Sovereign AI for the NHS: intelligence that never leaves the trust
Mickai is a sovereign intelligence operating system that regulated businesses own and run inside their own walls. For NHS trusts and clinical suppliers, it runs entirely on their own hardware, air gapped, with a post quantum verifiable audit record.
The data the NHS cannot send to the cloud
NHS trusts, integrated care boards, and their clinical suppliers hold some of the most tightly governed data in the country. Patient records, genomic files, mental health notes, and safeguarding material are special category data under UK GDPR, and they sit inside the assurance perimeter defined by the NHS Data Security and Protection Toolkit. For a growing set of AI workloads, the lawful answer to "can this leave the building and go to a public cloud model" is simply no. We built our system for exactly that constraint.
We run about fifty specialist models, twenty five domain and twenty five operational, with cross model routing under a deterministic arbiter, so the same input produces the same output. Nothing is sent to a public cloud endpoint, nothing crosses a data processing border, and no third party sees a single record. For a clinical safety case and an information governance sign off, reproducibility and containment are not features. They are preconditions.
Why on premises and air gapped is the requirement, not the preference
The pressure to keep regulated healthcare data on owned hardware is not one rule. It is a stack of them arriving at once. UK GDPR governs special category data. The NHS Data Security and Protection Toolkit sets the assurance baseline for every organisation that touches health and care information. The EU AI Act classifies much of clinical decision support as high risk. The NIS Regulations cover operators of essential services. The US CLOUD Act means that data held by a US owned provider can be compelled by a foreign authority, regardless of where the servers physically sit. For a trust weighing a public cloud AI service, that last point alone can end the conversation.
Around 0.85 million UK businesses, roughly fifteen percent, and about five million across the EU, legally cannot send their data to public cloud AI. Healthcare is one of the densest concentrations of that population. We serve it by running the intelligence where the data already lives, on the customer's own hardware, on premises and air gapped, with zero data egress and no public cloud round trip.
Panacea, the clinical studio
Our clinical studio is Panacea. The name is Greek, the function is serious. It handles the clinical language work a trust actually needs, triage support, coding and documentation, letter drafting, and structured summarisation of long records, entirely inside the trust's own estate. Panacea sits alongside the other studios we run, so a single sovereign deployment can also cover finance and forecasting through Plutus and Prometheus, fraud and anti money laundering through Nemesis, compliance through Nomos, legal through Astraea, audit through Aletheia, business intelligence through Pythia, customer contact through Iris and our voice studio Vinis, and outbound work through the Agentic Marketing Team. The perimeter itself is Trust Agent.
Because everything runs locally under the deterministic arbiter, clinical governance teams can reason about behaviour the way they reason about any other controlled clinical system. The model set is fixed, the routing is defined, and the outputs repeat. That is the property a medical device file and an information governance assessment are built to check.
The Open Audit Record, evidence a regulator can verify without trusting us
In healthcare, the audit trail is often the deliverable. If you cannot show who did what, on what data, and when, the clinical or governance value of an automated action collapses. Our answer is the Open Audit Record. Every consequential action is signed under post quantum cryptography (FIPS 204 ML-DSA-65, with ML-KEM-768) and hash chained into a tamper evident, append only ledger.
Anyone can verify that ledger offline, for decades, without trusting the vendor and without a live connection back to us. A trust auditor, a regulator, or an expert instructed in litigation can take the record and check the chain themselves. The post quantum choice matters here because health records have a retention horizon measured in decades, and an audit record that has to survive that long has to survive the arrival of quantum capable adversaries. We also offer this capability on its own, as OAR as a Service, for organisations that want verifiable evidence over their existing systems.
Multi node attestation across sites
Health systems are not single buildings. They are trusts, sites, and community services that need a shared, trustworthy record without a central server that becomes a single point of compromise or a single point of surveillance. Pantheon, our post quantum Layer 1, is on testnet and provides multi node attestation across fielded units. Each deployment can attest to the others, so a distributed estate keeps a consistent, verifiable state without funnelling sensitive data through one place.
Built and live, from a UK company
We are Mickai LTD, a UK company, Companies House number 17166618, with Birmingham manufacturing secured. Our system is built and live today. It is not a concept, a pilot deck, or a roadmap. We have filed 104 UK patent applications, about 2,340 claims, across thirteen invention families, owned by Mickai LTD, with named inventor Mickarle Sean Junior Wagstaff-Irons. These applications are filed, not granted. Filing establishes priority and builds a prior art moat around the way we do sovereign, verifiable, on premises intelligence.
The market, and the two buyers inside it
The sovereign AI market is roughly forty billion US dollars in 2025, rising to about 148 billion by 2032. The demand is structural, because it is written into regulation rather than fashion. In the UK alone, PRA model risk expectations under SS1/23 apply to financial firms, and the healthcare equivalents, the Data Security and Protection Toolkit and UK GDPR special category rules, apply with equal force to trusts and their suppliers. The EU AI Act, ITAR and EAR, the NIS Regulations, and the US CLOUD Act extend the same logic across sectors and borders.
We hold a dual buyer thesis. We sell sovereign intelligence directly to regulated organisations that the public cloud cannot lawfully reach, healthcare among the clearest. We also license the patented stack to the large platforms that want to reach those same organisations and currently cannot. A platform that adds a sovereign, verifiable layer instantly becomes serviceable to the regulated market it is locked out of today. Our internal analysis maps 196 companies and 311 patent company pairs as potential licensees, including names such as Microsoft, AWS, NVIDIA, Google, Adobe, and IBM. That is potential licensee sizing, not a signed book and not an infringement claim. We are an ally to the AI majors, not a challenger built to displace them.
What this means for a trust deciding today
For an NHS trust or a clinical supplier, the practical position is straightforward. The AI work that public cloud services cannot lawfully take on can run inside your own walls, on your own hardware, with no data leaving the estate. The clinical models are fixed and reproducible. Every consequential action carries a post quantum signed, independently verifiable record that will outlast the systems that created it. And the whole capability comes from a UK company that manufactures here and holds the filed intellectual property behind the approach. Our pre-seed round is opening soon, and we welcome inquiries from interested partners by email at micky@mickai.co.uk or on LinkedIn.
Does Mickai keep NHS data inside the trust?
Yes. Our system runs on the customer's own hardware, on premises and air gapped, with zero data egress and no public cloud round trip. No patient record is sent to a public cloud model, and no third party, including us, sees the data.
How can a regulator or auditor trust the audit trail?
Every consequential action is signed under post quantum cryptography (FIPS 204 ML-DSA-65, with ML-KEM-768) and hash chained into a tamper evident, append only ledger. Anyone can verify that ledger offline, for decades, without trusting us and without a connection back to our systems.
Is the clinical output reproducible enough for a safety case?
We run about fifty specialist models with cross model routing under a deterministic arbiter, so the same input yields the same output. That reproducibility is what a clinical safety case and an information governance assessment are designed to test.
