Sovereign AI for the NHS and Healthcare Trusts
On-premise intelligence that keeps patient data inside the trust while every clinical action is signed before it runs
Every NHS trust sits on one of the richest and most sensitive datasets in the country: full clinical histories, imaging, pathology, mental-health records, safeguarding notes. The promise of artificial intelligence in that setting is obvious. A clinician drowning in documentation could reclaim hours. A discharge summary could write itself. A cluttered record could surface the one contraindication that matters. Yet the moment a trust considers sending that data to a cloud service, the calculus changes. The question is no longer what the intelligence can do. It is where the data goes, who can read it, and what happens when a regulator asks for proof.
We built Mickai, our Sovereign Intelligence Operating System, for exactly that boundary. It holds the line the public cloud cannot cross on a healthcare provider's own terms. Mickai runs entirely on hardware the trust owns, air-gapped or on-premise, with zero data egress. The clinical value arrives without the patient record ever leaving the building. This is not a pilot promise. It is built and it is live.
The problem is not the model, it is the perimeter
Most clinical AI on the market is a cloud endpoint wearing a compliance badge. The reassurance is contractual: a data processing agreement, a residency clause, a certification logo. None of that changes the physical reality that the patient's record travelled across a wire to a data centre the trust does not control, to be processed by a system the trust cannot inspect. For a marketing dataset that trade might be acceptable. For a fifteen-year-old's mental-health notes it is not.
Sovereignty inverts the model. Instead of shipping the data to the intelligence, we bring the intelligence to the data. Our brains, the specialised subsystems that perform clinical summarisation, coding, triage support and records search, execute inside the trust's own perimeter. The network cable to the outside world can be physically absent and the system still works. Nothing is uploaded, nothing is logged to a vendor, nothing is retained anywhere the trust cannot reach and delete.
Zero egress is a design choice, not a setting
There is a meaningful difference between a system that promises not to send data out and a system that cannot. Mickai is the latter. Every subsystem is packaged to run offline against local brains, and the runtime verifies its own signatures before it will execute. There is no telemetry channel to disable because none is built. When a trust's information governance team asks the awkward question, does this call the internet, the honest answer is no, and it is demonstrable rather than asserted.
This matters for more than privacy. It removes an entire class of operational risk. There is no cloud outage that stops a ward from summarising a handover. There is no rate limit during a winter surge. There is no third party quietly retraining on trust data. The trust's compute, the trust's data, the trust's control, all in one place.
Where GDPR, the EU AI Act and HIPAA actually land
UK data protection law and the General Data Protection Regulation (GDPR) treat health records as a special category demanding the highest safeguards. The lawful basis, the data minimisation duty and the accountability principle all become far easier to satisfy when processing happens on infrastructure the controller physically owns and no transfer occurs. There is no international transfer to assess because there is no transfer at all.
The European Union Artificial Intelligence Act (EU AI Act) classes much clinical decision support as high-risk, which brings obligations around data governance, human oversight, transparency and record-keeping. For any trust operating cross-border, and for the Health Insurance Portability and Accountability Act (HIPAA) that governs collaborators and research partners in the United States, the same architectural answer holds. When the intelligence runs locally and every action is logged in a tamper-evident ledger, the evidence the regulator wants is generated as a by-product of normal operation rather than reconstructed under pressure during an audit.
Clinical summarisation and records under the trust's own governance
The day-to-day value shows up in the work clinicians already do. A consultant can ask a record to summarise a complex admission and receive a structured account with every claim anchored to the source note. A coder can have a discharge letter drafted for review. A nurse can search across a patient's history in plain language rather than clicking through fragmented systems. Each of these runs against the trust's live governance rules, its role-based access, its retention policy, its clinical safety standards, because the system lives inside that governance rather than beside it.
Crucially, brains are revocable. If a summarisation subsystem needs to be withdrawn, updated or restricted to certain departments, that happens under the trust's authority and takes effect immediately across the estate. And for anything that touches a patient outcome, a high-stakes action can require multi-brain agreement plus voice-biometric approval from an authorised clinician before it proceeds. The human stays in command by design.
A signed audit trail for every clinical decision
The capability we consider non-negotiable in healthcare is attestation. Before any subsystem acts, whether it summarises a record, suggests a code or surfaces a flag, Mickai writes an Operation Attestation Record (OAR) that captures what is about to happen, which brain proposed it, on what inputs and under whose authority. The OAR is signed before the action executes, not after, using post-quantum digital signatures to the FIPS 204 ML-DSA-65 standard so the proof survives even the arrival of quantum computing.
Those records accumulate into a tamper-evident, cryptographically-signed audit ledger that can be verified offline. A clinical safety officer, an information governance lead or an external investigator can confirm exactly what the system did, in what order, without trusting the vendor and without a network connection. When a coroner, a regulator or a patient asks how a decision was reached, the trust holds a mathematically verifiable answer rather than a log a vendor might have altered.
The cloud giants remain allies, at a different layer
None of this is a war on the hyperscalers. OpenAI, Microsoft, Amazon Web Services, Google and Oracle have built extraordinary infrastructure, and the NHS uses it well for a great deal. Mickai serves a narrower and stricter boundary: the regulated core where patient identifiable data must never leave the trust's control. We sit alongside the public cloud, not against it, handling the one layer that cannot be outsourced while the rest of the estate continues as it is.
That posture is backed by capability we have committed to in the open. Our approach is described across 104 filed UK patent applications, covering about 2,340 claims and owned by Mickai LTD, spanning attestation, offline verification, revocable brains and hardware-bound sovereign execution. We frame those filings by what they let a trust do, not as a trophy. They exist so that on-premise clinical intelligence is a defensible architecture rather than a marketing slogan.
The bottom line
An NHS trust should not have to choose between clinical productivity and patient confidentiality. Sovereign, on-premise artificial intelligence dissolves the trade-off. The data stays inside the trust, the intelligence runs on the trust's own hardware, every action is signed before it happens, and the audit trail is verifiable by anyone with authority to check. GDPR, the EU AI Act and HIPAA stop being obstacles and become properties the architecture satisfies by default. For healthcare, sovereignty is not a premium feature. It is the only responsible way to put intelligence next to a patient record.




