Inside the OAR: How Post-Quantum-Signed Audit Records Make AI Actions Provable to a Regulator
A technical explainer of Mickai's tamper-evident, post-quantum-signed audit record, and why provable AI accountability is the layer regulated industries have been waiting for.
The question every regulator is now asking
When an AI system makes a decision inside a bank, a hospital, or an insurer, one question decides whether it can be deployed at all: can you prove what it did? Not describe it, not log it loosely, but prove it, to an auditor, a regulator, or a court, in a form that cannot be quietly edited after the fact.
Most enterprise AI cannot answer that question. The model runs somewhere in a public cloud, the prompt and the response pass through infrastructure the customer does not control, and the audit trail is an application log that the same operator can rewrite. For a firm under PRA SS2/21, UK GDPR special-category rules, the EU AI Act high-risk obligations, or the NHS DSP Toolkit, that is not an audit trail. It is an assertion.
Mickai was built to close exactly this gap. Mickai is a sovereign AI operating system, an SIOS, that regulated businesses own and run inside their own walls, on-premises and air-gapped. Every action the system takes is written to a tamper-evident, post-quantum-signed audit record. We call it the OAR. It is built and live, and it is the part of the architecture that turns AI from something you have to trust into something you can prove.
What the OAR actually is
The OAR is a cryptographically sealed ledger of everything the AI does. It is not a log file bolted on afterwards. It is a first-class part of the operating system, written at the moment of action, inside the customer's own boundary.
Each entry captures the full context of a decision: the input, the model invoked, the policy applied, the data sources touched, the output returned, and the identity that authorised it. Entries are chained, so each record carries a cryptographic reference to the one before it. Change a single byte in any earlier entry and every subsequent signature breaks. That is what tamper-evident means in practice: you do not have to trust that the log was not altered, because alteration is mathematically detectable.
Because the whole system runs inside the customer estate, there is no third party in the chain of custody. The records are generated, signed, and held by the institution that is accountable for them. When a regulator asks for evidence, the evidence already exists, sealed, and was never in anyone else's hands.
Why post-quantum, and why now
Signing an audit record proves it has not been tampered with, but only for as long as the signature scheme holds. Classical signatures such as RSA and elliptic-curve are vulnerable to a sufficiently capable quantum computer. A record signed today with a classical scheme could, in principle, be forged years from now, retroactively, once that capability exists. For an audit record that may need to stand up in a dispute a decade later, that is a real exposure.
The OAR is signed with post-quantum cryptography, signature schemes designed to resist attack from both classical and quantum machines. This matters most for exactly the records that have the longest retention requirements: lending decisions, clinical actions, underwriting calls, compliance determinations. A regulated firm cannot retrofit integrity after the fact. The signature has to be future-proof at the moment of writing. Building post-quantum signing into the record now is the difference between an audit trail that ages well and one that quietly expires.
Provable, not just loggable
The shift the OAR represents is from loggable to provable. A log says, here is what we believe happened. A signed, chained record says, here is what happened, and here is the mathematics that makes denial or revision impossible.
That distinction is the whole game in regulated AI. Under the EU AI Act high-risk regime, deployers must keep records that demonstrate compliance. Under PRA expectations on model risk and outsourcing, firms must show effective control over the systems making decisions. Under ITAR and EAR, certain workloads cannot leave a controlled environment at all. The OAR answers all three with the same primitive: an action that is recorded, sealed, and attributable, inside a boundary the customer fully controls.
This is the layer the market has been missing. Roughly 0.85 million UK businesses, around fifteen percent, and an estimated five million across the EU are effectively barred from running their most sensitive workloads on public-cloud AI by exactly these regimes, alongside NIS Regulations and CLOUD Act exposure. The sovereign AI market is projected to grow from USD 40 billion in 2025 to USD 148 billion by 2032. Provable accountability is not a feature in that market. It is the entry ticket.
Where the OAR sits in the wider system
The OAR is not a standalone product so much as the connective tissue beneath everything Mickai runs. The platform ships as a set of Greek-named Studios, each a domain capability: Nemesis for fraud and AML, Plutus for finance, Tyche for underwriting, Prometheus for forecasting, Nomos for compliance, Astraea for legal, Panacea for clinical, Aletheia for audit, and more. Every action any Studio takes flows into the same sealed record. The auditor does not learn a new system per use case. There is one provable trail across all of them.
We also offer the record itself as a capability, OAR-as-a-Service, for organisations that want provable AI accountability as a layer in their own stack. The audit primitive that secures Mickai internally is the same one a regulated buyer can adopt directly.
The intellectual property underneath this is deliberate. Mickai LTD holds 104 filed UK patent applications spanning roughly 2,340 claims, with the OAR and its sovereign-boundary architecture among the core filings. These are filed, not granted, which establishes priority and a prior-art position rather than a granted monopoly. The estate is broad enough that 196 companies map to 311 patent-company pairs as potential licensees, including names such as Microsoft, AWS, NVIDIA, Google, Adobe, and IBM. That is potential-licensee sizing, an indication of where the architecture intersects the wider industry, not a claim of existing deals.
Momentum and the strategic picture
The category is moving, and so is Mickai. In June 2026, third-party data placed founder Micky Irons at number four on Crunchbase, with the Mickai company profile in the top one to two percent globally. That is an external momentum signal, not an internal metric. Mickai is a UK company with Birmingham manufacturing secured, built and live today and building to scale.
The strategic logic is straightforward. Mickai is an ally to the frontier labs, not an OpenAI killer. The dual-buyer thesis is that regulated enterprises need sovereign, provable AI they own, and the hyperscalers and frontier providers need a way to reach those customers without asking them to give up control. The OAR is the mechanism that makes both true at once. A provable, post-quantum-sealed audit layer, owned by the customer, is precisely the kind of category-defining capability a hyperscaler would rather own than compete with. The IP estate and the dual-buyer thesis underwrite the enterprise value beneath it.
Provable accountability is the layer regulated industries have been waiting for, and it is live. If that is the problem you have been waiting for someone to solve, the conversation starts at micky@mickai.co.uk.
Micky Irons, founder and CEO of Mickai.
Frequently asked questions
What is the OAR?
The OAR is Mickai's tamper-evident, post-quantum-signed audit record. It is a cryptographically sealed, chained ledger of every action the AI takes, written at the moment of action inside the customer's own boundary, so AI decisions can be proven to an auditor, regulator, or court rather than merely described.
Why does the OAR use post-quantum cryptography?
Classical signature schemes such as RSA and elliptic-curve could in principle be forged retroactively once a sufficiently capable quantum computer exists. Records like lending decisions, clinical actions, and compliance determinations have long retention requirements, so the OAR signs them with post-quantum schemes that resist both classical and quantum attack, keeping integrity intact for the full retention period.
What does tamper-evident mean in practice?
Each OAR entry carries a cryptographic reference to the entry before it. Altering a single byte in any earlier record breaks every subsequent signature, so any change is mathematically detectable. You do not have to trust that the log was not altered, because alteration cannot be hidden.
How does the OAR help with EU AI Act, PRA, and ITAR obligations?
It answers all three with one primitive: an action that is recorded, sealed, and attributable inside a boundary the customer fully controls. That satisfies EU AI Act high-risk record-keeping, PRA expectations on model risk and outsourcing control, and ITAR/EAR requirements that certain workloads never leave a controlled environment.
Is the OAR available on its own?
Yes. Mickai offers OAR-as-a-Service so organisations can adopt provable AI accountability as a layer in their own stack. The same audit primitive that secures Mickai internally can be used directly by a regulated buyer.
Is Mickai live today?
Yes. Mickai is a sovereign AI operating system that is built and live, run on-premises and air-gapped inside the customer's own walls, with the OAR as a first-class part of the architecture.






