MICKAI®ArticlesWhat Would It Take to Screen Ever…
Article · 16 July 2026

What Would It Take to Screen Every Sale of a High-Risk Good?

The 7/7 record shows the purchasing patterns existed and no system connected them. Two decades on, precursor reporting still depends on one person noticing at one till. As the UK prepares its largest home defence exercise in decades, here is what it would take to connect the pattern.

What Would It Take to Screen Every Sale of a High-Risk Good?
Author
Micky Irons
Published
16 July 2026
Follow Micky Irons
LinkedInX
National ResilienceExplosives PrecursorsSovereign AIOpen Audit RecordCounter-Terrorism

Every sale of a regulated, high-risk good in the UK, explosives precursors above all, should pass through an intelligent screening layer before the transaction completes. The check would run on hardware the merchant owns, inside a gated sandbox, and pass statutory suspicion flags upstream to the national reporting system. Detection of precursor-purchase patterns would become materially stronger than today's manual, fragmented reporting, because purchases would be connected across retailers instead of sitting in silos. And because every screening decision is sealed into an auditable, offline-verifiable record, regulators, courts and citizens could verify that the AI only ever did what the law allows. That is the whole proposal. The rest of this article is the evidence for it.

The timing matters. On 14 July 2026 the Government published its first Annual Statement on National Resilience alongside an updated National Risk Register. Darren Jones, Chief Secretary to the Prime Minister, announced that the Home Defence Programme will deliver the largest UK home defence exercise in decades in 2027, that the government War Book is being updated for the first time since 2004, and that a public preparedness campaign launches later in 2026.

We will rigorously test these plans through the largest UK home defence exercise in several decades in 2027, to ensure that should the worst ever happen, we will always be ready.

Darren Jones, Chief Secretary to the Prime Minister, Annual Statement on National Resilience, 14 July 2026, as reported by UK Defence Journal

We believe national resilience should extend to the point of sale. The case begins with the most sober evidence Britain has.

What did the official account of 7/7 find about the bombers' purchases?

The Report of the Official Account of the Bombings in London on 7th July 2005, laid before Parliament in May 2006 as HC 1087, found that the bomb ingredients were all readily commercially available and not particularly expensive, that each device held around 2 to 5 kg of home-made explosive, and that the first identified purchase of materials was on 31 March 2005. Its conclusions record that the planning was deceptively simple, that the whole operation cost less than £8,000, and that it was financed by methods that would arouse little suspicion. The devices were made in a rented ground-floor flat at 18 Alexandra Grove in Leeds. Evidence heard at the inquests, reported at the time, described 41 telephone contacts between February and June 2005 between phones attributed to the bombers and hydroponics outlets selling hydrogen peroxide.

Fifty-two people were killed on 7 July 2005. We will not claim that any system would have prevented it; nobody can honestly claim that. What can be said, on the record, is that the purchases that preceded it are exactly the kind of pattern a screening layer is designed to surface.

What did the 7/7 coroner say about precursor purchases?

Lady Justice Hallett, the coroner at the 7/7 inquests, handed down her verdicts on 6 May 2011 and raised concerns about the ease with which the four bombers were able to purchase and store hydrogen peroxide without raising any suspicion, urging sensible regulation of the supply of hydrogen peroxide and other explosives precursor substances. It was a stated concern rather than one of her nine formal Rule 43 recommendations, but the Government's review of progress in May 2012 shows what the answer then looked like: over 90,000 leaflets and posters distributed to suppliers since 2005, Know Your Customer campaigns, and technology to identify suspicious transactions automatically still at proof-of-concept stage, with a tool scheduled for completion by March 2013.

How does the UK regulate explosives precursor sales today?

The law has moved a long way since 2005, when no licensing regime existed. Hydrogen peroxide above 12 per cent is now a regulated explosives precursor, and since 1 October 2023 the Control of Explosives Precursors and Poisons Regulations 2023, made under the Poisons Act 1972 as amended, have placed clear duties on suppliers. The published regime requires:

  • A member of the public needs a Home Office explosives precursors and poisons (EPP) licence to buy hydrogen peroxide above 12 per cent, and retailers must check the licence and photo ID
  • Suppliers must verify business customers, including name, address, photo ID and nature of business, and keep records for 18 months
  • Suspicious transactions must be reported within 24 hours of forming suspicion, via the online reporting service, the chemical reporting team email, or the 24-hour anti-terrorist hotline

Those are real protections, and we do not diminish them. But look at what the published regime provides. It depends on an individual member of staff at an individual supplier recognising suspicion at the point of sale, then reporting it by web form or telephone. There is no published mechanism linking purchases made across different retailers. A pattern spread over several shops, several weeks and several names is precisely the pattern the regime is least equipped to see.

What would mandatory AI screening at the point of sale look like?

A statutory duty that every sale of a listed high-risk regulated good passes through an accredited AI screening layer before it completes. The screen runs where the transaction happens, on the merchant's own systems. Crucially, this holds even for sovereign, on-premise deployments: an organisation that runs its AI entirely offline, on hardware it owns, would still run the check inside a gated sandbox and pass statutory flags upstream to the national reporting system. What travels upstream is not shopping data. It is the same suspicion flag the law already requires, generated consistently against patterns rather than one till operator's instinct, and connected nationally so that purchases across retailers can be read together. That is why detection becomes materially stronger: the pattern is connected instead of siloed.

The Government's own strategy points the same way. CONTEST 2023 says AI could radically speed up the process of threat detection, describes self-initiated lone actors as fiendishly hard to detect and disrupt, and notes that individuals and small groups do frequently display some indicators of their terrorist intent, both online and in person. Purchases are among those indicators. Joining them up at the point of sale is our argument, not CONTEST's, but it follows the strategy's own logic.

Would this amount to mass surveillance?

No, and the architecture is the reason, not a reassurance bolted on afterwards. The screening runs on hardware the merchant owns, in the UK, rule-bound to the statutory list of regulated goods; ordinary shopping never leaves the premises. Every screening decision is sealed, before it executes, into an Open Audit Record: a post-quantum signed, hash-chained, offline-verifiable ledger. That means the screening itself is auditable. Regulators, courts and citizens can independently verify that the AI checked only what the law allows and flagged only what the law requires. Contrast the alternative: you cannot responsibly run national security screening through a foreign cloud, where the business is one tenant among tens of millions and the data sits outside UK jurisdiction. Sovereignty is what makes the civil liberties answer checkable rather than merely promised.

Why does the 2027 home defence exercise make this timely?

Because the whole apparatus of national preparedness is being rebuilt at once. The 2027 exercise will rigorously test the updated home defence plans, including the government War Book, with military and civilian efforts aligned; a public preparedness campaign begins later in 2026. Resilience is being framed, correctly, as a whole-of-society task, and the point of sale is part of that society. If Britain is rehearsing for hybrid attacks, it should also close the quiet gap the 7/7 record describes: materials that were readily available, cheaply bought, and never connected until afterwards. We prepare so it never happens again.

Frequently asked questions

Which goods would a mandatory AI screening duty actually cover?

A statutory list of high-risk regulated goods, explosives precursors above all. The duty we describe is that every sale of a listed good passes through an accredited screening layer before the transaction completes, checked where the transaction happens on the merchant's own systems. It extends categories Parliament has already decided require licences, identity checks and 24-hour reporting. It is not a general power to scan ordinary retail.

What data would actually leave the shop?

Not shopping data. What travels upstream is the same suspicion flag the law already requires, generated consistently against patterns rather than one till operator's instinct, and connected nationally so that purchases across retailers can be read together. The screen is rule-bound to the statutory list, so ordinary shopping never leaves the premises. That is the difference between connecting a pattern and collecting a population.

Would this work for a business that runs its AI entirely offline?

Yes, and that is the point. An organisation running its AI entirely offline, on hardware it owns, would still run the check inside a gated sandbox and pass statutory flags upstream to the national reporting system. Sovereignty and statutory duty are compatible: what crosses the boundary is the flag the law already demands, not the data behind it.

Has the UK tried automatic detection of suspicious precursor transactions before?

Yes, and it stalled. The Government's May 2012 review of progress after the inquests recorded over 90,000 leaflets and posters distributed to suppliers since 2005, Know Your Customer campaigns, and a proof-of-concept software tool to identify suspicious transactions automatically, scheduled for completion by March 2013. Fourteen years on, the published regime still runs on human vigilance, a web form and a telephone line.

This is why we built Mickai: a British Sovereign Intelligence Operating System, built and live, that organisations own and run offline on their own hardware, in their own jurisdiction. Autonomous agents run inside a gated sandbox with per-action clearance, and every consequential action is sealed into the Open Audit Record before it executes. The architecture is protected by 104 filed UK patent applications with 2,340 claims. The substrate for accountable screening at the point of sale is not hypothetical; it exists today. Read how the architecture works at [/sovereign-ai](/sovereign-ai), or see how the Open Audit Record makes any automated decision independently verifiable at [/oar](/oar).

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/ai-screening-regulated-sales-explosives-precursors. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
16 Jul 2026
The UK's Largest Home Defence Exercise in Decades Is Coming. National Resilience Now Includes the Checkout
The UK will hold its largest home defence exercise in several decades in 2027, testing updated War Book plans across government, the military and civilian agencies. We argue national resilience should extend to the point of sale, with a sovereign, auditable AI screening layer for regulated goods such as explosives precursors.
16 Jul 2026
Counter-Terrorism Screening Without a Surveillance State
Mandatory AI screening of high-risk purchases is only acceptable if the watchers are watchable: checks on hardware the merchant owns, in UK jurisdiction, with every automated decision sealed into an audit record that regulators and courts can verify offline. Routing screening through a foreign cloud leaves no independent record of what the AI decided, and that is how a surveillance state arrives by accident.
15 Jul 2026
Is Your Company Actually Ready for AI? An Honest Readiness Check
Most companies are not ready for AI, and the blocker is almost never the model, it is the data. Here is an honest readiness check, the signs you are not ready, and the five steps that get you there on hardware you own.
15 Jul 2026
Your data is old, messy and on paper. Can you still use AI?
Yes. Old, messy, paper-based data is where AI readiness begins, not where it ends. We assess, digitise, clean, classify and compartmentalise it in place on your own hardware, so nothing leaves the building and you own the result.