C2PA), the World Wide Web Consortium (W3C), and other relevant multistakeholder or international organizations. The Initiative may pilot implementations of C2PA‑compliant metadata, watermarking, or signature protocols in collaboration with industry partners.

SECTION 1.(d)  To ensure transparency and accountability, the Initiative shall establish a Digital Content Provenance Advisory Board. The Board shall include representatives from civil liberties organizations, academic institutions, media organizations, cybersecurity experts, and the technology industry. The Board shall advise on technical standards, privacy safeguards, civil liberties impacts, and implementation strategies. The Initiative shall also publish quarterly progress updates and a public comment portal.

SECTION 2.(a)  Effective July 1, 2025, there is appropriated from the General Fund to the Department of Commerce the sum of five hundred thousand dollars ($500,000) for the 2025‑2026 fiscal year to carry out the purposes of Phase I, including the development of comprehensive content authentication framework for North Carolina's digital communications infrastructure that:

(1)        Implements cryptographic verification protocols for all state‑generated media.

(2)        Creates a secure content provenance registry for official State communications.

(3)        Develops public education resources on identifying potential synthetic content.

(4)        Partners with technology companies to integrate provenance standards.

SECTION 2.(b)  These funds may be used to engage consultants, develop technical infrastructure, increase staff expertise, conduct public education campaign, and to support ongoing threat assessment.

SECTION 3.  By December 1, 2025, the Department of Commerce and the Department of Information Technology shall submit an interim Phase I report to the General Assembly and publish it on a public website. This report shall include a summary of technical progress, public input received, initial recommendations for election‑year implementation, and early indicators of public risk. A final Phase I report, with recommendations for Phase II, shall be submitted by March 1, 2026.

SECTION 4.  Except as otherwise provided, this act is effective when it becomes law.