AI-Generated Content and IP Protection: What Creators and Companies Need to Know in 2026

Artificial intelligence now writes code, composes music, generates images, and drafts legal briefs. And in most jurisdictions, the law has not caught up with the machines. The question of who — if anyone — owns an AI-generated work is one of the defining IP disputes of this decade. For creators and companies building with AI tools, the uncertainty is not abstract: it is a commercial risk that surfaces the moment a competitor, a licensee, or a court asks, "Who made this, and when?"

This post explains the current legal framework in Switzerland and the EU, why timestamping AI outputs is the single most practical risk-reduction step available today, and how Swiss Trust Layer's cryptographic sealing gives AI companies the kind of evidence trail that holds up under scrutiny.

The Core Legal Problem: Authorship Requires a Human

Copyright law in Switzerland, the EU, and the vast majority of Berne Convention member states rests on a foundational assumption: the author of a work is a natural person. This is not an accident of drafting — it reflects a deliberate policy choice. The Berne Convention for the Protection of Literary and Artistic Works (WIPO, 1886, as revised) grants rights to authors, and the word has always meant a human being.

Under Swiss copyright law (Urheberrechtsgesetz, URG SR 231.1), a work must reflect the individual character of a human author to qualify for protection. An image generated entirely by an AI model — where no human made expressive choices about composition, colour, or subject — does not meet this threshold. Under Swiss copyright law (URG SR 231.1), a work must reflect the individual character of a human author to qualify for protection — a threshold an entirely AI-generated image does not meet..

In the EU, the position is similar. The Court of Justice of the European Union has consistently held, starting from its Infopaq and Painer decisions, that copyright subsists only where a work reflects the author's own intellectual creation. A fully autonomous generative output cannot be that author's creation.

The practical consequence: AI-generated content in its raw form is likely unprotected in most major jurisdictions. Anyone who copies it, trains another model on it, or commercialises it without attribution is not obviously infringing. That is a serious gap for companies whose core product is AI-generated output.

Where Human Authorship Still Lives in AI Workflows

The unprotectable case is the pure-generation case: prompt in, image out, no further human creative input. Most real AI workflows are not like this. In practice, creators make expressive choices at multiple stages:

Prompt engineering: A carefully crafted prompt reflecting creative judgment about style, subject, tone, and composition may satisfy the originality threshold. Documenting the prompt, the specific model version, and the iteration history is therefore not just good housekeeping — it is evidence of authorship.

Post-generation editing: An illustrator who generates ten variants and then edits the chosen result — adjusting colour, composition, removing artefacts, adding elements — is contributing creative expression. The edited work may well be copyrightable as a derivative work, with the human's contribution protected.

Curation and selection: A dataset curator who selects, arranges, and annotates AI-generated training examples is performing a creative act analogous to an anthology editor. The selection and arrangement may attract copyright protection independently of the individual elements.

In each of these cases, the creator's strongest move is not to argue about the law — it is to create an unbroken, timestamped record of what they did and when. That record is the foundation of any future copyright or trade-secret claim.

AI Training Data: The Provenance Problem

Beyond output protection, AI companies face a separate and more immediately litigated risk: provenance of training data. The wave of lawsuits filed since 2023 — against large language model developers, image-generation platforms, and code-completion tools — shares a common factual dispute: what data was in the training set, who owned it, and what rights were obtained.

The practical reality is that training data is often assembled at speed, by teams under pressure, with informal documentation. When litigation arrives, companies find themselves unable to prove when a dataset was finalised, what version was used to train which model, and what licence terms applied at the point of ingestion. This evidential gap is expensive to fill retroactively — or impossible.

Timestamping training datasets before each training run addresses this directly. A qualified cryptographic timestamp, issued by a QTSP (Qualified Trust Service Provider) under eIDAS Regulation No. 910/2014, Article 41, creates a legal presumption that the dataset existed in its recorded form at the recorded time. The burden of challenging that timestamp falls on any party who disputes it — a significant reversal of the default evidential position.

What eIDAS Article 41 Actually Gives You

It is worth being precise about what qualified timestamp protection means, because it is often oversimplified in either direction.

Under eIDAS Regulation (EU) No 910/2014, Article 41, a qualified electronic timestamp shall enjoy the presumption of accuracy of the date and time it indicates and of the integrity of the data to which it relates. This is a rebuttable presumption — a challenger can introduce contrary evidence — but it shifts the burden. In practical litigation terms, this means the party holding the timestamp starts in a stronger position than the party who has only informal records.

Swiss law goes further. Under ZertES (SR 943.03), qualified electronic signatures and timestamps issued by Swisscom Trust Services — a ZertES-accredited provider — carry the same legal effect as a handwritten signature under Swiss law. For AI companies that have Swiss operations or Swiss customers, this is the highest standard available.

Swisscom Trust Services is qualified under both ZertES and eIDAS, which means a seal issued through Swiss Trust Layer carries protection in Switzerland (via ZertES) and in all EU member states (via eIDAS) simultaneously. Via the Berne Convention, that recognition extends to the 181 member states where copyright is automatically protected on creation.

Practical Steps for AI Companies and Creators

The legal landscape will evolve — there are active legislative processes in the EU AI Act, the UK, and the US — but the evidentiary fundamentals will not. Courts will always ask for proof. Here is what to do now, regardless of how the law develops.

1. Timestamp every model version and training dataset snapshot

Before each significant training run, seal a manifest file containing: the dataset identifier and version hash, the list of data sources and their licence metadata, the model architecture specification, and the training configuration. This takes minutes and creates a tamper-evident record that the dataset existed in that exact form at that exact time. If a copyright dispute arises about training data, you have evidence. If a trade secret dispute arises about your model architecture, you have evidence.

2. Document the human contribution at every AI-assisted creative step

For creative teams using generative AI, build a lightweight logging habit: record the prompt, the model, the iteration, and the human editing steps as part of the file metadata or a companion document. Seal the final work plus that provenance document together. The seal covers both and establishes the authorship chain.

3. Treat your prompt library as a trade secret, not just a tool

Carefully engineered prompt libraries, fine-tuning datasets, and system prompt architectures represent genuine commercial value. Copyright may or may not protect them — but trade secret law will, provided you take reasonable steps to maintain their confidentiality. Timestamping the prompt library at each significant revision establishes when each version was created, which matters if an employee leaves or a partner relationship sours. For more on trade secret vs copyright protection, see our guide Trade Secret vs. Copyright: Which IP Protection Is Right for Your Business.

4. Timestamp AI-generated outputs before publication

Even if a pure AI output is not currently copyrightable, prior art matters. If you timestamp and seal an AI-generated image, song, or written work before publishing it, you establish that you created it first. When a dispute arises about priority or originality, that record is your prior art defence — even before copyright law settles the authorship question. See our post on Copyright Proof of Authorship: 5 Methods Courts Accept for a full ranking of evidence strength.

How Swiss Trust Layer Handles AI IP

Swiss Trust Layer's sealing process applies PAdES/CMS-grade digital signatures via Swisscom Trust Services to any file or file bundle you upload. This means you can seal a training dataset manifest, a generative model checkpoint, a prompt library, or a bundle of AI-generated creative outputs — all in under two minutes, from your browser or via the API.

The result is a verifiable World Court Proof e-Seal: a tamper-evident record that the sealed content existed in its recorded form at the recorded time, backed by the legal presumptions of eIDAS Article 41 and ZertES. Anyone — a court, a regulator, a due-diligence team — can verify the seal at swisstrustlayer.com without needing an account.

Multi-signature workflows allow you to involve co-owners, contributors, and external auditors in the sealing process, creating a co-authorship record that maps directly to the human creative contributions described above. The version chain feature means every iteration of a dataset or model is separately sealed and linked — an audit trail that runs from initial concept to final release.

For AI companies preparing for Series A due diligence or M&A, this kind of IP trail is increasingly expected by investors. For a full due diligence checklist, see our guide IP Protection Checklist for Startups Raising Series A.

What to Do Before the Law Settles

The regulatory environment around AI and copyright is genuinely in flux. The EU AI Act (Regulation 2024/1689) introduces transparency obligations for high-risk AI systems but does not resolve the authorship question. The WIPO Standing Committee on Copyright and Related Rights has been studying AI and copyright since 2019 without reaching consensus. National courts are issuing contradictory decisions.

In this environment, the worst strategy is to wait. The best strategy is to build the evidence now — prompt logs, dataset manifests, version histories, timestamped creative records — so that when the law does settle, or when a dispute arises before it does, you have the documentation needed to assert whatever rights the applicable legal framework recognises.

A timestamp is not a legal guarantee. It is a witness statement. And in intellectual property disputes, a credible, immutable witness statement from a Qualified Trust Service Provider is the strongest opening position available.

If your team is working with AI-generated content at scale and has not yet established a timestamping protocol, start today. The cost is modest. The cost of reconstruction after a dispute is not.

Protect your AI intellectual property with Swiss Trust Layer — PAdES/CMS seals backed by Swisscom Trust Services, compliant with ZertES, eIDAS, and the Berne Convention.

For regulatory context, see: [eIDAS compliance](/eidas), [ZertES certification](/zertes), [compliance overview](/compliance).