MICKAI
Article · 2 July 2026

From data processing agreements to ownership

Mickai is a sovereign intelligence operating system that regulated businesses own and run inside their own walls. Why the shift from data processing agreements to outright ownership is where the regulated market is heading.

From data processing agreements to ownership
Author
Micky Irons
Published
2 July 2026
Follow Micky Irons
LinkedInX
sovereign AIregulated enterprisedata residencypost-quantumaudit

From data processing agreements to ownership

Mickai is a sovereign intelligence operating system that regulated businesses own and run inside their own walls. For a decade, the regulated enterprise has been handed a single answer to artificial intelligence: sign a data processing agreement, accept a shared responsibility model, and send your most sensitive material to someone else's infrastructure. That answer works well enough for a retailer optimising a promotion. It fails the bank, the insurer, the hospital, and the defence supplier, because for those institutions the data cannot lawfully leave the building in the first place. We built Mickai to close that gap, and we want to explain, plainly, why the shift from processing agreements to outright ownership is the direction the market is now taking.

Why the contract model runs out of road

A data processing agreement is a legal instrument, not a technical guarantee. It allocates liability, it promises care, and it describes what a provider will and will not do with your information. What it cannot do is change where the data physically goes. Once special category personal data, model risk records, or export-controlled technical files cross into a public cloud region, a set of legal facts is triggered that no contract clause can undo.

We see the same constraints repeated across every regulated buyer we speak to. The Prudential Regulation Authority sets model risk expectations under SS1/23 that demand explainability and control over the models in use. UK GDPR treats special category data with heightened obligations. The NHS Data Security and Protection Toolkit governs how clinical information may be handled. The EU AI Act classifies many of these use cases as high risk. ITAR and EAR restrict where technical data may travel. The NIS Regulations govern critical operators, and the US CLOUD Act means that data held by a US provider can, in principle, be reached by a foreign authority regardless of where the servers sit. Put together, these are not preferences. They are the reason roughly 0.85 million UK businesses, about 15 percent, and roughly 5 million across the EU legally cannot send data to public cloud AI.

A processing agreement asks these institutions to trust a vendor. Ownership removes the question.

What ownership actually means

We run Mickai entirely on the customer's own hardware, on premises and air gapped, with zero data egress and no public cloud round trip. There is no shared responsibility model to negotiate, because there is no third party in the loop. The intelligence lives where the data already lives, inside the customer's own walls, under the customer's own controls.

Underneath, we run about fifty specialist models, twenty five domain and twenty five operational, with cross model routing under a deterministic arbiter. That determinism matters for a regulated buyer. It means a given input produces a reproducible output, which is what a model risk function, an auditor, or a regulator needs before they will sign anything. We refer to these only as the sovereign models, and they never call home.

Ownership also means the record of what the system did belongs to the customer, permanently. Every consequential action is written to the Open Audit Record. Each action is signed under post-quantum cryptography (FIPS 204 ML-DSA-65, with ML-KEM-768) and hash-chained into a tamper-evident, append-only ledger. Anyone can verify it offline, for decades, without trusting us. This is the practical difference between a promise and a proof. A processing agreement says the provider behaved. The Open Audit Record lets a third party confirm what happened, years later, with no vendor in the room.

The work, organised into studios

We deliver capability as studios. The names are drawn from Greek myth, but the functions are entirely serious. Nemesis handles fraud and anti money laundering. Plutus covers finance and financial planning and analysis. Tyche performs underwriting. Prometheus does forecasting. Iris runs customer service. Nomos manages compliance, and Astraea handles legal work. Panacea supports clinical use. Pythia delivers business intelligence, and Aletheia performs audit. Vinis provides voice. The Agentic Marketing Team runs marketing operations, Trust Agent secures the perimeter, and we offer the Open Audit Record as a service in its own right.

For attestation across many fielded units, we run Pantheon, a post-quantum Layer 1 currently on testnet. It gives multi-node attestation across deployed units with no central server, so a fleet of air gapped installations can still prove its integrity collectively without any of them phoning a hub.

The invention behind the platform

None of this is a slide. We hold 104 filed UK patent applications, roughly 2,340 claims, across 13 invention families, owned by Mickai LTD, with the named inventor Mickarle Sean Junior Wagstaff-Irons. These applications are filed, not granted. Filing is what establishes priority, and priority is what builds a prior-art moat around the way we route, arbitrate, attest, and audit. We are precise about this because regulated buyers and their counsel are precise, and because the value of the estate rests on the filing dates being real.

We are Mickai LTD, a UK company, Companies House number 17166618, with Birmingham manufacturing secured. Micky Irons is our founder and chief executive.

A market that is moving toward ownership

The sovereign AI market is roughly USD 40 billion in 2025 and is expected to rise to about USD 148 billion by 2032. That growth is not driven by fashion. It is driven by the same regulatory facts described above, applied to more institutions each year as supervisors tighten expectations and as the EU AI Act moves through its enforcement timetable. The customers in this segment are not choosing between a cheaper contract and a more expensive one. They are choosing between an option that keeps them compliant and one that does not exist for them at all.

Our strategy follows two paths at once. First, we sell sovereign AI directly to the regulated firms that the public cloud cannot lawfully reach. Second, we license the patented stack to the platforms that want to reach those firms and currently cannot. Internal analysis maps 196 companies and 311 patent-company pairs as potential licensees, including names such as Microsoft, AWS, NVIDIA, Google, Adobe, and IBM. We are clear about what that is. It is potential-licensee sizing, not a signed book of business, and not an allegation that anyone infringes. We see ourselves as an ally to the AI majors, not as an OpenAI killer. A platform that adds a sovereign layer instantly becomes able to serve a regulated market it is closed out of today, and the invention required to do that safely is the invention we have filed.

Where this leaves the regulated buyer

The move from data processing agreements to ownership is not a change of vendor. It is a change of relationship. In the processing model, the enterprise rents intelligence and inherits a permanent dependency, a permanent egress, and a permanent trust assumption. In the ownership model, the enterprise holds the intelligence, holds the audit record, and holds the proof, all inside its own perimeter, all verifiable without us. For the institutions that cannot send their data anywhere, that is not a nicety. It is the only lawful way to adopt this technology at all, and it is available now.

Our pre-seed round is opening soon, and we welcome inquiries from interested partners by email at micky@mickai.co.uk or on LinkedIn.

Frequently asked questions

Does Mickai ever send our data to a public cloud?

No. We run entirely on your own hardware, on premises and air gapped, with zero data egress and no public cloud round trip. The intelligence and the audit record stay inside your perimeter, which is what makes the platform usable by institutions that legally cannot send data to public cloud AI.

How can we prove what the system did without trusting the vendor?

Every consequential action is written to the Open Audit Record, signed under post-quantum cryptography (FIPS 204 ML-DSA-65, with ML-KEM-768) and hash-chained into a tamper-evident, append-only ledger. Anyone can verify that record offline, for decades, with no need to trust us and no vendor present.

What is the status of the patents and the company?

We hold 104 filed UK patent applications, roughly 2,340 claims, across 13 invention families, owned by Mickai LTD (Companies House 17166618), with named inventor Mickarle Sean Junior Wagstaff-Irons. The applications are filed, not granted. Filing establishes priority and the prior-art moat around the platform.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/from-dpas-to-ownership. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles