MICKAI
Article · 2 July 2026

Sovereign AI for Pharmaceutical Clinical Trials

Mickai is a sovereign intelligence operating system that regulated businesses own and run inside their own walls. For pharmaceutical sponsors, that means clinical trial data never leaves the building and every action is cryptographically provable.

Sovereign AI for Pharmaceutical Clinical Trials
Author
Micky Irons
Published
2 July 2026
Follow Micky Irons
LinkedInX
sovereign AIclinical trialspharmaceuticalsregulatory compliancepost-quantum cryptography

Mickai is a sovereign intelligence operating system that regulated businesses own and run inside their own walls. For pharmaceutical sponsors and clinical research organisations, that sentence is the whole point. The data that moves a molecule from first-in-human dosing to marketing authorisation is among the most sensitive and most regulated data in any industry. It is special category health data under UK GDPR. It is subject to Good Clinical Practice, to 21 CFR Part 11, to the EU Clinical Trials Regulation, and to the audit expectations of the MHRA, the EMA and the FDA. Sending it through a public cloud AI service, where it leaves your control and crosses a vendor boundary you cannot inspect, is for many sponsors simply not lawful. We built Mickai for exactly that constraint.

Why clinical development cannot use public cloud AI

We run entirely on the customer's own hardware, on premises and air gapped, with zero data egress and no public cloud round trip. In a clinical context that is not a preference, it is a compliance requirement. Patient identifiers, genomic data, adverse event narratives, unblinded efficacy results, and site source documents cannot be exported to a third party system where the sponsor loses custody and the processing cannot be independently examined.

The regulatory drivers are concrete. UK GDPR treats health data as special category and constrains where it may be processed. The EU AI Act classes many clinical and diagnostic uses as high risk, with obligations on data governance, logging and human oversight. The US CLOUD Act means that data placed with a US hosted provider can be reachable by process the sponsor never sees. ITAR and EAR bear on collaborations that touch controlled technology. For a sponsor running a global programme, the cleanest way to satisfy all of these at once is to never let the data leave the building. That is the design we shipped.

Around 0.85 million UK businesses, roughly 15 percent, and about 5 million across the EU, legally cannot send data to public cloud AI. Regulated life sciences sit squarely inside that population. The sovereign AI market these firms represent is roughly USD 40 billion in 2025, rising to about USD 148 billion by 2032. We are built for the part of that market the public cloud cannot lawfully reach.

What we run inside the trial perimeter

We run about fifty specialist models, 25 domain and 25 operational, with cross-model routing under a deterministic arbiter, so outputs are reproducible. Reproducibility matters in a regulated setting more than raw fluency. A regulator does not want a plausible answer that changes each time it is asked. They want the same input to produce the same output, with a record of how it was produced. Our arbiter is built for that.

The work is organised into studios, each named from Greek myth and each built for a serious function. For clinical development the relevant ones are direct. Panacea handles clinical work. Aletheia handles audit. Nomos handles compliance. Astraea handles legal. Pythia handles business intelligence. Prometheus handles forecasting, which for a sponsor covers enrolment projection and supply planning. Iris handles patient and site facing service, and Vinis handles voice. Nemesis covers fraud and anti money laundering controls where financial integrity touches the trial. Trust Agent is the perimeter that keeps the whole system sealed. Each studio runs on the sponsor's own infrastructure, so protocol design support, medical writing, safety narrative drafting, deviation triage and audit preparation all happen without a single record leaving the sponsor's control.

The Open Audit Record: evidence a regulator can verify

The strongest thing we bring to a clinical programme is not generation, it is proof. Every consequential action is signed under post-quantum cryptography (FIPS 204 ML-DSA-65, with ML-KEM-768) and hash-chained into a tamper-evident, append-only ledger that anyone can verify offline, for decades, without trusting the vendor. We call this the Open Audit Record, or OAR.

Consider what an inspection actually demands. Who did what, when, on which data, and can you demonstrate the record was not altered afterwards. Conventional audit trails ask the inspector to trust the system that wrote them. The OAR does the opposite. Because each entry is cryptographically signed and chained to the one before it, any tampering breaks the chain and is detectable by anyone, including a regulator running the verification independently, years later, with no connection to us. For a submission that must survive inspection long after the trial closes, an audit record that verifies offline and does not depend on the vendor still existing is a material advantage. We also offer this capability on its own, as OAR-as-a-Service, for sponsors who want the evidentiary layer around systems they already run.

For multi-site and multi-sponsor programmes, Pantheon extends this. Pantheon is a post-quantum Layer 1, currently on testnet, that gives multi-node attestation across fielded units with no central server. That means several sites, or a sponsor and its clinical research organisation, can each hold an independently verifiable record and agree on the state of the trial without routing everything through one party's servers.

The intellectual property behind the claim

We do not ask sponsors to take the architecture on faith. It is documented in our patent estate. We have 104 filed UK patent applications, roughly 2,340 claims, across 13 invention families, owned by Mickai LTD, with named inventor Mickarle Sean Junior Wagstaff-Irons. These are filed, not granted. Filing establishes priority and builds a prior-art moat around the sovereign design. For a buyer whose procurement team weighs vendor durability, a documented and dated invention record is part of the diligence answer.

A sovereign layer the wider market cannot ignore

Our commercial thesis has two sides. We sell sovereign AI to regulated firms the public cloud cannot lawfully reach, and we license the patented stack to the platforms that want to reach them. Internal analysis maps 196 companies and 311 patent-company pairs as potential licensees, including names such as Microsoft, AWS, NVIDIA, Google, Adobe and IBM. This is potential-licensee sizing, not a signed book and not an infringement claim. We are an ally to the AI majors, not an OpenAI killer. A platform that adds a sovereign, air-gapped, cryptographically auditable layer instantly reaches the regulated life sciences market it cannot serve today. That is the strategic logic, and it points in the same direction as the buyer's own interest.

Mickai LTD is a UK company, Companies House 17166618, with Birmingham manufacturing secured, founded and led by Micky Irons as CEO. We build for regulated industries where the answer to "where does the data go" has to be "nowhere". In clinical development, that answer is not a feature. It is the licence to operate.

Our pre-seed round is opening soon, and we welcome inquiries from interested partners by email at micky@mickai.co.uk or on LinkedIn.

Frequently asked questions

Does clinical trial data ever leave our infrastructure?

No. We run entirely on the customer's own hardware, on premises and air gapped, with zero data egress and no public cloud round trip. Patient identifiers, unblinded results and source documents stay inside the sponsor's walls throughout.

How does the Open Audit Record help with an MHRA, EMA or FDA inspection?

Every consequential action is signed under post-quantum cryptography and hash-chained into an append-only ledger. Any alteration breaks the chain and is detectable. A regulator can verify the record offline, for decades, without trusting us or requiring us to still exist.

Are the patents granted?

They are filed, not granted. We have 104 filed UK patent applications, roughly 2,340 claims, across 13 invention families, owned by Mickai LTD. Filing establishes priority and a prior-art moat around the sovereign architecture.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/pharma-clinical-trials. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles