MICKAI
Article · 8 July 2026

A Sovereign AI Glossary: The Terms Buyers Confuse

Sovereign AI, sovereign cloud, data residency and data sovereignty are not interchangeable, and the differences decide who can lawfully reach your data.

A Sovereign AI Glossary: The Terms Buyers Confuse
Author
Micky Irons
Published
8 July 2026
Follow Micky Irons
LinkedInX
sovereign aidata sovereigntysovereign cloudconfidential computingair-gapped ai

Buyers most often confuse sovereign AI with sovereign cloud, data residency with data sovereignty, and on-premise with air-gapped, and the distinctions are precise rather than stylistic. Sovereign AI means the model, its weights and its inference run under the operator's exclusive control on hardware they own. Sovereign cloud is a hosted service kept inside a jurisdiction but still operated by a third party. The terms diverge on a single axis: who can technically reach the model and the data, not merely who has promised not to.

This matters more in 2026 than it did a year ago. DORA has been in force across EU financial entities since January 2025, NIS2 raises the bar for critical sectors, and GDPR still governs where personal data may flow. The EU AI Act adds a further layer: the high-risk Annex III obligations once due on 2 August 2026 were deferred by the Digital Omnibus to 2 December 2027, with embedded Annex I high-risk moved to 2 August 2028 and the Article 50 transparency duties largely unchanged. We read that as a build window, not a reprieve. Procurement teams are writing these terms into contracts now, and a loose definition becomes a costly gap later.

What is the difference between sovereign AI and sovereign cloud?

Sovereign AI is the property that an artificial intelligence system, including its model weights and its inference, operates entirely under the control of the organisation that owns it, with no dependency on an external provider to run. Sovereign cloud is narrower: a cloud region or partition marketed as national or in jurisdiction, where a third party still operates the infrastructure and, in many designs, still holds administrative access. Both carry the word sovereign, but only one removes the external operator. A sovereign cloud can still be reached by its provider under lawful compulsion such as the US CLOUD Act, which can require a US headquartered provider to produce data it controls regardless of where that data physically sits.

A Sovereign AI Glossary: The Terms Buyers Confuse, illustration 1

Data residency or data sovereignty: which term is the control?

Data residency is a statement about geography: the data is stored in a named country or region. Data sovereignty is a statement about authority: the data is subject only to the laws and access controls of a chosen jurisdiction, and no foreign party can compel its disclosure. Buyers conflate the two constantly. Residency is necessary but not sufficient. Data can reside in Frankfurt and still fall under a foreign disclosure order if the operator is foreign owned. Sovereignty is the stronger claim, and it depends on who controls the keys and the compute, not on the postcode of the disk.

The difference between a promise and a mechanism is, in a regulated procurement, the difference between exposure and control.

A Sovereign AI Glossary: The Terms Buyers Confuse, illustration 2

Are on-premise, air-gapped and zero egress the same thing?

They are three different guarantees, and buyers routinely treat them as one. On-premise means the system runs on hardware the operator owns or leases inside their own facility. It says nothing about whether that hardware talks to the internet. Air-gapped means the system has no network path to any external network at all. Zero egress is more specific again: the system accepts inbound requests but is architected so that no data leaves the perimeter, with outbound paths closed by design rather than by policy. An on-premise system can still exfiltrate data if it phones home. Zero egress is the property that closes that door.

A Sovereign AI Glossary: The Terms Buyers Confuse, illustration 3

What do confidential computing and hardware attestation actually prove?

Confidential computing protects data while it is being processed, by running the workload inside a hardware based trusted execution environment so that even the host operating system and administrator cannot read the memory in use. Hardware attestation is the proof step: the processor produces a signed measurement that lets a verifier confirm exactly which code is running on genuine, unmodified hardware before any secret is released. One protects the computation. The other proves the environment is what it claims to be. In a sovereign design, hardware attested identity can be bound to the audit record, so that every sealed action is tied to a specific, verified machine rather than an unprovable assertion.

A Sovereign AI Glossary: The Terms Buyers Confuse, illustration 4

How does a post-quantum signed, tamper-evident log stay verifiable?

A tamper-evident log is an append only record in which each entry is cryptographically chained to the last, so any later edit or deletion breaks the chain and is detectable. A post-quantum signature is the seal on that chain, built to resist attack by future quantum computers. The relevant standard is FIPS 204, ML-DSA, the post-quantum signature scheme: it signs the ledger. This is distinct from FIPS 203, ML-KEM, which is a key encapsulation standard for exchanging keys and does not sign anything. Buyers sometimes credit the wrong standard with verifiability. An auditor can take the log offline and check every signature against the public key, with no call to any vendor and no need to trust the operator's word.

What is cross-model consensus, and what is a Sovereign Intelligence Operating System?

Cross-model consensus is a control in which several independent models must agree before a high stakes output is accepted, so that a single model's error or manipulation does not pass unchecked. A Sovereign Intelligence Operating System, a SIOS, is the category that assembles these properties into one governed environment. Mickai is a Sovereign Intelligence Operating System. It runs offline on operator owned hardware behind a zero egress inbound perimeter, binds hardware attested identity to a post-quantum signed audit ledger, and applies cross-model consensus to sensitive actions, with every action cryptographically sealed. The architecture is the subject of 104 filed UK patent applications, approximately 2,340 claims, owned by Mickai LTD. These are filed applications, never granted or patented. It is not a chatbot or a hosted cloud service. It is the operating layer that makes these terms auditable in one place.

Frequently asked questions

Is sovereign cloud the same as sovereign AI?

No. Sovereign cloud is a hosted service kept inside a jurisdiction but still operated by a third party that may retain administrative access. Sovereign AI means the model and its inference run under the operator's exclusive control on their own hardware. A sovereign cloud can still be reached by its provider under laws such as the US CLOUD Act.

Does data residency guarantee data sovereignty?

No. Residency only fixes where data is stored. Sovereignty concerns who can compel access to it. Data can reside in your country and still be subject to a foreign disclosure order if the operator is foreign owned, so residency is necessary but not sufficient on its own.

What is the difference between air-gapped and zero egress?

Air-gapped means no network path to any external network exists at all. Zero egress means the system can accept inbound requests but is built so that no data leaves the perimeter. Zero egress allows controlled inbound use while still closing outbound exfiltration by design.

Which FIPS standard signs an audit ledger?

FIPS 204, ML-DSA, is the post-quantum signature standard that signs a ledger. FIPS 203, ML-KEM, is a key encapsulation standard for exchanging keys and does not provide signatures. Only FIPS 204 gives the offline verifiability an auditor checks.

Does this architecture make us compliant with the EU AI Act?

No architecture makes you compliant on its own, and a vendor claim is not a certification. What a sovereign design does is support specific duties: offline verifiability, tamper-evident logging and attested identity help evidence accountability and record keeping. With the high-risk obligations deferred to 2 December 2027, we treat the interval as time to build that evidence properly.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/a-sovereign-ai-glossary-the-terms-buyers-confuse. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles