← All posts

Receiving AI work you can actually prove: a client's walkthrough of Archibal

How a brand uses Archibal to commission AI work and receive it as verifiable deliverables - send a brief to an agency, accept the work into one inbox, and keep a durable compliance archive across every vendor.

When you publish AI-generated work, the legal and reputational risk sits with you as the deployer of AI content, not with your agency. You might outsource the production of AI commercials, AI social ads, or AI product visuals, but you are the one putting them in front of an audience, which is what most AI disclosure and provenance rules care about.

We laid out the procurement and contract side of that in the brand's guide to commissioning AI content. This post is narrower and more practical: how a marketing or legal team actually receives AI-generated media inside Archibal once the contracts are signed, so every AI asset arrives with proof you can verify and keep.

The short version: you commission AI work, it comes back as something you can independently verify in a couple of minutes, and the proofs live in a single compliance archive you control - not scattered across half a dozen agency portals and email threads.

Start with a client workspace for AI deliverables

When you set up Archibal, you choose whether you're primarily creating AI content or commissioning AI content from vendors. If you're on the brand side, choose "commissioning" and you'll get a client workspace tuned for receiving work rather than producing it.

If you already have a creator workspace, the sidebar switcher lets you add a client workspace in one click. Your workspaces are grouped under Creator and Client, so switching between "we make AI" and "we receive AI from agencies" takes a second.

A client workspace is deliberately different from a creator's environment. There are no production tools or model settings. Instead you see:

  • Briefs - where you define what you're asking for.
  • Inbox - where finished AI commercials, AI images and AI videos land with their proofs.
  • Connected agencies - who you commission from.
  • Archive - where accepted AI deliverables live as durable compliance records.
  • Obligations - a roll-up of your disclosure and provenance exposure across vendors.

You can add your team (brand managers, legal, risk) to the client workspace. A second reviewer doesn't need to be a full creative seat; they just need to be able to read certificates, click verify links, and sign off.

Brief an agency with the compliance context baked in

Instead of emailing a PDF brief, you create it directly in the Briefs section. You capture the things AI disclosure and provenance rules actually care about:

  • Territories where the AI media will run
  • Channels (social, broadcast, streaming, web, OOH)
  • Use category (e.g. brand, political, health, kids)
  • Stakes level for the campaign
  • Deadlines and any specific legal notes

Then you hit Send to agency. You can:

  • Pick an agency you've already connected.
  • Or just type an email address for a shop that has never touched Archibal before.

That email route matters. It works even if the agency isn't on Archibal yet, so sending the brief doubles as the onboarding step. From your side, you've still got one canonical brief with the right metadata for downstream AI compliance.

Once a brief is sent, it's locked to its intended recipients. The open shareable link stops working; only the addressed agency can accept it. You get clear lifecycle states - Sent, Opened, Accepted - and simple controls:

  • Resend if it's gone quiet.
  • Revoke if you've changed scope or decided not to proceed.
  • Let old invites expire after 14 days; resending revives them.

It's the difference between "I emailed someone a PDF brief for an AI ad" and actually knowing, at any moment, where that request sits and who is accountable for it.

Receive AI commercials and AI assets in your Inbox, with proof

This is where most brands underestimate the risk until they lose a critical AI disclosure record in a vendor portal.

When the agency delivers a project that traces back to your brief, it lands in your Inbox automatically. No "can you re-send the final AI files," no guessing which portal to log into. The asset and its AI provenance arrive as one package.

If you're handed a delivery that didn't start as a brief - maybe a one-off AI commercial or a pilot with a new vendor - you can still bring it into your compliance flow. Paste its verify link into the Inbox, and Archibal pulls it in and files it under the right brief or campaign.

Open an Inbox item and you see a compliance-first view, not just a download button:

  • A public verification page for the delivery - something you can hand to a regulator, client, or internal audit.
  • Downloads for the certificate PDF - the human-readable compliance snapshot.
  • The signed C2PA manifests - the machine-readable provenance and AI disclosure data.
  • The .c2pa sidecar for formats like PDF that use detached manifests.

From there you Accept or Request changes, with a note about what's missing or unclear. That decision flows back into the agency's project view, so the approval loop happens inside Archibal instead of disappearing into your email "Sent" folder.

For SEO clarity: this is exactly what many teams mean when they ask for "a compliance-proof workflow for AI-generated advertising" or "a way to verify AI commercials from agencies." Archibal makes that verification path the default.

Turn accepted AI work into a long-lived compliance archive

Once you accept a delivery, it moves into your Archive. That archive is not just cloud storage; it's a compliance-grade registry of AI-generated assets you've deployed.

Each archived item stays independently verifiable:

  • The certificate is content-addressed to the exact files you received.
  • The manifests and fingerprints can be checked later with public verification tools.
  • The deliverable is linked back to its brief, territory/channel settings, and risk band.

This matters when a regulator, platform, or client asks a question long after the campaign has wrapped. Instead of scrambling through vendor portals and shared drives, you search Archibal, open the delivery, and produce the certificate and manifests on demand.

Retention windows are tuned to how serious the work is:

  • Client plan - 90 days of retention for lower-stakes AI experiments.
  • Brand plan - two years of retention for most marketing and advertising use.
  • Brand Enterprise - a custom window aligned with your internal retention and regulatory policies.

Investigations and audits never follow campaign calendars. If you're buying AI-generated media at scale, picking a realistic retention window up front is one of the easiest ways to de-risk future AI provenance questions.

See AI disclosure obligations across all your agencies

If you use more than one agency - and most medium and large brands do - the hard question is rarely about a single AI spot. It's: "What's our exposure across everything we've shipped, across every vendor?"

The Obligations view surfaces that:

  • It rolls up the compliance status of every AI delivery you've received across all connected agencies.
  • It shows what's outstanding and what's resolved, grouped by vendor and by law or obligation.
  • It exports to CSV so you can drop it straight into board decks, risk reports, or internal audits.

Instead of chasing a different "compliance export" from every agency - each with its own definition of "compliant AI advertising" - you get a single, normalized view of AI disclosure obligations across your vendor ecosystem. That cross-vendor roll-up is part of the Brand plan.

If you want a deeper grounding in the concepts behind those certificates and fingerprints, what is AI provenance walks through the technical layers, and the field guide to AI disclosure laws explains which AI transparency rules actually apply in which regions.

What exactly you're verifying when you click "Verify"

Every delivery in Archibal carries a content-addressed certificate, not just a marketing PDF.

That certificate records:

  • The project and delivery date
  • The assessed risk band and the rules that were evaluated
  • Which AI models and tools were detected in the production pipeline
  • The reviewing lawyer, if legal review was part of your workflow
  • SHA-256 fingerprints of the deliverable files themselves

Those fingerprints are what make the certificate binding. If an AI commercial, image, or PDF is swapped or edited after delivery, its hash changes and the certificate no longer matches. That's the whole point: you are not just trusting an agency's word that "nothing changed" - you are checking it cryptographically.

For many teams, this is the missing piece in "how to verify AI-generated content from agencies" or "how to prove AI disclosure compliance if someone challenges a campaign months later."

The bottom line for brands buying AI media

Commissioning AI work isn't the real risk. Receiving AI-generated content blind is.

The brands that stay out of awkward conversations with regulators, platforms, and customers are not the ones avoiding AI altogether. They're the ones that:

  • Make AI provenance and disclosure part of how they receive AI work from agencies.
  • Standardize on a single verification and archive workflow, regardless of vendor.
  • Can prove, quickly, what was AI-generated, how it was disclosed, and what changed when.

In Archibal, that's the default path: send the brief, accept the delivery, keep the archive. The proofs - certificates, manifests, sidecars, and fingerprints - are already there the moment you need them, whether that's for a platform audit, a regulator's question, or a board meeting slide about how you're managing AI risk.

If you're already commissioning AI ads or AI-generated creative, the next step isn't "less AI." It's receiving AI in a way you can prove.

About Pricing Blog Terms Privacy

© 2026 Archibal.AI Inc. All rights reserved.