HMP Draft profile
EN DE

Human Music Provenance Profile

A profile for verifiable human music production.

HMP defines a music-specific provenance policy above existing standards. It records production evidence, human authorship claims, AI disclosure, and unverifiable ingredients in a form that a verifier can evaluate.

Status
Public working draft
Version date
4 May 2026
Scope
Music provenance profile

Abstract

HMP as a profile for existing provenance standards.

The Human Music Provenance Profile is proposed as an open, DAW-native provenance profile for music. It composes C2PA, DDEX RIN, IPTC Digital Source Type, Broadcast Wave metadata, W3C provenance concepts, verifiable identity mechanisms, and optional transparency logs into a policy that can produce a human-readable and machine-verifiable HMP level.

HMP classifies evidence for declared and verifiable human music production workflows. Generative, unverifiable, or disputed ingredients remain visible to reviewers within the same evidence model.

Motivation and scope boundaries

The object of verification is the production process.

AI detection is probabilistic and adversarial. A provenance profile provides a positive record of what was captured, imported, edited, rendered, mixed, mastered, disclosed, and transferred. Verification can then evaluate documented production evidence rather than infer origin from the exported file alone.

Design objectives

  • Represent human performance, human digital creation, and human editing without hiding tool use.
  • Classify imported material before it is normalized into a DAW session.
  • Preserve a verifiable path through recording, editing, mixing, mastering, and export.
  • Expose a public evidence summary while allowing sensitive audit data to remain private.

Scope boundaries

  • DRM, playback restrictions, and copy-control mechanisms remain outside the profile.
  • Absolute "AI-free" guarantees and single detector scores are outside the assurance model.
  • Private creative logs, unreleased takes, and trade secrets belong in optional audit evidence.
  • C2PA, DDEX, IPTC, BWF/BW64, and W3C provenance vocabularies remain the underlying standards.

Standards relationship

HMP binds music semantics to existing provenance infrastructure.

The draft uses existing container and metadata layers. C2PA serves as the cryptographic provenance layer; DDEX RIN as the music supply-chain representation; IPTC Digital Source Type as the source vocabulary; BWF/BW64 and related metadata as studio workflow carriers; W3C PROV, Verifiable Credentials, and SCITT as optional identity, audit, and transparency extensions.

Diagram of DAW evidence flowing into C2PA, DDEX RIN, a Trust Pack, and a verifier.
Architecture sketch: HMP evaluates evidence carried by existing media and music metadata standards.

C2PA / Content Credentials

Carries signed manifests, claims, ingredients, actions, soft bindings, repository receipts, AI disclosure, and validation status. Audio-relevant actions include mixing, mastering, remixing, placing, transcoding, and watermark binding.

claimsingredientsactionssoft bindings

IPTC Digital Source Type

Provides vocabulary for captured media, human edits, digital creation, algorithmic enhancement, trained algorithmic media, and hybrid compositions. Reusing these classifications gives HMP a shared vocabulary for source semantics.

digitalCapturehumanEditstrainedAlgorithmicMedia

DDEX RIN

Maps provenance evidence into a music-industry language for contributors, roles, performances, instruments, sessions, equipment, and handoffs between production, mixing, mastering, labels, and distributors.

contributorsrolessessionsequipment

BWF/BW64, ADM, EBUCore

Support professional audio interchange, timestamps, origin metadata, and optional immersive or broadcast metadata. Production stems can carry HMP evidence most directly in BWF/WAV/BW64 workflows.

timestampsbextADMstudio interchange

W3C PROV and Verifiable Credentials

PROV contributes the conceptual model of entities, activities, and agents. Verifiable Credentials can identify musicians, studios, software, devices, or certified components without exposing unnecessary personal data.

entitiesactivitiesagentsidentity

SCITT and transparency services

A transparency log can record that a manifest existed at a particular time. This is optional in the early profile but relevant for institutional auditability and dispute resolution.

signed statementsreceiptsaudit log

Terminology and trust model

A level reflects coverage, continuity, identity, and disclosure.

HMP levels summarize multiple evidentiary dimensions: source coverage, capture coverage, process coverage, identity coverage, AI disclosure, and continuity across production stages.

Capture Receipt

A signed record for audio or MIDI captured at input time, including project, track, take, timing, input, format, hash, and source classification.

Import Ingredient

An imported asset with a provenance state such as verified, unverified, sample-library, public-domain, licensed loop, declared AI, or detected-risk.

Transfer Pack

A handoff package for mixing, mastering, remote performers, or non-conforming tools, carrying stems, manifests, receipts, and policy state.

Trust Pack

The verifier-facing bundle that contains final audio, manifests, fingerprints, watermark resolver data, certificates, and optional audit material.

HMP levels

From declaration to audited production chain.

The proposed ladder describes evidence quality. Lower levels indicate missing, incomplete, or weakly verifiable production evidence.

Diagram of the HMP-0 to HMP-5 level ladder.
HMP levels are policy outcomes based on evidence and disclosure state.
Level Evidence basis Typical use Known limitation
HMP-0 Absent provenance package or unsigned metadata only. Unverified catalog material. Insufficient positive evidence for human-made claims.
HMP-1 Signed self-declaration plus credits or similar metadata. Indie releases, legacy catalog, non-conforming DAWs. Honesty-based and only weakly technical.
HMP-2 HMP-conforming DAW log for capture, MIDI, imports, edits, plugins, renders, and export. First practical product standard. External files can still enter with incomplete origin evidence.
HMP-3 Input-time capture receipts for important audio and MIDI material. Vocals, instruments, remote musicians, field recordings. Confirms the capture process; human performance claims require additional context.
HMP-4 Essential creative ingredients are verified, certified, or explicitly declared as exceptions through the chain. Labels, sync, distributors, collecting societies, competitions. Requires compatible tooling across collaborators.
HMP-5 HMP-4 plus hardware-backed keys, certified devices, identity credentials, and third-party or studio audit. Litigation, acquisitions, archives, advertising, awards. Higher cost and greater workflow burden.

DAW-native workflow

The DAW is the primary observation point.

The DAW has access to the production graph before it collapses into a final export. HMP therefore places the root of trust at project creation and records the relevant actions that transform takes, MIDI, imports, plugin outputs, bounces, stems, and masters into a final work.

01 Root

Project creation

Generate a Production ID, Project Instance ID, policy version, and hash-chained project log.

02 Capture

Signed takes before the first clip

Record take receipts for audio and MIDI at the input path, including timing, device, format, source type, and hashes.

03 Import

Import gate

Classify every external ingredient before it becomes ordinary session material: verified, unverified, sample-library, licensed loop, declared AI, or risk state.

04 Process

Edit, plugin, and render graph

Preserve the relationship between source material, edits, tuning, stretching, plugin rendering, freeze, bounce, and derivative audio.

05 Transfer

Collaboration and handoff

Move mixing, mastering, remote performance, and non-conforming DAW work through Transfer Packs that maintain the provenance chain.

06 Export

Policy evaluation

Derive the HMP level only at export, after source coverage, process coverage, AI disclosure, continuity, and exceptions are evaluated.

Trust Pack and Audit Pack

The verifier receives structured evidence.

The Trust Pack is the external unit of verification. It can be embedded, distributed as a sidecar folder or archive, or referenced through a repository. The public layer supports platform and listener review; the audit layer remains available for higher-assurance contexts.

Diagram of Public Trust Pack, Audit Pack, and verifier output.
Public and audit evidence can be separated without breaking the verification model.

Public Trust Pack

  • Final audio or references to released audio.
  • HMP manifest and C2PA manifest or repository receipt.
  • DDEX RIN representation or compatible mapping.
  • Human-readable certificate with level, coverage, disclosures, warnings, and unresolved ingredients.

Audit Trust Pack

  • Redacted or full project log, retained by artist, studio, escrow, or auditor.
  • Capture receipts, transfer receipts, and optional device attestations.
  • Identity credentials for participants or certified components where relevant.
  • Evidence sufficient for HMP-4 or HMP-5 review without publishing creative secrets.

Soft bindings

A manifest must remain discoverable when metadata is stripped.

In HMP, watermarking functions as a resolver mechanism. The evidentiary record remains in the Trust Pack. The binding strategy uses three layers: container metadata when available, audio watermark or proof identifier when robust, and fingerprint plus repository lookup when files have been transformed.

Diagram of metadata, watermark, and fingerprint resolving to a repository and manifest.
Soft bindings point transformed files back to the relevant evidence package.

Draft v0.1 scope

Draft v0.1 defines the minimal normative core.

The v0.1 profile covers the evidence model, policy levels, import classifications, capture receipts, transfer packs, public and audit trust packs, C2PA mapping, DDEX RIN mapping, AI disclosure policy, and scope boundaries. Watermark robustness, hardware certification, legal guarantees, and absolute AI-free status remain reserved for later conformance work.

Included in v0.1

  • Trust levels HMP-0 through HMP-4 as draft policy outcomes.
  • Capture Receipt, Import Ingredient, Transfer Pack, Trust Pack, and Audit Pack definitions.
  • Public vs. private evidence model.
  • C2PA and DDEX RIN mapping outline.
  • AI disclosure policy and warnings for unknown ingredients.

Open questions

  • Which verifier conformance tests are mandatory for HMP-compatible tools?
  • Which metadata pattern is suitable for human-made or licensed-origin claims in sample libraries?
  • Which identity credentials are useful without creating surveillance pressure?
  • What evidence is sufficient for hardware-assisted HMP-5 claims?