MICKAI
Article · 4 July 2026

The FCA Wants To Watch Your AI Run. Give It an Audit Record It Can Read

The regulator is not banning AI, it is asking for evidence. A cryptographically-signed audit record on every action is what turns a supervised experiment into something a supervisor can actually read.

The FCA Wants To Watch Your AI Run. Give It an Audit Record It Can Read
Author
Micky Irons
Published
4 July 2026
Follow Micky Irons
LinkedInX
FCAAI Live Testingmodel riskfinancial servicesAI governance

!Chronos, keeper of the ledger of time, stands in a void of black and gold, an unbroken chain of sealed records running through his hands

The Financial Conduct Authority has decided it wants to watch artificial intelligence run before it decides anything. It opened a second cohort of AI Live Testing, with applications in January 2026, live testing from April, and an evaluation report due in the first quarter of 2027. Alongside it sits a second Supercharged Sandbox cohort. The Prudential Regulation Authority is holding the same line. No bespoke rulebook for AI. No prohibition. A principles-based posture that says, in effect, show us the system working, under supervision, and give us the evidence.

That last word is the one most model-risk teams skim past. Supervised experimentation is not a hall pass. It is a demand for a record. And the record a live-testing supervisor actually wants to inspect looks almost exactly like the thing we built into Mickai from the first line, a cryptographically-signed, per-action audit trail that a human, or an examiner, can read.

What the FCA is really asking for

Read the AI Live Testing framing closely and the through-line is not "is this model allowed." It is "can you show us what it did, why, and whether the controls held." The regulator is offering a supervised window in which a firm runs a live or near-live AI system against real conditions, with the FCA watching, so that both sides learn what good looks like before it scales.

To take that window you need three things a supervisor can hold in their hands. What the system was asked to do. What it actually did, action by action. And proof that neither of those two records was edited after the fact. Most AI deployments cannot produce the third. They produce logs, and logs are mutable, scattered across a cloud provider's telemetry, and written by the same stack whose behaviour is under question. A log that the system can rewrite is not evidence. It is a claim.

This is the gap the FCA cohort will expose fast. A firm walks in with an impressive model and walks out asked a simple question it cannot answer. Prove to us this trace was not touched.

Owned rails make you sandbox-ready

Mickai is a Sovereign Intelligence Operating System. Regulated organisations own it and run it inside their own walls, air-gapped where the workload demands it, with a signed audit record written on every single action the system takes. That is not a reporting feature bolted on for compliance. It is the substrate. Every action the intelligence layer performs, every retrieval, every tool call, every decision it hands to a human, is captured and signed at the moment it happens, before anything downstream can touch it.

For a live-testing cohort that changes the character of the conversation. You are not asking the supervisor to trust a dashboard. You are handing them a tamper-evident ledger they can independently verify. The signature answers the "was this edited" question mathematically rather than reputationally. When the FCA asks what the system did at 14:07 on a Tuesday, the answer is a signed record, not a reconstruction.

We think of this as the difference between narrating your model and proving it. A narrated system tells the regulator a story. A proven system lets the regulator check the story against a record the system could not have forged. Supervised experimentation is built for the second kind, and most of the market is only equipped for the first.

!Two paths diverge in the gold-lit dark, one a spoken story dissolving into smoke, the other an unbroken chain of sealed tablets

Classical marble scene, Prometheus, gold rim light on void black

The honest version of the regulatory picture

We are careful here, because over-claiming is its own kind of risk, and diligence catches it. UK regulators are not banning AI in financial services. The FCA and PRA permit it under existing frameworks. DORA permits cloud with controls. The EBA guidelines permit outsourcing with governance. Almost every regime a UK or EU institution operates under allows the modern stack, provided the controls are real and evidenced. The genuine no-cloud bar is narrow and workload-specific, covering classified material, isolated operational technology, ITAR-controlled data, and cases where a data-protection impact assessment comes back negative.

So the case for owning your rails is not "you are barred from the alternative." It is that supervised experimentation rewards control, and control is easier to demonstrate when the system, the data, and the audit record all sit inside your own boundary. When you own the substrate you can answer where the data went, who could see it, and whether the trace is intact, without filing a request to a third party and waiting. In a cohort where the whole point is to produce evidence, that self-sufficiency is the advantage. Not a legal necessity, a practical one.

The demand for this is real and it is sizeable. On our register-backed reading, the sovereign market runs to roughly 16,092 UK and EU institutions, made up of 7,933 regulated core organisations plus an 8,159-strong large-private adjacency. The wider enterprise-AI-platform software category that Verdantix tracks grows from about USD 13bn in 2024 to USD 50.3bn by 2030, which is roughly £11.7bn to £39.7bn at current rates. The pull is sovereignty preference, control, cost, and data-exfiltration risk, not a blanket prohibition.

Why the signed record beats a compliance retrofit

Teams under model-risk pressure often try to solve this after the model is built. They wrap a working system in logging, monitoring, and a governance policy, and hope the retrofit satisfies a supervisor. It rarely does, because a retrofitted log inherits the trust problem it was meant to solve. The component doing the recording sits inside the blast radius of the thing being recorded.

The signed audit record inverts that. Recording is not a layer on top of the system, it is a property of every action the system takes, sealed at the point of action. That is a design decision, and it is one of the things our filed patent portfolio describes. We have 104 UK patent applications, roughly 2,340 claims across 13 families, with named inventor Mickarle Wagstaff-Irons, covering the substrate-level mechanics of how a sovereign intelligence system captures, signs, and preserves what it does. Filed and moving toward examination, not granted, and we say so plainly. The point for a model-risk team is that the evidence architecture is not improvised per deployment. It is the foundation.

Classical marble scene, Prometheus, gold rim light on void black

The takeaway for a UK model-risk team

If you are weighing the January 2026 application window, the question to ask internally is not "is our model good enough to show the FCA." It is "when the supervisor asks us to prove what the system did, what do we hand them." If the answer is a mutable log written by the stack under review, you have work to do before April. If the answer is a signed, independently verifiable, per-action record produced by a system you own and run inside your own walls, you are already sandbox-ready. That is the whole argument. Supervised experimentation runs on evidence, and evidence is exactly what owned rails and a signed audit record are built to produce.

!Chronos seals the final tablet of the ledger, the chain complete, gold light banking off black marble

Frequently asked questions

Does the FCA require a signed audit record to join AI Live Testing?

No. The FCA does not mandate any specific technology. It runs a principles-based, supervised programme and asks firms to evidence what their AI system does and that controls held. A cryptographically-signed per-action record is the cleanest way to meet that evidentiary bar, because it answers the "was this trace altered" question by proof rather than by assertion, but it is our recommendation, not a regulatory instruction.

Are UK financial firms barred from running AI in the cloud?

No, and we will not tell you otherwise. The FCA, PRA, DORA and the EBA guidelines all permit cloud and AI with appropriate controls and governance. The genuine no-cloud constraint is workload-specific, covering classified material, isolated operational technology, ITAR-controlled data, and cases where a data-protection impact assessment is negative. The case for owning your rails rests on control, cost, and data-exfiltration risk, not on a blanket legal prohibition.

What makes a signed audit record different from ordinary logging?

Ordinary logs are mutable and are usually written by the same stack whose behaviour is in question, so a supervisor cannot be sure they were not edited. A signed record is sealed at the moment each action happens and can be independently verified, so tampering is mathematically detectable. It moves the audit trail from a claim the system makes about itself to evidence a third party can check.

Is Mickai a product I buy access to?

Mickai is a Sovereign Intelligence Operating System that regulated organisations own and run inside their own walls, air-gapped where the workload requires it, with the signed audit record built into the substrate. It is held privately by founder Micky Irons. It is not a hosted app you rent access to, and the audit architecture is not a per-deployment add-on. If you want to go deeper, read our companion pieces on the signed per-action audit record as the unit of AI governance, on sovereignty as a preference rather than a prohibition, and on how DORA operational-resilience evidence maps onto owned rails.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/fca-ai-live-testing-cohort-two-supervised-experimentation-on-owned-rails. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
Alex Karp Is Right: You Are Paying For Tokens You Cannot Audit
Alex Karp said hosted-AI vendors capture your data and bill you for unproductive tokens that create no value. He is right. We built Mickai so regulated organisations own the substrate instead of renting it, with a signed audit record on every action.
4 Jul 2026
The EU Just Pushed High-Risk AI to December 2027. Here Is What We Are Building Instead of Waiting
The Digital Omnibus provisional agreement moves the EU AI Act high-risk deadlines from August 2026 to December 2027. Most coverage frames the delay as relief. We frame it as the window to own your compliance stack outright, so you are compliant on day one in 2027 instead of retrofitting logging, oversight and traceability under a live deadline.
4 Jul 2026
Article 50 Lands in August: Machine-Detectable AI Provenance, and Why We Sign It At Source
Article 50 makes synthetic content machine-detectable from 2 August 2026, and the draft Code of Practice names C2PA as the route. We bind Content Credentials to the cryptographically-signed audit record Mickai writes on every action, so provenance is produced at source inside your own walls, not bolted onto a cloud API afterward.
4 Jul 2026
Under Oath, They Said They Could Not Say No. That Sentence Is the Whole Market
Microsoft France told the French Senate under oath that it cannot guarantee European data will never reach US authorities under the CLOUD Act, even inside a French sovereign region. We think that single sentence defines the market. Sovereign cloud is a real engineering improvement, but while the parent is US-domiciled the legal gap stays open. The only structure where the answer to a foreign subpoena is genuinely no is one you own and run inside your own walls.