One Offline Substrate for Finance, Healthcare, Defence, Government and Legal
Five regulated sectors share one problem, and the answer is an offline sovereign substrate that never lets data leave the operator's own hardware.
On 2 August 2026 the European Union AI Act reaches full application, and obligations that were once distant become live for anyone deploying high-risk systems into finance, healthcare, employment, essential services and the justice system. In the same window the United Kingdom continues to stand up its Sovereign AI programme and the NHS keeps wrestling with where patient data may lawfully be processed. Defence and government buyers ask a question public-cloud vendors still struggle to answer plainly: where does our data sit, who can reach it, and can we prove what the machine did.
These are not five separate anxieties. They are one problem wearing five uniforms. A bank, a hospital trust, a defence prime, a central department and a law firm all hold information that cannot lawfully or safely be sent to a shared multi-tenant model hosted by someone else. For most of the last decade the assumption was that useful artificial intelligence had to be borrowed from a hyperscaler. That assumption is now the exception, and our substrate is built on the opposite premise.
The common failure across all five sectors
Look closely at the regulations governing each sector and the same requirement recurs under different names.
- Finance demands data residency, model explainability and an auditable decision trail.
- Healthcare demands patient confidentiality, a lawful basis and the ability to withdraw data.
- Defence demands classification handling and assurance against exfiltration.
- Government demands accountability to the public record.
- Legal demands privilege, broken the moment a document crosses into a third party's infrastructure.
Every one of those requirements is really a statement about custody and evidence: who holds the data, who can see it, and what proof exists of every action taken upon it. Public-cloud artificial intelligence answers the first two questions badly and the third barely at all, because inference happens on infrastructure the customer neither owns nor can inspect.
Once the problem is framed as custody and evidence rather than five compliance regimes, a single technical answer becomes possible: move the intelligence to the data, on hardware the operator owns, and make every action provable.
What a sovereign substrate actually is
Mickai is a Sovereign Intelligence Operating System, a SIOS, that runs offline on the operator's own hardware. It is not something hosted elsewhere and rented by the seat, but a substrate the operator installs, controls and can physically unplug. The sovereign models it runs execute locally, so no prompt, no document and no inference ever leaves the perimeter.
The word substrate matters. It is the layer everything else stands on, not a single function bolted beside existing systems. Finance, healthcare, defence, government and legal do not each need a separate foundation. They need the same trustworthy substrate configured to their own controls, which is why one substrate can serve all five without any of them sharing a model, a tenancy or a byte of data with the others.
Offline is a security property, not a limitation
Running offline is often mistaken for a compromise, as though sovereignty were bought at the price of capability. The reverse is closer to the truth. A system with no path to the public internet has no egress channel through which data can be exfiltrated, whether by an insider, a compromised dependency or a model coaxed into leaking what it holds.
The design enforces this with a zero-egress inbound perimeter. Data and updates can be brought in under the operator's control through inspected channels, but nothing reaches out: no silent call home, no telemetry stream, no background synchronisation to a remote cloud. For a defence classification authority or an NHS information governance lead, this turns an unbounded trust question into a bounded one. The same property removes a class of supply-chain risk: when the substrate cannot phone out, a poisoned update or a hostile model has nowhere to ship data to.
Proving what the machine did
Regulators increasingly ask not only what a system decided but how the decision can be reconstructed and trusted after the fact. ISO/IEC 42001 formalises that expectation, and agentic-audit governance pushes it further as autonomous agents begin to act on their own.
The audit trail is treated as a first-class part of the substrate rather than a log written after the event. Every consequential action is recorded in a post-quantum signed audit chain, where each entry is cryptographically linked to the one before it, so the record cannot be silently altered or backdated without breaking the chain. Identity is hardware-attested, binding an action to a specific device and holder rather than to a reusable password, and the seal is designed to hold against far greater future computing power than exists today.
For a bank facing a supervisory review, a hospital facing a data-protection audit or a department facing the public record, the value is concrete: the operator can hand an auditor a sealed, verifiable account of what happened, independent of any assurance from the supplier.
Getting to answers you can defend
A single model, however capable, is a single point of view and a single point of failure. In regulated work the cost of a confident wrong answer is high, and a hallucination presented as fact can carry real consequence.
The substrate can run several sovereign models against the same question and reach a decision through cross-model consensus, surfacing where they agree and, more usefully, where they diverge. Disagreement is a signal that a human should look before the output is relied upon. For a legal team drafting to a court, or a clinician weighing a recommendation, that visible margin of doubt is often worth more than a smooth single answer.
“When intelligence runs on hardware the operator owns and every action is cryptographically sealed, compliance stops being a promise made by a vendor and becomes evidence the operator can produce.”
One blueprint, configured five ways
The economic and governance case for a shared substrate is straightforward. Standing up five separate sovereign estates, one per sector, multiplies the assurance burden, the audit surface and the cost of keeping each current. A single substrate that all five configure to their own controls collapses that duplication while keeping the sectors isolated. That isolation is structural: each sector runs its own models, data stores and keys within the same substrate, so the control that separates the bank from the hospital is enforced by the architecture, not by an administrator remembering to set it.
This is where the patent position is relevant, stated once and in context. The mechanisms described here, the sealed audit chain, the hardware-attested identity, the zero-egress design and the consensus layer, sit within 104 filed UK patent applications, approximately 2,340 claims, owned by Mickai LTD; never granted or patented, and described here as filed and pending. A buyer conducting diligence is entitled to know the architecture is documented, not improvised.
Where this goes next
The regulatory direction of travel through 2026 is towards operators demonstrating custody, explaining decisions and proving their controls rather than asserting them. A substrate that is offline by default, sealed by design and owned by the operator runs with that direction rather than against it.
None of this removes the hard work of governance. Configuration, human oversight and sector-specific controls remain the operator's responsibility. What the substrate offers is a foundation on which that work becomes provable rather than merely promised, and one blueprint five regulated sectors can each make their own. For any organisation that has concluded it cannot lawfully use public-cloud artificial intelligence, that is the question worth testing next.




