Sovereign AI for Credit Bureaus and Reference Agencies: Model Governance Over the Nation's Credit File
The reference database is the crown jewel of a credit bureau, and the models that read it must never leave the estate. Mickai runs them on-prem, air-gapped, and under a signed audit record.
The reference database is the asset, and it cannot leave the estate
A credit bureau does not sell software. It sells a judgement drawn from one of the most concentrated dossiers of financial behaviour a nation holds: who borrowed, who repaid, who defaulted, who moved, who is connected to whom. That reference database is the crown jewel. It is also special-category-adjacent, subject-access-bound, and of interest to every regulator, litigant and threat actor with a reason to care.
So when a bureau or reference agency reaches for AI, the question is not whether the models are clever. It is whether the crown jewel has to leave the building for the models to work. With public-cloud AI, it does. Prompts, embeddings, retrieved records and fine-tuning corpora all cross a boundary the bureau no longer controls. For an organisation whose entire value is custody of the national credit file, that is not a procurement decision. It is an existential one.
Mickai exists so the answer can be no. It is a sovereign AI operating system: AI that a regulated business owns and runs inside its own walls, on-prem and air-gapped, with every action written to a tamper-evident, post-quantum-signed audit record. Built and LIVE. The models come to the data. The data never leaves.
Model governance becomes a first-order control
Under the PRA and FCA regime for model risk management, the models that decide who gets credit and at what price are governed artefacts. They must be inventoried, validated, monitored, challenged and owned by a named accountable person. A scoring or affordability model that drifts, or that cannot explain why one applicant was declined and another approved, is not a technical embarrassment. It is a potential regulatory finding and, increasingly, a Consumer Duty question about whether outcomes are good.
Public-cloud AI makes this harder, not easier. The bureau cannot fully inventory a model it does not host, cannot reliably reproduce a decision whose weights may change beneath it, and cannot prove to a validator that the model that scored an applicant in March is the same one that scored them in September. SS1/23 expectations on model risk management assume you can point to the model, freeze it, and reconstruct its behaviour. That is difficult with an endpoint someone else controls.
Mickai puts the whole model estate inside the bureau. Fifty specialised brains run under a deterministic arbiter, so the same inputs produce the same governed output rather than a probabilistic answer that varies by call. Every inference, retrieval and override is written to the operational audit record (OAR): what model, what version, what data, what decision, signed with ML-DSA-65 post-quantum signatures and bound to hardware-level identity. That is a model-risk evidence base a Head of Model Risk can hand to a validator.
Air-gapped retrieval over the credit file
The technical heart of the matter is retrieval. Any useful AI over a credit file needs to read records, and reading records is exactly where public-cloud AI leaks. Mickai uses air-gapped RAG: the retrieval layer, the vector index and the language models all sit inside the estate, with no egress path. An analyst can ask a natural-language question about a trade line, a dispute pattern or a thin-file applicant, and the system retrieves and reasons over the real database without a single byte crossing the perimeter.
This matters for three regimes at once. UK GDPR treats much of what a bureau holds as sensitive by context, and a data-protection impact assessment on a cloud AI pipeline over that data rarely survives contact with a serious DPO. The EU AI Act classes credit scoring as high-risk, which brings requirements for logging, human oversight and technical documentation that an air-gapped, audited system can produce natively. And operational resilience rules, now sharpened by DORA for the financial entities a bureau serves, treat an unremovable third-party AI dependency as a concentration risk the board must justify.
Who inside the bureau this is for
The Chief Risk Officer gets a model estate that can be inventoried, frozen and reconstructed, with drift monitoring built in rather than bolted on. The Chief Information Security Officer gets an AI capability with no data egress and no shadow-IT prompt leakage to a public endpoint. The Data Protection Officer gets a DPIA that starts from the premise that personal data never leaves the estate. The Head of Internal Audit gets the OAR: a signed, ordered, tamper-evident record of every action the AI took, worth more in an audit than any vendor assurance letter. The General Counsel and the board get to answer the question that used to have no good answer: where does our data go when the AI runs? It does not go anywhere.
Two of Mickai's Greek-named Studios map directly onto bureau work. Pythia handles business intelligence over the reference database, turning the crown jewel into governed insight without exporting it. Aletheia runs continuous audit, so the evidence assembles itself. Around them sit Nemesis for fraud and AML, Plutus for finance, Tyche for underwriting, Prometheus for forecasting and Nomos for compliance, all under the same arbiter and the same signed record.
Compensating rollback and the right to be wrong safely
Regulated model estates fail in a specific way: a model update, a data refresh or a policy change produces a run of bad decisions before anyone notices. Mickai builds for that with compensating rollback. Because every action is recorded deterministically, a faulty change can be unwound and its downstream effects reversed with an auditable trail, rather than left as a silent population of wrong scores the bureau discovers months later through complaints. In a Consumer Duty world, being able to prove you caught it, unwound it and evidenced it is the difference between a remediation and an enforcement action.
Why this is defensible
Mickai is not a wrapper on someone else's model. The architecture is protected by 104 filed UK patent applications carrying roughly 2,340 claims, filed by Mickai LTD with Micky Irons as inventor. Filed, not granted, which gives priority and a prior-art moat rather than a marketing badge. As a third-party momentum signal, in June 2026 Micky Irons was ranked number four on Crunchbase, with the company inside the top one to two percent globally. It is a UK company, with Birmingham manufacturing secured, building to scale.
The wedge is not speculative. Around 850,000 UK businesses and roughly five million across the EU are effectively barred from public-cloud AI by the regimes above, and the sovereign AI market is on a path from about USD 40 billion in 2025 toward USD 148 billion by 2032. Credit bureaus and reference agencies sit at the sharpest point of that wedge, because for them the data is the business.
Mickai is an ally to the frontier, not a challenger to it. The frontier labs build extraordinary general models. Mickai is the operating system that lets a bureau run capability of that class over the national credit file without the file ever leaving the estate.
A note on timing
The interest is in institutions that understand why custody of the reference database is the whole game, and who want model governance built for that reality from the first day rather than retrofitted after a finding. If that is your remit, I would rather talk early.
Micky Irons, founder and CEO of Mickai. micky@mickai.co.uk
FAQ
Does any credit file data leave the bureau when Mickai runs? No. Mickai runs on-prem and air-gapped, with the models, the vector index and the retrieval layer all inside the estate and no egress path. The models come to the data.
How does Mickai support SS1/23 and PRA/FCA model risk management? The full model estate is hosted inside the bureau, so models can be inventoried, frozen and reconstructed. Every inference, version and override is written to the operational audit record, giving a Head of Model Risk a reproducible evidence base for validation.
How does this help with EU AI Act high-risk credit scoring and UK GDPR? Air-gapped operation means personal data never crosses the perimeter, which strengthens a DPIA, and the signed audit record produces the logging, human-oversight and technical documentation trail the AI Act expects for high-risk use.
Is Mickai a competitor to the frontier AI labs? No. Mickai is an ally to the frontier. The labs build general models; Mickai is the sovereign operating system that lets a regulated bureau run capability of that class over its own data without that data leaving the estate.
Frequently asked questions
Does any credit file data leave the bureau when Mickai runs?
No. Mickai runs on-prem and air-gapped, with the models, the vector index and the retrieval layer all inside the estate and no egress path. The models come to the data.
How does Mickai support SS1/23 and PRA/FCA model risk management?
The full model estate is hosted inside the bureau, so models can be inventoried, frozen and reconstructed. Every inference, version and override is written to the operational audit record, giving a Head of Model Risk a reproducible evidence base for validation.
How does this help with EU AI Act high-risk credit scoring and UK GDPR?
Air-gapped operation means personal data never crosses the perimeter, which strengthens a DPIA, and the signed audit record produces the logging, human-oversight and technical documentation trail the AI Act expects for high-risk use.
Is Mickai a competitor to the frontier AI labs?
No. Mickai is an ally to the frontier. The labs build general models; Mickai is the sovereign operating system that lets a regulated bureau run capability of that class over its own data without that data leaving the estate.






