MICKAI
Article · 2 July 2026

ISO 42001 and Sovereign AI: Assured by Construction, Not by Paperwork

Why an AI management system should be safe because of how it is built, and how Mickai makes ISO 42001 a property of the machine rather than a binder on a shelf.

ISO 42001 and Sovereign AI: Assured by Construction, Not by Paperwork
Author
Micky Irons
Published
2 July 2026
Follow Micky Irons
LinkedInX
iso 42001sovereign aiai governancecomplianceaudit

ISO 42001 is the first international standard for an artificial intelligence management system. It asks a demanding question of any organisation that builds or runs AI: can you show, with evidence, that your systems are governed, risk-assessed, monitored and accountable across their whole life. Most organisations reach for the same answer. They write policies, assemble a binder of controls, and hope the paperwork holds when an auditor, a regulator or an incident comes knocking.

We think that answer is fragile. Paperwork describes intentions. It does not stop a system from doing the wrong thing at three in the morning. At Mickai we have taken a different route. Our Sovereign Intelligence Operating System, a SIOS, treats ISO 42001 not as a documentation exercise but as a property of the machine. The controls the standard asks for are built into how every action is authorised, executed and recorded. Assurance becomes a consequence of the architecture, not a report written after the fact.

What ISO 42001 actually demands

ISO 42001, published as the International Organization for Standardization standard for AI management systems, is deliberately broad. It requires a defined scope, leadership accountability, risk and impact assessment, operational controls, monitoring, and continual improvement. It sits alongside the NIST AI Risk Management Framework (the National Institute of Standards and Technology AI RMF) and the EU AI Act, and it overlaps heavily with the obligations that sectoral rules such as DORA (the Digital Operational Resilience Act), the GDPR (General Data Protection Regulation) and HIPAA (the Health Insurance Portability and Accountability Act) already place on regulated firms.

The hard part is not writing the policy. The hard part is proving, continuously, that the live system behaves the way the policy says it should. An auditor does not want a promise that high-risk actions require human approval. They want to see that the system cannot execute a high-risk action without one, and they want the record to be impossible to backdate or quietly edit. That is a technical demand dressed as a governance requirement, and it is exactly where most AI deployments come undone.

A towering marble statue of the goddess of law holding balanced scales, lit by gold light on a black background
Themis weighs the demand behind the standard: not a promise of order but proof of it.

Safe by construction, not by attestation

An attestation is a claim that something is true. Safety by construction means the unsafe thing is not reachable in the first place. These are very different guarantees. A policy that says an agent must not move funds without dual approval is an attestation. A system in which the fund-moving action physically will not run until two revocable brains and a voice-biometric approval have signed for it is safe by construction. The second needs no trust in the honesty or diligence of whoever wrote the document.

We build for the second case. In our SIOS, the management-system controls that ISO 42001 enumerates are wired into the execution path. Risk classification is not a spreadsheet a manager fills in once a year. It is a property attached to every operation, evaluated before the operation is allowed to proceed. When the standard asks whether high-impact decisions are controlled, the honest and demonstrable answer is that the control is the gate through which the decision must pass.

A massive marble statue of the smith god at an anvil with gold sparks rising against a black background
Hephaestus builds safety into the metal itself, so it holds without anyone having to promise it will.

The Operation Attestation Record

At the centre of this sits the Operation Attestation Record, our OAR. Before any action executes, whether a brain drafts a filing, moves a record or calls an external system, the SIOS produces a signed attestation describing what is about to happen, which brain proposed it, what data it touches and which policy governs it. The action does not run until that record is signed. The record is created before execution, not after, so there is no window in which the machine acts and the log catches up later.

Each OAR is signed with a post-quantum signature, FIPS 204 ML-DSA-65, and hash-linked into a SHA-3-512 chain so that every record depends cryptographically on the one before it. You cannot alter an earlier action without breaking every link that follows. This is what turns a log file into evidence. When ISO 42001 asks for records of operational control and traceability, we do not present a database an administrator could edit. We present a tamper-evident, cryptographically-signed audit ledger that can be verified offline, on the customer's own hardware, without trusting us at all.

Governance the standard can read directly

ISO 42001 places heavy weight on roles, responsibilities and the ability to intervene. Our brains, the specialised subsystems that do the work, are individually revocable. A brain's authority can be narrowed or withdrawn without taking the whole system down, and every change of authority is itself an attested, logged event. High-stakes operations require multi-brain agreement plus voice-biometric approval, so a single compromised component or a single careless operator cannot push a consequential action through alone.

A grand marble statue of the goddess of memory holding an unbroken chain, lit in gold on a black background
Mnemosyne keeps the record whole: break one link and every link after it shows the wound.

Because all of this is signed and chained, the management system is not something a compliance team reconstructs from interviews and screenshots at audit time. It is legible in the ledger. An assessor can trace a decision from the moment it was proposed, through the policy that governed it and the approvals it required, to the action that resulted, and confirm that nothing in that chain was altered. The evidence the standard wants becomes a query, not a project.

Sovereignty is what makes the assurance real

None of this holds if your data and your logs live somewhere you do not control. That is why the sovereign part matters. Our SIOS runs on hardware the customer owns, air-gapped or on-premise, with zero data egress. The audit ledger is the customer's. The keys are the customer's. Verification does not depend on a vendor portal that could change, lapse or be subpoenaed. For a bank under Basel and MiFID II (the Markets in Financial Instruments Directive), a hospital under HIPAA, or a defence supplier under ITAR (the International Traffic in Arms Regulations), that boundary is not a preference. It is the line the public cloud is not built to cross on the customer's own terms.

A colossal marble statue of the hearth goddess guarding a small flame in her hands, lit in gold on a black background
Hestia keeps the fire within the customer's own walls, where the keys and the ledger stay.

This is where we sit alongside the cloud giants rather than against them. OpenAI, Microsoft, AWS, Google and Oracle operate a different layer and serve it superbly. We serve the regulated boundary that layer is not built to occupy: the workloads that must stay inside the customer's walls, prove their own behaviour and survive an audit years later. The capabilities behind this, the attestation record, the post-quantum signing, the offline-verifiable chain and the revocable multi-brain approval, are described across our 104 filed UK patent applications, comprising about 2,340 claims and owned by Mickai LTD.

The bottom line

ISO 42001 is a good standard, and it deserves a better answer than a binder. An AI management system should be assured because of how it is built, not because someone wrote down that it is safe. When every action is signed before it runs, every decision is chained into a ledger no one can quietly rewrite, and every high-stakes step demands more than one authority, conformance stops being an annual scramble and becomes the ordinary state of the machine. That is the standard we hold ourselves to, and it is the standard we think regulated AI should be held to everywhere.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/iso-42001-and-sovereign-ai. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
Sovereign AI for Central Banks
A central bank cannot send its rate deliberations or supervisory secrets to anyone else's cloud. We built Mickai, a Sovereign Intelligence Operating System, so monetary and supervisory intelligence runs entirely offline on hardware the bank owns, with independence proven, secrecy architectural and every decision signed before it acts.
4 Jul 2026
Sovereign AI for Defence Primes
Defence primes hold the most sensitive programme data in the world, and the public cloud cannot cross the boundary that protects it. We built Mickai as a Sovereign Intelligence Operating System that runs on hardware the prime owns, air-gapped, where every action is cryptographically signed before it executes and every brain can be revoked in seconds.
4 Jul 2026
Sovereign AI for Maritime and Shipping
Fleets and ports need intelligence that keeps deciding when the satellite link dies and keeps an honest record no one can edit. Mickai runs on the operator's own hardware, at sea and on the quay, with zero data egress and a post-quantum signed ledger. Autonomy where the connection ends, governance that never does.
4 Jul 2026
Sovereign AI for Aerospace
Aerospace cannot ship export-controlled geometry to borrowed cloud infrastructure or hand engineers unexplained answers. We built Mickai, a Sovereign Intelligence Operating System, to run design and safety-case intelligence on hardware the customer owns, with zero data egress and cryptographic provenance signed onto every artifact before it exists.