Vol 26, No 12 · May 21, 2026
Adobe Content Credentials Get Some Teeth
AI news is noisy, it's difficult to separate reality from marketing hype and click-farming. Especially in the media & entertainment space.
This project attempts to filter the noise by watching the following signals: tracking exactly what companies tell us through their terms of service, and how their outputs look side by side.
The Ledger is just starting, and kinks are getting worked out – your feedback is wanted.
What changed in AI platform agreements this week
We are tracking over 50 companies and 235+ policy documents daily. Things that govern how your data is handled, who owns what and who’s on the hook when something goes wrong. These are things you should be reading, but don't have the time for - plus they are super confusing.
If something truly concerns you, reach out to a lawyer - there are no guarantees we catch all changes, something vital to you may be missed or misinterpreted. Docs are diff'ed and summarized by multiple LLMs, then researched, edited and published by a non-lawyer human.
Adobe’s May 15 revision to its Generative AI User Guidelines makes three changes, and the one worth dwelling on is good news.
Adobe rewrote how it treats Content Credentials, the provenance metadata that records what was made or modified by AI, and stopped treating it as an optional label. Under the new Guidelines, credentials are meant to stay attached to the work. For creators who have watched their attribution and their proof of authorship vanish the moment a file leaves their hands, that is a meaningful upgrade. The same revision quietly deletes two clauses creators had relied on, the training restriction and the commercial-use grant, which cut the other way and are covered below.
In human terms: A documentary editor uses Adobe Firefly for a handful of illustrative graphics. Under the new Guidelines, the Content Credentials on those graphics are part of the deliverable rather than a detachable afterthought: they record what was AI-generated, what she modified, and that the work originated with her. When the piece is questioned later, or when a still circulates out of context, the provenance travels with the file and answers for itself. The remaining frontier is the platforms that still strip credentials on upload. Adobe alone cannot force them to stop, but by making preservation the default expectation for everyone using its tools, it turns credential-stripping from an invisible technicality into a conspicuous gap that platforms will increasingly be asked to close.
Why this matters: The headline change is a win for creators. Content Credentials are becoming a durable, tamper-resistant claim to authorship, and Adobe has moved them from a label it offers to a standard it expects everyone in its ecosystem to keep intact. The real prize is downstream: a provenance norm strong enough that the platforms stripping credentials on upload become the outliers under pressure, rather than the silent default. The deleted training and commercial-use clauses are a real cost and worth raising with clients. But the structural story this week bends toward creators, provided the rest of the pipeline follows Adobe’s lead on keeping provenance attached.
Runway Agent launched this week, and three legal documents moved together to support a single shift. Runway now defines itself as a service that other software connects to and calls, not only a site a person opens. The consumer Terms of Use, the Enterprise Terms of Use, and the Privacy Policy were each rewritten around the Model Context Protocol (MCP), the connector standard that lets AI tools call other applications and lets other applications call AI tools.
Read as one revision, they do a single thing: they move Runway from a destination you visit to a service your pipeline talks to, and they assign the new risk that rides along to whoever opens the connection. Runway is the first creative-AI platform we cover to write MCP into its terms on both the consumer and enterprise side.
In human terms: A VFX studio connects Runway to its pipeline so an agent can pull shot data from ShotGrid, run a Runway model against the plate, and write the result back to the production tracker. No one opens a browser. The agent runs the loop on its own. Under the rewritten terms, switching on that connection authorizes Runway to move the studio's account data to ShotGrid, and it makes the studio, not Runway, answerable for the data and actions that come back across the link. The pipeline got faster, and the VFX studio inherited a category of liability they were not carrying last week.
Why this matters: A destination and a piece of infrastructure are not priced, governed, or secured the same way, and this revision is Runway agreeing to be the second kind of thing - infrastructure. The contract language is the leading edge of that change. It defines what a connected agent may do, who answers when it does something wrong, and what counts as data once a third party is feeding the system on your behalf. Those questions are being settled now, ahead of the parts of the platform that users feel most directly, such as how access is metered and rate-limited. When a platform rewrites its terms to behave like infrastructure, the rest of the platform tends to follow. The pricing and rate-limit surface is the next place to watch.
The Dreamina privacy policy tripled in size this week. The effective date didn't move.
The biggest shift is at the top. The prior version named "TikTok USDS Joint Venture LLC" as the operating entity — the US Data Security structure stood up to satisfy CFIUS-related national-security requirements during the 2024–25 TikTok divestiture negotiations. The new version names "Bytedance Pte. Ltd." in Singapore. The "US" was also dropped from the document's title. The reference to "Executive Order 14352" — the September 2025 order addressing TikTok's US operations — is gone, replaced with generic Corporate Group language. Interesting...
Kling AI added three new clauses to Section 1 of its Terms of Service this week. The effective date — April 21, 2026 — did not change. This is the second consecutive week Kling has added substantive language without updating the date.
The new clauses cover three things. First, any user signing up on behalf of an enterprise is now representing “that you are duly authorized to do so and to bind such entity to this Agreement.” Second, every user is representing that they are “not subject to any applicable sanctions, embargoes, or other legal or regulatory restrictions.” Third, violations of either may result in “your inability to register for or use Kling AI services.”
Standard enterprise-readiness language on its own. Read alongside last week’s addition of a Team and Team Space framework — and the unchanged effective date — it’s a pattern.
The change itself is small. The placement is the story.
The US version of OpenAI's privacy policy added a new "Your Other Rights" section this week — a four-item enumeration: the right to know, the right to request deletion, the right to correct, and "the right to be free from retaliation relating to the exercise of any of your privacy rights." It closes with a new disclosure link: "Review our California privacy rights reporting here," pointing to a dedicated California rights reporting page that wasn't previously published.
Read on its own, this looks like routine compliance clean-up. Read in context, it's a more deliberate move.
Meta split its global Meta AIs ToS into four regional versions (UK, Brazil, EEA, and rest-of-world) and imported six EU AI Act prohibitions into the global Acceptable Use policy — including bans on social scoring, predictive policing, and untargeted scraping of facial images for recognition databases. The privacy paragraph also now explicitly says Meta uses AI interactions to “personalize your experiences and ads” — the second major AI platform in two months to tie chat data to ad infrastructure.
ComfyUI now has both a formal privacy policy (new this week) and a full 15-section Terms of Service (expanded from a one-section stub). The ToS keeps content ownership with the user and limits Comfy’s hosting license to “as necessary to operate the Services” — narrower than most competitors — but the privacy policy contains no mention of AI training rights or output ownership, which is a rather striking omission for a tool that sits this deep in the AI stack. **This may have been present for longer, we recently updated our fetch method for this record.**
LightTricks (LTX Studio, Facetune, Photoleap, Videoleap) bumped its effective date from October to May 13, 2026 and added a new Section 6.3 permitting commercial output use only on tiers that include it. The same section disclaims any warranty regarding “any User’s or third party’s assertion of ownership rights, copyrights, or any other interest in or to any Outputs” — meaning if your LightTricks output is alleged to infringe, that’s your problem.
Autodesk bumped the effective date from December 8, 2025 to March 30, 2026 — a 16-week gap — with no detectable changes anywhere in the body of the document. Either Autodesk renewed the date without updating the text, or our diff missed something that will get a manual eyeballing before the next issue.
