Needine logo
Create accountSign in
Getting started

How do I use Needine?

This guide explains everything from getting your first account to issuing cryptographically signed documents, running compliance reports, and integrating via API. No technical background required for most tasks.

Sign in →Verify a document (no login)

Getting your first account

From zero to your first issued document in under 10 minutes.

  1. 1

    Request access

    Needine is invite-only. Your organization admin creates your account with an email, initial password, and role. If you are the admin setting up a new organization, contact the Needine team to provision your workspace.

  2. 2

    Sign in

    Go to /auth and sign in with your credentials. You land directly in the console. Your role determines which sections are visible and what actions you can take.

  3. 3

    Register your models (admin only)

    Before issuing any document, register the AI models your organization uses in Console → Models. Without a registered model, you cannot create certificates or drafts. This typically takes 2 minutes.

  4. 4

    Issue your first document

    Create a draft (for documents that need approval) or a certificate (for direct emission). Attach your evidence files — their SHA-256 hash is computed in your browser, the files are never uploaded.

  5. 5

    Verify and share

    Once issued, every certificate has a public URL at /verify/:id. Share it with your client or regulator. They can verify authenticity without a Needine account.

Who does what

Each user in Needine has a role that controls what they can see and do.

🏢Admin

Sets up the organization: creates users, registers AI models and vendors, configures API keys and webhooks, manages compliance modules, and generates EU AI Act reports.

  • Create and manage users
  • Register AI models with GPAI classification
  • Manage AI vendors and DPA tracking
  • Issue certificates directly
  • Manage API keys & webhooks
  • View audit logs
  • Generate EU AI Act compliance reports
  • Create Audit Rooms for external auditors
  • Manage FRIA, risk, monitoring plans & literacy records
  • View blockchain anchoring status
✍️Operator

Day-to-day document work: creates drafts, reviews and approves pending steps, issues certificates after full approval, and records model performance evaluations.

  • Create drafts with evidence
  • Review and approve drafts
  • Issue approved certificates
  • Export documents (PDF / JSON)
  • Verify any certificate
  • Record model performance evaluations
  • Create transparency and technical documentation records
🔍Auditor / Read-only

Read access to certificates, drafts, reports, compliance modules, and audit logs without the ability to create or modify anything.

  • View all certificates and drafts
  • View audit logs
  • View provenance reports
  • View compliance reports (FRIA, risk, monitoring, literacy)
  • Download exported evidence
  • Access Audit Rooms (no login needed)
Platform guide

Every section, explained

A detailed walkthrough of each area of the console and what you can do there.

01🤖

Models

Admin

Register and manage your AI models

Before issuing any certificate, register the AI models your organization uses. Each model has a provider, name, and version. You can classify models as General Purpose AI (GPAI), set compute thresholds, assign risk levels, and track inventory fields like use case and department. Export the full registry as CSV or JSON.

What you can do

  • Add a model: provider + name + version
  • Classify as GPAI with compute threshold (e.g. 10²⁵ FLOPS)
  • Set risk level: HIGH, LIMITED, or MINIMAL
  • Fill inventory fields: use case, department, responsible person
  • View inventory completeness scorecard per model
  • Track model performance evaluations over time
  • Detect metric drift between consecutive evaluations
  • Export registry as CSV or JSON
  • Link models when creating certificates or drafts
💡

Even if you use a public model (e.g., GPT-4o, Claude 3), register it. The specific version and GPAI classification make the audit trail complete.

02🏪

Vendors

Admin

Manage AI vendors and due diligence

Track every third-party AI vendor your organization relies on. Record their type (API provider, platform, self-hosted, open-source), DPA status, certifications, data residency, and training data opt-out policies. Each vendor has a risk score (0–100) and a review workflow to ensure due diligence is up to date.

What you can do

  • Add vendors: name, type, website, contact email
  • Track DPA status: NOT_REVIEWED → PENDING_SIGNATURE → SIGNED → EXPIRED
  • Record certifications (ISO 27001, SOC 2, etc.)
  • Set data residency region and training data opt-out status
  • Assign risk score (0–100) and review status
  • View models linked to each vendor
  • Export vendor registry as CSV or JSON
💡

Keeping vendor records current is a key EU AI Act requirement for supply chain transparency. Review DPA expiration dates regularly.

03🗂️

Drafts

Admin · Operator

Create a certificate with approval workflow

All certificates are created through the drafts workflow, which enforces a formal review chain before issuance. You define the approval steps and assign a user to each role. Nobody can issue the certificate until every step is completed in order. The platform signs it with Ed25519, assigns a trust score, and queues it for blockchain anchoring.

What you can do

  • Select certificate type (ai_report, ai_audit, ai_evaluation, generic…)
  • Choose the AI model used
  • Upload input evidence — the file stays local, only its SHA-256 hash is stored
  • Upload output evidence the same way
  • Attach additional evidence as ATTACHMENT or REFERENCE type
  • Define approval steps: Reviewer → Approver → Signatory
  • Assign a specific user to each step
  • Each reviewer approves, rejects, or delegates their step
  • Only after all steps are approved can the certificate be issued
  • The entire approval chain is embedded inside the signed payload
  • Export as PDF or self-contained JSON bundle
💡

Your files never leave your machine. Needine only stores the hash. The certificate proves the file existed and was unaltered — without uploading sensitive data. The 'Pending' tab shows only the items waiting for your action — your personal inbox for approval tasks.

04

Verification

Anyone — no login required

Verify any certificate

Any certificate issued by Needine can be verified publicly at /verify/:id — no account needed. You can also use the Verification section inside the console to check certificates by ID and see the full detail: signature, trust score, approval chain, and blockchain anchor status.

What you can do

  • Enter a certificate ID or paste a full verification URL
  • See the cryptographic signature and hash
  • See the full approval chain (if the certificate came from a draft)
  • See the trust score and the factors that influenced it
  • See evidence summary: total count by type (input, output, attachment, reference)
  • See the blockchain anchor — Merkle root + Arbitrum transaction hash
  • Public verifier requires no account: share the link with clients or regulators
💡

Share /verify/:id with clients, partners, or regulators. They can verify the certificate is genuine and unaltered without needing a Needine account.

05📊

Reports

Admin · Operator · Auditor

Provenance and organization reports

The Reports section has two views: provenance search and organization report. Provenance gives you the full lineage graph of a specific certificate — how it was created, which model, who approved it. The organization report aggregates all certificates over a time range with trust-level distribution, blockchain anchoring percentage, and certificate type breakdown.

What you can do

  • Search any certificate by ID to view its provenance graph
  • See input → model → output → approval chain → anchor in a visual tree
  • Generate an organization report for any date range
  • Filter by trust level (high / medium / low)
  • See top certificates by number of descendants
  • View totals: issued, revoked, invalid certificates
  • Check blockchain anchoring percentage across all certificates
💡

Provenance reports are the key piece for explaining to an auditor or client exactly how a specific document was produced.

06🇪🇺

Compliance

Admin · Auditor

EU AI Act compliance modules

The Compliance section is a full suite of EU AI Act modules. Each certificate type is mapped to a risk level (high / limited / minimal). Beyond the overview dashboard, you can access dedicated sub-modules for each compliance obligation.

What you can do

  • Dashboard: risk distribution by certificate type, compliance score overview
  • Transparency (Art. 13, 14, 50): record disclosure, human oversight type (HITL/HOTL/HIC), stop mechanisms
  • Technical Documentation (Art. 11, Annex IV): system specs, data governance, validation, performance metrics — with Annex IV compliance scoring
  • FRIA — Fundamental Rights Impact Assessment (Art. 6, 27): evaluate impacts on privacy, non-discrimination, freedom, dignity, consumer protection
  • Risk Management: track risks by phase (design, development, testing, deployment, post-market) with mitigation actions
  • Post-Market Monitoring: create monitoring plans with frequency (daily/weekly/monthly/quarterly), data collection, feedback mechanisms
  • AI Literacy: record employee training completion, scores, certificate URLs, expiration tracking
  • Model Performance (Art. 15): record accuracy, precision, recall, F1, AUC metrics — with automatic drift detection between evaluations
  • Registration and Declaration: export compliance declarations for regulatory filing
  • Download any report as PDF or JSON
💡

If you use Needine for high-risk AI use cases (medical, credit scoring, employment), these modules cover your Article 9–15 obligations. Start with FRIA and Technical Documentation — they are the most commonly requested by regulators.

07🏛️

Audit Rooms

Admin

Share evidence with external auditors

Create a scoped, read-only Audit Room and share its time-limited access token with external auditors — lawyers, regulators, external compliance teams. They access the certificates you define without creating an account and without seeing anything outside the defined scope.

What you can do

  • Go to Administration → Audit Rooms
  • Create a room: name, scope (all certs / by type / by ID / by date), expiry date
  • Copy the one-time token and share it with your auditor
  • Auditor visits /audit/:token — no login needed
  • Token expires on the date you set and can be revoked at any time
💡

The token is shown only once at creation. Store it safely before sharing. You can always revoke and create a new one.

08⚙️

Administration

Admin

Manage users, API keys, and anchoring

Create and manage all users in your organization. Assign roles that control what each person can see and do. Manage API keys for integrations and monitor blockchain anchoring status for all your certificates.

What you can do

  • Create users: email, full name, initial password, role
  • Edit user roles: ADMIN, OPERATOR, AUDITOR, READ_ONLY
  • Delete users with confirmation
  • Create API keys: name, scopes, expiry, owner
  • Revoke API keys that are no longer needed
  • View blockchain anchors: Merkle roots, tx hashes, block numbers, on-chain IDs
  • Monitor anchor status: PENDING → SUBMITTED → CONFIRMED (or FAILED with retry)
  • View the complete audit log of all platform actions
💡

API keys are shown only once at creation. If a key is lost, revoke it and create a new one. Each key is linked to a specific user for full traceability.

09💻

Developers

Admin

Integrate Needine into your pipelines

The Developers section provides everything your technical team needs: a quickstart guide, SDK snippets, webhook management, and a link to the full Swagger documentation. Use the TypeScript SDK for Node.js pipelines or the Python SDK for AI workflows (LangChain, custom scripts).

What you can do

  • Read the quickstart guide with copy-paste code examples
  • Install the TypeScript SDK: npm install @needine/sdk
  • Install the Python SDK: pip install needine-sdk
  • Register webhook endpoints per event type
  • Set your webhook secret for HMAC-SHA256 signature verification
  • View webhook delivery logs and retry status
  • Open Swagger docs at /api/docs for the full REST reference
💡

Webhooks are signed with HMAC-SHA256. Always verify the X-Needine-Signature header before processing the payload on your end.

One thing requires no account at all

The public verifier at /verify/:id is open to anyone. If a company or individual shares a Needine certificate with you, you can verify its authenticity, check the approval chain, and see the blockchain anchor — without creating an account or logging in.

Try the public verifier →

Ready to start?

Sign in to your account, or go back to the home page to learn more about what Needine offers.

Sign in →← Back to home