MICKAI®
Article · 11 July 2026

Sovereign AI for Universities and Research: Protecting IP and Grant Data

Require AI that runs offline on hardware you own, learns only from a sealed corpus, and seals every action to a signed record.

Sovereign AI for Universities and Research: Protecting IP and Grant Data
Author
Micky Irons
Published
11 July 2026
Follow Micky Irons
LinkedInX
sovereign aitrusted researchresearch data securityexport controlgrant data

A university or research institute should require that any AI used on unpublished intellectual property and grant data runs offline on hardware the institution controls, learns only from a sealed corpus that never leaves the estate, and writes every action to a signed, tamper-evident record. The reason is direct: sensitive and dual-use research is governed by Trusted Research and export control, and a public cloud model sends the data to a third party the moment it is used, which the institution can neither prevent nor prove afterwards.

In 2026 that gap has become a diligence question funders ask out loud: where does the data go when a researcher uses AI. Public services answer it badly, because prompts, attachments and results traverse infrastructure the institution does not own and cannot audit. Sovereign AI answers it by construction, because nothing leaves.

Why can a research institution not just use a public AI service?

Public AI services are designed to send data to the vendor. When a researcher pastes an unpublished method, a grant application or a dual-use design into a public, general-purpose AI service, that text leaves the institution and is processed on infrastructure governed by another party, often another jurisdiction. The US CLOUD Act lets United States authorities compel a US-headquartered provider to disclose data it holds, wherever the servers physically sit. For pre-publication IP or export-controlled work, that is an exposure the institution cannot control and cannot rule out. The requirement is not a better cloud contract. It is architecture that never transmits the data at all.

Sovereign AI for Universities and Research: Protecting IP and Grant Data, illustration 1

What is a sealed corpus and why does it matter?

A sealed corpus is the body of documents, data and prior work the AI may learn from and reason over, held inside the institution's own perimeter and never transmitted out. In a Sovereign Intelligence Operating System the model reads the sealed corpus locally to answer a question, and that corpus never becomes training material for anyone else. Grant files, unpublished results and dual-use design notes stay inside the estate. Retrieval happens on operator-owned hardware. A sealed corpus is the difference between an AI that helps with sensitive research and one that quietly exports it.

Sovereign AI for Universities and Research: Protecting IP and Grant Data, illustration 2

How does offline operation protect grant and research data?

Mickai is a Sovereign Intelligence Operating System that runs offline on hardware the institution owns, so there is no outbound path for research data to take. The design uses a zero-egress inbound perimeter: information can be brought in under control, but the operating system opens no channel to send prompts, documents or output to an external service. Sovereign models run locally, so a network outage does not stop research and a network tap has nothing to capture. Offline operation converts a policy promise into a physical fact, because data that has no route out cannot leak out.

Sovereign AI for Universities and Research: Protecting IP and Grant Data, illustration 3

What can an auditor or funder actually check?

An auditor should be able to verify three things without taking anyone's word. First, that the AI ran offline with no external calls, provable from the operating system's own records rather than a vendor dashboard. Second, that every action, who asked what, which corpus was read and what the model returned, is written to a signed, append-only ledger that cannot be altered after the fact. Third, that the identity behind each action is real: identity is bound to hardware, attested at the device and tied into the audit chain, so a record cannot be forged or repudiated. The ledger is sealed with post-quantum signatures under FIPS 204 and FIPS 205, so it stays verifiable even against future cryptographic attack.

The test of AI on sensitive research is not how clever the answer is, but whether the institution can prove the data never left its control.

Sovereign AI for Universities and Research: Protecting IP and Grant Data, illustration 4

Which rules make this necessary?

Several regimes converge on the same requirement. The UK Trusted Research agenda asks institutions to protect sensitive and dual-use work from hostile acquisition. Export control on dual-use technology restricts who may access certain research, so the AI touching it must enforce and evidence that restriction. The General Data Protection Regulation governs personal data in research cohorts and grant records. For institutions inside financial or critical-infrastructure scope, DORA, in force since January 2025, and NIS2 raise the bar on operational resilience and supply-chain risk, and ISO/IEC 42001 sets the management-system standard for AI. On the EU AI Act, the high-risk obligations of Annex III once due on 2 August 2026 were deferred by the Digital Omnibus to 2 December 2027, with embedded high-risk uses under Annex I moving to 2 August 2028 and the Article 50 transparency duties largely unchanged. We read that deferral as a build window, not a reprieve.

What is model provenance and why should a university demand it?

Model provenance is the documented answer to what the AI is, where its weights came from and what it was trained on. A university cannot certify research integrity on a model it cannot describe. We run sovereign models whose lineage and training corpus are known and recorded, rather than an opaque service that can change underneath the institution without notice. The wider design brings offline verifiability, the zero-egress perimeter, hardware-attested identity, the post-quantum ledger and cross-model consensus, where more than one sovereign model must agree before a high-stakes answer is trusted, into one substrate. That architecture is the subject of 104 filed UK patent applications, approximately 2,340 claims, owned by Mickai LTD; never granted or patented. For a research institution the value is not the filing count but that sovereignty, auditability and provenance are engineered in, not bolted on.

Frequently asked questions

Can a university use public cloud AI services for confidential grant applications?

Not for genuinely sensitive or unpublished material. General-purpose public services process the text on the vendor's own infrastructure, which places the data outside the institution's control and, under laws such as the US CLOUD Act, potentially within reach of a foreign authority. For pre-publication IP, dual-use work or personal data in a cohort, the safer requirement is AI that runs offline on institution-owned hardware and never transmits the data out.

What does sovereign AI mean for a research institute?

Sovereign AI means the institution owns the hardware, holds the models and keeps the data, with no dependency on an external cloud. Mickai is a Sovereign Intelligence Operating System that runs offline and seals every action to a signed record. In practice, sensitive research can benefit from AI without any of it leaving the estate.

How does offline AI satisfy Trusted Research and export control?

Trusted Research asks institutions to protect sensitive and dual-use work from hostile acquisition, and export control restricts who may access certain research. Offline, sovereign AI enforces both by construction: access is bound to attested identity, the work never leaves the perimeter, and every action is written to a tamper-evident ledger the institution can show an auditor. The evidence is produced by the operating system itself, not a vendor report.

Does the EU AI Act require sovereign AI by August 2026?

No. The high-risk obligations under Annex III once due on 2 August 2026 were deferred by the Digital Omnibus to 2 December 2027, with embedded high-risk uses under Annex I moving to 2 August 2028 and the Article 50 transparency duties largely unchanged. We treat that timeline as a window to build sovereign, auditable AI properly rather than a reason to delay.

What should a procurement team ask an AI vendor about protecting IP?

Ask four things. Can it run fully offline on hardware we own. Does it learn only from a sealed corpus that never leaves our estate. Can it produce a signed, tamper-evident record of every action for an auditor. Can it document the provenance of its models. A vendor that cannot answer all four should not touch unpublished IP or grant data.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/sovereign-ai-for-universities-and-research-protecting-ip-and-grant-data. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles