MICKAI
Article · 2 July 2026

MiFID II and AI Recordkeeping

Immutable, signed trade-decision records that a regulator can replay offline, complete with the reasoning of the AI in the loop.

MiFID II and AI Recordkeeping
Author
Micky Irons
Published
2 July 2026
Follow Micky Irons
LinkedInX
mifid iiai recordkeepingcomplianceaudit ledgersovereign ai

When a trading desk hands a decision to a machine, one question decides whether the firm can survive the aftermath: can it prove, months or years later, exactly what happened and why? Under the Markets in Financial Instruments Directive II (MiFID II), that is not a courtesy to the regulator. It is a legal duty. Firms must reconstruct trades, retain the reasoning behind them, and produce ordered, tamper-proof records on demand.

Artificial intelligence makes that duty harder and more urgent at once. A model that ranks venues, sizes orders, or suppresses an alert is now part of the decision chain, and the decision chain is precisely what the record must capture. We built Mickai, our Sovereign Intelligence Operating System, so that every AI-assisted trade decision leaves behind an immutable, cryptographically signed record a regulator can replay offline, on hardware the firm owns.

What MiFID II actually asks of a record

MiFID II is exacting about evidence. Firms must record telephone conversations and electronic communications tied to transactions, keep those records for at least five years, and extend that to seven where a competent authority requires it. Order and transaction data must be time-stamped to demanding tolerances, sequenced correctly, and retained in a form that cannot be altered after the fact. Article 16(7) and the associated technical standards are unambiguous: the record must be durable, complete, and reconstructable.

The unstated assumption behind all of this is human decision-making. The rules were drafted for traders, sales staff, and phone lines. When a model recommends the venue, adjusts the size, or holds back an alert, the reasoning that must be reconstructed no longer lives in a phone call. It lives in weights, prompts, and inference runs that most systems never persist. The record has a hole in it precisely where the decision was made.

A colossal marble statue of Mnemosyne, goddess of memory, her hand pressed to a stone tablet, lit by gold light on a black background.
Mnemosyne held every memory whole. A signed ledger keeps every decision the same way, unchanged and complete.

Why the AI in the loop breaks ordinary recordkeeping

Conventional logging captures outcomes, not reasoning. A database row tells you an order routed to venue A at a given price and time. It does not tell you which model version produced that recommendation, what inputs it saw, what confidence it assigned, or whether a human overrode it. If the model is retrained next quarter, the version that made today's decision may no longer exist anywhere you can point to. The evidence has quietly evaporated.

There is a second, sharper problem. Logs are usually mutable. A record that an administrator, a compromised account, or a careless migration can edit is not proof of anything. A regulator asking why a trade was made in March cannot accept a March record that could have been rewritten in June. Under adversarial scrutiny, in an enforcement action or a dispute, an editable log is worth close to nothing. What MiFID II demands is not more logging. It is evidence that resists tampering by design.

A colossal marble statue of Themis holding a sealed scroll aloft, illuminated by a narrow gold beam against darkness.
Themis raised the sealed law where all could see it. A signed record cannot be quietly rewritten after the fact.

Signing the decision before it executes

Our answer is to move the record from an afterthought to a precondition. In Mickai, every action produces an Operation Attestation Record (OAR), and the OAR is signed before the action executes, not after. For a trade decision that means the model version, the inputs, the recommendation, the confidence, the human approval or override, and the exact time are captured, hashed, and signed as a single unit at the moment of decision. The signature is the permission to proceed. No signed record, no execution.

Signing uses post-quantum cryptography: FIPS 204 ML-DSA-65, the Module-Lattice Digital Signature Algorithm standardised by the United States National Institute of Standards and Technology (NIST). Records are hash-linked with SHA-3-512 into a chain, so each entry seals the one before it. Altering a March record would break every hash from March forward, and the break is visible to anyone who checks. This is the difference between a log that claims to be complete and a ledger that can prove it.

Replaying the trade offline, on your own hardware

A record only matters if someone can verify it. We designed the Mickai ledger for offline verification: a regulator, an auditor, or the firm's own compliance team can take the signed chain and confirm its integrity with no network connection, no call home, and no dependency on us. The signatures are checkable against public keys. The hash chain is checkable arithmetic. Trust rests on mathematics, not on our word and not on a cloud service staying online.

A colossal marble statue of Argus Panoptes, a many-eyed watcher, standing alert and lit by a single gold shaft in the dark.
Argus watched with countless eyes and never slept. Offline verification lets anyone check the chain without missing a break.

That offline property matters for a reason particular to this sector. Mickai runs on hardware the customer owns, air-gapped or on-premise, with zero data egress. Trade data, order books, and model reasoning never leave the firm's boundary to reach an external service. When the regulator asks to reconstruct a trade, the full decision record, including the contribution of the AI, is already inside the firm, signed and sequenced, ready to replay exactly as it happened.

Governing the models that make the calls

Recordkeeping is only half of accountability. The other half is control over which model was permitted to act at all. In Mickai, the intelligences that assist decisions are revocable brains: each is a discrete, governed subsystem that can be authorised, constrained, or switched off, and every one of those governance events is itself an OAR entry. If a model is retired or found faulty, the ledger still holds the signed record of what it decided while it was live. The past does not become unprovable because the present changed.

A colossal marble statue of Hecate holding a key at a threshold, lit by a narrow gold light against black.
Hecate guarded the threshold and held the key. Every model that acts is a brain that can be authorised or revoked.

For the highest-stakes actions, one signature is not enough. Mickai can require multi-brain agreement plus voice-biometric approval from a named, authorised person before an order proceeds. That approval is bound into the same signed record, so the reconstruction shows not only what the machine proposed but who authorised it and how. This maps directly onto the MiFID II expectation of clear, evidenced responsibility, and it extends cleanly to the wider regime a trading firm sits inside, from the EU AI Act and the Digital Operational Resilience Act (DORA) to ISO 42001 for AI management systems.

The bottom line

MiFID II already required firms to prove what they did and why. AI in the trading loop does not lower that bar. It raises it, by placing a new and opaque actor inside the decision the record must capture. A mutable log written after the fact cannot meet the test. A signed, hash-linked, post-quantum record written before the action can. That is the standard Mickai is built to hold: immutable trade-decision records, complete with the reasoning of the model, that a regulator can replay offline, on the firm's own hardware, years later. The public cloud giants are allies serving a different layer. Mickai serves the regulated boundary, on the customer's own terms, where the proof has to live.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/mifid-ii-and-ai-recordkeeping. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
Sovereign AI for Central Banks
A central bank cannot send its rate deliberations or supervisory secrets to anyone else's cloud. We built Mickai, a Sovereign Intelligence Operating System, so monetary and supervisory intelligence runs entirely offline on hardware the bank owns, with independence proven, secrecy architectural and every decision signed before it acts.
4 Jul 2026
Sovereign AI for Defence Primes
Defence primes hold the most sensitive programme data in the world, and the public cloud cannot cross the boundary that protects it. We built Mickai as a Sovereign Intelligence Operating System that runs on hardware the prime owns, air-gapped, where every action is cryptographically signed before it executes and every brain can be revoked in seconds.
4 Jul 2026
Sovereign AI for Maritime and Shipping
Fleets and ports need intelligence that keeps deciding when the satellite link dies and keeps an honest record no one can edit. Mickai runs on the operator's own hardware, at sea and on the quay, with zero data egress and a post-quantum signed ledger. Autonomy where the connection ends, governance that never does.
4 Jul 2026
Sovereign AI for Aerospace
Aerospace cannot ship export-controlled geometry to borrowed cloud infrastructure or hand engineers unexplained answers. We built Mickai, a Sovereign Intelligence Operating System, to run design and safety-case intelligence on hardware the customer owns, with zero data egress and cryptographic provenance signed onto every artifact before it exists.