The Procurement Cliff: Why Post-Quantum Has To Be In The Record From Day One

A deadline that does not move

The National Institute of Standards and Technology (NIST) finalised the first post-quantum cryptography standards in 2024, publishing the Federal Information Processing Standards (FIPS) 203, 204, and 205. The policy consequence is now dated and specific. The National Security Agency (NSA) Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) requires quantum-safe algorithms for all new National Security System acquisitions by 1 January 2027, with full migration mandated by 2035. Industry analysts size the resulting migration at close to fifteen billion dollars. That is not a research timeline. It is a procurement cliff, and from today it lands in roughly six months.

The threat is not the quantum computer. It is the archive.

The mistake organisations make is treating the post-quantum deadline as a future event that arrives only when a cryptographically relevant quantum computer exists. The threat model says otherwise. It is called harvest-now-decrypt-later. An adversary captures encrypted records today, stores them at near-zero cost, and waits. When a sufficiently capable quantum machine arrives, the adversary decrypts the entire archive at once. Everything captured in the intervening years becomes readable retroactively.

This changes what the 2027 deadline actually means. A record protected by a pre-quantum scheme is not safe until 2035 and then suddenly exposed. It is exposed the moment it is captured, with the decryption simply deferred. For data with a short life, a customer support transcript, a transient session token, the exposure window may not matter. For anything with a long evidentiary life, it matters enormously, and the records being signed in 2026 are precisely the ones whose value depends on still holding a decade later.

Signatures are worse than secrets

Encryption protects confidentiality, and harvest-now-decrypt-later is usually discussed in those terms. The harder problem is integrity. A digital signature proves that a specific record was produced by a specific key at a specific time and has not been altered since. If the signature scheme is broken by a quantum adversary, that proof collapses, and it collapses for every record ever signed under it, including records signed years before the break.

Consider an audit log, a signed action by an autonomous agent, a record a regulator may inspect in 2035. The value of that record is precisely its non-repudiation: the guarantee that nobody can forge it and nobody can deny it. A pre-quantum signature on a 2026 record offers no defence in 2035, because by then the scheme can be forged. The record still sits in the ledger, but it no longer proves anything. You cannot rotate your way out of that. Re-signing today's records tomorrow under a new algorithm does not restore the original chain of custody. The first signature is the one that established provenance, and if that signature is forgeable, the provenance is gone.

Why rotation is not a migration strategy for the past

Most migration guidance, sensibly, talks about cryptographic agility: the ability to swap algorithms as standards evolve. Agility is necessary and Mickai supports it. But agility is a property that protects the future. It does nothing for the past. A record signed in 2026 under a broken scheme cannot be retroactively protected by an algorithm adopted in 2028, because the adversary already holds the 2026 ciphertext and the 2026 signature. The window in which that record needed post-quantum protection was the moment it was written.

This is the engineering argument that the procurement cliff forces into the open. For anything with a long evidentiary life, post-quantum protection cannot be a later upgrade. It has to exist from inception. The question a buyer should ask a vendor in 2026 is not whether the product has a post-quantum roadmap. It is whether the records the product is signing right now will still verify against a quantum-capable adversary in 2035. A roadmap protects records not yet written. It cannot reach back and protect the ones already in the ledger.

What Mickai signs with, and when

Mickai is a Sovereign Intelligence Operating System (SIOS): built, live, and production-ready today. At its core is the Open Audit Record (OAR), an append-only, hash-chained audit ledger. Every action the system takes is signed before it executes, not after, and the signature uses FIPS 204 ML-DSA-65, the NIST post-quantum standard for digital signatures. This is not a configuration option bolted on for compliance. It is how the ledger has worked from the first record.

The practical effect is that a chain recorded by Mickai in 2026 is signed under a scheme designed to resist a quantum adversary. The operator keys that anchor those signatures are held in a Trusted Platform Module (TPM), so the keys never leave the operator's hardware. A browser-resident verifier, compiled to WebAssembly, checks any record offline with no network call, which means verification does not depend on a server that might be gone, a vendor that might be acquired, or a connection that might be unavailable in 2035. The operator owns the hardware, the keys, and the audit chain. That ownership is what the word sovereign means here. It is an honest boundary around the AI activity, not a claim over the whole host machine.

Authority at the moment of execution

Provenance answers what happened and proves it cannot be denied. It does not, on its own, stop a dangerous action before it runs. Mickai's Sentinel component closes that gap. Sentinel exists to stop AI agents wiping or exfiltrating data, and it works on a principle of authority at execution: a dangerous action is gated at the precise moment it would run, and several brains must independently agree before it proceeds.

Mickai runs fifty brains in total, twenty-five domain specialists and twenty-five operational. The operational set includes the eight-brain Chronus Kernel that forms the cognitive core, two Custodians named MNEMOSYNE and AESCULAPIUS, and fifteen Specialists, all running on the Poseidon silicon substrate, which is itself not one of the fifty. The brains are built on open foundation models, Llama 3.2 and Qwen 2.5, specialised through fine-tuning and distillation into their domains, and Mickai is actively training its own models now. The relevant point for the procurement cliff is that the gated decision and its outcome are themselves written into the OAR and signed under ML-DSA-65. The control and the proof of the control share one quantum-safe ledger.

A property of the substrate, not a later upgrade

The portfolio behind this is substantial: one hundred and one filed United Kingdom patent applications, approximately two thousand two hundred and thirty-four claims, all owned by Mickai LTD (company number 17166618), with Micky Irons named as inventor. Several of those filings describe exactly the mechanisms above, the signed-before-execution ledger, the offline verifier, the gated authority model. The roadmap item still in motion is Pantheon, a sovereign Layer 1 blockchain written in Rust on the Polkadot Software Development Kit (SDK). Pantheon carries the audit record as a native consensus object, runs fifteen Layer-2 application chains, and anchors the audit root to Bitcoin on a cadence. Its token, PAN, has a fixed total supply of five billion. The SIOS itself, and the post-quantum signing at its heart, is already done.

The procurement cliff of January 2027 is a useful forcing function because it converts a vague future risk into a concrete buying decision. The organisations that treat post-quantum as something to address when the deadline arrives will find that the records they generated in the interval are already compromised in principle, captured by an adversary patient enough to wait. The organisations that treat it as a property the system has from inception will find their 2026 chains still verifying in 2035, against an adversary that by then has the machine to break everything else. Mickai built it the second way. The signature on the first record is the one that has to last, so that is the one made quantum-safe.