MICKAI
Article · 2 July 2026

Sovereign Cloud Is Not On Premises

Mickai is a sovereign intelligence operating system that regulated businesses own and run inside their own walls. This is why sovereign cloud and on premises are not the same thing, and why the difference decides what a regulator will accept.

Sovereign Cloud Is Not On Premises
Author
Micky Irons
Published
2 July 2026
Follow Micky Irons
LinkedInX
sovereign AIon premisesdata sovereigntyregulated industriespost-quantum audit

The distinction regulators actually care about

Mickai is a sovereign intelligence operating system that regulated businesses own and run inside their own walls. That single sentence contains the argument of this article, because it draws a line that most of the market is happy to blur. "Sovereign cloud" and "on premises" are treated as synonyms in a great deal of vendor marketing. They are not the same thing. For a regulated buyer, the gap between them is the gap between a control you can evidence and a promise you have to trust.

We build for the firms that sit on the wrong side of that gap. Around 0.85 million UK businesses, roughly 15 percent of the total, and about 5 million across the EU, cannot lawfully send their data to public cloud AI. The reasons are not preferences. They are the PRA model risk expectations under SS1/23, UK GDPR special category data, the NHS Data Security and Protection Toolkit, the EU AI Act high risk classification, ITAR and EAR, the NIS Regulations, and the US CLOUD Act. When a buyer in one of these categories asks whether "sovereign cloud" satisfies the rule, the honest answer is usually no, and the reason sits in the architecture.

What "sovereign cloud" really means

A sovereign cloud is, at bottom, a public cloud with a boundary drawn around it. The data may be pinned to a region. The operators may be vetted nationals. The contract may promise that no bytes leave the jurisdiction. These are real improvements over an ordinary tenancy, and for many workloads they are enough. But the model still runs on infrastructure the buyer does not own, administered by staff the buyer does not employ, under a control plane the buyer cannot inspect. The data leaves the building. Sovereignty, in this arrangement, is a legal undertaking layered on top of someone else's computer.

The problem is that a legal undertaking is only as strong as the mechanism behind it, and the US CLOUD Act is a mechanism that reaches through the undertaking. A US headquartered provider can be compelled to produce data held by its foreign subsidiaries, regardless of where the servers sit or what the regional contract says. A residency clause does not survive a lawful production order. For a defence contractor bound by ITAR, or a bank whose model governance must satisfy the PRA, or an NHS trust handling special category records, "we promise it stays here" is not a control they can put in front of an examiner.

What on premises means, done properly

On premises, done properly, removes the promise and replaces it with a fact. We run entirely on the customer's own hardware, on premises and air gapped, with zero data egress and no public cloud round trip. There is no control plane in another company's data centre, no vetted operator on the other side of a contract, no residency clause standing in for a boundary. The boundary is physical. The data does not leave because there is no path by which it could.

That is the difference an examiner can test. A sovereign cloud asks the regulator to accept a chain of assurances about a system the buyer cannot see. An owned, air gapped system asks the regulator to inspect a machine that sits in the buyer's own estate. One is a matter of trust. The other is a matter of evidence. We are built for the second.

Evidence, not assurance: the Open Audit Record

Evidence is the word that matters, so we made it the foundation of the platform. Every consequential action the system takes is signed under post-quantum cryptography (FIPS 204 ML-DSA-65, with ML-KEM-768) and hash chained into a tamper evident, append only ledger. We call it the Open Audit Record. Anyone can verify it offline, for decades, without trusting us.

That last clause is the whole point. A sovereign cloud audit log lives inside the provider's system and is validated by the provider's tooling. The Open Audit Record inverts that relationship. The record is portable, cryptographically self proving, and verifiable by a party who has no relationship with us at all. A regulator does not have to believe our attestation. They can check the maths. In a market where the entire question is whether an assurance can be trusted, we replaced the assurance with a proof.

How the system is built

Underneath the audit layer, we run about fifty specialist models, 25 domain and 25 operational, with cross model routing under a deterministic arbiter. The arbiter matters for the same reason the audit record matters. Because routing is deterministic, outputs are reproducible. A regulated buyer can rerun a decision and obtain the same result, which is precisely what model risk governance requires and what a probabilistic black box cannot offer. These are our own sovereign models, running on the customer's hardware, never calling out.

The work is organised into studios. The names are drawn from the Greek pantheon and the functions are entirely serious. Nemesis covers fraud and AML. Plutus handles finance and FP&A. Tyche runs underwriting. Prometheus does forecasting. Iris manages customer service. Nomos and Astraea cover compliance and legal. Panacea is clinical. Pythia is business intelligence and Aletheia is audit. Vinis handles voice, the Agentic Marketing Team runs marketing operations, Trust Agent is the perimeter, and we offer the Open Audit Record as a service in its own right. Across fielded units, Pantheon, our post-quantum Layer 1 currently on testnet, provides multi node attestation with no central server, so a fleet of air gapped installations can prove its integrity to itself without any of them phoning home.

The market, and the wedge

The sovereign AI market is roughly USD 40 billion in 2025 and rising to about USD 148 billion by 2032. The buyers driving that growth are, definitionally, the ones the public cloud cannot lawfully reach. That is the wedge. We sell sovereign AI directly to regulated firms that the public cloud cannot serve, and we license the patented stack to the platforms that want to serve them and cannot.

The intellectual property behind that position is substantial. We hold 104 filed UK patent applications, roughly 2,340 claims across 13 invention families, owned by Mickai LTD, with named inventor Mickarle Sean Junior Wagstaff-Irons. These are filed, not granted, and we are precise about that word. Filing establishes priority and builds a prior-art moat, which is exactly the asset a sovereign architecture needs in a field this contested. Internal analysis maps 196 companies and 311 patent to company pairs as potential licensees, including Microsoft, AWS, NVIDIA, Google, Adobe and IBM. That is potential-licensee sizing, not a signed book and not a claim of infringement. We are an ally to the AI majors, not a challenger to them. A platform that adds a sovereign layer reaches, at once, the regulated market it cannot serve today.

Where this leaves the buyer

For the regulated buyer, the choice is not really between two products. It is between two evidentiary postures. A sovereign cloud gives you a stronger promise about a system you do not control. An owned, air gapped operating system gives you control, and then gives you a cryptographic record that turns that control into something you can hand to a regulator without commentary. We are Mickai LTD, a UK company, Companies House 17166618, with Birmingham manufacturing secured, and we built the second option because the firms we serve cannot lawfully accept the first.

Our pre-seed round is opening soon, and we welcome inquiries from interested partners by email at micky@mickai.co.uk or on LinkedIn. Beyond that, the case stands on the architecture. Sovereign cloud is a boundary drawn around someone else's computer. On premises, done the way we do it, is the computer being yours, the data never leaving, and the proof being verifiable by anyone, for decades, without trusting the vendor who built it.

Is sovereign cloud the same as on premises?

No. A sovereign cloud runs on a provider's infrastructure with a legal boundary drawn around it, so the data still leaves the building and residency rests on a contract. On premises, done properly, runs on the customer's own hardware, air gapped, with zero data egress, so the boundary is physical rather than contractual. Under mechanisms such as the US CLOUD Act, that distinction is the difference between a control you can evidence and a promise you have to trust.

Why does deterministic routing matter for regulated firms?

Because model risk governance, including the PRA expectations under SS1/23, requires decisions to be reproducible. We run about fifty specialist models under a deterministic arbiter, so the same inputs produce the same outputs and a decision can be rerun and checked. A probabilistic system that cannot reproduce its own outputs struggles to meet that standard.

What makes the Open Audit Record verifiable without trusting Mickai?

Every consequential action is signed under post-quantum cryptography (FIPS 204 ML-DSA-65, with ML-KEM-768) and hash chained into a tamper evident, append only ledger. The record is portable and self proving, so a regulator or third party can verify it offline, for decades, by checking the cryptography rather than believing an attestation from us.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/sovereign-cloud-is-not-on-prem. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles