From Sellafield to Sovereign AI: the engineering arc behind Mickai. Why the substrate question followed me from nuclear commissioning, through fusion at Culham, through Web3, into the Sovereign Intelligence Operating System.

The lede

I am Micky Irons, founder of Mickai LTD. Mickai LTD is a private limited company incorporated in England and Wales, registered at 20 Wenlock Road, London, N1 7GU under company number 17166618. The product the company ships is a Sovereign Intelligence Operating System, twenty-five specialist brains across six subsystems, with a post-quantum signed audit ledger underneath and a browser-resident verifier that runs offline. The architecture is filed at the UK Intellectual Property Office across thirty-one applications. I will get to the architecture. First, the engineering arc that produced it.

Cumbria. Sellafield. Commissioning engineer.

My engineering career began as a commissioning engineer in the nuclear industry in Cumbria. Seven years there. The role of a commissioning engineer is the role that nobody outside the regulated industries thinks about. The plant has been built. The systems are installed. The question the commissioning engineer answers is whether the as-built equipment behaves the way the design said it would, under every state the plant might enter, with every record needed to defend that answer to a regulator twenty years later. The job is in the gap between design and operation. The job is to make the audit trail real, not aspirational.

Sellafield taught me one thing that has stayed with every subsequent decision I have ever made about software. In a nuclear context the operator never cedes audit control. The operator holds the keys. The operator signs the records. If a vendor leaves the site, the audit chain still verifies, because the chain was never the vendor's. The trust assumption is the operator's, not the supplier's. Every safety-critical action has a signed record under operator-held cryptography, and the chain is replayable independently. The discipline is older than software. It is older than computers. The substrate predates the vendor and survives the vendor. That is the only reason regulators have any path to inspect the chain.

Culham. UK Atomic Energy Authority. Core fusion engineering team.

From Sellafield I joined the UK Atomic Energy Authority and worked on a fusion reactor as part of the core engineering team. Two years on the fusion programme. Working with world-leading scientists, on equipment built with an engineering tolerance budget you would not believe until you measured it, taught me a different lesson. Substrate is not a bolted-on layer. The substrate has to be part of the design from the first millimetre. If the audit, the safety, the provenance, the cross-checks, the failure-mode tracking are not wired into the substrate from inception, they cannot be retrofitted. They become an afterthought. Afterthoughts fail under regulatory inspection.

Fusion is a discipline where the experiment is the regulatory artefact and the regulatory artefact is the experiment. Every shot has to be reproducible. Every measurement has to be attributable to its diagnostic, to the calibration record of that diagnostic, to the operator who took the calibration, to the engineering change record that authorised that operator. The chain is dense, and it is signed, and it is the entire point. You do not get to argue with the chain.

Two industries, the same lesson. The substrate is the product. Everything else sits on top of the substrate.

Web3. The cryptographic primitive in plain commercial form.

I left the regulated engineering world for Web3 and was the original co-founder of Collector Crypt (collectorcrypt.com), the digital trading-card marketplace that has gone on to operate as a live on-chain secondary market for collectible cards. Around it I founded and backed several other ventures in the blockchain and distributed-ledger space, and across the portfolio raised close to GBP 350 million for projects ranging from Web3 infrastructure to programmable collectibles to the Irons Foundation. The portfolio cared about a lot of different things on the surface. Underneath, every project was the same question, dressed for a different audience: how do you let an operator hold a cryptographic position that survives any one supplier, any one platform, any one cloud.

Blockchain provided the primitive in a form anybody could read. Hash-linked records. Append-only logs. Signature schemes that could verify offline. The same primitive nuclear had been quietly using under regulator scrutiny for forty years. Web3 made the substrate visible. The substrate, when treated as the product instead of an afterthought, dissolves vendor lock and makes audit a public good. That was the second confirmation of the same engineering thesis.

Then I started looking at the AI market.

By 2024 it was clear that the artificial-intelligence industry was racing to repeat the trust mistake the regulated industries had already solved. Frontier model APIs. Vendor-held audit logs. Operator data shipped to a hyperscaler. Conversation history retained on a vendor platform. Audit signatures, where they existed at all, signed by the vendor under the vendor's keys. The audit posture for an enterprise customer of a frontier AI was strictly worse than the audit posture for a commissioning engineer at Sellafield in the 1980s. The difference was that nobody in the AI industry was framing it as an audit problem. They were framing it as a model problem.

The model is not the problem. The substrate is the problem. A frontier model is a fast specialist, and a useful one, and a generally honest one once it is told what to do. None of that helps the operator if the audit chain underneath the action is the vendor's. None of that helps the regulator if the verifier the regulator runs is hosted by the vendor. The trust assumption is misplaced by one layer.

The gap, named in primitives.

The gap I kept hitting in every conversation with technical decision-makers in defence, the NHS, the FCA-regulated banks, and the Cabinet Office was the same. They could not adopt frontier AI under their regulatory floor. The model was good enough. The audit substrate was vendor-shaped. The data residency was vendor-shaped. The verifier was vendor-shaped. None of that survives the vendor changing, the vendor failing, the vendor being acquired, or the regulator turning up two years later asking what the system did.

The fix is structural. The audit format has to be the operator's, not the vendor's. The signing keys have to be in TPM on the operator's hardware. The verifier has to run offline in any browser. The signature algorithm has to survive the threat horizon the operator will be operating in by 2030, which means post-quantum from inception. The model has to run on the operator's iron when the data class requires it, and the model has to be substitutable when the operator chooses to swap it without losing the historical chain.

That is not an incremental product feature. That is an architecture. So I built the architecture.

Mickai. The architecture as the product.

Mickai is the architecture as the product. Six subsystems: Multi-Brain Orchestration, Agent Tooling, Knowledge and Memory, Artifacts, Vinis Voice, Governance Layer. Twenty-five specialist brains across those subsystems, with a deterministic Arbiter Brain at the head and a hash-linked, post-quantum signed audit ledger at the foot. The audit ledger is signed under FIPS 204 ML-DSA-65, the algorithm that NIST standardised in 2024 for the post-quantum era. Every committed action across all twenty-five brains is serialised in CBOR, hashed under SHA-3-512, signed under the operator's TPM-bound key, and appended to a chain that any regulator can walk in any browser tab with no network call. The browser-resident verifier emits one of four deterministic verdicts per record. VERIFIED. INVALID. STALE. REVOKED. There is no fifth verdict. There is no probabilistic answer. The chain either holds or it does not.

The architecture is filed at the UK Intellectual Property Office across thirty-one applications. The technical deep dive on the architecture is at mickai.co.uk/articles/sovereign-intelligence-operating-system-on-device-technical-deep-dive. The piece you are reading is the engineering history that produced the architecture, not a restatement of it.

Where this matters

Defence, where a unit operating under JSP 440 cannot send classified workloads to a frontier model API. Government, where NCSC, DSIT, and ICO have all published guidance that treats vendor-key custody as a structural deficiency. Finance, where PRA SS1/23 names third-party AI dependency as concentration risk that must be priced into operational resilience. Healthcare, where NHS DSPT alignment makes extra-territorial data flow a structural blocker for clinical AI. Each of those four sectors has a regulatory floor below which the data cannot leave the operator's perimeter, and each has been waiting for an architecture that respects the floor. Mickai is that architecture. The four sectors are the customer.

What I am doing now

Mickai LTD is the company. Mickai is the product. Mickai™ is the trademark. The architecture is open at the schema layer and the conformance-vector layer, with patent claims protecting the inventive composition. UK Managed Service Providers, sovereign-tech buyers, and the four anchor sectors above are the active conversation. A sandboxed instance for technical evaluation is available on request to press@mickai.co.uk.

The engineering arc has been longer than the venture, and the venture is the engineering arc made visible. Nuclear taught me that the audit substrate is the operator's. Fusion taught me that the substrate has to be part of the design from inception. Web3 made the cryptographic primitive commercially legible. Mickai is what happens when you apply the same primitive to artificial intelligence. The architecture is the differentiator. The architecture is the product.