MICKAI
Article · 13 June 2026

Security Improves When Someone Is Liable

The most reliable lever in security economics is not a code of conduct. It is the moment a cost lands on a named party, and the only way to assign that cost is a record that cannot be denied.

Security Improves When Someone Is Liable
Author
Micky Irons
Published
13 June 2026
Follow Micky Irons
LinkedInX
AI liabilitysecurity economicsEU AI ActauditabilityMickai

The lever that actually moves

Security does not improve because people mean well. It improves when failure has a price, and that price has an address. I have watched a decade of voluntary codes, maturity frameworks, and signed pledges produce a great deal of paper and very little change in behaviour. The thing that changes behaviour is liability. The moment a real cost lands on a named party who could have prevented the harm, that party starts spending money on prevention. Everything before that moment is theatre, and most people in this industry know it.

I built Mickai because I came to believe this was the central fact of the field, not a footnote to it. You can argue about controls, frameworks, and best practice for years. You cannot argue with a bill. The question that decides whether a system gets safer is brutally simple. When it fails, who pays, and can they prove it was not them.

Why good intentions never clear the market

Security is an economics problem wearing an engineering costume. The classic failure is the externality. When a vendor ships a weak system, the vendor captures the speed and the margin, while the cost of the breach falls on a customer, a patient, a citizen, someone downstream who never signed anything. The party making the decision is not the party absorbing the loss. In that arrangement, no amount of sincerity fixes anything, because the incentives point away from the public interest by construction.

Liability is the mechanism that drags the cost back to the decision. It internalises the externality. It tells the party who chose the cheap path that the cheap path now carries the bill. This is not a moral argument. It is a pricing argument. Once failure is priced and the invoice is addressable, prevention stops being a cost centre and becomes the rational defensive spend. The market does the rest. That is the whole trick, and it is the most reliable lever we have.

The year the bill moved

Look at where the law has gone in the last eighteen months and you can see this principle being installed on purpose. In February 2025 the European Commission withdrew the proposed Artificial Intelligence Liability Directive, which would have eased the path for fault-based claims. The interesting part is what replaced it. The revised Product Liability Directive, Directive 2024 slash 2853, which member states must transpose by 9 December 2026, now treats software and artificial intelligence systems as products under strict liability. Strict liability means a claimant does not have to prove you were careless. They have to prove the product was defective and that it caused harm. Intent stops mattering. The defect and the damage are enough.

Alongside it, the European Union Artificial Intelligence Act reaches its high-risk obligations on 2 August 2026, with deployer duties under Article 26 and penalties that climb to thirty-five million euros or seven per cent of global annual turnover for the most serious breaches. The structure of these laws does something specific. It pushes a real share of the risk onto the deployer, the organisation that actually runs the system in the world, not only the lab that trained it. Colorado followed the same logic in its revised Artificial Intelligence Act, signed in May 2026 and effective January 2027, which splits liability for algorithmic discrimination between developer and deployer according to relative fault.

The numbers confirm the lever is live. Cumulative penalties under the General Data Protection Regulation now exceed seven billion euros, with around 1.2 billion euros issued in 2025 alone, including a 530 million euro fine against a single platform. In the United States, data breach class actions settled for more than 593 million dollars in a recent year. Public company security officers now sit inside a Securities and Exchange Commission disclosure regime that demands material cyber incidents be reported within four business days, with personal accountability attached. The cost of failure stopped being abstract. It acquired an address.

A bill you can deny is a bill nobody pays

Here is where most of the conversation stops too early, and where the real work begins. Liability is only as strong as the proof that supports it. You can write strict liability into a statute and price failure at seven per cent of turnover, but if no one can establish what the system actually did at the moment of harm, the regime collapses into a swearing contest. The defendant says the model behaved correctly and the operator misused it. The operator says the model misfired. The vendor says the logs are incomplete, or were edited, or never existed. When responsibility cannot be located, it evaporates, and the bill goes unpaid no matter how large the law says it should be.

A marble hand pressing a seal onto a tablet, a thin gold seam running through the stone
Liability requires a provable account. The signature comes before the act, not after it.

This is why the European Union Artificial Intelligence Act, in Article 12, requires high-risk systems to keep automatic, tamper-evident logs over their lifetime, retained for at least six months and longer for biometric and law enforcement use. The drafters understood the dependency. Liability requires a provable account of what a system did. A record that can be quietly rewritten is not an account, it is an alibi. Tamper-evidence is not a nicety bolted onto the side of governance. It is the precondition that makes liability assignable rather than deniable. Without it, accountability is a story two parties tell, and the one with the better lawyers wins.

Why I made the record the foundation

Mickai is a Sovereign Intelligence Operating System, built, live, and production-ready. Fifty brains, twenty-five domain and twenty-five operational, run on the Poseidon silicon substrate. None of that matters for this argument except for one design decision that sits underneath all of it. Every action the system takes is signed before it executes, written into an append-only, hash-chained ledger we call the Open Audit Record. The signature comes first. The act comes second. There is no window in which something happens and the record is composed afterwards to flatter the operator.

The signatures are post-quantum, using the Federal Information Processing Standard 204 Module-Lattice Digital Signature Algorithm scheme at security level 65, because a record meant to settle liability has to outlive today's cryptography. The audit root anchors through Pantheon, Mickai's sovereign Layer 1 blockchain, to Bitcoin, so the ledger's integrity does not rest on my word or my company's continued goodwill. Most important, the record is verifiable offline by a browser-resident verifier. No network call. No appeal to the vendor. You do not have to trust Mickai to check what Mickai did. You check the chain yourself. That last property is the one I care about most, because a record you can only verify by asking the accused is not evidence.

An unbroken marble chain of interlocking links receding into darkness, each touched with gold
An append-only, hash-chained record. You verify the chain yourself, without trusting the vendor.

This is what it means to design for liability rather than against it. The architecture assumes that one day someone will demand a provable account, in a courtroom or a regulator's office, of exactly what the system did and when. The portfolio behind it, 101 filed United Kingdom patent applications covering roughly 2,234 claims, owned by Mickai LTD and naming me as the inventor, exists to protect a single conviction. Accountability is not a policy you publish. It is a property you build in, before the action, in a form no one can edit after the fact.

Build for the day the bill arrives

The voluntary era of artificial intelligence safety is closing, and it should. Strict liability is arriving, deployers are being handed the risk, and the fines are now large enough to change quarterly numbers. That is the lever working as designed. But a lever needs something solid to push against, and here the solid thing is proof. The law can say a deployer is liable. Only a tamper-evident, signed, independently verifiable record can say what the deployer's system actually did.

So my advice to anyone deploying these systems in 2026 is unsentimental. Stop asking whether your vendor means well. Ask whether, on the worst day, you can prove what happened in a form a court will accept and an adversary cannot deny. If you can, liability is survivable, and the system gets safer because it has to. If you cannot, you are carrying every cost the law can assign and holding none of the evidence that could move it. Security improves when someone is liable. Liability holds when the record is real. Build the record first.

ShareLinkedInXHacker NewsRedditMastodonBlueskyEmail
Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/security-improves-when-someone-is-liable. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
13 Jun 2026
Concentrated AI Power Is a Security Problem
The concentration of artificial intelligence in a few companies is treated as an economic story. It is a security story. When the same firm owns the model, the silicon, and the audit log, no outside party can check whether the record is honest. I built Mickai so the operator holds the hardware, the keys, and the audit chain, and trust is replaced by verification.
13 Jun 2026
Prompt Injection Is Not a Bug You Patch
Prompt injection is treated as a vulnerability to be patched. It is not. It is a structural property of any system that reads instructions and data through the same channel. The 2025 and 2026 incidents prove the filters fail. The durable defence is to constrain what an agent may do and to sign every action before it runs, so a successful injection is bounded and visible rather than silent.
13 Jun 2026
Trust Is Demonstrated, Not Declared
A vendor saying trust us, our artificial intelligence is safe and governed is worth nothing if you cannot verify it. From the responsible artificial intelligence pledges of this year to the breaches that exposed them, the lesson is the same: trust is a systems property. The Open Audit Record replaces declared trust with a record a third party can verify offline, without trusting the vendor.
13 Jun 2026
Surveillance Is the Default. Sovereignty Is a Decision.
Pervasive data collection is not an abuse of modern technology. It is the business model, the default that runs whenever no one decides otherwise, and artificial intelligence makes every collected byte far more valuable and far more dangerous. Sovereignty is the deliberate alternative: the intelligence runs on hardware you own, the data never leaves it, and every access lives in a record you can verify yourself.
See all articles →