The FDA Loosened Clinical AI. The Replayable Record Is the Condition It Set.

The FDA just moved the burden onto whoever runs the model

On 6 January 2026 the United States Food and Drug Administration (FDA) issued guidance loosening oversight of artificial intelligence (AI) enabled clinical decision support (CDS) software. The agency will apply enforcement discretion where the software offers a single recommendation and lets the clinician independently review the basis for it, while it continues to assert authority over opaque models that substitute for clinical judgement. Read carefully, this is not a relaxation. It is a transfer. The condition for lighter regulation is that a human can see, and stand behind, how the recommendation was reached. The regulator is no longer the only party that has to inspect the model. The clinician is, every time the system speaks. That condition has an engineering shape, and most deployed CDS software does not have it.

What independent review actually requires

The phrase the FDA leans on is that a competent clinician must be able to independently review the basis for the recommendation, and need not rely on it. That sounds like a disclosure requirement. It is really a reconstruction requirement. To review the basis of a recommendation, a clinician needs to know what the model was given, which version of the model ran, what intermediate evidence it weighed, and under whose authority it acted. A recommendation arrives as a sentence on a screen. The basis for it is a sequence of events that happened inside a system, usually milliseconds earlier, usually unrecorded. If those events are gone, the clinician is not reviewing the basis. They are being asked to trust a summary of a basis that no longer exists. That is precisely the dependence the guidance says must be avoided.

The same logic governs the European Union (EU) AI Act, which classes clinical decision support as a high-risk use and demands logging and human oversight. Two regulators, two legal traditions, one underlying demand. The software must keep a record of what it did, on what inputs, that a person can later read. The recommendation is the visible output. The record is the thing that makes the output defensible.

A recommendation you cannot reconstruct is one nobody can stand behind

Consider the failure case, because regulation is written for failure cases. A patient is harmed. The recommendation is questioned, in a clinical governance review or in court. The clinician is asked what the system showed them and why they acted on it. If the answer is a screenshot and a recollection, the clinician carries the whole weight alone, because there is no way to show what the model was working from. If the answer is a complete, tamper-evident record of the inputs, the model version, the evidence weighed, and the moment of authorisation, the clinician can demonstrate that they reviewed a real basis and made a defensible call. The difference between those two positions is not the quality of the medicine. It is whether the system kept a replayable record. Lighter regulation makes that record the clinician's protection, not the vendor's nicety.

This is the point the new guidance sharpens. By stepping back where the basis is reviewable, and staying close where the model is opaque, the FDA has made replayability the line between a regulated device and a tool the clinician owns. The operator who cannot replay is on the wrong side of that line, whatever the marketing claims.

Why most clinical AI cannot meet the condition

A typical CDS deployment sends patient data to a vendor endpoint, runs a model whose weights and version the hospital cannot see, and returns an answer with a log that the vendor controls and can change. None of the three properties the guidance implies are present. The hospital cannot show which model version ran, because the vendor updates it silently. It cannot prove the inputs, because the request and response live on someone else's server. And it cannot guarantee the log was not edited after the fact, because the log is a database row, not a sealed record. When a clinician is asked to independently review the basis, the honest answer is that the basis is held by a third party who can rewrite it. That is the opposite of the independence the FDA requires, and it is the situation in most hospitals today.

Patient data leaving the building is its own exposure, under the Health Insurance Portability and Accountability Act (HIPAA) in the United States and the General Data Protection Regulation (GDPR) in Europe. But the deeper problem is custody of the record. If the institution does not hold the evidence of what its AI did, it cannot satisfy a regulator, defend a clinician, or honestly tell a patient what happened. The record has to live where the accountability lives.

The replayable record, by construction

This is the problem Mickai was built to solve, and it is solved at the level of the substrate, not bolted on as a feature. Mickai is a Sovereign Intelligence Operating System (SIOS), built, live, and production-ready today. Its core is the Open Audit Record (OAR), an append-only, hash-chained ledger in which every AI action is recorded with its inputs, the model version that ran, the evidence it weighed, and the authority under which it executed. Each action is signed before it runs, using Federal Information Processing Standard 204 (FIPS 204), the Module-Lattice Digital Signature Algorithm at security level 65 (ML-DSA-65), a National Institute of Standards and Technology (NIST) post-quantum standard. The signing keys live in a Trusted Platform Module (TPM) on hardware the operator owns. A browser-resident verifier checks any record offline, with no call home, so a clinician, an auditor, or a regulator can confirm what happened without trusting the vendor and without a network connection.

What this gives a clinician is exactly what the FDA now asks for. When the system offers a recommendation, the basis for it is not a recollection. It is a signed, replayable record the clinician can open, read, and stand behind. The independent review the guidance demands stops being an aspiration and becomes a button. Because the signature is applied before execution, the record cannot be a flattering reconstruction written after the outcome is known. It is the real sequence, sealed in the order it happened.

Sovereign by default, which is what makes it inspectable

Mickai runs on the operator's own hardware. The brains, fifty in total, twenty-five domain specialists and twenty-five operational, run on the Poseidon silicon substrate inside the hospital perimeter. They are built on open foundation models, Llama 3.2 and Qwen 2.5, specialised through fine-tuning and distillation, and Mickai is actively training its own models now. Because the models run locally, patient data never leaves the building, and the version that ran is a fact the institution can pin, not a moving target on a vendor server. Sovereign here has a precise meaning. The operator owns the hardware, the keys, and the audit chain. That ownership is not an ideological flourish. It is the precondition for the independent review the regulator requires, because you cannot independently review a basis that a third party holds and can alter.

Two further capabilities matter in a clinical setting. Sentinel stops agents from wiping or exfiltrating data, so the record cannot be quietly destroyed and patient data cannot be smuggled out. Authority-at-execution gates dangerous actions, requiring several brains to agree before a high-consequence action proceeds, which mirrors the way clinical safety already works through second opinions and sign-off. The audit root is anchored externally on Pantheon, a sovereign Layer 1 written in Rust on the Polkadot software development kit (SDK), with the audit root anchored to Bitcoin, so the integrity of the record does not rest on the institution's word alone. The approach is documented in depth across 101 filed United Kingdom patent applications, approximately 2,234 claims, owned by Mickai LTD. The whole apparatus exists to make one sentence on a screen something a clinician can defend and a regulator can inspect.

The standard the guidance quietly sets

The FDA did not write an engineering specification on 6 January 2026. It wrote a regulatory test, and the test has an engineering consequence. If the price of lighter oversight is that a clinician must be able to independently review the basis of every AI recommendation, then the system must keep a replayable, attributable record of what it did, on what inputs, under whose authority. Software that cannot produce that record has not earned the enforcement discretion. It has only postponed the moment when an institution discovers it cannot answer the question. The record is not paperwork that follows the recommendation. It is the part of the recommendation that makes the rest of it safe to use. Build it before it executes, sign it where the accountability lives, and a clinician can stand behind the call. Leave it out, and the lighter regulation the FDA offered becomes the heavier liability the operator never saw coming.