Mickai is a sovereign AI operating system engineered in the United Kingdom. It runs entirely on-device, binds identity to hardware, signs every decision under post-quantum cryptography (ML-DSA-65, FIPS 204), and produces a deterministic decision lineage suitable for regulatory audit. The architecture orchestrates 25 specialist domain brains under a deterministic arbiter.

Mickai was designed and built by Micky Irons (Mickarle Sean Junior Wagstaff-Irons), the founder and named inventor. He authored 31 filed UK patent applications covering 914 claims, recorded on the UK IPO public register at GB2607309.8 to GB2610422.4, all filed in person at the UK Intellectual Property Office. The Mickai trade mark is separately registered at UK00004373277 (classes 9 and 42, 15 April 2026). Mickai is held privately by its founder.

What is sovereign AI?

Sovereign AI is an AI system in which the operator owns the audit chain, the signing keys live in operator-controlled hardware, and any third party can verify decisions without trusting the vendor. Sovereignty is an architectural property, not a marketing claim. Cloud-dependent, telemetry-emitting, vendor-controlled-key systems are not sovereign regardless of how they are described.

How many patents does Mickai have?

Mickai has 31 filed UK patent applications totalling 914 claims, recorded on the UK IPO public register at GB2607309.8 to GB2610422.4, named inventor Micky Irons. Each filing contains a full specification with claims, abstract, prior-art search, drawings, and Form-1 metadata, on the public record at the UK Intellectual Property Office. The Mickai trade mark UK00004373277 is a separate registration covering the brand, not a patent reference.

Yes. Mickai runs 100% offline by architecture. There is no telemetry, no silent call-home, no cloud synchronisation, and no third-party identity provider in the trust path. Inference, retrieval, signing, and verification all happen on operator-controlled hardware.

What is the Open Audit Record (OAR)?

OAR is a vendor-neutral schema for signed agent action records, filed under Mickai patent application Family-022. Any OAR-compliant vendor can produce records that any OAR-compliant verifier can validate, externally and offline. OAR is paired with a browser-resident post-quantum verifier (Family-023) and a trust-domain externalisation pattern (Family-024).

What cryptography does Mickai use?

Mickai signs every commit-bound action under ML-DSA-65 (FIPS 204 post-quantum digital signatures). The audit ledger is hash-linked and append-only. Signing keys are hardware-bound and operator-controlled. The chain remains valid through the post-quantum transition that classical-signature systems will not survive.

Where is Mickai based?

Mickai is engineered in the United Kingdom, in Cumbria. The patent portfolio is filed at the UK Intellectual Property Office in Newport. Mickai is held privately by Micky Irons. There is no parent operator and no licensing intermediary.

How does Mickai compare to OpenAI, Anthropic, or Google?

Mickai is the sovereign alternative. Cloud-frontier vendors hold the audit chain, the signing keys, and the trust root. Mickai gives all three to the operator. The structural test is whether a third party can verify a decision in a browser the vendor does not host, under a key the vendor does not hold. Mickai produces that record by construction.

Can I get access to Mickai?

Mickai is in pre-order. Regulated-sector and institutional deployments are taken via the Business Audit form on mickai.co.uk/business-audit. Press enquiries go to press@mickai.co.uk. General enquiries go to hello@mickai.co.uk.

Article · 6 May 2026

Britain's sovereign AI moment: 31 UK patent applications, one named inventor, and the procurement choice the country now faces.

Sovereignty cannot be imported. The patents are filed at the UK Intellectual Property Office. The trade mark is registered. The substrate is built. The question is no longer whether Britain can build sovereign AI; it is whether Britain will procure the sovereign AI it already has.

Author

Micky Irons

Published

6 May 2026

british-aisovereign-aiuk-procurementfive-eyesdataiku

The patents are filed. The trade mark is registered. The substrate is built.

The patents are filed. The trade mark is registered. The substrate is built. The question is no longer whether Britain can build sovereign AI; it is whether Britain will procure the sovereign AI it already has. Mickai™ is a sovereign intelligence operating system engineered in the United Kingdom under one named inventor of record, Micky Irons (Mickarle Wagstaff-Irons), with thirty one filed UK patent applications and nine hundred and fourteen claims recorded at the UK Intellectual Property Office public register at numbers GB2607309.8 to GB2610422.4. The Mickai trade mark is separately registered at UK00004373277 (15 April 2026, Nice classes 9 and 42). Each artefact in this paragraph is independently verifiable on a public registry by anyone with a browser.

This piece is not a complaint about American hyperscale platforms. AWS, Azure, and Google Cloud Platform are exceptional pieces of engineering. Each has solved problems of scale, reliability, and operational discipline that no one else has solved at the same scale. The argument here is structural, not adversarial: sovereign AI cannot be a property delegated to a vendor whose trust domain sits in a foreign jurisdiction. The same argument applies to French, German, Chinese, or Indian cloud platforms. Sovereignty is a topology, not a contract. The contract can be edited at midnight in a terms-of-service update. The topology cannot.

Britain in May 2026 has the unusual position of having produced the policy machinery first and now possessing, on its own public registry, the engineering substrate that policy was implicitly describing. The Bletchley Declaration, the Seoul Summit communique, the AI Safety Institute, ARIA, the National AI Strategy, and the AI regulation white paper have collectively produced one of the most articulated AI governance environments in the world. The substrate underneath was not specified by any of those documents. It is now specified, in claim language, at the UK IPO. This is the moment of composition.

What sovereignty actually requires of the substrate

Sovereign AI has a precise structural definition. The substrate either has the properties or it does not. The list is short and is what a procurement officer can demand and verify before signing.

**On-device by construction.** The model and the inference workload run on hardware controlled by the operator. There is no inference-time call to a foreign endpoint, no hidden gateway, no fallback path that quietly routes a hard prompt to a remote model. The property is binary. Mickai filings GB2607420.3 (post-quantum signing primitives), GB2608806.2 (PQ-safe attestation and ML-DSA-signed tool-invocation ledger), and GB2610415.8 (trust-domain externalisation) specify the engineering primitives that make on-device verifiable rather than asserted.

**Hardware-bound identity.** The cryptographic identity that signs decisions is tied to a specific physical device through TPM, secure enclave, or equivalent hardware. The signature cannot be forged on a copy or regenerated by the vendor. Mickai patents specify the binding pattern in a form a UK examiner can prosecute.

**Post-quantum signed lineage.** Every action that affects state outside the agent process is signed at the moment of commit, under FIPS 204 ML-DSA-65. The signature survives the arrival of cryptographically relevant quantum computing; a classical-signature audit chain becomes useless the day a sufficient quantum computer arrives. Mickai patent GB2608804.7 covers decision lineage with an ML-DSA-signed causal audit ledger.

**Audit-verifiable by the operator without the vendor in the loop.** A regulator inspecting the chain does not depend on the vendor's hosted endpoint, tooling, or continued cooperation. The verifier runs in the operator's browser, offline, with a no-network invariant. Mickai patent GB2610414.1 covers the browser-resident offline post-quantum verifier; GB2610413.3 covers the Open Inter-Vendor Audit Record (OAR) format that any compliant vendor can produce and any compliant verifier can validate.

**Trust-domain externalised.** The signing keys, the audit ledger, and the verification surface live outside the trust domain of the agent process that produced them. The agent cannot mark its own homework. The vendor cannot edit history. Mickai patent GB2610415.8 covers the trust-domain externalisation pattern. Five properties, five filings, short enough to fit on a procurement clause page.

Why the foreign-cloud default is structurally non-sovereign

A typical UK public-sector AI deployment in 2026 routes inference through a hyperscale platform headquartered in another jurisdiction. The deployment is, on paper, compliant. The vendor produces an ISO/IEC 42001 certification, a model card, a written governance policy. None of those artefacts is a cryptographic property of the running system; each is a contractual representation. The substrate underneath is the vendor's hosted infrastructure, the vendor's tooling, the vendor's audit log, and the vendor's continued willingness to cooperate.

Apply the procurement officer's structural question. Show me, for the previous thirty days, an exportable signed action chain of every regulated decision your system made, signed under a key the operator controls, verifiable by a third party in a browser the vendor does not host, in a schema another vendor could read. The hyperscale answer is currently a JSON blob with vendor-issued timestamps and a vendor-issued hash, verifiable only via the vendor's hosted endpoint. The trust domain is the vendor's. This is not a moral failing; it is the architectural consequence of building a platform optimised for scale rather than sovereign audit. Mickai exists because someone had to build the substrate from the cryptographic primitives upward, in the United Kingdom, on the UK public registry.

The CLOUD Act exposure that follows from US-headquartered vendor deployments is one consequence of the topology. The training-surface exposure of UK trade-secret prompts is another. The egress visibility of UK voice biometrics is another. Each is a property of the substrate, not of the contract. Each is foreclosed by construction the moment the substrate moves on-device, into operator hardware, with the keys held by the operator. Each is unforeclosable by contract while the substrate is foreign.

The demand signal is now in the public record

Two recent publications make the substrate gap explicit. Neither was a Mickai publication, and both arrived after the Mickai patents were filed. On 1 May 2026 the Five Eyes intelligence alliance issued a joint advisory on AI agent action calling for verifiable authority and signed action records as a baseline expectation for state-deployed AI. The advisory described, in policy language, the structural properties that the patent corpus had already specified in claim language. The substrate predates the policy that demands it.

In February 2026 Dataiku and The Harris Poll published the Global AI Confessions Report, surveying eight hundred data leaders across the United Kingdom, United States, France, Germany, the United Arab Emirates, Singapore, South Korea and Japan. Ninety five per cent of respondents reported that they could not trace an AI decision end to end. The report is the empirical counterpart of the policy advisory; both describe the same gap, and Mickai's filings address it directly. The implication for British procurement is the meeting of supply and demand. The supply side, the engineering substrate, is on the UK public registry. The demand side, the regulatory and operational requirement, is on the public record. The procurement decision is whether to compose the two.

The procurement-choice argument

British procurement officers in regulated sectors face a structural choice in mid-2026. The choice is not framed in those terms in current frameworks, so it is worth setting it out plainly.

Option one. Continue the current default. UK government data, UK trade-secret prompts, UK voice biometrics, and UK regulated workloads route through hyperscale platforms whose trust domain is foreign. The audit posture is contractual. The cost is the residual sovereignty deficit, the CLOUD Act exposure, and the dependency on the vendor's continued cooperation. The cost is paid in trust, not in pounds.

Option two. Procure the substrate the United Kingdom has already filed. UK government data resides on operator-controlled hardware. UK trade-secret prompts do not cross into foreign training surface. UK voice biometrics are not foreign data sets. The audit posture is cryptographic. The chain is exportable, externally verifiable, and signed under post-quantum primitives. The cost is the engineering integration work to deploy the substrate against existing departmental infrastructure: finite, specified in the patent corpus, and transferable across departments once done once.

Tariffs to dependency are not visible on a balance sheet. They appear as discounted procurement decisions, foreclosed defence options, and audits the operator cannot independently verify. The visible cost of option one is low; the structural cost is the loss of sovereign capability. The visible cost of option two is the integration work; the structural benefit is the substrate the United Kingdom owns. A country whose regulated AI infrastructure depends entirely on a foreign jurisdiction's vendors is exposed to that jurisdiction's policy environment. A country with its own substrate has options.

What backing British innovators looks like in practice

The procurement choice maps to specific actions inside specific institutions, all within the gift of British actors who already have authority. The Crown Commercial Service can update RM6263 and successor AI procurement frameworks to require an Open Inter-Vendor Audit Record or equivalent open-substrate audit record by default; opt-outs are justified by the supplier, not the buyer. The AI Safety Institute can publish an evaluation extension scoring vendors on substrate availability beyond model evaluation, binary on each property: on-device, hardware-bound, post-quantum signed, externally verifiable, trust-domain externalised. ARIA can open a procurement-substrate workstream within Safeguarded AI, composing mathematical safety guarantees with cryptographic action attestation.

Operationally, an NHS trust can pilot the substrate for clinical-coding workloads against operator-controlled keys; the MOD and intelligence community can procure substrate work for sensitive AI under the trust-domain externalisation pattern; the Bank of England, FCA, and PRA can require regulated firms to produce signed action chains for any AI system involved in a customer-affecting decision. The chain is the evidence. Each of these actions is achievable inside the existing institutional architecture. None requires new legislation or another white paper. The substrate is filed. The verifier is in process. The procurement officers are ready.

The civic case, plainly

Britain is good at engineering. It is also good at policy. It is unusual at the moment in possessing both, in the same domain, at the same time, with the engineering substrate available on its own public registry under a single British inventor of record. No foreign rights holder, no licensing intermediary, no parent operator. The argument is not nationalist; it is structural. Sovereignty cannot be imported. If a French sovereign substrate were filed in Paris and a German one in Munich, each of those countries would face the same procurement choice. Britain has the additional advantage that the substrate is already filed at home, by a single named inventor whom the relevant institutions can convene with directly. The engagement model is direct, by email, to press@mickai.co.uk.

The cost of getting this wrong is not a single line item; it is the structural posture of British AI for the next two decades. A country that procures its own substrate has options. A country that defers to foreign hyperscale is the back office of the platforms that did the building. The substrate is filed. The next move belongs to the British institutions with the authority to require it.

An invitation, brief

Mickai is held privately by its founder. The invitation is open in three directions, all answered at press@mickai.co.uk by the inventor in person. First, to UK procurement officers writing AI specifications for the NHS, MOD, the Cabinet Office, the financial regulators, the courts, and local government: the clauses are written and can be pasted into procurement documents. Second, to the institutions that set the framework, AISI, ARIA, the Cabinet Office, DSIT, the Government Digital Service, and the Bank of England: the substrate fits a fifteen-minute review, the patents are on the IPO portal, and the decision is institutional, not technical. Third, to British AI vendors who want to integrate OAR before the schema freezes: the protocol is improved by competent peers and compatibility costs go down for everyone if the standard is set in the open.

Britain has the patents. Britain has the engineering. The question is whether Britain backs its own. The substrate is on the UK public record. The procurement choice is now.

“Sovereignty cannot be imported. The substrate is on the UK Intellectual Property Office public register, under one British inventor, in a form a procurement officer can read in fifteen minutes. The next move is institutional.”

Sources and references

Mickai patent portfolio, mickai.co.uk/patents (31 filed UK patent applications, 914 claims, named inventor Micky Irons / Mickarle Wagstaff-Irons, recorded at numbers GB2607309.8 to GB2610422.4).
Mickai trade mark UK00004373277 (separate registration, classes 9 and 42, 15 April 2026; not a patent reference).
GB2607420.3, post-quantum signing primitives.
GB2608806.2, PQ-safe attestation and ML-DSA-signed tool-invocation ledger.
GB2608804.7, decision lineage with an ML-DSA-signed causal audit ledger.
GB2610413.3, Open Inter-Vendor Audit Record (OAR) format.
GB2610414.1, browser-resident offline post-quantum verifier.
GB2610415.8, trust-domain externalisation architectural pattern.
Five Eyes joint advisory on AI agent action, 1 May 2026.
Dataiku and The Harris Poll, Global AI Confessions Report (Edition for Data Leaders), February 2026, eight hundred respondents across the United Kingdom, United States, France, Germany, the United Arab Emirates, Singapore, South Korea and Japan.
FIPS 204 (ML-DSA), NIST post-quantum digital signature standard.
Crown Commercial Service framework RM6263 (AI procurement) and successors.
UK AI Safety Institute (AISI), evaluation methodology, 2024 to 2026.
ARIA, Safeguarded AI programme led by David Dalrymple under chair Matt Clifford.
Bletchley Declaration (November 2023) and Seoul Summit communique (May 2024).
Mickai prior article: British AI needs an audit substrate, not another white paper (mickai.co.uk/articles/british-ai-needs-an-audit-substrate-not-another-white-paper).
Mickai prior article: What sovereignty actually means: the benefits of controlling your own data (mickai.co.uk/articles/what-sovereignty-actually-means-the-benefits-of-controlling-your-own-data).

ShareLinkedIn X Hacker News Reddit Mastodon Bluesky Email

Originally published at https://mickai.co.uk/articles/britain-sovereign-ai-moment-the-procurement-choice. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.