Merchi.ai Logo
    What is the AI Provenance Protocol?

    What is the AI Provenance Protocol?

    Merchi Team

    The AI Provenance Protocol (APP) is an open, vendor-neutral standard for machine-readable provenance of AI-generated content. It defines how any piece of AI-generated content, whether a product description, a lifestyle image, or a translated attribute, can carry a structured, verifiable record of how it was created: which model generated it, which inputs were used, which version of a system produced it, and who is accountable for its publication.

    The AI Provenance Protocol was originated by merchi.ai and is now maintained as an open standard. Any retailer, AI platform, or content system can adopt it. The specification, SDKs, and a live validator are available at aiprovenanceprotocol.io.

    Why AI content provenance matters

    When AI generates content at scale, producing thousands of product descriptions, hundreds of lifestyle images, and multilingual attribute sets, several questions become important:

    • Accountability: Who is responsible if a product description is inaccurate?
    • Transparency: Can a buyer or regulator verify that content was AI-generated?
    • Auditability: Can the retailer trace a specific piece of content back to the model, parameters, and inputs that produced it?
    • Trust: Can downstream systems and partners rely on the content being what it claims to be?

    Without a provenance standard, the answers to all four questions are “not easily”. Content is generated and published, but the chain of custody (model, version, inputs, publisher, timestamp) is not recorded in any structured, interoperable way.

    The AI Provenance Protocol solves this. It defines a JSON Schema that travels with AI-generated content and can be verified programmatically.

    The EU AI Act context

    The EU AI Act, which becomes enforceable in key provisions on 2 August 2026, includes explicit transparency requirements for AI-generated content under Article 50.

    Article 50 requires that:

    • AI-generated content must be disclosed as such in a machine-readable format
    • The disclosure must be technically robust - not just a human-readable label
    • Providers of AI tools that generate content bear responsibility for ensuring the technical means for disclosure exist

    For retailers deploying AI product content at scale - descriptions, imagery, translations - this is a direct compliance obligation. From 2 August 2026, publishing AI-generated content without machine-readable disclosure is a legal risk, not just a best-practice gap.

    The AI Provenance Protocol is designed precisely to meet this requirement. Conformant implementations produce content with machine-readable provenance records that satisfy Article 50’s technical disclosure mandate.

    How the AI Provenance Protocol works

    The provenance record

    Each piece of AI-generated content that conforms to the protocol carries a structured provenance record. The record includes:

    • model: the AI model identifier (e.g. gemini-2.0-flash-001)
    • version: the specific model version used
    • inputs: a structured reference to the inputs used to generate the content (images, specifications, prompts)
    • timestamp: when the content was generated
    • publisher: the entity responsible for publishing the content
    • schema_version: the APP spec version the record conforms to

    This record is machine-readable, structured as JSON, and can be embedded in content metadata, stored alongside the content in a PIM or CMS, or published at a verifiable endpoint.

    Live verification

    The protocol includes a verification endpoint standard. A conformant implementation publishes a provenance manifest at a predictable URL, enabling any third party to verify claims programmatically.

    The live verification endpoint for the merchi.ai implementation is documented at aiprovenanceprotocol.io, including example records and the JSON Schema validator.

    SDK availability

    The AI Provenance Protocol provides TypeScript and Python SDKs for integrating provenance record generation into any AI content pipeline. A validator tool allows developers to check whether a provenance record conforms to the specification.

    Why merchi.ai originated the AI Provenance Protocol

    merchi.ai generates product content at scale for retailers - you can read more about what AI merchandising is if you are new to the space. Every product description, lifestyle image, and attribute set produced by the platform is AI-generated. As the volume of AI content in retail grows, so does the need for retailers to be able to answer confidently: “What generated this? When? From what inputs?”

    That question matters for internal quality control. It matters for compliance with the EU AI Act. It matters for the enterprise buyers and brand managers who need to trust that their product catalogue is accurate and attributable.

    No existing standard addressed this need for retail AI content. So merchi.ai built one - and made it open, so that any retailer or AI content platform could adopt it. A proprietary standard helps one company. An open standard helps the industry.

    merchi.ai is a National AI Awards 2026 Finalist - AI SME Business of the Year, with the AI Provenance Protocol cited as part of the responsible AI deployment that earned that recognition.

    Who should care about the AI Provenance Protocol

    Retailers deploying AI content

    If you use AI to generate product descriptions, imagery, or any content that reaches customers, you need a machine-readable record of that. From 2 August 2026, Article 50 of the EU AI Act makes this a legal requirement, not just good practice.

    AI platform and tool providers

    If you build AI tools that generate content for retailers, your customers will increasingly ask how they demonstrate compliance. The AI Provenance Protocol is the answer. Conformant implementations mean your customers can demonstrate that their AI content is disclosed appropriately.

    Enterprise buyers and procurement teams

    If you are evaluating AI content platforms for a large retail deployment, asking “do you conform to the AI Provenance Protocol?” is a meaningful due diligence question. It distinguishes platforms that have thought seriously about accountability from those that have not.

    The open standard model

    The AI Provenance Protocol follows the model of successful open technical standards: the specification is public, the SDKs are open-source, and conformance is self-declared against a published JSON Schema. There is no governing body charging fees, no certification process, and no proprietary lock-in.

    merchi.ai maintains the reference implementation and contributes to the specification, but any organisation can implement the protocol, propose changes via the open-source repository, or build tooling against the JSON Schema.

    The goal is a retail AI ecosystem where AI content provenance is a baseline expectation - not a premium feature.

    Get started with the AI Provenance Protocol

    The full specification, SDKs, and a live validator are at aiprovenanceprotocol.io. You can also read the merchi.ai AI Provenance help documentation for an overview of how the protocol is implemented in the platform. If you are deploying AI content at scale and want to understand what EU AI Act compliance looks like in practice, start a free trial or talk to merchi.ai - we built the reference implementation and can help you understand the requirements.

    Frequently Asked Questions

    What is the AI Provenance Protocol in simple terms?

    The AI Provenance Protocol is a standard that lets AI-generated content carry a structured, machine-readable record of how it was created - which model, which inputs, when, and by whom. Think of it as a chain of custody document for AI content. It was created by merchi.ai and is available as an open standard at aiprovenanceprotocol.io.

    Is the AI Provenance Protocol required by the EU AI Act?

    The EU AI Act Article 50, enforceable from 2 August 2026, requires machine-readable disclosure of AI-generated content. The AI Provenance Protocol is designed to meet this requirement. A conformant implementation provides the technical disclosure mechanism that Article 50 mandates for AI content providers.

    Who created the AI Provenance Protocol?

    The AI Provenance Protocol was originated by merchi.ai, an AI retail merchandising platform and National AI Awards 2026 finalist. It is now maintained as an open standard - any organisation can implement it, contribute to it, or build tooling against the JSON Schema. The full specification and SDKs are at aiprovenanceprotocol.io.

    Does the AI Provenance Protocol only apply to product descriptions?

    No. The protocol is designed for any AI-generated content: product descriptions, lifestyle imagery, translations, attribute values, metadata, and other structured content types. The schema is extensible to different content modalities and contexts.

    How do I implement the AI Provenance Protocol in my platform?

    The AI Provenance Protocol provides TypeScript and Python SDKs, a JSON Schema validator, and full specification documentation at aiprovenanceprotocol.io. The implementation involves generating a provenance record at the point of content creation and storing or publishing it alongside the content. The reference implementation from merchi.ai is available as a guide.