MICKAI
Article · 8 July 2026

Accountancy and Audit Firms: Client Confidentiality and On-Premise AI

On-premise sealed AI lets audit and accountancy firms apply AI to client work while confidential financials never leave the firm.

Accountancy and Audit Firms: Client Confidentiality and On-Premise AI
Author
Micky Irons
Published
8 July 2026
Follow Micky Irons
LinkedInX
on-premise aiaudit firmsclient confidentialityauditor independencefrc guidance

Audit and accountancy firms can apply AI to client work without breaching confidentiality by running the AI on-premise, sealed and offline, on hardware the firm owns, so that no client financial data ever leaves the firm's perimeter. This works because a sealed system has no outbound path to any public cloud AI service: the model, the client data and the audit reasoning all stay inside the engagement environment, and every action is cryptographically recorded. Confidentiality is preserved by architecture, not by a supplier's promise.

This question matters in 2026 because the profession has just been told to adopt AI carefully rather than avoid it. In March 2026 the Financial Reporting Council published guidance on generative and agentic AI in audit, expecting firms to control data handling, security and confidentiality, to keep a human responsible for every conclusion, and to permit only tools that meet confidentiality requirements on engagements. Public cloud AI services cannot meet that bar for privileged client financials, because the data leaves the firm and sits under another operator's control. On-premise sealed AI is the way to get the productivity without surrendering the duty.

Why can firms not simply use ChatGPT or Claude on client files?

Because a public AI service is an outbound channel. When a member of staff pastes a client trial balance, board minutes or a draft opinion into a public cloud AI service, that confidential material crosses the firm's boundary and is processed on infrastructure the firm does not control. Under an auditor's confidentiality duty, and under the FRC's expectation that only approved, confidentiality-compliant tools touch an engagement, that transfer is the problem. It is also exposed to foreign legal reach: a US-operated service can be compelled to disclose data under the US CLOUD Act regardless of where the client sits. A sealed on-premise system removes the channel entirely.

Accountancy and Audit Firms: Client Confidentiality and On-Premise AI, illustration 1

How does on-premise sealed AI actually work?

Mickai is a Sovereign Intelligence Operating System, a SIOS. It runs offline on operator-owned hardware inside the firm. The design rests on a few concrete mechanisms:

  • Zero-egress perimeter. The system is inbound-only. There is no route for client data or model output to reach an external network, so nothing can be exfiltrated by design rather than by policy.
  • Sovereign models on the firm's own metal. The reasoning models run locally. Client financials are processed where they already live, and never uploaded.
  • Hardware-attested identity. Each user and each machine is bound by hardware-level attestation, so every action is tied to a verified person and device.
  • Post-quantum signed ledger. Every action is sealed into an append-only audit chain using post-quantum signatures aligned to FIPS 204 (ML-DSA), so the record survives future cryptographic advances.
Accountancy and Audit Firms: Client Confidentiality and On-Premise AI, illustration 2

What can a quality reviewer or independence check actually inspect?

The value to an audit firm is not only that data stays in, but that the record is verifiable. Because every action is written to a signed, immutable ledger, an Audit Quality Review, an internal Engagement Quality Control Review or an independence check can inspect exactly which model version ran, on which engagement, at whose authenticated instruction, over which data, and what it produced. The reviewer can confirm the seal offline: if the ledger verifies, the record has not been altered after the fact. This maps directly to the FRC's expectation that firms evidence human oversight and control over AI use, and it gives the Responsible Individual an evidence base rather than an assertion.

Accountancy and Audit Firms: Client Confidentiality and On-Premise AI, illustration 3

Which rules make this necessary?

Several duties converge, and none of them are satisfied by a cloud AI service handling client data:

  • FRC guidance on AI in audit (March 2026): approved, confidentiality-compliant tools only, with human accountability for every output.
  • Professional confidentiality: the standing duty not to disclose client information, which an uncontrolled transfer to a third-party AI service can put at risk.
  • UK GDPR: lawful, controlled processing of any personal data inside client records.
  • DORA, in force since January 2025, and NIS2: operational resilience and third-party risk obligations that bite when firms serve financial-sector clients.
  • ISO/IEC 42001: the AI management-system standard firms are increasingly asked to evidence.
Accountancy and Audit Firms: Client Confidentiality and On-Premise AI, illustration 4

Does independence survive when AI does part of the work?

Yes, provided the auditor, not the model, owns the judgement. The FRC is explicit that professional scepticism applies to AI output exactly as it applies to management assertions, and that ultimate responsibility rests with the human auditor. A sealed system supports this because the reasoning is inspectable: the auditor can see what the model did and challenge it, rather than accepting an opaque answer from an external service. Where an engagement warrants it, cross-model consensus can run more than one sovereign model over the same question and flag disagreement, which sharpens scepticism rather than dulling it.

Confidentiality and independence are preserved when the AI runs where the client data already sits, sealed and signed, so nothing leaves the firm and every action can be checked.

What about the EU AI Act deadline everyone was worried about?

The pressure has eased but the direction has not changed. The high-risk Annex III obligations that had been due on 2 August 2026 were deferred by the Digital Omnibus to 2 December 2027, with embedded Annex I high-risk moving to 2 August 2028, while the Article 50 transparency duties are largely unchanged. This is a build window, not a reprieve. Firms that stand up sealed, auditable AI now will be ready when the obligations land, rather than retrofitting controls under deadline pressure.

Is this only for the largest firms?

No. The architecture scales down as well as up. A single engagement team can run a sealed instance on firm hardware; the same zero-egress and signed-ledger properties hold whether the deployment serves one office or a national network. The relevant patents are owned by Mickai LTD, which holds 104 filed UK patent applications and approximately 2,340 claims, none granted or patented. The point for a mid-tier or boutique firm is that confidentiality by architecture is available without a hyperscaler contract and without client data leaving the building.

Frequently asked questions

Can audit firms use AI without breaching client confidentiality?

Yes, if the AI runs on-premise and sealed so client data never leaves the firm. A zero-egress system has no outbound path to any public AI service, so financials, working papers and draft opinions stay inside the engagement environment. Pasting the same material into a public cloud AI service creates a confidentiality exposure, because the data crosses the firm's boundary onto infrastructure it does not control.

Does using AI compromise auditor independence?

Not if the human auditor retains the judgement. The FRC requires professional scepticism to apply to AI output just as it applies to management assertions, with ultimate responsibility resting with the Responsible Individual. A sealed system with an inspectable, signed record supports this, because the auditor can see and challenge what the model did rather than accept an opaque external answer.

What does a signed audit trail give a quality reviewer?

It gives verifiable evidence rather than a claim. Every action is written to an append-only ledger sealed with post-quantum signatures, so a reviewer can confirm offline exactly which model ran, on which engagement, at whose instruction and over which data. If the seal verifies, the record has not been altered, which is precisely what an independence check or quality review needs.

Is on-premise AI subject to the US CLOUD Act?

No, when it runs entirely on the firm's own hardware with no link to a US-operated service. The CLOUD Act reaches data held by US cloud providers, so avoiding those providers for privileged client work removes that exposure. A sovereign system that processes client financials locally keeps the data outside foreign legal compulsion.

Do we still need to prepare for the EU AI Act if the deadline moved?

Yes. The high-risk Annex III obligations moved from 2 August 2026 to 2 December 2027, and embedded Annex I high-risk to 2 August 2028, but the obligations still arrive and Article 50 transparency duties are largely unchanged. Standing up sealed, auditable AI during this window means firms are ready when the rules bite instead of retrofitting controls late.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/accountancy-and-audit-firms-client-confidentiality-and-on-premise-ai. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles