MICKAI
Article · 2 July 2026

Basel and AI Model Risk

Why signed model lineage turns AI model risk governance from a story a bank tells into a proof it can defend

Basel and AI Model Risk
Author
Micky Irons
Published
2 July 2026
Follow Micky Irons
LinkedInX
baselmodel riskai governancesiospatents

Every bank that has ever answered to a supervisor knows the ritual. A model makes a decision, a regulator asks how it was reached, and someone has to reconstruct the reasoning from logs, spreadsheets and the memories of people who may since have left. Under the Basel framework, this reconstruction has always been the price of using quantitative models to hold capital, price risk and approve credit. The framework was written for models that a team could explain on a whiteboard.

Artificial intelligence breaks that comfortable arrangement. When a decision emerges from a system that learned its behaviour from data rather than from a formula a person wrote, the whiteboard is empty. The Basel Committee's principles for model risk management still apply, but the evidence they demand is far harder to produce. We built Mickai, our Sovereign Intelligence Operating System, so that the evidence exists before anyone thinks to ask for it.

What Basel actually asks of a model

The Basel framework, and the supervisory guidance that surrounds it such as SR 11-7 in the United States and the European Central Bank's guide to internal models, treats a model as a controlled object. A firm must know where the model came from, what data trained it, who validated it, what its limitations are, and who authorised its use. Model risk is the risk of adverse outcomes from decisions based on models that are incorrect or misused, and the response is governance: independent validation, a model inventory, ongoing monitoring and clear ownership.

None of this is controversial for a linear regression. The trouble is that AI systems are not static artefacts. They are retrained, fine-tuned, prompted, chained and updated. A single AI decision may pass through several models, a retrieval step, a set of instructions and a human override before it lands. Basel governance assumes you can point at the model that made the decision. With modern AI, the honest answer is often that no one can point at it with confidence. That gap is not a compliance inconvenience. It is model risk in its purest form.

A colossal marble figure of Mnemosyne holding a small point of gold light in her cupped hands surrounded by darkness.
Mnemosyne held memory so it could never be lost, which is exactly what signed lineage does for a model.

Signed lineage instead of remembered lineage

Our answer is to stop relying on memory and start relying on cryptography. In Mickai, every model carries a lineage that is recorded, not recalled. When a brain is trained or fine-tuned, the operating system captures the base it derived from, the data corpus it consumed, the parameters that shaped it and the validation results it passed. That record is hashed and signed. The signature uses post-quantum cryptography, specifically the Federal Information Processing Standard 204 ML-DSA-65 scheme, so the lineage stays trustworthy even against an adversary holding a quantum computer.

The records are linked into a hash chain using SHA-3-512, so each entry seals the one before it. You cannot quietly alter a training run, backdate a validation, or slip in an unapproved model without breaking the chain, and a broken chain is visible to anyone who checks. Model lineage stops being a document that a team maintains and becomes a mathematical fact the system enforces. When a supervisor asks which model made a decision and how it came to exist, the answer is retrieved and verified in seconds, not assembled over weeks.

The action, not just the model, carries proof

Basel model risk management does not end at the model. It cares about use: the decision the model informed, the override a human applied, the capital number that resulted. This is where most AI governance quietly fails, because the model may be well documented while the moment of use vanishes into an application log that no one signs.

A colossal marble figure of Lachesis measuring a straight golden thread stretched between her hands in deep shadow.
Lachesis measured the thread of every life, and every link is a signed record you cannot alter without it showing.

In Mickai, no consequential action executes unsigned. Before a brain acts, the operating system writes an Operation Attestation Record, an OAR, that names the model version, the inputs it saw, the policy it operated under and the identity that authorised it. The OAR is signed before the action runs, not after, so it can never be a convenient reconstruction written once the outcome is known. For high-stakes decisions, such as changing a capital calculation or approving an exposure, we require multi-brain agreement and voice-biometric approval, so a single compromised component cannot move money on its own. The audit ledger that results is tamper-evident, hash-linked and verifiable offline, which matters when a supervisor wants to inspect the record on their own hardware without trusting ours.

Model risk you can measure

A control that cannot be measured is a hope. Basel validation expects firms to test models continuously, to track performance drift, and to demonstrate that a model still behaves as it was approved to behave. Because Mickai signs lineage and attests every action, the raw material for measurement already exists in structured, trustworthy form.

We can show, for any period, which model versions were live, how often humans overrode them, where outputs drifted from validated behaviour, and which decisions triggered the highest-assurance approval path. Brains are revocable, so a model that fails validation can be withdrawn instantly across the estate, and the ledger records the revocation as a signed event. Model risk becomes a set of numbers a chief risk officer can put in front of a board and a supervisor can independently reproduce, rather than an assurance resting on the diligence of whoever last touched the spreadsheet.

A colossal marble figure of Themis raising golden scales held in exact balance against a black void.
Themis weighed every claim in balance, which is what a control becomes once you can measure it.

Necessary, because the alternative is unquantified

The regulatory ground is shifting under everyone's feet. The European Union Artificial Intelligence Act, the EU AI Act, treats credit scoring and many risk models as high-risk systems demanding traceability and human oversight. The Digital Operational Resilience Act, DORA, and the ISO 42001 standard for AI management systems push in the same direction. General Data Protection Regulation obligations attach to the data that trains these models. A bank that adopts AI without signed lineage is not choosing a lighter control regime. It is choosing an unquantified one, and unquantified model risk is precisely what Basel exists to prevent.

This is why we frame these controls as necessary rather than optional. A firm can defer them, but it cannot make the underlying risk disappear. It simply carries the exposure without measuring it, which is the worst of both worlds under any supervisory regime.

Built for the boundary the public cloud cannot cross

The large cloud providers are allies in this story, not rivals. They operate a magnificent layer of infrastructure, and much of finance runs on it well. But a regulated bank often cannot let its most sensitive models and data leave its own control, whether for reasons of sovereignty, secrecy or supervisory expectation. That is the boundary Mickai is designed to sit on.

A colossal marble figure of Argus Panoptes covered in many eyes lit by points of gold guarding a dark threshold.
Argus never closed every eye at once, the same vigilance a boundary demands where the cloud cannot cross.

Mickai runs on hardware the customer owns, air-gapped or on-premise, with zero data egress. The lineage, the attestation records and the audit ledger stay inside the institution and remain verifiable offline. The capabilities we have described are drawn from our portfolio of 104 filed UK patent applications, comprising about 2,340 claims and owned by Mickai LTD, each framed around a specific control the system performs. We treat model governance not as paperwork bolted onto AI, but as a property the operating system guarantees.

The bottom line

Basel has always asked a simple question in a hard way: prove your model, prove its use, prove it still works. AI makes that question harder, because the model is a moving target and the moment of decision is easy to lose. Signed model lineage, attested actions and a tamper-evident ledger turn the answer from a narrative into a proof. Model risk governance stops being a story a firm tells and becomes a measurement it can defend. That is the standard we build to, because under Basel it is not a luxury. It is the necessary and measurable control.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/basel-and-ai-model-risk. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
Sovereign AI for Central Banks
A central bank cannot send its rate deliberations or supervisory secrets to anyone else's cloud. We built Mickai, a Sovereign Intelligence Operating System, so monetary and supervisory intelligence runs entirely offline on hardware the bank owns, with independence proven, secrecy architectural and every decision signed before it acts.
4 Jul 2026
Sovereign AI for Defence Primes
Defence primes hold the most sensitive programme data in the world, and the public cloud cannot cross the boundary that protects it. We built Mickai as a Sovereign Intelligence Operating System that runs on hardware the prime owns, air-gapped, where every action is cryptographically signed before it executes and every brain can be revoked in seconds.
4 Jul 2026
Sovereign AI for Maritime and Shipping
Fleets and ports need intelligence that keeps deciding when the satellite link dies and keeps an honest record no one can edit. Mickai runs on the operator's own hardware, at sea and on the quay, with zero data egress and a post-quantum signed ledger. Autonomy where the connection ends, governance that never does.
4 Jul 2026
Sovereign AI for Aerospace
Aerospace cannot ship export-controlled geometry to borrowed cloud infrastructure or hand engineers unexplained answers. We built Mickai, a Sovereign Intelligence Operating System, to run design and safety-case intelligence on hardware the customer owns, with zero data egress and cryptographic provenance signed onto every artifact before it exists.