Sovereign AI for Water Utilities
Control-room intelligence that stays offline, proves every action it takes, and never leaves the water company's own hardware.
Water does not tolerate improvisation. A treatment works answers to physics, to public health law, and to the simple fact that millions of people expect to open a tap and trust what comes out. When a control room reaches for artificial intelligence, it is not looking for a clever assistant that lives somewhere in the cloud. It is looking for an operator it can trust with a pump, a dosing line, and a population, one that can prove afterwards exactly what it did and why.
That is the boundary the public cloud cannot cross on the customer's own terms, and it is the boundary we built Mickai to hold. Mickai is a Sovereign Intelligence Operating System, a SIOS, that runs on hardware the water company owns, air-gapped or on-premise, with zero data egress. It is built and it is live. In the sections below we set out why the water sector is a special case, and how a sovereign, offline, tamper-evident intelligence layer changes what a control room can safely do.
Why water is the hardest room to automate
Every regulated sector has stakes, but water combines several at once. The process is continuous and physical: chlorine dosing, coagulation, filtration, and pressure management all interact, and a mistaken instruction propagates through pipes rather than pausing politely for review. The estate is sprawling and old, mixing modern telemetry with programmable logic controllers installed decades ago. And the consequences are public in the most literal sense, because a fault reaches households before a press release does.
On top of that sits a wall of obligation. Operators answer to environmental regulators, to drinking-water inspectorates, and increasingly to cyber-resilience rules such as the European Union's Network and Information Systems Directive 2 (NIS2). An intelligence layer here cannot be a black box that occasionally guesses well. It has to behave like a member of staff who follows procedure, records what they did, and can be held to account. That is a design requirement, not a nice-to-have.
Sovereignty is the starting point, not the sticker
Much of what is sold as sovereign amounts to a data-residency promise: your information sits in a datacentre in your country, but the intelligence still runs on infrastructure someone else controls, updated on someone else's schedule, and reachable across a network you do not own. For a water utility that model is a standing risk. It widens the attack surface, it creates a dependency on connectivity that a treatment works cannot always guarantee, and it means the reasoning behind a decision lives somewhere you cannot audit.
Mickai inverts that. The brains, the studios that operators work in, and the audit ledger all live on the utility's own metal. There is no call home, no telemetry leaving the perimeter, and no requirement for an internet link to keep working. A remote pumping station cut off by a storm still has its full intelligence layer, because that layer never depended on a connection in the first place. Sovereignty stops being a label on the contract and becomes a property of where the system physically runs.
Offline by design, so the loss of a link is not the loss of a brain
Water infrastructure spreads across catchments, reservoirs, and remote sites where connectivity is thin and, on the worst day, gone. A control-room intelligence that degrades the moment a link drops is worse than no intelligence at all, because operators come to depend on it and then lose it precisely when pressure is highest. We treated offline operation as the default state rather than a fallback mode.
Because the brains run locally, forecasting demand, spotting an anomalous pressure signature, or recommending a dosing adjustment happens at the site, in the room, with no round trip to anywhere. Operators can also choose how that compute is spent. Mickai exposes graphics-processor, central-processor, and hybrid modes with an adjustable split, so a utility running modest hardware at a distant site and a well-provisioned central control room both get intelligence sized to the metal they actually own, not to an assumption about what they can reach over a wire.
Every action signed before it fires
The heart of a trustworthy control-room intelligence is not what it suggests, but what it is allowed to do and how that is governed. In Mickai, nothing acts without an Operation Attestation Record (OAR) that is generated and signed before the action executes, never after. The record captures which brain proposed the action, on what evidence, under which policy, and with which approvals, and it is committed cryptographically ahead of anything touching a valve, a pump, or a dosing setpoint.
For a low-stakes read, such as summarising a night's telemetry, that attestation is lightweight and automatic. For a high-stakes action, such as changing a chlorine dose or overriding a pressure regime, Mickai requires more than one brain to concur and adds voice-biometric approval from a named, authorised operator. Brains are revocable, so an intelligence that misbehaves or falls out of policy can be withdrawn cleanly rather than argued with. The result is a system that can be given real authority precisely because that authority is fenced, signed, and reversible.
Tamper-evident, so the record survives the incident
When something goes wrong at a water works, the questions come fast and they come from people with statutory power. What changed, who or what changed it, on what basis, and can you show me. An intelligence layer that cannot answer those questions in a way that stands up to scrutiny is a liability dressed as an asset. Mickai writes every attestation into a tamper-evident, cryptographically signed audit ledger, a chain of records hash-linked with SHA-3-512 so that any later alteration is mathematically obvious.
Those signatures use post-quantum cryptography, the FIPS 204 ML-DSA-65 standard for digital signatures, so the record does not quietly weaken as computing advances. And crucially the whole ledger verifies offline. An inspector, an auditor, or the utility's own assurance team can confirm that the history is intact and untampered without contacting any vendor and without trusting our word for it. The proof lives with the evidence, on the customer's own hardware, ready whenever it is asked for.
Where this leaves the cloud, and where it leaves the operator
None of this is a quarrel with the public cloud. The large providers, from the hyperscalers to the frontier model builders, are allies operating at a different layer, and plenty of a water company's work belongs there. What does not belong there is the live, actuating, legally accountable core of critical national infrastructure, the part that opens valves and answers to inspectors. Mickai serves that regulated boundary on the customer's own terms, sitting alongside the cloud rather than against it.
The capabilities described here are contained in a portfolio of 104 filed United Kingdom patent applications, comprising about 2,340 claims, owned by Mickai LTD. We describe them by what they let a control room do: act with signed authority, run without a network, and prove its history under quantum-resistant signatures. That framing matters, because in this sector a feature is only worth as much as the accountability wrapped around it.
The bottom line
Water utilities do not need an intelligence that is merely capable. They need one that stays inside their walls, keeps working when the link dies, refuses to act without a signature, and leaves a record no one can quietly rewrite. Mickai is that intelligence: sovereign because it runs on hardware the utility owns, offline because it was built that way from the first line, and tamper-evident because in critical national infrastructure the proof is the product. We built it for the room where a wrong instruction reaches households before anyone can recall it, and where trust has to be earned in cryptography, not promised in a brochure.




