The notary's trick: a thirteenth-century idea that solves the AI problem

In 1255, Rolandinus Passageri finished a working manual called the Summa Artis Notariae in Bologna. The book ran for fifteen generations as the standard reference for notarial practice across Europe and parts of the New World. Its operating idea is simple enough to fit on one card. A notary does not certify the content of a document. A notary certifies that named parties appeared, consented, and signed.

That distinction sounds pedantic until you put it next to the modern provenance argument.

The Bolognese instrumentum publicum, the public instrument, was a finished legal artifact only after the notary attested the act. If the parties later disputed the meaning of what they had agreed, the venue for that dispute was a court. If they disputed whether the act had taken place, the court asked the notary. The notary was the witness to the moment, not the editor of the words.

This division of labor is what AI provenance has been groping toward for three years without naming. The detection industry has spent that time trying to be the notary and the court at once, and failing at both.

Why detection is the wrong layer to fight on

A detector reads a file and outputs a probability. The probability is conditioned on every assumption the detector's training set carries forward. Every new generation of a generative model, every fine-tune, every alignment shift, perturbs that distribution. A detector trained on the 2024 fleet is doing different work on the 2026 fleet, even when the underlying architecture looks the same.

The decay is faster than the publication cycle. Detection vendors publish accuracy figures against the model they had the most labeled data for, usually four to six months before launch. By the time a procurement department signs a contract, the figure is already covering a different distribution than the one the contract has to defend against.

Even when a detector hits a 94.0% accuracy figure, the inverse, the 6.0% false-positive rate, is the entire story. Six percent of human authors flagged at the scale of a platform moderation queue produces a number of misclassified creators large enough to bury the accuracy claim. The detector is doing inferential work that does not belong inside a moderation queue, let alone inside a courtroom.

The Bolognese answer to this confusion is to move the question. Stop asking the file what it is. Ask the registry whether a specific human attested to it.

What identity-side attestation looks like

A Pulse Signature is a cryptographic seal bound to a creator's biometric signal. The seal is stitched to C2PA content credentials in the file itself and to an append-only registry on the Humark side. The biometric signal stays local; the registry holds only what a third party needs to verify the attestation.

The notary's role maps onto two pieces of this design.

The first is the witness function. The biometric protocol verifies the human at the moment of signing. No claim about the work's originality, lawfulness, or quality enters the record. The act of signing is the only fact attested.

The second is the public instrument. The registry is append-only. Once a signature exists, it cannot be silently rewritten. Revocations append a row; they do not erase the original. This is the same logic that made the medieval notarial protocol useful across centuries: the record outlives the parties, the venue, and the political weather.

A detector does neither of these things. It does not witness anything; it reads a finished artifact and guesses. It does not produce a record; it produces an opinion. The opinion is useful to product teams trying to surface synthetic content at scale. It is not useful to a falsely accused illustrator standing in front of a judge.

What the Bolognese model refuses to do

The strongest evidence that an institution is restrained is the list of things it has declined to adjudicate. The Bolognese notarial register is a long inventory of refused adjudications.

A notary in 1240 did not certify that an oath was sincere, that a price was fair, that a will was wise, or that a marriage was consensual in any sense beyond the appearance of consent at the moment. The system worked because the notary's surface area stayed narrow. Widen it and the office becomes a court without judges; narrow it past the witnessing function and the office becomes a clerk. The thirteenth-century answer is a thin line that has held for eight hundred years.

A Pulse Signature borrows the line. The attestation records that a specific human signed a specific file at a specific time. It does not claim originality. It does not claim ownership. It does not certify that the work is good, novel, lawful, or commercially valuable. It does not adjudicate whether a derivative carries its own attestation; a derivative is a new act that requires a new signature from its own creator.

This narrowness is the architecture. The reason a hallmark struck in London in 1730 still holds up in court today is that the office never tried to certify more than four things on a silver spoon: the metal fineness, the year, the maker, and the city of assay. Anything more would have collapsed the system inside one cycle of monarchs.

Why the reframe matters now

Legal pressure on creative provenance is loading from two sides at once. The EU AI Act's machine-readable disclosure language goes into operational effect during 2026 for the largest model deployments. Procurement departments at major publishers are starting to write provenance language into vendor contracts. Stock platforms with European exposure are quietly rebuilding their license stacks around C2PA manifests.

A platform answering those pressures with detector probabilities is going to lose the procurement conversation inside eighteen months. A platform answering with attribution records, the kind a notary would recognize, is going to be the supplier the contract signs with.

The thirteenth-century lesson is not a clever historical analogy. It is the same problem.

When a marketplace cannot tell a peach from a lemon, the trade dries up. The Bolognese answer was not to invent a better lemon detector. It was to build a public office whose only job was to record who had brought what to market. Eight hundred years later the office still exists, the records still hold, and the protocol still ports. The creative economy is about to need it again.