MICKAI®
Article · 11 July 2026

Cohere North vs a fully air-gapped sovereign AI operating system: which fits regulated government data?

Cohere North removes multi-tenancy and deploys in private cloud, but a fully air-gapped SIOS fits classified government data because zero egress is architectural.

Cohere North vs a fully air-gapped sovereign AI operating system: which fits regulated government data?
Author
Micky Irons
Published
11 July 2026
Follow Micky Irons
LinkedInX
cohere northair-gapped aisovereign aigovernment datasios

Cohere North and a fully air-gapped Sovereign Intelligence Operating System both target regulated government data, but they draw the trust boundary in different places. Cohere North is a credible sovereign alternative to public frontier services because it removes shared multi-tenancy and can deploy inside a customer environment, yet it remains cloud-capable and does not lead on offline operation or a cryptographically provable audit chain. For the most sensitive government workloads, where data must never leave operator-owned hardware and every action must be provable years later, a fully air-gapped SIOS fits more completely, because zero egress and a post-quantum signed ledger are designed into the substrate rather than bolted on as controls.

This question matters in 2026 because the regulated buyer no longer accepts a public endpoint for classified or citizen data. Public services such as ChatGPT, Claude and Gemini are off the table, so the real contest is between a private cloud deployment and an offline substrate. The two look similar on a slide and behave very differently under audit.

What is Cohere North, and where does it fit?

Cohere North is Cohere's secure enterprise AI workspace. It brings agents, retrieval and chat over an organisation's own systems, and it is positioned as a sovereign-friendly alternative to public frontier services. It can deploy inside a customer's own cloud tenancy or on-premises, and it does not fold your data into a shared multi-tenant model. For many regulated teams that is a genuine improvement over a public service. It is a serious option.

The distinction is architectural, not a matter of quality. North is designed to run well inside a private cloud and to connect to enterprise systems, so connectivity is treated as a feature. That is the correct trade for a large enterprise. It is a different trade from a government workload that must assume the network is hostile and that no remote copy of the data may exist.

Cohere North vs a fully air-gapped sovereign AI operating system: which fits regulated government data?, illustration 1

What does a fully air-gapped SIOS do differently?

A Sovereign Intelligence Operating System runs offline on operator-owned hardware. Mickai is a SIOS. Its default posture is no outbound connection. The models, the data and the audit record all sit behind a zero-egress inbound perimeter, which means work can be accepted for a task but nothing leaves the box. The models are sovereign models the operator holds and runs, so there is no vendor endpoint to call, no telemetry, and no update channel that reaches out. Where North treats the private cloud as the trust boundary, a SIOS treats the physical air gap as the trust boundary and builds the intelligence to work inside it.

Cohere North vs a fully air-gapped sovereign AI operating system: which fits regulated government data?, illustration 2

How does air-gapped operation actually work?

The offline posture is enforced by design, not by policy. The core mechanisms are checkable:

  • A zero-egress inbound perimeter, so data can enter for a task but no path exists for it to leave.
  • Hardware-attested identity bound to the audit chain, so every actor and device is cryptographically pinned before it can act.
  • A post-quantum signed audit ledger using FIPS 204 and FIPS 205 primitives, so the record survives future decryption attacks.
  • Cross-model consensus, where several sovereign models must agree before a high-stakes action is taken.
  • Offline verifiability, so the whole system can be inspected on the operator's own hardware with no external dependency.
Cohere North vs a fully air-gapped sovereign AI operating system: which fits regulated government data?, illustration 3

What can an auditor actually check?

An auditor should not have to trust a claim of sovereignty. They should be able to test it. On a fully air-gapped SIOS the named test is simple: pull the audit ledger and verify every signature offline. Each action, each model output and each identity is sealed into a post-quantum signed chain, so a regulator can replay the sequence and confirm nothing was altered afterwards. Because identity is hardware-attested and bound to that chain, the record also shows which device and operator authorised each step. Provable audit is the difference between an assurance and evidence.

For the most sensitive government data, sovereignty is not a deployment option you switch on, it is an architecture you can prove was never bypassed.

Cohere North vs a fully air-gapped sovereign AI operating system: which fits regulated government data?, illustration 4

Which rules make this necessary?

The regulatory backdrop is tightening, not loosening. Under the EU AI Act, the high-risk Annex III obligations that were once due on 2 August 2026 were deferred by the Digital Omnibus to 2 December 2027, with embedded Annex I high-risk duties moving to 2 August 2028 and the Article 50 transparency rules largely unchanged. We read that as a build window, not a reprieve. DORA has been in force since January 2025 and demands operational resilience and provable control of ICT risk. NIS2 raises the bar for essential entities, GDPR still governs any personal data, and ISO/IEC 42001 sets the management-system expectation for AI. The US CLOUD Act adds a jurisdictional point: data held by a US-linked provider can be subject to legal compulsion regardless of where it sits. A fully air-gapped system removes that question because there is no remote copy for any jurisdiction to reach.

When is Cohere North the right choice, and when is a SIOS?

Both can be correct, and the deciding factor is the data class. If the workload lives in a private cloud, tolerates managed connectivity, and needs strong enterprise integration, Cohere North is a sound and sovereign-minded choice. If the workload is classified, must run with no outbound path, and must be provable to a regulator long after the fact, a fully air-gapped SIOS is the closer fit. A useful decision test: name the exact data flow that would be unacceptable if it left the building, then ask which architecture makes that flow physically impossible rather than merely disallowed.

Frequently asked questions

Is Cohere North air-gapped?

Cohere North is designed for secure, sovereign-minded deployment inside a customer's own cloud tenancy or on-premises, and it avoids shared multi-tenancy. It is cloud-capable rather than air-gapped by default, so full offline operation with a hard zero-egress perimeter is not its leading design point. For workloads that require a true air gap, an offline SIOS is architected around that constraint from the start.

Does an air-gapped AI system still receive model updates?

Yes, but on the operator's terms. A SIOS holds and runs sovereign models locally, so updates arrive as signed artefacts the operator imports deliberately, not through an outbound channel that reaches a vendor. This keeps the zero-egress perimeter intact and means no telemetry or automatic call-home ever occurs. The operator, not a supplier, controls what changes and when.

What does post-quantum signing add to a government audit trail?

It future-proofs the evidence. A post-quantum signed ledger using FIPS 204 and FIPS 205 primitives resists the decryption capabilities expected from quantum computers, so an audit record sealed today remains verifiable and tamper-evident for the long retention periods that government data demands. Without it, a signature scheme that is safe now could be forgeable within a record's own lifetime.

How does the US CLOUD Act affect sovereign AI choices?

The US CLOUD Act allows US authorities to compel data held by US-linked providers, wherever that data physically sits. For a private cloud deployment this is a live jurisdictional exposure that has to be assessed. For a fully air-gapped SIOS the exposure is removed by design, because the data never leaves operator-owned hardware and no remote copy exists for any authority to reach.

Can a fully air-gapped SIOS match the capability of a cloud AI service?

For regulated workloads it is built to. A SIOS runs multiple sovereign models locally and uses cross-model consensus for high-stakes decisions, which trades a single hosted frontier model for a verifiable ensemble the operator owns. The design is backed by 104 filed UK patent applications, approximately 2,340 claims, owned by Mickai LTD; never granted or patented. The point is not to imitate a public service but to deliver comparable capability inside a boundary it cannot honour.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/cohere-north-vs-a-fully-air-gapped-sovereign-operating-system. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles