AI Data Sovereignty Under NIS2, DORA and UK GDPR
We built Mickai so that the intelligence you rely on lives on your own hardware, answers to your own governance, and proves every action it takes.
The regulator has stopped asking where your data lives and started asking who touched it
For years the compliance conversation around artificial intelligence was mostly about consent and residency. You told people what you collected, you kept the data in the right region, and you moved on. That era is closing. Three overlapping regimes, the EU Network and Information Security Directive (NIS2), the Digital Operational Resilience Act (DORA), and UK GDPR as it stands after the Data (Use and Access) reforms, now push the question far deeper. They no longer ask only where your data sits. They ask who touched it, what decision was made, whether that decision can be reconstructed, and whether the third party in the loop can be trusted not to become the weakest link in your estate.
That shift matters for AI, because most enterprise AI today is a supply chain problem wearing a productivity costume. The moment a regulated firm sends a prompt to a hosted model, it creates a new data flow, a new processor, a new dependency, and a new place where an audit can go cold. We built Mickai, our Sovereign Intelligence Operating System, to remove that flow entirely rather than paper over it.
What each regime is actually demanding
It helps to be precise about what these rules require, because vendors tend to blur them into a single word, compliance, and then sell you the word. They are distinct, and each lands on AI from a different angle.
- NIS2 widens the definition of an essential or important entity across energy, transport, health, water, digital infrastructure and public administration, and it makes senior management personally accountable for cyber risk. It explicitly reaches into your supply chain, so a hosted AI dependency is now your risk to manage, not your vendor's to promise, and incident reporting runs to tight clocks.
- DORA governs financial entities and, critically, their information and communication technology third parties. It demands that firms map every critical ICT dependency, test operational resilience, and retain the right to audit and to exit. A model you cannot inspect, cannot test in isolation, and cannot leave without losing your data is the concentration risk DORA was written to expose.
- UK GDPR keeps the core duties of lawful basis, data minimisation, purpose limitation and accountability, and it treats automated decision making and international transfers as high risk by default. Every prompt that leaves your perimeter is a transfer you must justify, log and defend.
Read together, these regimes describe the same organisation. It is one that can say, with evidence rather than adjectives, exactly what its systems did, where its data went, and how it would carry on if any single supplier vanished overnight. Most AI deployments cannot make those statements honestly, because the intelligence lives somewhere the customer cannot control or inspect.
Why hosted AI keeps failing the same test
The recurring problem is telemetry and dependency. A hosted model, however well secured, sends your context out of your building, processes it on infrastructure you do not own, and returns an answer whose reasoning you cannot fully reconstruct. Even where a provider promises not to train on your data, you are still trusting a promise across a boundary you cannot see across. Under NIS2 that boundary is a supply chain exposure. Under DORA it is a critical ICT dependency and a concentration risk. Under UK GDPR it is a transfer, and often an automated decision. One architectural choice trips three regimes at once.
The honest fix is not a better promise. It is to move the intelligence to where the data already lives, and to make every action it takes provable. That is the design principle behind Mickai, and why we describe it as a Sovereign Intelligence Operating System rather than software you rent.
Sovereignty as an architecture, not a marketing word
Mickai runs on the customer's own hardware. It can be deployed on premises and fully air gapped, with zero data egress and no public cloud round trip. No prompt leaves the building, because the reasoning happens inside the building. That single decision reframes every compliance question above. There is no transfer to justify, no third party model to map as a critical dependency, no telemetry stream to explain to a regulator, and nothing to lose if a supplier disappears, because no supplier stands between you and your own intelligence.
Inside that boundary, Mickai runs 50 specialist brains, 25 domain and 25 operational, under deterministic governance rather than a single opaque model doing everything on vibes. Every action they take produces a cryptographically signed audit record, the Open Audit Record, so that reconstructing what happened is not a forensic project but a lookup. Those signatures use post-quantum cryptography, ML-DSA-65, so the proof you rely on today does not quietly expire when the cryptographic ground shifts. And the memory the system builds is memory the customer owns, held locally, not a profile accumulating on someone else's servers.
“You cannot outsource accountability to a system you cannot inspect. Sovereignty is not where your data is stored. It is who can prove what happened to it.”
How this maps onto the paperwork you already have to file
The practical value of this architecture is that it collapses several hard compliance tasks into ones you can actually complete. A DORA critical dependency map is short when the intelligence has no external dependency to list. A NIS2 supply chain assessment is simpler when there is no AI supplier in the chain. A UK GDPR transfer impact assessment barely applies when nothing transfers. And an incident reconstruction, the thing every one of these regimes will eventually demand under pressure, becomes a matter of reading a signed record rather than guessing at intent from logs that may not have captured what mattered.
- DORA exit and audit rights are satisfied structurally, because the customer already holds the system, the data and the audit record.
- NIS2 senior accountability is easier to bear when leaders can point to signed evidence of every automated action, not vendor assurances.
- UK GDPR minimisation and transfer duties are met by default, because the data never leaves the perimeter in the first place.
- Post-quantum signing protects the integrity of that evidence over the retention periods regulators expect, which stretch into years.
The direction of travel is only one way
Regulators are not going to relax. NIS2 and DORA are already in force, UK data reform continues to sharpen accountability rather than soften it, and the wider expectation, from the EU AI Act to sector supervisors, is that firms will need to explain their automated systems in ever finer detail. Auditable, owner controlled AI with no telemetry and no external dependencies is moving from a differentiator to a baseline expectation for anyone operating in a regulated sector.
We are not the only people who see this coming, but we have committed to it structurally. Our intellectual property position reflects that commitment. We hold 104 filed UK patent applications carrying approximately 2,340 claims, with full specifications, claims and figures covering the sovereign architecture described here, and we are building steadily toward examination and grant. The market signal is starting to reflect the thesis too. On Crunchbase our founder now ranks number 2, and the company Heat Score has reached 94 out of 100, climbing from single digits.
The organisations that will find the next few years easiest are the ones that stop treating AI as a data flow to be governed and start treating it as a capability they own outright. When the intelligence lives on your hardware, answers to your governance, and proves every action it takes, NIS2, DORA and UK GDPR stop being three separate problems. They become three descriptions of a system you already run. That is the future we are building toward, and we think it is the only version of AI that regulated organisations will be able to defend for the long term.





