Sovereign AI for Central Banks
Monetary and supervisory intelligence that never leaves the bank: independence proven, secrecy architectural, every decision signed, fully offline.
A central bank is the one institution a country cannot allow to be read from the outside. Its rate deliberations, its supervisory ratings of the banks it oversees, its foreign-reserve positions and its financial-stability war-gaming are among the most market-moving secrets any state holds. Leak a decision early and you move currencies. Leak a supervisory judgement and you can start the very run you were trying to prevent.
That is why the arrival of powerful artificial intelligence poses a peculiar problem for monetary authorities. The models are useful for forecasting, for reading thousands of supervisory returns, for stress-testing the system. Yet the mainstream way to consume that intelligence is to send your data to someone else's cloud. For a central bank, that is not an option. We built Mickai, a Sovereign Intelligence Operating System, so that a central bank can hold this capability entirely on hardware it owns, with nothing ever leaving the building.
The intelligence must sit inside the vault
Mickai is not an application and not a model that phones home. It is a full operating layer for sovereign intelligence, a SIOS, that installs on the customer's own machines and runs air-gapped or on-premise with zero data egress. The reasoning, the memory and the audit trail all live behind the same perimeter as the reserve accounts. There is no outbound connection to sever because there was never one to begin with.
For a monetary authority this changes the risk calculus completely. The question stops being whether a vendor's cloud region is adequately certified and becomes one the bank already knows how to answer: is this hardware, in this room, under our control. Our subsystems, which we call brains, run against the bank's confidential corpus without that corpus ever being copied, streamed or embedded on any infrastructure the bank does not physically own.
Independence you can prove, not just assert
Central-bank independence is a constitutional idea, but in the age of machine reasoning it needs a technical expression. If an analytical engine that shapes a rate decision is operated by an outside party, that party sits, however faintly, inside the deliberation. Sovereignty over the tooling is now part of sovereignty over policy.
Mickai gives the bank that operational independence by design. The brains are revocable: a governor can suspend or retire any subsystem instantly, and high-stakes actions require multi-brain plus voice-biometric approval so that no single component and no single person can act alone. The base intelligence is fixed to the bank's own weights and its own sealed corpus, so the behaviour of the system is a function of the institution, not of a supplier's roadmap or a distant terms-of-service change.
Secrecy that survives the worst day
The material a central bank handles is not merely private, it is systemically dangerous if it moves early. A draft supervisory rating, an intervention plan, a liquidity-assistance decision for a named institution: each of these is a market event waiting to happen. Ordinary confidentiality controls assume a trusted network and a trusted operator. A sovereign authority cannot make either assumption about anyone but itself.
Because Mickai runs fully offline, the attack surface that matters most simply is not present. There is no inference endpoint on the public internet, no telemetry stream, no vendor with a standing key to the data. The most sensitive workflows, from Basel capital assessments to reviews under the Markets in Financial Instruments Directive II, can be run by the machine without any of the underlying detail crossing the perimeter. Secrecy stops being a policy people promise to keep and becomes a property of the architecture.
Every decision signed before it acts
Supervisory and monetary decisions are challenged, audited and, sometimes, litigated years after the fact. A central bank must be able to show precisely what was considered, by which component, on what evidence, and in what order. We built Mickai for exactly this standard of proof.
Every action the system takes is governed by an Operation Attestation Record, an OAR, that is signed before the action executes, not logged after it. Those records are chained together with SHA-3-512 hash-linking and sealed with post-quantum signatures using the FIPS 204 ML-DSA-65 standard, so the ledger is tamper-evident and remains verifiable even against future quantum attack. The whole chain can be checked offline, on air-gapped hardware, without trusting the machine that produced it. When an auditor, an oversight committee or a court asks what happened, the bank does not describe its controls, it presents a cryptographically-signed record of them.
Fully offline, and fully capable
Offline is often assumed to mean diminished. It does not here. The bank can run macroeconomic scenario analysis, read and reconcile thousands of regulatory returns, and monitor the supervised sector for stress signals entirely within its own estate. Human governance stays exactly where it belongs, because the highest-consequence steps demand multi-brain and voice-biometric sign-off before anything moves.
The same posture answers the compliance regimes a central bank both enforces and inhabits. Running on owned hardware with zero egress and a signed ledger maps cleanly onto the operational-resilience expectations of the Digital Operational Resilience Act (DORA), the network-security duties of the second Network and Information Security Directive (NIS2), the data-protection requirements of the General Data Protection Regulation (GDPR), and the governance obligations emerging under the European Union Artificial Intelligence Act, ISO 42001 and the National Institute of Standards and Technology AI Risk Management Framework. The bank meets these standards from inside its own walls rather than by extending trust outward.
Allies at a different layer
None of this is a rejection of the public cloud, and it is not a contest with the firms that build it. The large providers do extraordinary work at the scale layer, and for the vast bulk of the economy that is exactly right. Mickai sits at a different layer: the regulated boundary the public cloud, by its nature, cannot cross on the customer's own terms.
A central bank is the clearest case of that boundary. It cannot outsource its independence, cannot export its secrets, and cannot accept an audit trail it did not itself seal. The capability it needs is the one thing that has to stay entirely within its own hands. We designed the SIOS to be precisely that.
The bottom line
Monetary and supervisory intelligence is now too valuable to do without and too dangerous to hand to anyone else. Mickai lets a central bank keep both: the full weight of machine reasoning for forecasting, supervision and stability, and absolute custody of the data, the decisions and the proof. Independence stays technical, secrecy stays architectural, every action arrives pre-signed, and the whole thing runs offline on hardware the bank owns. The intelligence enters the vault and never leaves it.




