Prompt Protocol (PP) is an open standard for pre-generation authorization in generative AI. It answers the question "is this content authorized?" before the AI model produces anything — not after. The protocol uses cryptographic signatures, a verification API, and an opt-out registry to give rights-holders control over how their identity is used in AI-generated content.

Content provenance standards like C2PA describe what was generated. Prompt Protocol determines whether it should be generated. They're complementary — PP can export a signed assertion into a C2PA manifest (Layer 4), but the authorization decision happens before generation, not after.

No. PP standardizes compliant commercial generation flows. It cannot prevent unauthorized generation by uncooperative providers, local open-source inference, or offshore services. Its value is proportional to the size of the compliant ecosystem — the more providers that integrate, the stronger the protection.

An opt-out is the strongest protection in the protocol. It is checked before any license is consulted, and no license — not even a Premium one with co-signed exceptions — can override it. A subject who opts out will have all generation requests refused by every compliant provider, for the opted-out modalities.

Per-generation latency is dominated by network round-trip — typically 5–30 milliseconds. The verification query is a single server-to-server call that fits into existing inference pipelines without UI changes or SDK modifications.

Yes. The specification is published openly and the reference implementation is released under the Apache-2.0 license. There is no privileged vendor and no fee to implement the protocol.

The protocol does not adjudicate fair use, parody, or other legal exceptions. It refuses by default and provides cryptographic evidence. Legal exceptions (court orders, journalism, public interest) are handled through jurisdiction profiles (Layer 3) — recorded as parallel records, not as modifications to the opt-out.

The verification request may include the prompt text for subject detection purposes. However, no protocol material ever appears in user-facing prompts. The entire verification flow is server-to-server — transparent to the end user. The user's experience does not change.