REFERENCE

PLATFORM IMPLEMENTATION

For platforms seeking CIP Platform Certification. Seven implementation steps from Rights Registry integration to annual audit readiness.

7 STEPSTECHNICAL
1

Rights Registry integration

Build or integrate an API client that queries the Rights Registry at ingestion time. Query frequency: per-asset at first ingestion, daily check for previously flagged assets.

GET /v1/cdrs/{cdr_id}
GET /v1/cdrs/{cdr_id}/at/{timestamp}
GET /v1/operators/{operator_id}
POST /v1/resolve

Base URL: https://registry.creativeip.org/v1/
Authentication: API key (certified-platform tier)
2

Rights Payload tracking

Maintain a Rights Payload record for every asset in your training corpus or content library.

Required fields per asset:
- CDR ID (if available)
- Input licence class (Owned | Licensed | Open | Restricted | Prohibited)
- TDM opt-out status (true | false)
- Consent status (Granted | Conditional | Denied | Unknown)
- Ingestion timestamp (ISO 8601)
- Source URL or identifier
3

Ingestion audit log

Log every ingestion event with timestamp, asset identifier, CDR query result, licence class, and decision.

Log entry structure:
{
  "timestamp": "2026-05-06T14:32:00Z",
  "asset_id": "isrc:GBAYE0601498",
  "cdr_id": "cdr-a7f3b2c1d4e5",
  "licence_class": "Restricted",
  "tdm_opt_out": true,
  "decision": "excluded",
  "reason": "CIP-Training-Ingestion: Prohibited"
}
4

Opt-out enforcement

Assets with CIP-Training-Ingestion: Prohibited or CIP-TDM-Opt-Out: true must be excluded from training corpora. Assets with Restricted status require human review before inclusion.

Enforcement rules:
- CIP-Training-Ingestion: Prohibited → EXCLUDE (automated)
- CIP-TDM-Opt-Out: true           → EXCLUDE (automated)
- Input licence: Restricted         → FLAG FOR REVIEW (human)
- CIP-NILP-Voice-Clone: Prohibited → EXCLUDE from voice training
- No CDR found                      → FLAG FOR REVIEW (human)
5

Provenance Certificate generation

All AI outputs must carry a Provenance Certificate linking to the source CDRs used in generation.

Minimum certificate fields:
- Certificate ID (UUID v4)
- Source CDR IDs (array)
- Transformation class (reproduction | modification | remix | style | synthesis)
- Output licence (from operator's cip.md CIP-Output-Licence)
- Generation timestamp (ISO 8601)
- Model identifier (vendor:model:version)
- Platform certification ID
6

Synthetic content disclosure

AI-generated content must be labelled with machine-readable disclosure (C2PA Content Credentials recommended) and human-visible on-platform disclosure, meeting EU AI Act Article 50 obligations.

Required signals:
1. C2PA Content Credentials (embedded in media files)
2. Human-visible label: "AI-generated content"
3. Metadata field: CIP-AI-Generated: true
4. Model attribution: CIP-AI-Model: {vendor}:{model}:{version}
5. Link to Provenance Certificate
7

Rights Payload coverage reporting

Maintain and report Rights Payload coverage as a percentage. Target: 95% or above for Platform Certification.

Coverage formula:
(assets with CDR or verified licence record) / (total assets ingested) × 100

Reporting frequency: Monthly internal, quarterly to auditor
Threshold: ≥ 95% for Platform Certification
Below 90%: triggers remediation plan requirement

Annual audit readiness

Maintain documentation for all six Platform Certification audit areas:

  1. Rights Registry integration (API logs, query frequency)
  2. Rights Payload coverage (monthly reports)
  3. Ingestion audit trail (complete log access)
  4. Opt-out enforcement (exclusion records)
  5. Provenance Certificate generation (output sample)
  6. Synthetic content disclosure (compliance evidence)

Appoint a rights compliance contact. Respond to audit requests within 30 days.

← Reference ArchitectureCompare certification paths →