Sovereign AI for Local Government: Citizen-Data Casework Without Sending Residents to the Cloud
Councils hold the most sensitive personal data in the country and cannot pipe it to a public-cloud model, so the AI that reads it has to live inside their own walls.
The data a council holds is the data you cannot afford to leak
A local authority is a special-category data machine. Children's social care records. Adult safeguarding files. Housing and homelessness assessments. Special educational needs and disability plans. Council tax hardship, benefits investigations, domestic abuse referrals, immigration status attached to school admissions. Under UK GDPR this is Article 9 territory: health, ethnicity, religious belief, biometric identifiers, and criminal-offence data under Article 10. It is the personal information of residents who never chose to become a data subject and cannot change supplier.
Generative AI would help this work. Triaging a safeguarding backlog. Summarising a two-hundred-page case file. Drafting a decision letter that cites the correct policy. Spotting the vulnerable adult who has slipped between three departments. The problem is not appetite. The problem is that doing any of it through a public-cloud model means copying resident data into an external provider's infrastructure, and no Data Protection Officer worth the title will sign that off.
I built Mickai so councils do not have to choose between the capability and the duty. Mickai is a sovereign AI operating system: AI that a regulated organisation owns and runs inside its own walls, on-premise and air-gapped, with every action written to a tamper-evident audit record. It is built, and it is live.
Why the public cloud is a closed door for casework
Set the marketing aside. The legal reality for a UK local authority is specific and unforgiving.
A Data Protection Impact Assessment (DPIA) is mandatory for high-risk processing, and automated analysis of special-category resident data is the textbook high-risk case. The DPIA has to name where the data goes, who can access it, and the transfer mechanism if it leaves the UK. Route casework through a hyperscaler model and the honest DPIA becomes a confession: resident data is copied to third-party infrastructure, potentially subject to onward access under foreign law, retained and used in ways the council cannot fully attest to.
The CLOUD Act sharpens the point. Data held by a US-headquartered provider can be reached by US legal process wherever the servers physically sit. A council cannot promise a domestic abuse survivor that her address stays inside the country when the model reading her file runs on infrastructure that answers to another jurisdiction. Add the public-sector duty of confidence, the common-law expectation that information given for one purpose is not repurposed, and the reality that a single resident-data breach invites Information Commissioner enforcement. The rational council answer has been to do little with AI on live casework. Sovereign infrastructure turns that no into a yes.
What on-premise actually means here
Sovereign is not a slogan. It is an architecture, and the details are what let a DPO sign.
Mickai runs entirely inside the council's own environment. The models, the retrieval layer, the reasoning, and the storage all sit behind the authority's firewall, and can run fully air-gapped for the most sensitive processing. Resident data never crosses the boundary. There is no external API call, no telemetry home, no vendor with a copy.
The reasoning is done by fifty specialist brains coordinated by a deterministic arbiter, so the same case follows the same reasoning path rather than a probabilistic wander. Retrieval is air-gapped: the model answers from the council's own indexed policies, statutory guidance, and case records, not from an internet it cannot see. Every action, every read of a file, every draft, every recommendation, is written to an Objective Audit Record (OAR). That record is cryptographically signed with ML-DSA-65, a post-quantum signature standard, and bound to hardware identity, so it is tamper-evident and stays verifiable even against future compute. When the Information Commissioner or a judicial review asks what the system did with a resident's data, the answer is a signed, replayable log rather than a shrug.
The people who have to say yes
Adoption in local government is a committee, and each seat holds a veto.
The Data Protection Officer needs the DPIA to be truthful and the lawful basis to hold. On-premise processing with no external transfer collapses the hardest section of that assessment. The Senior Information Risk Owner (SIRO) needs to own the risk personally and evidence it to members. A tamper-evident audit trail is exactly the evidence that role has never had for AI. The Monitoring Officer and legal team need decisions to be defensible on judicial review, which means traceable reasoning, not an opaque output. The Head of Internal Audit needs to test controls after the fact, and a signed OAR is testable. The Head of Digital wants capability without becoming the person who leaked the borough. Sovereign architecture is the one design that satisfies all of them at once, because it removes the shared underlying fear rather than mitigating it.
Compliance-first Studios, applied to the council
The casework maps cleanly onto the Mickai Studios, our named domains of work. Nomos handles compliance reasoning against statutory guidance and internal policy. Astraea supports the legal and public-law defensibility of decisions. Aletheia is the audit layer that reads the OAR and evidences what happened. Iris runs resident-facing service interactions without exposing the underlying records. Panacea sits over health and social-care content where clinical sensitivity is highest. Each operates on data that never leaves the building, under the same deterministic arbiter and the same signed audit record. The council gets a working assistant across safeguarding, housing, benefits, and adult social care, and keeps a complete, provable account of every step.
Why now, and why this is a category
The regulatory direction of travel is one way only. UK GDPR is not loosening. The EU AI Act treats much of what a public body does with citizen data as high-risk, demanding logging, human oversight, and traceability that public-cloud AI cannot natively provide. Independent analyst estimates put the sovereign AI market at around USD 40 billion in 2025, rising to roughly USD 148 billion by 2032. Councils are one slice of a wedge that includes banks, insurers, hospitals, and defence suppliers, everyone legally barred from putting their most sensitive data into someone else's model.
Mickai holds 104 filed UK patent applications, around 2,340 claims, covering the architecture that makes this work: the signed audit record, the deterministic multi-brain arbiter, hardware-bound identity, air-gapped retrieval, and compensating rollback. Filed, not granted, which gives us priority and a prior-art position rather than a finished monopoly. As a third-party momentum signal, Crunchbase ranked me fourth among founders globally in June 2026, with the company inside the top one to two percent. We are a UK company with Birmingham manufacturing secured, built and live, building to scale.
We are not trying to replace the model labs. Mickai is the sovereign layer that lets a council use serious AI at all, which is a category a hyperscaler would rather own than compete with.
The window
We are working with a small number of selected partners, councils and public bodies that want to run resident-data AI on their own terms and help shape how sovereign local government is built. If your authority is weighing how to use AI on citizen data without breaching the duty you owe to residents, I would like to talk.
Micky Irons, founder and CEO of Mickai. micky@mickai.co.uk
Frequently asked questions
Can a UK council legally use generative AI on special-category resident data?
Only if the processing stays lawful under UK GDPR Articles 9 and 10 and the DPIA holds. Public-cloud models copy resident data to third-party infrastructure, which is the section of the DPIA that fails. On-premise, air-gapped processing where data never leaves the council's own environment is what makes the lawful basis defensible.
What does air-gapped actually mean in Mickai?
The models, retrieval layer, reasoning, and storage all run behind the council's own firewall with no external API call and no telemetry. Retrieval answers from the council's own indexed policies and case records rather than the open internet, so resident data never crosses the boundary.
How does Mickai satisfy a DPIA and judicial-review scrutiny?
Every action is written to an Objective Audit Record signed with the ML-DSA-65 post-quantum standard and bound to hardware identity. That gives the DPO, SIRO, Monitoring Officer, and Head of Internal Audit a tamper-evident, replayable log of exactly what the system did with a resident's file.
Does the CLOUD Act affect council AI?
Yes. Data held by a US-headquartered provider can be reached by US legal process regardless of where the servers sit. Running the model entirely inside the council's own environment removes that exposure, because there is no external provider holding the data.
Is Mickai trying to replace the large AI labs?
No. Mickai is the sovereign layer that lets a regulated body use serious AI at all. It is an ally to the model ecosystem, providing the ownership, air-gapping, and audit that public-cloud AI cannot offer for citizen data.






