Iris for Utilities and Payments: Sovereign Customer Service AI That Keeps Account Data In-House
Iris handles high-volume regulated customer contact for utilities and payment firms entirely on-prem, so AI-grade service no longer requires special-category and PCI data to leave the building.
The contradiction at the heart of regulated customer service
Every utility and payment firm is being told two things at once. Modernise customer service with AI, because customers now expect instant, accurate, around-the-clock resolution. And do not let regulated account data leave your control, because the rules that govern that data were not written with public-cloud AI in mind.
These instructions point in opposite directions. A meter dispute carries names, addresses, vulnerability flags, and consumption patterns that reveal when a home is occupied. A failed payment carries card data inside PCI DSS scope. A complaint from a customer on a priority services register is special-category data under UK GDPR. The moment any of that is sent to a general-purpose model hosted by a third party, you have created an egress event that your auditors, your regulator, and the CLOUD Act all have opinions about.
Most AI customer service tooling answers this by asking you to trust a data-processing agreement. Iris answers it by removing the egress event entirely.
What Iris is
Iris is the customer service Studio inside Mickai, the sovereign AI operating system. Mickai is AI that regulated businesses own and run inside their own walls, on-prem and air-gapped, with every action written to a tamper-evident, post-quantum-signed audit record we call the OAR. Iris is built and live. It is not a roadmap item or a managed-cloud service wearing a sovereignty badge.
Iris reads the account, understands the contact, drafts the resolution, and where policy allows acts on it, without the underlying account data ever leaving the customer's own environment. The model runs where the data already sits. Nothing is sent out to be processed and nothing comes back to be trusted.
Why utilities and payments are the sharpest version of the problem
These two sectors combine three pressures that rarely sit together. Volume is enormous, with billing cycles, outages, and payment events generating contact spikes that swamp human teams. The data is unusually sensitive, mixing financial, behavioural, and vulnerability signals. And the regulatory surface is dense, spanning UK GDPR special-category rules, PCI DSS, the NIS Regulations for operators of essential services, and the long reach of the CLOUD Act over anything held by a US-headquartered cloud provider.
The result is a sector where AI promises the most and conventional AI delivery is the hardest to clear with a compliance function. Roughly 0.85 million UK businesses, around 15 percent, and an estimated 5 million across the EU are effectively barred from putting this class of data into public-cloud AI. Utilities and payments sit squarely inside that barred population. Iris is built for exactly that constraint rather than asking the constraint to relax.
How Iris resolves contact without moving data
Iris works against the live account inside your perimeter. It pulls the meter history, the payment ledger, the open tickets, and the customer's status flags from systems that never expose them externally. It reasons over the full context, drafts a response in your tone and policy, and proposes the action: a payment plan within agreed thresholds, a vulnerability escalation, a dispute acknowledgement, a meter reading correction.
Where your policy permits autonomous action, Iris executes and logs it. Where it requires a human, Iris hands a complete, evidenced recommendation to an agent who approves in seconds rather than reconstructing the case from scratch. Either way, every read, every decision, and every action is written to the OAR. When the regulator or an internal auditor asks what the system did and why, the answer is a signed, ordered, tamper-evident record rather than a vendor's assurance.
This is also where Iris stops being a single tool and starts being part of an operating system. A payment-fraud signal routes to Nemesis. A complaint with legal exposure routes to Astraea. A compliance question routes to Nomos. A clinical-adjacent vulnerability case in a regulated utility context routes to Panacea. The customer never sees the seams. The compliance function sees one consistent audit substrate underneath all of it.
The moat underneath the product
Iris is one expression of an IP estate that is unusually deep for a company at this stage. Mickai holds 104 filed UK patent applications carrying around 2,340 claims, filed under Mickai LTD with Micky Irons as inventor. Filed, not granted, which gives a priority position and a prior-art moat rather than a marketing claim.
That estate is broad enough that 196 companies across 311 patent-company pairs sit as potential licensees, including names such as Microsoft, AWS, NVIDIA, Google, Adobe, and IBM. That is potential-licensee sizing, not booked revenue, and I am precise about the distinction. But it frames the strategic shape of the thing. The sovereign AI substrate is moving from USD 40 billion in 2025 toward an estimated USD 148 billion by 2032, and the companies best positioned to serve regulated demand are the ones that own the architecture rather than rent it.
In June 2026, Micky Irons was independently ranked number 4 on Crunchbase, with the Mickai company profile placing in the top 1 to 2 percent globally. I treat that as a third-party momentum signal and nothing more, but it is the kind of external read that tends to precede the part of a curve that gets steep.
Built in the UK, building to scale
Mickai is a UK company with Birmingham manufacturing secured, and Iris is in service today rather than in trials. The dual-buyer thesis is straightforward. Regulated enterprises run Iris because it gives them AI-grade customer service they are actually allowed to operate. And the broader Mickai architecture is the kind of category a hyperscaler would rather own than compete with, because it solves the one problem their own delivery model structurally cannot, which is keeping the data home.
We are an ally to that ecosystem, not an OpenAI killer. The model is owned and run by the customer, the audit record is the customer's own, and the value compounds for everyone whose data was previously stranded outside the reach of AI. The revenue path runs to billions at high gross margin over a five-year horizon, underwritten by the IP estate and that dual-buyer demand. This is a category built to scale, and it is heading for the top.
Iris already does the hard part. It gives regulated customer service teams the speed of modern AI without asking them to do the one thing they are not permitted to do, which is let the data leave.
Micky Irons, founder and CEO of Mickai
Frequently asked questions
Does Iris send customer account data to an external cloud or model provider?
No. Iris runs inside the customer's own environment, on-prem and air-gapped. The model executes where the regulated data already sits, so meter histories, payment ledgers, and vulnerability flags never leave the perimeter. There is no egress event for an auditor or the CLOUD Act to question.
How does Iris help with UK GDPR special-category and PCI DSS obligations?
Because the data never leaves the customer's perimeter, the egress and third-party processing concerns that make special-category and PCI DSS data hard to put through public-cloud AI do not arise. Every read, decision, and action Iris takes is written to the OAR, a tamper-evident, post-quantum-signed audit record the customer owns, so compliance teams can evidence exactly what the system did and why.
Is Iris live, or is it a roadmap item?
Iris is built and live, in service today rather than in trials. It is the customer service Studio inside Mickai, the sovereign AI operating system, and shares the same audit substrate as the other Studios such as Nemesis for fraud, Astraea for legal, and Nomos for compliance.
What makes Mickai's position defensible?
Mickai holds 104 filed UK patent applications carrying around 2,340 claims, filed under Mickai LTD with Micky Irons as inventor. Filed, not granted, which establishes a priority position and a prior-art moat in a sovereign AI substrate market estimated to move from USD 40 billion in 2025 toward USD 148 billion by 2032.
Does Iris replace human agents?
No. Where policy permits, Iris resolves and logs contact autonomously. Where a human is required, it hands the agent a complete, evidenced recommendation so approval takes seconds rather than a full case reconstruction. The aim is regulated-grade speed with a human in the loop wherever the rules demand one.






