MICKAI
Article · 2 July 2026

NIS2 and Sovereign AI

How owned, auditable AI meets the cybersecurity obligations of essential entities by design rather than after the fact

NIS2 and Sovereign AI
Author
Micky Irons
Published
2 July 2026
Follow Micky Irons
LinkedInX
nis2sovereign-aicybersecuritycomplianceaudit

The NIS2 Directive, the second Network and Information Security Directive, rewrote what cybersecurity means for essential and important entities across the European Union. It widened the scope to thousands more organisations, put personal accountability on management bodies, compressed incident-reporting windows to hours, and pushed risk management deep into the supply chain. For any entity that now runs artificial intelligence inside its operations, one uncomfortable question follows: if your AI acts on your behalf, can you prove what it did, why it did it, and that it stayed inside the rules?

Most AI deployments cannot answer that question. They send data to someone else's cloud, produce outputs no one can independently verify, and leave a compliance team assembling evidence after the fact. We built Mickai, our Sovereign Intelligence Operating System, to make the answer structural rather than aspirational. NIS2 obligations are not bolted on afterwards. They are how the system is put together.

What NIS2 actually demands

NIS2 applies to essential entities in energy, transport, banking, health, water, digital infrastructure and public administration, and to important entities across a far wider band of the economy. It requires appropriate and proportionate technical, operational and organisational measures to manage the risks posed to network and information systems. It names specific duties: risk analysis, incident handling, business continuity, supply-chain security, access control, cryptography, and the effectiveness of all of it being tested.

Two features give the directive its teeth. First, management bodies must approve and oversee the measures, and members can be held personally liable for failures. Second, a significant incident must be flagged with an early warning within twenty-four hours and a fuller notification within seventy-two hours. That cadence assumes you can see clearly and quickly into your own systems. An AI subsystem that behaves as a black box quietly breaks that assumption.

The black box is the compliance gap

When an organisation adopts a general AI service, the model runs somewhere else, the reasoning is opaque, and the audit trail belongs to the provider. That is a poor fit for a directive built on accountability and evidence. If a regulator or a board asks what the AI touched during an incident window, a screenshot of a chat log is not proof. It can be edited, it cannot be independently verified, and it says nothing about what data left the building.

A colossal marble figure of blindfolded justice holding balanced scales, lit by gold light in a black void
Like Themis weighing every claim, NIS2 asks essential entities to account for everything at their boundary.

NIS2 treats the AI you rely on as part of your network and information systems, which means its risk is your risk and its supply chain is your supply chain. If you cannot attest to how it works, you cannot honestly attest that your measures are appropriate. The shortfall is not a missing feature. It is the architecture itself.

Sovereignty as the starting condition

We start from a different premise. Mickai runs on hardware the customer owns, air-gapped or on-premise, with zero data egress. Nothing crosses the boundary the customer has not chosen to let cross. For an essential entity, that single decision collapses a whole class of supply-chain and data-residency risk that NIS2 forces you to manage, because there is no third party silently in the loop and no jurisdiction quietly holding your data.

A colossal marble titan bearing a great sphere on his shoulders, straining under its weight in gold light against black
Atlas bears the sky as boards now bear personal liability for the systems they approve.

Sovereignty also reframes the supply-chain duty. Instead of trusting a distant provider's security claims, the customer governs the substrate directly. The brains that carry out work are revocable. High-stakes actions require multi-brain agreement plus voice-biometric approval before anything happens. Control stays where NIS2 says accountability sits: with the entity itself, and with the people who sign for it.

Attestation before action, not logging after

The primitive that changes the compliance posture is the Operation Attestation Record, or OAR. Before any action executes, Mickai produces a signed record of what is about to happen, which brain proposed it, and under what authority. The signature uses post-quantum cryptography, specifically the FIPS 204 ML-DSA-65 standard, and the records are hash-linked with SHA-3-512 into a chain where any later tampering breaks the maths and shows itself.

This inverts the usual order. Conventional systems log after the fact, and logs written after an event can be doctored or lost precisely when they matter most. An OAR is created before the deed, so the evidence exists whether or not the action later succeeds, fails or is stopped. When NIS2 asks for the twenty-four-hour early warning, the raw material already sits in a tamper-evident, cryptographically-signed audit ledger rather than being reconstructed under pressure.

Because verification runs offline, a regulator, an auditor or a board member can check the chain on their own equipment without calling us, without network access, and without trusting our word. The proof is portable, and it does not depend on the vendor being cooperative or even present.

A colossal marble figure holding a flaming torch that pierces surrounding darkness with gold light
Prometheus carries the fire as attestation carries proof forward, created before the deed rather than after.

Ladon at the boundary

In the myth, Ladon was the hundred-headed serpent coiled around the tree that bore the golden apples, sleepless and unmoving, letting nothing past without challenge. NIS2 asks essential entities to be exactly that at their own boundary: watchful without gaps, able to account for everything that approaches the thing worth guarding. A guardian that dozes, or that cannot say what slipped by while it slept, is no guardian at all.

That is the standard we hold Mickai to. Every action is challenged and recorded at the gate before it proceeds. The audit ledger is the memory that never sleeps, so the question of what happened during any window has a mathematically defensible answer rather than a hopeful one.

Meeting the specific duties

The mapping is direct. Access control and cryptography are met by post-quantum signatures on every operation and by voice-biometric, multi-brain approval for anything sensitive. Incident handling is met by an attestation stream that already captures the sequence of events with signed timestamps. Supply-chain security is met by removing the external supplier from the data path entirely. Testing effectiveness is met because the ledger is independently verifiable, so an assessor can confirm the controls actually fired rather than trusting a policy document.

A colossal marble figure holding twin torches standing sentinel at a great gate in gold-edged darkness
Hecate stands watch at the threshold as a signed ledger stands watch over every action at the gate.

Governance and accountability, the duties that fall personally on management, are served by evidence a director can stand behind. When the board approves the security measures NIS2 requires, they are approving a system that produces its own proof, aligned with recognised frameworks such as ISO 42001 for AI management and the NIST AI Risk Management Framework. That turns an anxious signature into a defensible one.

The bottom line

NIS2 is not a documentation exercise. It asks essential and important entities to prove, at speed and to a personally liable board, that their systems are governed, contained and verifiable. AI that lives in someone else's cloud and reasons in the dark makes that harder. AI that runs on your own hardware, attests before it acts, and signs a tamper-evident chain you can check offline makes it structural. Mickai is built and live on that principle. The obligations do not sit on top of the system. They are the system. That is how a guardian earns the trust of what it guards.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/nis2-directive-and-sovereign-ai. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
Sovereign AI for Central Banks
A central bank cannot send its rate deliberations or supervisory secrets to anyone else's cloud. We built Mickai, a Sovereign Intelligence Operating System, so monetary and supervisory intelligence runs entirely offline on hardware the bank owns, with independence proven, secrecy architectural and every decision signed before it acts.
4 Jul 2026
Sovereign AI for Defence Primes
Defence primes hold the most sensitive programme data in the world, and the public cloud cannot cross the boundary that protects it. We built Mickai as a Sovereign Intelligence Operating System that runs on hardware the prime owns, air-gapped, where every action is cryptographically signed before it executes and every brain can be revoked in seconds.
4 Jul 2026
Sovereign AI for Maritime and Shipping
Fleets and ports need intelligence that keeps deciding when the satellite link dies and keeps an honest record no one can edit. Mickai runs on the operator's own hardware, at sea and on the quay, with zero data egress and a post-quantum signed ledger. Autonomy where the connection ends, governance that never does.
4 Jul 2026
Sovereign AI for Aerospace
Aerospace cannot ship export-controlled geometry to borrowed cloud infrastructure or hand engineers unexplained answers. We built Mickai, a Sovereign Intelligence Operating System, to run design and safety-case intelligence on hardware the customer owns, with zero data egress and cryptographic provenance signed onto every artifact before it exists.