MICKAI
Article · 4 July 2026

France Put Its Models on National Infrastructure. The Doctrine Matters More Than the Vendor

France ratified a posture, not a vendor. Own the weights, own the inference, keep the record inside your own walls. That doctrine outlives any national champion and sells far beyond defence.

France Put Its Models on National Infrastructure. The Doctrine Matters More Than the Vendor
Author
Micky Irons
Published
4 July 2026
Follow Micky Irons
LinkedInX
sovereign AIdefence AIopen weightsSIOSAI infrastructure

!A cinematic void-black and gold rendering of Hestia, keeper of the hearth, guarding a contained flame inside her own walls

In January 2026 France did something that most of the AI-strategy conversation is still misreading. The country's Ministry of the Armed Forces awarded a homegrown model-maker a framework to deploy models across the military, running on French-controlled infrastructure, alongside a France-Germany understanding to put the same models to work in public administration. The headlines treated it as a national-champion story. A European sovereign winner backed by its own state. That reading is not wrong, but it buries the part that actually matters to anyone responsible for defence-adjacent AI strategy.

The load-bearing detail is the posture, not the vendor. The models ship with open weights, and the customer runs inference on its own servers. That is a doctrine, not a procurement footnote. And it is the doctrine we built Mickai around.

The story is "run it yourself," not "buy French"

Strip away the flags for a moment. What France actually bought was the right to hold the weights and run the model inside its own walls, on hardware it controls, without a dependency on someone else's cloud for the act of inference. The vendor's nationality is a bonus for a European government. The architecture is the substance.

Here is why we keep drawing the distinction. A national champion is still a champion you depend on. If the relationship were a closed API sitting in a provider's datacentre, France would have swapped one dependency for a more politically comfortable one, and it would still be renting its own defence intelligence back from a third party. The reason this deal reads as sovereign is precisely that it is not that. The weights move to the customer. The inference happens on the customer's infrastructure. The provider does not get to see, meter, or gate the traffic in production.

That is the whole game. Own the weights, own the inference. Everything else is branding.

!Cerberus rendered in gold on a black void, three heads guarding a single gate, symbolising controlled access to model weights

Why the doctrine beats the vendor

A vendor can be acquired, repriced, deprecated, or geopolitically compromised. A doctrine you have implemented survives all of those. If your operating assumption is "we hold the weights and we run the inference," then the specific model becomes a swappable component. You are not married to one lab's roadmap or one government's industrial policy. You can rotate models the way you rotate any other supplied part, because the control plane, the thing that actually matters, stays yours.

This is the difference between sovereignty as a purchase and sovereignty as an architecture. France bought a good instance of the architecture. But the architecture is portable, and it does not require you to be a national government or to have a friendly domestic lab. Any regulated organisation can adopt the same doctrine tomorrow, with whatever models it chooses, if the system underneath it is designed to hold weights and run inference locally with a real audit record. That system is what we call a Sovereign Intelligence Operating System, and holding the weights is only the first requirement of it.

Classical marble scene, Athena, gold rim light on void black

The doctrine travels far beyond defence

Defence is the clean case because the workload-level bar is unambiguous. Classified and above, ITAR-controlled material, isolated operational networks: those genuinely cannot leave the perimeter, and no amount of cloud assurance changes it. France's framework lives squarely in that space.

We want to be honest about the wider market, because the honesty is what makes the argument credible. Outside those hard workloads, almost nothing is legally barred from cloud. DORA, the FCA and PRA regimes, the EBA guidelines, the NHS DSP Toolkit, GDPR: every one of them permits cloud with the right controls. Banks, hospitals, insurers, and regulators are not under a blanket prohibition. So the run-it-yourself case for them does not rest on a legal bar. It rests on preference, and the preferences are rational: control over where sensitive data lives, protection against exfiltration, predictable cost at inference scale, and freedom from a single provider's terms.

That is a large market on its own. On a register-backed count there are roughly 16,092 institutions across the UK and EU that fit the sovereign profile, about 7,933 in the regulated core and another 8,159 in the large-private adjacency. The enterprise-AI-platform software category those buyers sit inside is projected by Verdantix to grow from around USD 13bn in 2024 to USD 50.3bn by 2030, which is roughly £11.7bn to £39.7bn at current rates. France just demonstrated the doctrine in the one segment where the no-cloud requirement is absolute at the workload level. The same doctrine sells into all the rest on the strength of preference, and preference at that scale is a market, not a caveat.

!Hestia's hearth-flame contained within a marble ring, gold on black, representing inference kept inside the customer's own walls

What "own the inference" has to include to be real

Holding the weights is necessary and not sufficient. A model file sitting on your own GPUs is not sovereignty if you cannot prove what it did. The part that turns run-it-yourself from a slogan into something a regulator or an inspector-general will accept is the record.

Mickai is built and live as an operating system that regulated organisations own and run inside their own walls, air-gapped where the workload demands it, with a cryptographically-signed audit entry on every action the system takes. That is the piece France's framework points at without naming: a defence ministry running models on its own infrastructure needs to attest, later and to a third party, exactly what was inferred, by which model, on what input, under whose authority. Weights plus local inference plus a tamper-evident record is the full doctrine. Any two of the three leave a gap.

Our position on models follows from the same logic. We run our own sovereign-named models, actively trained and specialised inside the system, with the control plane and the audit record sitting above them. Because the architecture holds the weights and runs the inference locally, the model layer is ours to evolve without asking anyone's permission. That is the portability the doctrine promises, made concrete.

The claims underneath this architecture are documented in our patent estate: 104 filed UK applications carrying roughly 2,340 claims across 13 families, named inventor Mickarle Wagstaff-Irons, moving toward examination. Filed, building toward grant. The filings describe the sovereign control and attestation machinery, which is the part that makes run-it-yourself auditable rather than merely private.

Classical marble scene, Athena, gold rim light on void black

The takeaway

France did not just back a domestic lab. It ratified a doctrine: own the weights, own the inference, and keep the record inside your own walls. The vendor will be a footnote in five years. The posture will be the standard. Any government or defence-adjacent strategy lead reading the January framework as a national-champion story is reading the press release. The engineering is the story, it is portable, and it is exactly the thesis we have already built.

Frequently asked questions

Does running models on your own infrastructure mean you cannot use cloud at all?

No, and we are careful not to over-claim this. Almost every regulatory regime, from DORA to the FCA and PRA to the NHS DSP Toolkit, permits cloud with the right controls. The genuine no-cloud bar is workload-level: classified and above, ITAR material, isolated operational networks, DPIA-negative cases. For everything else the run-it-yourself case rests on sovereignty preference, control, cost, and exfiltration risk, not on a legal prohibition.

Is the run-it-yourself doctrine only relevant to defence?

Defence is the cleanest example because the bar there is absolute at the workload level, but the doctrine is portable. Any regulated organisation that wants control over its data, predictable inference cost, and freedom from a single provider can adopt the same posture with whatever models it chooses. That is why we describe it as the SIOS thesis rather than a defence-only pattern.

What stops this from being just self-hosting under a nicer name?

The audit record. Holding weights and running inference locally is necessary but not enough for a regulated setting. You also need a cryptographically-signed entry on every action, so you can prove after the fact what ran, on what, under whose authority. Weights plus local inference plus a tamper-evident record is the full doctrine, which is where our sovereign audit-trail architecture comes in.

Does the vendor still matter at all?

Less than people think. Once the architecture holds the weights and runs the inference, the model becomes a swappable component. That portability is the point, and it is why we frame sovereignty as an architecture, not a purchase. A vendor can be acquired or repriced. A doctrine you have implemented survives all of it.

!Athena in gold on black void, spear lowered, standing watch over her own domain, closing image

By Micky Irons, founder of Mickai.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/mistral-french-defence-framework-open-weights-and-the-run-it-yourself-doctrine. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
Alex Karp Is Right: You Are Paying For Tokens You Cannot Audit
Alex Karp said hosted-AI vendors capture your data and bill you for unproductive tokens that create no value. He is right. We built Mickai so regulated organisations own the substrate instead of renting it, with a signed audit record on every action.
4 Jul 2026
The EU Just Pushed High-Risk AI to December 2027. Here Is What We Are Building Instead of Waiting
The Digital Omnibus provisional agreement moves the EU AI Act high-risk deadlines from August 2026 to December 2027. Most coverage frames the delay as relief. We frame it as the window to own your compliance stack outright, so you are compliant on day one in 2027 instead of retrofitting logging, oversight and traceability under a live deadline.
4 Jul 2026
Article 50 Lands in August: Machine-Detectable AI Provenance, and Why We Sign It At Source
Article 50 makes synthetic content machine-detectable from 2 August 2026, and the draft Code of Practice names C2PA as the route. We bind Content Credentials to the cryptographically-signed audit record Mickai writes on every action, so provenance is produced at source inside your own walls, not bolted onto a cloud API afterward.
4 Jul 2026
Under Oath, They Said They Could Not Say No. That Sentence Is the Whole Market
Microsoft France told the French Senate under oath that it cannot guarantee European data will never reach US authorities under the CLOUD Act, even inside a French sovereign region. We think that single sentence defines the market. Sovereign cloud is a real engineering improvement, but while the parent is US-domiciled the legal gap stays open. The only structure where the answer to a foreign subpoena is genuinely no is one you own and run inside your own walls.