MICKAI®
Article · 11 July 2026

Sovereign AI for mid-market and SMEs: you do not need a data centre

Small sovereign models now run on modest owned hardware, so a packaged sovereign operating system brings data sovereignty within reach of smaller regulated firms.

Sovereign AI for mid-market and SMEs: you do not need a data centre
Author
Micky Irons
Published
11 July 2026
Follow Micky Irons
LinkedInX
sovereign aimid-marketsmedata sovereigntyon-premises ai

No. Sovereign AI now runs on modest owned hardware, because small sovereign models fit where whole data centres were once assumed, removing that barrier.

The question matters in 2026 because regulation, cross-border data exposure and post-quantum risk now reach smaller firms, while the assumption that sovereignty demands hyperscale infrastructure has quietly stopped being true. For a mid-market or SME operator, that shift turns sovereignty from an aspiration reserved for large institutions into a practical option sized to the firm.

Do we really not need a data centre?

Correct. A packaged sovereign operating system runs offline on hardware you own, so owning your models no longer means building or renting a data centre.

Mickai is a Sovereign Intelligence Operating System, a SIOS, that is built and live and runs offline on operator-owned hardware. It does not phone home, and every action it takes is cryptographically sealed into an audit ledger you control. That design collapses the old requirement for a room full of servers into a self-contained deployment a smaller firm can house on its own premises. The data-centre assumption was a by-product of enormous general models, and compact sovereign models sized for specific work have quietly retired it.

Sovereign AI for mid-market and SMEs: you do not need a data centre, illustration 1

What hardware does a smaller firm actually need?

Modest workstation-class hardware. Sovereign models sized for professional work run on a capable desktop or small server, not a hyperscale estate.

Because the system is designed to run on machines you own, it lets you choose CPU, GPU or a hybrid split rather than forcing one costly configuration. Identity is hardware-attested and bound to the audit chain, and an inbound perimeter holds the deployment to zero egress, so sensitive data never leaves the building. A single capable workstation carries a small firm, and as demand rises you add nodes rather than rearchitecting anything.

Sovereign AI for mid-market and SMEs: you do not need a data centre, illustration 2

Which sovereign tier fits a firm of our size?

Match tier to sensitivity and scale: a small professional firm uses a compact node, a mid-market operator a cluster, a regulated SME a hardened configuration.

Sovereignty is not one size. The right starting point depends on how sensitive your data is and how many people rely on it, and the tiers below map firm size to a sensible hardware assumption and outcome. Each tier is a starting posture, not a ceiling, and a firm moves up as its data sensitivity or team grows.

Firm size / use caseSovereign tierHardware assumptionWhat it delivers
Small professional firmCompact single nodeOne workstation-class machineOffline drafting, review and sealed records
Mid-market operatorClustered deploymentA few owned serversShared brains, presence and cross-model consensus
Regulated SMEHardened sealed configurationIsolated owned rackZero egress, attested identity, post-quantum signed ledger
Sovereign AI for mid-market and SMEs: you do not need a data centre, illustration 3

How is this different from using ChatGPT or Copilot?

Public services like ChatGPT, Copilot and Gemini suit general work, but a SIOS keeps your most sensitive data on hardware those services cannot reach.

For public, low-sensitivity tasks and everyday productivity, those cloud services are often the right pick, and we treat them as allies rather than rivals. The architectural difference is where the data and the model live. Because a US-based provider can be compelled under the US CLOUD Act regardless of where its servers physically sit, the most regulated data needs a home the provider cannot reach. A SIOS gives it that home, and cross-model consensus checks each answer across several sovereign models rather than trusting a single one.

Sovereign AI for mid-market and SMEs: you do not need a data centre, illustration 4

What compliance rules does this actually satisfy?

It aligns with rules smaller regulated firms face: DORA, NIS2 and EU AI Act transparency, using offline verifiability and a post-quantum signed audit ledger.

DORA has been in force since January 2025, and NIS2 covers essential and important entities, which increasingly pulls in mid-market suppliers. Under the EU AI Act, the high-risk Annex III obligations once due on 2 August 2026 were deferred by the Digital Omnibus to 2 December 2027, with embedded Annex I high-risk moved to 2 August 2028, while Article 50 transparency duties are largely unchanged. The audit ledger is signed using FIPS 204 ML-DSA and FIPS 205 SLH-DSA, while FIPS 203 ML-KEM handles key encapsulation and never signs. This substrate is what our patent estate protects: 104 filed UK patent applications and 2,340 claims, owned by Mickai LTD, Companies House 17166618, filed and patent pending.

How does the cost scale as we grow?

Cost scales with owned hardware, not usage. Because the system runs on kit you own, adding users means adding nodes, not paying per query.

The economic shape is fixed capital in owned hardware rather than a bill that climbs with every prompt, which flips the usual cloud curve where heavier use means a larger monthly invoice. A smaller firm can start with one node and grow close to linearly, adding compute in proportion to real demand. Fifty brains, twenty-five domain and twenty-five operational, share that hardware rather than each spinning up a separate paid service. This is why sovereignty is now realistic below enterprise scale: the barrier was never really the models, it was the assumed infrastructure around them. On what this costs, prices are shared in briefings, not publicly, and the point here is the scaling behaviour rather than any figure.

Sovereignty is no longer a privilege of scale; it is now a design choice that a firm of almost any size can make.

Frequently asked questions

Do I really not need a data centre for sovereign AI?

No. A packaged SIOS runs offline on hardware you already own, from a single workstation-class machine upwards. The data-centre assumption came from an era of very large general models, and compact sovereign models have since removed it for smaller firms.

Is my SME too small to bother with sovereign AI?

Not at all. Regulated obligations under DORA and NIS2 increasingly reach mid-market and smaller suppliers, and cross-border exposure does not scale down with headcount. Sovereign tiers exist specifically so a small firm can start proportionate to its size and grow from there.

Can I just use ChatGPT or Copilot instead?

For general, low-sensitivity work, those services are often the right pick and we treat them as allies. For the most sensitive data, a US-based provider can be compelled under the US CLOUD Act, so that data needs a home on hardware the provider cannot reach.

What happens to compliance evidence with an offline system?

Every action is sealed into an audit ledger signed with FIPS 204 and FIPS 205 post-quantum signatures. Because the system runs offline with hardware-attested identity, that evidence is verifiable without trusting an external cloud, which supports DORA and NIS2 obligations.

Does Mickai publish its prices?

Prices are shared in briefings, not publicly. What we can say here is that cost scales with owned hardware rather than per-query usage, so heavier use does not translate into a climbing monthly invoice. The behaviour, not a figure, is the point.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/sovereign-ai-for-mid-market-and-smes. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles