Counter-Terrorism Screening Without a Surveillance State
The only acceptable version of mandatory AI screening is one where the watchers are watchable
Mandatory AI screening of high-risk purchases is only acceptable in a democracy if the watchers are watchable. The checks must run on hardware the merchant owns, inside the United Kingdom, with every automated decision sealed into a tamper-evident record that regulators and courts can verify offline. Screening routed through a foreign cloud, where a business is one tenant among tens of millions and its data sits outside UK jurisdiction, leaves no independent record of what the AI decided. That is how a surveillance state arrives by accident. Accountability must be an engineering property, not a policy promise.
Why does the 2027 home defence exercise make this urgent?
Because a country that is rehearsing for hybrid attack should also ask where an attack begins, and some begin at the point of sale. On 14 July 2026 the Government published its first Annual Statement on National Resilience alongside an updated National Risk Register. The Home Defence Programme will deliver the largest UK home defence exercise in decades in 2027, reported as Operation ALBISTON SHADOW, and the government War Book is being updated for the first time since 2004. Darren Jones, Chief Secretary to the Prime Minister, set out the intent.
“We will rigorously test these plans through the largest UK home defence exercise in several decades in 2027, to ensure that should the worst ever happen, we will always be ready.”
We believe national resilience should extend to the point of sale. If sales of regulated, high-risk goods, explosives precursors above all, had to pass through an AI screening layer, detection of dangerous purchasing patterns would be materially stronger than today's manual, fragmented reporting. A country that rehearses its defences should rehearse its liberties too.
What did 7 July 2005 reveal about purchases no system connected?
Fifty-two people were killed in London on 7 July 2005, and the weight of that morning should sit over any policy argument that invokes it. The official account, laid before Parliament in May 2006 as HC 1087, found that the bomb ingredients were "readily commercially available and not particularly expensive", that the first identified purchase of materials came on 31 March 2005, and that the whole operation cost less than £8,000. Its conclusions record that "the planning was deceptively simple".
At the inquests, Lady Justice Hallett raised concerns about the ease with which the bombers were able to buy and store hydrogen peroxide without raising suspicion, and urged sensible regulation of precursor supply. Evidence heard at the inquests, reported at the time, described 41 telephone contacts between phones attributed to three of the bombers and hydroponics outlets between 22 February and 15 June 2005. We will never claim any system would have prevented that attack, and nobody honestly can. The purchases that preceded it are exactly the kind of pattern a screening layer is designed to surface. We prepare so it never happens again.
What does the UK's precursor reporting regime provide today?
Since 1 October 2023, under the Poisons Act 1972 as amended and the Control of Explosives Precursors and Poisons Regulations 2023, suppliers must report suspicious transactions within 24 hours. Hydrogen peroxide above 12 per cent now requires a Home Office licence, which retailers must check alongside photo ID. That is real progress since 2005. But the published regime still depends on an individual member of staff at an individual supplier recognising suspicion, and there is no published mechanism linking purchases made across different retailers.
As early as 2012 the Government said it was testing technology "with the potential to identify suspicious transactions automatically", then only at proof-of-concept stage. CONTEST 2023 states that AI "could radically speed up the process of threat detection" and that "individuals and small groups do frequently display some indicators of their terrorist intent, both online and in person". In our view, the distance between those sentences and a regime of web forms and telephone calls is the distance counter-terrorism must now close.
Why is screening through a foreign cloud the wrong answer?
Because it swaps one danger for another. Three things happen at once:
- The merchant's transaction data leaves UK jurisdiction, governed by foreign legal process rather than British law.
- The business becomes one tenant among tens of millions, on infrastructure no British regulator directly supervises.
- No independent record exists of what the AI decided or why; the only log belongs to the cloud operator.
A surveillance state arrives not by statute but by architecture: a national security function watching British purchases from beyond the reach of British law, with no watchable record of its own conduct.
How do you make the watchers watchable?
By making accountability a property of the machine. In a sovereign deployment the checks run on hardware the merchant owns, in the United Kingdom, even offline. The screening model runs rule-bound inside a gated sandbox with per-action clearance: it evaluates the transaction against the rules the law defines and can do nothing else. Flags pass upstream to the national reporting system, honouring the existing 24-hour duty. Every automated decision, flag or no flag, is sealed before it executes into a post-quantum signed record (FIPS 204 ML-DSA-65), hash-chained and verifiable offline. A regulator can verify the screening checked only what the law permits, a court can replay a contested decision, and a citizen wrongly flagged can see exactly what was done and under which rule.
Frequently asked questions
Would AI screening have stopped the 7/7 attacks?
Nobody can honestly claim that, and we do not. The official account shows the ingredients were readily commercially available, not particularly expensive, and bought over months without an alert being raised. Those purchases are exactly what a connected screening layer is designed to surface. The defensible claim is materially stronger detection, never certainty.
Is mandatory AI screening of purchases mass surveillance?
Not if it is engineered for accountability. Screening a narrow, lawfully defined category of already regulated goods, on hardware the merchant owns, rule-bound in a sandbox, with every decision sealed into an offline-verifiable record, lets regulators, courts and citizens watch the system. Bulk collection in an unaccountable foreign cloud is where mass surveillance begins.
What can a court actually verify in the Open Audit Record?
The Open Audit Record seals every consequential action before it executes, signs it with FIPS 204 ML-DSA-65 and chains the hashes. A court or regulator can verify offline what the AI decided, when, and under which rule, and can detect any tampering, without trusting the operator's word.
Doesn't the UK already require suspicious transaction reports?
Yes. Since 1 October 2023 suppliers must report suspicious transactions within 24 hours, and hydrogen peroxide above 12 per cent requires a Home Office licence. That regime depends on individual staff recognising suspicion and has no published mechanism linking purchases across retailers. AI screening strengthens it rather than replacing it.
This is the settlement we built Mickai for: a British Sovereign Intelligence Operating System that organisations own and run offline on their own hardware, in their own jurisdiction, with autonomous agents gated in a sandbox and every consequential action sealed into the Open Audit Record before it executes. Behind it sit 104 filed UK patent applications containing 2,340 claims. As the UK rehearses for the worst in 2027, one principle belongs at the centre of the rehearsal: prepare in a way your citizens can verify. Read how the audit substrate works at [/oar](/oar) and the full sovereign case at [/sovereign-ai](/sovereign-ai).
