SAAKSHA Line · line-side QA + DPP compliance pack
In plain terms: catch line defects and verify every printed serial using the cameras already on your line, and auto-generate the EU export passport (Digital Product Passport) each shipment needs — no new inspection hardware.
Software-only line-side visual QA, serial / DataMatrix verification, and a Digital Product Passport compliance pack for Indian OSAT semiconductor back-end and Tier-2 EMS contract manufacturers. It runs on the line cameras and edge compute you already own — no AOI hardware bundle, no capex. On the timeline currently drafted, an electronic product placed on the EU market will need a DPP-grade artefact. SAAKSHA Line generates it — mandatory export compliance, not a spreadsheet ROI argument.
Maturity: reference implementation, pilot-ready. Production detection models and live MES connectors land at line commissioning; the certifications and regulatory tracks below are targeted, not yet cleared. Available in early access — engage to get on the line commissioning queue.
01 — Who it's for
Cognex, Keyence and OMRON sell imported AOI hardware to Tier-1 OEMs at heavy per-line capex. That door is closed to the OSAT back-end and the Tier-2 EMS exporter who has already sunk that capex and still cannot produce a DPP-grade artefact from the vendor's bundled software. That is the SAAKSHA Line market — software-only, retrofit onto the cameras already on the line.
— ICP · 01 · OSAT back-end
Standing up the visual QA + traceability layer ahead of line commissioning. EU brand audits already arriving asking about DPP-readiness; cannot answer affirmatively today.
— ICP · 02 · Tier-2 EMS
A dozen SMT lines, third-party AOI, manual serial verification, paper traceability sheets. Customer returns traced to AOI false-negatives. Needs DPP-grade traceability ahead of a new EU procurement clause.
— ICP · 03 · Tier-2 EMS
Several SMT lines. End-of-line serial verification is the bottleneck at 7-12 seconds per board. A brand supplier-cascade audit is on the horizon. Must stay within a tight per-line software budget.
— ICP · 04 · Tier-3 EMS
Cannot afford an imported AOI bundle, and has lost an EU order for want of a traceability artefact. Needs a low-touch software layer at opex cost that closes the compliance gap.
Target channel: the Tier-2 / Tier-3 OSAT and EMS export belt across the Pune-Hosur-Sriperumbudur-Sanand cluster — contract manufacturers facing EU and US import-compliance pressure. Out of scope for now: large fabs and Tier-1 plants whose master MES is already locked to an incumbent ERP / SI stack.
02 — How it works
The SAAKSHA Line edge appliance runs inference on the existing line camera feed, writes every substrate-passing event to a local audit chain, and syncs to the India-hosted control plane over mTLS. Five steps, one line event, one signed artefact — and it keeps working for seven days if the factory link goes down.
For any existing line camera
The DefectDetector reads each substrate frame and returns top-10 defect classes by substrate type. The detection becomes a typed DefectRead row with bounding box, confidence, and the source camera. No new hardware on the conveyor.
For the end-of-line bottleneck
The SerialReader reads the printed code and verify_serial() cross-checks it against the MES work-order value. The status is MATCH, MISMATCH, UNREADABLE, or NOT_PRESENT — a mismatch fires its own event and carries the raw image crop for evidence.
For BSA §63 evidence-grade traceability
Every LineEvent is appended to the per-tenant AuditChain. Each entry hash-links to the previous one and is signed over prev_hash || payload_hash || ts. Tamper with any past entry and verify_chain() breaks at that index. This produces a tamper-evident, Bharatiya Sakshya Adhiniyam §63-aligned evidence bundle engineered to satisfy the technical requirements — hash, algorithm, chain of custody, device identity, and operator.
For the EU export shipment
generate_dpp_bundle() rolls a shipment's events into a per-shipment Digital Product Passport: a PDF plus a canonical JSON manifest, signed by the per-EMS Ed25519 key and counter-signed by the operator on duty. Modify any byte and the manifest signature is invalid.
For the customer's compliance team
validate_dpp_manifest() checks the bundle against the ESPR Delegated Act schema for electronics before issuance. A failed validation blocks the cert; a pass stamps it DPP-ready and surfaces it on the customer-facing portal and the public consumer page.
For Indian factory connectivity reality
The edge appliance caches every event in SQLite (WAL + RLock) and keeps generating certs offline with a deferred-sync indicator. On reconnect it replays to the cloud in event order. The HDMI line monitor shows live defect counts and serial hits the whole time.
03 — Capabilities
The imported AOI software counts defects in its own opaque taxonomy and cannot read the printed serial,
let alone produce a DPP-grade artefact. SAAKSHA Line ships the visual QA, the serial/2D-code verify, the
compliance certs, and the audit chain as one stack — every capability a real module in
src/saaksha_line/, every external dependency behind a Protocol + StubAdapter.
vs the AOI vendor's opaque defect taxonomy
Ten defect classes — solder splash, missing component, wrong orientation, bridging, insufficient paste, tombstoning, fiducial misregistration, label misregistration, foreign-object debris, cosmetic scratch — primarily on the electronics substrates this product targets: SMT PCBA and semiconductor packaging, with white-goods sub-assembly, sheet metal, plastic injection, glass and textile in the broader supported set (7 substrate types total). A free-text defect label cannot be cited in a DPP; the enum can. Borderline confidence (0.55-0.85) routes to operator triage.
vs manual 7-12s-per-board end-of-line checks
GS1 DataMatrix, GS1-128, Aztec, PDF417, ECC200, and generic QR, read and cross-checked against the work-order serial. Target: under 250 ms read at ≥99.5% accuracy on our internal test set (design goal, not yet independently measured). A mismatch above the configurable value threshold escalates straight into the two-operator workflow rather than being silently passed.
vs a paper "supplier traceability sheet"
Four cert generators: the ESPR DPP bundle (FR-03), the RoHS pre-cert visual check per Directive 2011/65/EU (FR-06), the US 19 CFR Part 134 country-of-origin cert (FR-05), and the BSA §63 evidence-export bundle. Each is a PDF artefact backed by a tamper-evident signed manifest — not a paper form with no cryptographic verifiability.
vs a heavy imported AOI capex
Runtime adapters let the same inference pipeline run on a Hailo-10H (40 TOPS, 5 W TDP), a Jetson Orin Nano (67 TOPS), a Sony AITRIOS smart camera, or generic x86. The customer or a hardware partner supplies the board; we ship software only — no marked-up appliance, no lock-in to our hardware.
High-stakes actions — a defect on a high-value SKU, a serial mismatch above the value threshold, a DPP cert for a
100-plus-board shipment, cross-customer cert sharing, key rotation, role elevation — all route through
the two-operator workflow (workflows.two_operator), and the approval record is itself
audit-chain-anchored.
04 — The DPP record
A Digital Product Passport bundle is a canonical JSON manifest plus a PDF, both pinned to the
ESPR schema version and signed twice — by the per-EMS Ed25519 root key and an operator counter-signature.
The hash is computed over the whitespace-free manifest, so any later edit invalidates the signature.
validate_dpp_manifest() enforces every required field before the cert can issue.
# Per-shipment DPP manifest — generate_dpp_bundle() output. # Signed over the canonical (sort_keys, no-whitespace) bytes. # Values below are illustrative sample data. { "bundle_id": "a7f3…-…-…", "generated_ts": "2026-05-24T07:05:11+00:00", "espr_schema_version": "espr-electronics-draft-2026-05", # draft, subject to change "tenant": { "tenant_id": "…", "tenant_name": "SAMPLE-EMS-01" # illustrative }, "shipment_ref": "SHIP-2026-EU-00451", "product_family": { "product_family_id": "…", "sku": "SMP-AUD-1138" }, "board_count": 500, "event_ids": ["…", "…"], # one per board on the line "bom_summary": "…", # from the MES work order "recyclability_class": "Annex II Class B", "conformity_assessments": ["RoHS 2011/65/EU", "REACH SVHC"], "algorithm": "ed25519+sha256", "format_version": "dpp-v1", "signatures": { "bundle_hash_hex": "…", "tenant_signature_hex": "…", # per-EMS root key "operator_counter_signature_hex": "…" # operator on duty } }
→ tenant (EMS / OSAT, customer_tier, per-EMS root-key fingerprint) → line (substrate_type, hardware_substrate) → product_family (sku, export_destinations, espr_category) → work_order → line_event → defect_reads + serial_verify_reads · Every row is tenant-scoped; isolation is enforced at construction and at every endpoint.
05 — Mandatory compliance, not ROI
SAAKSHA Line is built against the regulation, not the spreadsheet. On the timeline currently drafted, an electronic product placed on the EU market will need a DPP artefact, and US Customs audits country-of-origin marking on every import. Covering four regulations in one pack means no single Delegated-Act delay leaves a line uncovered.
For any product placed on the EU market
In force since 18 July 2024; the electronics Delegated Act is expected mid-2027 per the current draft. The DPP bundle is designed to carry the unique identifier, manufacturing data, supplier audit-trail reference, recyclability class, and conformity assessments. The schema validator tracks the latest published draft and is updated as the Delegated Act is finalised — schema and timing are draft and subject to change.
For every product imported into the US
check_origin_label() verifies the visible label is in the required "Made in [Country]" or "Product of [Country]" form, legible and matching the declared origin. A mismatch fires an OriginMarkingMismatchEvent and the origin cert carries it for a CBP audit — where violations carry fines and seizure risk.
For restricted-substance conformity
The RoHS pre-cert checks that the mandated labels are present and legible — faded, smudged, missing, or illegible labels are flagged — and that the content matches the BOM declaration for lead, mercury, cadmium, hexavalent chromium, PBB/PBDE and the four phthalates. Every check is a BSA §63-aligned, tamper-evident event.
For warranty, BIS, and customer-return disputes
Every detection event is Ed25519-signed and hash-chained per EMS, producing a tamper-evident, BSA §63-aligned evidence trail — hash, algorithm, chain of custody, device identity, operator — rather than a paper log plus low-fidelity DVR. The BSA §63 evidence-export bundle (PDF + signed JSON) is generated on demand, and verify_chain() proves integrity end-to-end. Admissibility in any proceeding is determined by the court.
Worker data: line cameras face the product, not the operator, so face capture is avoided by default and DPDP Act 2023 exposure is minimised. Certification posture: the BSA §63 evidence bundle, ESPR validator, and RoHS / 19 CFR label-verify generators are implemented in the reference build. IcyCastle holds ISO 9001:2015 and ISO 27001 (certificates available on request); CERT-In empanelment is on the regulatory track (targeted, in progress) and is treated as revenue-blocking, not skippable.
06 — The public consumer DPP page
The DPP that ESPR envisions is consumer-facing: a QR on the product resolves to a public page anyone can read. SAAKSHA Line serves that page directly from the same signed record — no DBIM operator header, a 24-language landing, and a provenance timeline that traces straight back to the line. This is the view an EU consumer, a customs officer, or a recycler sees.
SKU, model, manufacturer, origin country, registration date, ESPR Annex II class, battery watt-hours, recyclability percentage, and the carbon footprint in kg CO2e — the ecodesign data the Delegated Act requires the passport to carry.
A per-substance table — lead, mercury, cadmium, hexavalent chromium, PBB/PBDE, the four phthalates — each with its measured level, the RoHS limit, and a PASS status, plus the REACH SVHC declarables. Verifiable, not asserted.
Substrate inspection passed, serial bonded and verified, RoHS + REACH conformity confirmed, origin certified, ESPR DPP signed and published — each timestamped with the responsible operator and the Ed25519 algorithm. The whole chain is one tap from the QR.
Each audit row links to a verify endpoint that re-runs verify_chain() against the per-tenant public key and reports verified true or false. The passport is not a static PDF claim — it is a live cryptographic check anyone can trigger.
07 — Operator, QA, compliance, consumer
The operator UIs are server-rendered FastAPI + Jinja on the shared IcyCastle design system — no SPA build, no Node toolchain, runs anywhere Python runs. One app serves the line floor, the QA desk, the compliance officer, and the public EU consumer in 24 languages.
Live defect feed, a filmstrip of the last-N rejects, and an SPC strip — boards today, pass rate, defect rate, serial-match percent, DPP-ready count. Everything the floor needs in the first ten seconds of a shift.
Per-shipment DPP readiness (green / amber / red with the missing fields named), RoHS and origin status, the live audit feed, and the two-operator approval queue for high-value serial mismatches above the value threshold.
The cert library across EU ESPR DPP, EU RoHS 2011/65/EU, US 19 CFR Part 134, and BSA §63 evidence — counts of issued, valid, and needs-renewal — plus a CAG-friendly export bundle and the full audit trail.
The public, no-login passport page reached from the product QR. Product identity, the RoHS + REACH materials table, and the provenance timeline — each provenance row independently re-verifiable against the signed chain.
A web calibration tool sets per-line regions of interest and thresholds at install time, with rollback and an auto-tuning step that recommends thresholds from the first 100 events — so a line is commissioned inside a two-hour window.
Borderline-confidence defects and unreadable or mismatched serials queue to the triage UI for an operator decision, with role + permission gating across the eight EMS-side roles from line operator to read-only auditor.
08 — Integration & edge
SAAKSHA Line does not replace the MES — it is the line-side compliance layer any MES can integrate with. Seven adapter triplets, each a Protocol + StubAdapter + ProductionAdapter so tests pass with no dependency installed, read the work order and push the QA result back. The edge appliance carries the inference, the cache, and the signer to the line.
# The same inference pipeline runs on any of these — the customer or a # hardware partner supplies the board. SAAKSHA Line sells software seats only. HardwareSubstrate.HAILO_10H # 40 TOPS @ 5 W TDP (~INR 85k) HardwareSubstrate.JETSON_ORIN_NANO # 67 TOPS (~INR 65k) HardwareSubstrate.SONY_AITRIOS # smart camera + NPU (~INR 45k) HardwareSubstrate.GENERIC_X86 # reuse a line PC # Line camera, factory LAN, line monitor: reused. Net new hardware: ~0. # Prove the audit chain end-to-end, offline, from the CLI: $ saaksha-line verify-chain \ --db-path ./line-3.db \ --tenant-id 7c1e…-… \ --pubkey-hex <64-hex-char per-EMS public key> chain verified: 4218 entries # illustrative sample output
Cross-customer DPP-cert sharing (e.g. to a brand-tier OEM customer) passes the three-gate
federation pattern — warrant + two distinct operators on each side + consent — enforced at construction
in federation.gateway. There is no bypass.
09 — How to engage
SAAKSHA Line is available in early access for Tier-2 and Tier-3 EMS exporters and OSAT back-end lines. Reach out to discuss your line configuration, MES stack, and export destinations — we scope the engagement from there.
10 — Start
Software-only, retrofit onto the cameras you already run. The same audit chain and DPP pack scale from one Tier-3 line to a five-line OSAT.