AI Governance as Code
Cryptographic policies that decide before any action happens, not after
Most organisations discover the limits of their governance the moment something goes wrong. A model acts, a payment moves, a record changes, and only afterwards does anyone reach for the policy document to ask whether it should have been allowed. By then the action is already in the world. The rulebook was written to be read by people, not enforced by machines, and so it enforces nothing at all.
We built Mickai on the opposite premise. Governance is not a document that describes what an intelligence should do. It is executable code that decides, before any action fires, whether it may happen at all. We call this AI governance as code, and it is the difference between a policy that hopes and a policy that holds. Mickai is a Sovereign Intelligence Operating System, a SIOS, and governance sits at its core rather than bolted on at the edge.
The gap between the policy and the act
Traditional governance lives in two disconnected worlds. In one, compliance teams write policies in prose: who may approve a transfer, which data may leave a jurisdiction, what a model is forbidden to touch. In the other, the systems run, and they run whether or not the prose was followed. The connection between the two is a human, a review meeting, an audit that arrives months later. The policy is advisory. The machine is sovereign. That gap is where every automated failure lives.
AI governance as code closes the gap by refusing to let it exist. Every rule that matters is expressed as machine-checkable policy that sits directly in the path of execution. A brain inside Mickai cannot reach an action without passing through the policy first. If the rule says a dataset classified under the General Data Protection Regulation (GDPR) must never leave the customer's premises, that is not a sentence in a handbook. It is a condition the runtime evaluates, and a failed condition means the action never happens.
Sign before you act, not after
The heart of the design is the Operation Attestation Record (OAR). Before any subsystem inside Mickai executes anything of consequence, it produces an OAR: a signed statement of exactly what is about to be done, by which brain, under which policy, with which inputs and expected effects. The record is signed first, and only a valid signature clears the action to proceed. Nothing runs on trust. Everything runs on proof produced in advance.
This inverts the usual order of the world. Conventional logging records what already happened, which is useful for the post-mortem and useless for prevention. The OAR is written before the act, so the act is gated by its own attestation. If the record cannot be produced, or cannot be signed under current policy, the operation is refused at the door. We are not describing history. We are authorising the future, one signed decision at a time.
Post-quantum signatures and an audit ledger that cannot be edited
A signature is only as good as the mathematics behind it and the ledger that keeps it. We sign every OAR with post-quantum cryptography, specifically the FIPS 204 ML-DSA-65 standard, so the attestations that govern an action today remain trustworthy against the computers of tomorrow. A governance decision that could be forged in five years was never a governance decision at all.
Each signed record lands in a tamper-evident, cryptographically-signed audit ledger. Entries are chained so that altering one breaks the proof of every entry after it. Nobody, including us, can quietly rewrite what an intelligence did or was permitted to do. When a regulator, an auditor, or a board asks what happened, the answer is not a reconstruction from memory. It is a sealed sequence of signed facts, and its integrity can be checked without trusting the party presenting it.
High-stakes actions need more than one brain
Not every decision carries the same weight, and our governance reflects that. Routine operations pass under standing policy. High-stakes actions, moving large sums, deleting protected records, altering the rules themselves, are gated by stronger conditions written directly into code. We require multi-brain approval, where independent subsystems must each attest to the same operation before it clears, so that no single compromised or drifting brain can act alone.
For the most sensitive class of action we add voice-biometric approval, binding the decision to a specific human whose identity is verified at the moment of authorisation. The policy that demands this is not a workflow someone can skip when they are in a hurry. It is a condition in the execution path. If the second brain has not attested, or the voice does not match, the OAR is never signed, and the action simply does not occur. Approval is a gate, not a formality. Our brains are revocable too, so a subsystem that drifts out of policy can have its authority withdrawn without dismantling the whole.
Regulator-verifiable by design
Regulation is arriving faster than most architectures can absorb it. The European Union AI Act, the Digital Operational Resilience Act (DORA), the Health Insurance Portability and Accountability Act (HIPAA) in healthcare, and the International Traffic in Arms Regulations (ITAR) in defence all demand something conventional systems struggle to give: proof, on demand, that the rules were followed at the point of action. Governance as code produces that proof as a by-product of running at all.
Because every OAR is signed and offline-verifiable, an inspector does not need access to our infrastructure, our goodwill, or an internet connection to check compliance. They verify the signatures themselves, against the published standard, on the customer's own hardware. The whole system runs air-gapped or on-premise with zero data egress, so the evidence never leaves the boundary the regulator cares about. Verifiability stops being a report we write and becomes a property of the substrate.
Why this belongs at the sovereign boundary
The public cloud giants, OpenAI, Microsoft, Amazon Web Services, Google, and Oracle, are our allies, and they operate a different layer of the stack. Their platforms are extraordinary at scale, but they cannot cross the regulated boundary on the customer's own terms, because the data, the keys, and the ledger would have to leave the customer's control to do so. That boundary is precisely where governance as code has to live, and it is where Mickai runs, on hardware the customer owns.
The policy travels with that hardware. There is no dependency on a vendor's continued permission, no remote kill of your compliance, no data quietly leaving your walls to satisfy a rule. The rules are yours, enforced on your own metal, provable to anyone you must answer to. That is the difference between renting governance from a distant platform and owning it outright, where the intelligence and the evidence live in the same place you already trust.
The bottom line
Governance that only describes behaviour will always arrive too late. Governance expressed as code, signed before execution, gated by multiple brains and a human voice, sealed in a ledger that cannot be edited, and verifiable offline by the regulator, arrives before the act and stays true afterwards. That is what we built into Mickai, and it is protected across 104 filed United Kingdom patent applications, about 2,340 claims, owned by Mickai LTD. The rulebook no longer hopes to be followed. It decides.




