MICKAI
Article · 3 July 2026

Sovereign by design versus sovereign by promise

We built Mickai so that data residency is a property of the machine, not a clause in a contract, because only one of those survives an audit.

Sovereign by design versus sovereign by promise
Author
Micky Irons
Published
3 July 2026
Follow Micky Irons
LinkedInX
data sovereigntydata residencyregulatory complianceon premises aiair gapped

A promise is not a boundary

Most of what the market calls sovereignty is a promise. A vendor writes a clause into a contract that says your data will be processed and stored in a named region, held by a named legal entity, under a named body of law. The clause is real. The intention is often sincere. But a clause is a description of what someone has agreed to do, not a description of what the system can do. When the two diverge, and under pressure they do diverge, the clause is the thing that bends.

We drew a hard line early. Mickai is a Sovereign Intelligence Operating System, a SIOS, and we designed it so that sovereignty is a property of the machine rather than a property of the paperwork. The distinction sounds academic until a regulator asks you to prove where a specific record went, at a specific moment, and you discover that your only evidence is a promise that the record stayed put.

What contractual residency actually guarantees

Contractual data residency is a legal instrument layered on top of infrastructure that is, by construction, capable of moving your data. The public cloud is a distributed system. It replicates for durability, it fails over across zones, it caches at edges, and it exposes control planes that sit in one jurisdiction while the workload sits in another. The residency clause promises that none of these mechanisms will carry your data somewhere it should not go. It does not remove the mechanisms. It asks you to trust that they will be configured, and stay configured, in your favour.

Themis, evoking a contractual promise that bends under pressure where a boundary does not
Themis, a clause governs conduct and conduct can be breached

That trust rests on a chain of assumptions, and every link is a place where a promise can quietly fail:

  • Configuration drift, where a well set control is changed months later by someone who never read the contract.
  • Support and telemetry paths, where diagnostic data, prompts, and metadata leave through a side door that the residency clause never covered.
  • Sub-processors, where the named entity subcontracts to a chain of others, each with its own jurisdiction and its own reach.
  • Legal compulsion, where a court or an agency in the operator's home country orders disclosure regardless of where the bytes physically sit.
  • Model providers, where inference is served by a third party who sees every query you send, because that is how the round trip works.

None of these are exotic failures. They are the ordinary operating conditions of software that runs on someone else's computers. Contractual residency does not close them. It insures against them, and insurance pays out after the loss, which is precisely the moment a regulator is no longer interested in reassurance.

Argus Panoptes, evoking the regulator's all-seeing demand to prove the data could not have left
Argus Panoptes, the auditor's gaze that wants to see egress was not on the menu

What a regulator is actually asking

When a supervisory authority examines a data flow, the question underneath every question is the same. Can you demonstrate, with evidence you did not author after the fact, that the data could not have left the boundary you claimed for it? Notice the shape of the question. It is not whether you intended to keep the data in place. It is not whether your supplier assured you that they would. It is whether the possibility of egress existed at all.

A contract cannot answer that question, because a contract governs conduct, and conduct can be breached. Only the architecture can answer it, because architecture governs what is physically possible. This is the entire difference between sovereign by promise and sovereign by design. One says the data was not supposed to leave. The other says the data had no route out.

A regulator does not want to hear that egress was against the rules. A regulator wants to see that egress was not on the menu.

Micky Irons, founder, Mickai
Hestia, evoking on-premises air-gapped intelligence that keeps the data inside the boundary with no route out
Hestia, the intelligence lives where the customer lives and never has to travel

How we make the guarantee enforceable

We took the position that if data must not leave, the honest way to guarantee it is to run everything on the customer's own hardware, on premises and air gapped, with no public cloud round trip and zero data egress by construction. The intelligence lives where the customer lives. Nothing has to travel to a distant model provider to be useful, because the model is already inside the boundary. When there is no route out, there is nothing to promise about the route out.

Inside that boundary, fifty specialist brains do the work, twenty five domain brains and twenty five operational brains, running under deterministic governance rather than best effort behaviour. Deterministic matters here for the same reason architecture matters. A governed action is one whose limits are enforced by the system, not merely requested of it. The brain that handles a regulated task cannot wander outside its remit, because the governance layer decides what is permitted before the action runs, not after.

Aion, evoking a post-quantum signed audit record that stays verifiable against the cryptography of the next decade
Aion, the signed record sealed to survive the cryptography of decades to come

Then we made the record undeniable. Every action produces a cryptographically signed audit record, the Open Audit Record, written at the moment the action happens. It is signed with post-quantum signing, ML-DSA-65, so the evidence stays verifiable against the cryptography of the next decade and not only this one. The customer owns the memory the system builds, which means the audit trail belongs to the party who has to answer for it, not to a supplier who might one day be unavailable, acquired, or compelled.

Put those pieces together and the regulator's question has a real answer. Where did the record go? It stayed on this hardware, inside this boundary, and here is the signed proof that it never had anywhere else to go. That is not a promise. That is a demonstration.

Why the market is turning toward it

We are not the only ones who can feel the ground shifting. The appetite for genuine, enforceable sovereignty is showing up in our own public signals. Our founder now ranks number two on Crunchbase, and the company Heat Score reached ninety four out of one hundred, climbing from single digits. We read that not as a verdict on us alone but as a reading of the room. Serious buyers have started to notice that a residency clause is a description of good intentions and that good intentions do not survive contact with a court order or a misconfigured control plane.

Nike, evoking the market turning toward enforceable sovereignty as the standard rises and rank climbs
Nike, the room is turning toward sovereignty that can be proven

The underlying work is patient work. We have one hundred and four filed UK patent applications, roughly two thousand three hundred and forty claims, each with a full specification, claims, and figures, building toward examination and grant. Those filings describe the mechanisms that make the guarantee real, the governance, the audit record, the signing, the ownership of memory. We frame them by what they contain because that is what will matter when the examiner reads them and when a customer's counsel reads them.

The line we will keep drawing

The next few years will separate the two kinds of sovereignty for good. Contractual residency will keep its place for workloads where the stakes are low and trust is cheap. But for regulated data, for national infrastructure, for anything where the wrong disclosure is not a fine but a failure, the standard will move to what can be proven at the level of the machine. Buyers will stop asking whether a supplier promises to keep data in place and start asking whether the system makes any other outcome impossible.

We built for that world before it fully arrived, because we think it is the only world a serious regulator can accept. Sovereignty that lives in a contract is sovereignty you are renting from someone who can change the terms. Sovereignty that lives in the design is yours, it runs on your hardware, it owns nothing it does not need to own, and it can prove where your data went because it never had the option of sending it anywhere else. We intend to keep drawing that line, clearly and in public, until the difference between a promise and a boundary is obvious to everyone who has to sign for the risk.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/sovereign-by-design-versus-sovereign-by-promise. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles