MICKAI
Article · 3 July 2026

On Premises AI for the Public Sector: Sovereign Control Without the Foreign Cloud Risk

We built a Sovereign Intelligence Operating System that keeps government intelligence inside government walls, on the state's own hardware, with a signed record on every action.

On Premises AI for the Public Sector: Sovereign Control Without the Foreign Cloud Risk
Author
Micky Irons
Published
3 July 2026
Follow Micky Irons
LinkedInX
sovereign aipublic sectoron premisesgovtechdata sovereignty

The state cannot rent its own judgement

Something has shifted in the way governments talk about artificial intelligence. For most of the last decade the conversation was about capability. Which model is cleverest, which vendor moves fastest, which demo lands best. That conversation is now colliding with a harder question. Where does the data live, who can reach it, and under whose law does it sit when the pressure comes. Across the UK and across Europe, that second question has become the one that decides procurement.

We think the reason is simple. A public body is not just another customer buying compute. A tax authority holds the financial life of a nation. A health service holds the most intimate records a person will ever generate. A police force, a benefits agency, a court, each holds information that, under the wrong jurisdiction, becomes a lever against the citizens the state is supposed to protect. When that information is processed inside a foreign public cloud, the state has quietly handed a copy of its own nervous system to a company that answers to another government's law.

That is the risk sovereign technology policy is finally naming out loud. It is not anti innovation and it is not protectionism. It is a recognition that national control over national data is the precondition for everything else.

Hestia, evoking intelligence and data kept inside government walls on the state's own hearth
Hestia keeps the flame within the house, the model for intelligence that never leaves the building.

What foreign cloud risk actually means

The phrase foreign cloud risk gets used loosely, so we want to be precise. The worry is not usually that a hyperscaler will act in bad faith. The concern is structural, and it holds even when every party is acting honestly.

  • Extraterritorial law. Data held by a company incorporated abroad can be compelled by that country's courts and agencies, regardless of where the servers sit or what a European contract promises.
  • Data egress by default. Most AI services send prompts, documents, and context out to a remote endpoint to be processed. Even with encryption in transit, the sensitive material has left the building and now exists on infrastructure the state does not own.
  • Opaque processing. When the model, the logs, and the retention policy all live on someone else's estate, a government cannot fully prove what happened to a record, who touched it, or whether it was used to train something else.
  • Dependency and lock in. A capability that only runs on one foreign provider's cloud becomes a single point of failure, and a point of leverage in any future dispute.
  • Continuity risk. Sanctions, outages, licence changes, or a diplomatic rupture can switch off a service a hospital or a border post has come to rely on.

None of these risks are solved by a stronger contract or a data centre with a local flag on it. They are solved by keeping the intelligence, and the data it feeds on, inside infrastructure the state owns and physically controls.

Hades, evoking foreign cloud risk where data crosses into another jurisdiction and cannot be recalled
Hades rules a realm you cannot leave, the shape of data compelled into a foreign domain.

Why we built Mickai to run on the customer's own hardware

Mickai is a Sovereign Intelligence Operating System. We use that phrase deliberately, because it is not a chatbot bolted onto a website. It is the layer where intelligence, memory, and governance live together, and we designed it to run where the customer already stands. On premises. On the department's own servers. Air gapped when the mission demands it, with no public cloud round trip at any point.

That single architectural choice removes the foreign cloud risk at the root rather than papering over it. If the data never leaves the building, there is no egress to intercept, no foreign endpoint to subpoena, and no dependency to be switched off from abroad. The memory belongs to the customer, held on the customer's own storage under the customer's own key. We never receive a copy, so we could not hand one over even if we were compelled to.

Sovereignty is not a setting you toggle on. It is where the system physically runs and who can reach it. If the answer is your own hardware, behind your own walls, then it is yours in the only sense that matters when the pressure comes.

Micky Irons, founder of Mickai
Hephaestus, evoking a system built to run on the customer's own hardware behind their own walls
Hephaestus forges at his own anvil, the way a sovereign system is built to run on the customer's own hardware.

Fifty specialist brains under deterministic governance

Public sector work is not one job. It is thousands of tasks with different rules, and a single general model answering everything is the wrong shape for an institution that has to justify every decision. So Mickai is built as fifty specialist brains, twenty five domain and twenty five operational, each with a defined remit, coordinated under deterministic governance.

Deterministic governance is the part that matters most for the state. It means the system follows explicit, inspectable rules about what each brain may do, what it may touch, and what it must escalate to a human. An official is not asking a black box to be trusted on faith. They are working with a system whose boundaries are set in advance and whose behaviour can be examined afterwards.

Proof on every action, not promises after the fact

Accountability in government is not optional, and it is not retrospective goodwill. It has to be demonstrable. That is why every action Mickai takes produces a cryptographically signed audit record, what we call the Open Audit Record. It captures what happened, when, and under which rule, signed so that it cannot be quietly altered later.

Themis, evoking deterministic governance where every rule is set in advance and inspectable
Themis holds the scales to a fixed measure, the image of governance whose rules are set before the fact.

We sign that record using post quantum cryptography, specifically ML-DSA-65, so the proof holds up not only against today's threats but against the day older signing schemes are broken by more capable machines. A record signed now should still be defensible in an inquiry, a tribunal, or an audit years into the future. For a public body that may have to answer for a decision long after it was made, that durability is the whole point.

  • Runs on the customer's own hardware, on premises and air gapped, with zero data egress.
  • No public cloud round trip, so sensitive material never leaves the estate.
  • Fifty specialist brains, twenty five domain and twenty five operational, under deterministic governance.
  • A cryptographically signed Open Audit Record on every action, using post quantum signing.
  • Memory the customer owns, held on the customer's own storage under the customer's own key.

Building the intellectual property to back it

This is not a slide deck architecture. Mickai now stands on 104 filed UK patent applications carrying approximately 2,340 claims, complete with full specification, claims, and figures, and we are building steadily toward examination and grant. Those filings cover the mechanisms that make sovereign, governed, on premises intelligence work in practice, from the way the brains are coordinated to the way each action is recorded and signed. A government buyer is right to ask whether the thing in front of them is durable, and a depth of filed intellectual property is one honest signal that the substance is real and meant to last.

Argus Panoptes, evoking a signed audit record that watches and captures every single action
Argus never closes every eye, the guardian for a signed record kept on every action the system takes.

The momentum, stated plainly

We will not dress up traction with names we are not free to share. What we can point to is public and independent. On Crunchbase, our founder now ranks number 2, and the company Heat Score has reached 94 out of 100, climbing from single digits. We would rather cite what anyone can verify than invent what flatters us.

Where this goes next

The direction of travel in the UK and across Europe is now clear. Sovereign capability is moving from a talking point to a requirement, written into the questions that decide who gets to serve the state. We think that is exactly right, and we built for this moment rather than around it. A public body should be able to put real intelligence to work on its hardest problems without shipping its citizens' data to a jurisdiction it does not govern, and without asking anyone to trust a process they cannot inspect. Sovereign, governed, provable, and on premises. That is the standard we hold ourselves to, and the one the public sector will soon hold everyone to.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/on-premise-ai-for-the-public-sector. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles