Mickai's sovereign hardware AI workstations: on-device AI for BAE Systems, Rolls-Royce, AWE, Babcock, Sellafield, the wider NDA portfolio, EDF, the PRA-regulated banks, GSK, and every UK regulated engineering desk that cannot egress to cloud AI.

The structural constraint, in one paragraph

A design engineer at a UK regulated workstation, in any of the verticals named below, sits at a desk running CAD against design geometries, P&ID diagrams, structural analyses, simulation models, control-software listings, and ten or more other regulated engineering applications. Production data on the screen is, by data classification, content the site does not allow off-perimeter. The engineer cannot open Claude, ChatGPT, Codex, Copilot, Cursor, Gemini, or any other cloud AI tool, because every one of those tools requires the prompt and the surrounding context to leave the operator's network and reach a vendor-controlled endpoint. The rule is not a recommendation; it is the operating posture of every defence-nuclear yard, every Nuclear Decommissioning Authority site, every defence prime, every PRA-regulated bank, every pharma prime, and every critical national infrastructure operator in the United Kingdom. The engineer therefore sits at a workstation in 2026 with no AI assistance at all, while an engineer in an unregulated environment is using AI to extend their throughput by an order of magnitude. The productivity gap is structural, not behavioural. The operator is not anti-AI; the operator is anti-egress. Mickai's sovereign hardware AI workstation closes that gap at the cryptographic primitive layer, without moving a single packet off the operator's perimeter.

Where the constraint binds, across the UK regulated private sector

Defence-nuclear. BAE Systems' submarine programme at Barrow-in-Furness designs and builds the Astute-class and Dreadnought-class platforms; every workstation on that yard holds design data the site does not let out of its perimeter. Rolls-Royce Submarines at Raynesway in Derby designs and manufactures the pressurised water reactors that propel them; the same egress posture binds the propulsion engineering line. Babcock International's nuclear engineering and submarine refit operations at Devonport, Faslane, and Bristol run under the same data class. AWE at Aldermaston and Burghfield, the design authority for the UK's nuclear warhead, runs the strictest of all. None of these sites can use cloud AI, period.

Civil and decommissioning nuclear. EDF Energy UK runs the operating fleet of UK civil reactors; Hinkley Point C and Sizewell C are in construction; the Nuclear AMRC at Sheffield runs the manufacturing engineering research base. The Nuclear Decommissioning Authority portfolio (Sellafield Ltd, Magnox Ltd, Dounreay Site Restoration Ltd, and the wider site licensee community) is the largest, most expensive, most schedule-sensitive industrial decommissioning programme on the UK balance sheet. Every workstation across that portfolio runs the same egress constraint. The throughput gap on the engineering side of the NDA portfolio alone is a national-scale cost-out variable.

Defence primes (non-nuclear). Leonardo UK, Thales UK, MBDA UK, QinetiQ, Lockheed Martin UK, Raytheon UK, Northrop Grumman UK, and the wider defence supply chain (Cobham, Ultra Electronics, Chemring, Meggitt, Marshall, GKN Aerospace) all run hard data-class boundaries that forbid prompt egress. Workstation AI is, today, structurally unavailable to the engineers, analysts, and software developers across those primes.

Aerospace and civil aviation. Rolls-Royce's civil aerospace engineering (Derby), Airbus UK (Filton, Broughton), BAE Systems' Air sector, GKN Aerospace, and the regional supply chain run engineering data classes where the operator does not voluntarily release prompts to vendor flows. Same constraint, same gap.

Finance. The UK's PRA-regulated banks (HSBC UK, Barclays, Lloyds Banking Group, NatWest Group, Santander UK, Standard Chartered) run transaction monitoring, credit decisioning, market surveillance, and compliance review queues on workstations under SS1/23 model risk management expectations. The PRA names third-party AI dependency as concentration risk that must be priced into operational resilience. The workstation does not get cloud AI; it stays at no AI.

Pharma and life sciences. GSK and AstraZeneca run pre-clinical compound libraries, trial datasets, and pre-publication research evidence that hold structural IP positions; the same holds for the UK's wider pharma cluster (Pfizer UK, Novartis UK, Roche UK, MSD UK, Janssen UK, Eli Lilly UK, the academic-prime joint ventures at Crick, Babraham, Diamond, and the Wellcome Sanger Institute). The scientist at the desk has no AI route to a model that respects the IP boundary.

Critical national infrastructure. National Grid, SSE, Drax, Centrica, ENW, UK Power Networks, BT, Openreach, Virgin Media O2, Thames Water, Severn Trent, United Utilities, and the wider water and energy sector all run operational data classes where the egress question is itself the assurance question. Substation control, fault diagnosis, network capacity planning, customer triage: all currently AI-blocked on the regulated workstation.

Government primes and outsourcers. Capita, Serco, Atos UK, Fujitsu UK, KPMG UK, PwC UK, EY UK, and Deloitte UK run government workloads where the data class often forbids vendor-key AI. The consulting engineer cannot bring Claude to the client engagement; the consulting engagement therefore happens without AI, or stalls on the assurance question. The workstation answers that assurance question by construction.

What a Mickai sovereign hardware AI workstation actually is

A Mickai sovereign hardware AI workstation is a desktop or rack workstation, certified by Mickai LTD, that runs the Mickai Sovereign Intelligence Operating System (SIOS) on the operator's iron, with the model weights resident on the workstation's encrypted storage, the inference compute resident on the workstation's GPU or NPU, the audit ledger signed under the operator's TPM-bound key, and the verifier running locally in any browser tab. No prompt, no context, no token, and no output leaves the operator's network. The substrate is the same SIOS substrate documented under the brain taxonomy at mickai.co.uk/brains: six subsystems (Multi-Brain Orchestration, Agent Tooling, Knowledge and Memory, Artifacts, Vinis Voice, Governance Layer), twenty-five brains, an Arbiter Brain at the head and a hash-linked, post-quantum signed audit ledger at the foot. The audit ledger signs every committed action under FIPS 204 ML-DSA-65, hash-linked under SHA-3-512, in CBOR canonical serialisation. The verifier emits one of four deterministic verdicts per record: VERIFIED, INVALID, STALE, REVOKED. The operator holds the keys. The vendor of the underlying model is not the trust root; the operator is. That is the structural property the Sellafield constraint actually requires.

What the engineer at the desk gets, across the verticals

Concrete examples, at the workstation, with no network egress, across multiple primes and operators.

• CAD copilot at a BAE Systems Barrow submarine workstation: 'extract a parts list from this Astute-class hull-section assembly model and cross-reference against the supplier QA register'. The model runs on the workstation. The CAD file never leaves. The audit ledger records the prompt, the files referenced, the reasoning steps, the output, signed under the engineer's TPM-bound key.
• PWR engineering assistant at a Rolls-Royce Submarines Raynesway workstation: 'walk through this primary-circuit P&ID and identify isolation points for refit shutdown'. Diagram stays on the workstation. Reasoning trace replayable by the QA function months later, without recourse to any vendor.
• Decommissioning geometry copilot at a Sellafield, Magnox, or Dounreay workstation: 'given this dose-rate isosurface dataset, propose three shielding configurations that meet ALARP'. Dataset stays on the workstation. Output is a signed substrate record, not a vendor JSON.
• Engineering report drafting at AWE, Babcock Devonport, or any defence prime: 'turn this fault tree into a draft Periodic Safety Review chapter'. Fault tree, draft, and final document all remain on the workstation. Audit trail proves which AI suggestions the engineer accepted, which they rejected, and the timestamp on each decision.
• PLC and SIL code generation across nuclear, energy, water, and rail: 'refactor this PLC ladder logic against IEC 61511'. Ladder logic stays on operator iron. Substrate records the diff for the SIL assessment.
• Transaction monitoring copilot at HSBC UK, Barclays, Lloyds, or NatWest: 'cluster these flagged transactions against the bank's historical AML topology'. Transaction data stays on bank infrastructure. Substrate satisfies SS1/23 model risk evidence.
• Pre-clinical informatics at GSK or AstraZeneca: 'predict ADMET properties for this candidate library and rank against the bench results'. Compound structures stay on operator workstations; the IP boundary holds.
• Network engineering at BT or Openreach: 'analyse this packet capture against the playbook for type-X fault'. Capture stays on the operator's network estate. Substrate produces a signed action chain for OFCOM or any subsequent regulator review.
• Document classification and search across a closed records system at any of the above: 'find every operator instruction issued between 2014 and 2019 that references this specific waste stream / risk register / process'. No data leaves the workstation; records remain inside the operator's records-management posture.

Every one of those workflows is currently impossible at every workstation listed in the previous section. The egress posture forbids it. The Mickai sovereign hardware AI workstation makes them possible without changing the egress posture by a single packet.

Throughput, in operator language

The reason the workstation matters is not the technology; the reason is the throughput delta. Comparable unregulated benchmarks (DORA-style engineering productivity studies on cloud-AI-equipped workstations through 2025 and 2026) put the typical AI-assistance lift at five to ten times on document-heavy engineering work (technical reports, safety cases, change-control packages, regulatory submissions), two to four times on CAD-led design work (drawing markup, assembly review, parts-list extraction), and three to seven times on code-led engineering (PLC, software-on-control, simulation harness authoring). For an operator running a thousand-engineer organisation under a hard egress posture, the gap between zero AI assistance and substrate-grade AI assistance is, conservatively, equivalent to several hundred engineering full-time-equivalents reclaimed from the same headcount, every year, every site. On a programme as large as the NDA decommissioning portfolio, the BAE Systems submarine programme, or the Rolls-Royce nuclear propulsion line, that throughput lift is a national-scale productivity instrument, not an IT line-item.

The throughput estimate is the comparable-benchmark figure, not a promise. The Mickai workstation produces an auditable chain of every AI-assisted action; the operator's own engineering function measures the realised throughput against the chain, in the operator's own language, against the operator's own quality bar. The throughput is therefore measurable, defensible, and reportable under the operator's existing performance and assurance regime.

Compliance fit, by regulator

ONR (Office for Nuclear Regulation) on the civil and decommissioning side. The Authority's design-data lineage expectation is satisfied at the cryptographic primitive layer by the substrate audit ledger; every AI-assisted decision is signed under the operator's TPM-bound key, hash-linked, and replayable offline by the regulator.

Defence Authority (JSP 440 derivatives) on the defence-nuclear and defence side. The workstation slots into existing controlled-IT estates as a certified terminal. The chain is the artefact the Authority reads to verify design lineage, without recourse to the AI vendor in the loop.

PRA (SS1/23) on the finance side. The cryptographic position the workstation produces is, by construction, the operational resilience evidence the supervisory statement asks for.

ICO (workplace monitoring guidance, UK GDPR Articles 22 and 30) across all verticals where AI touches data subjects. The chain is the worker's, the union's, the employer's, and the regulator's at once.

OFCOM, OFWAT, OFGEM on CNI. The substrate audit ledger is the artefact the sector regulator can walk for incident review without vendor cooperation.

MHRA on pharma. Pre-clinical and trial data lineage is preserved at the cryptographic primitive layer. The Authority's chain-of-custody expectation is met by the substrate, not by vendor representation.

Where this work comes from

The author of this piece is Micky Irons, founder of Mickai LTD and the named inventor on the Mickai SIOS patent corpus (UK IPO public register, the GB2607309.8 to GB2610422.4 family). Before the architecture work that produced Mickai, Micky was a Sellafield site worker. The constraint described above is not theoretical; the constraint is the working day of every engineer on every regulated UK workstation, observed from inside it. The architecture is what happens when an engineer who lived inside the constraint sits down to design the AI substrate that would have made the constraint productive rather than blocking. The hardware-workstation layer is the surface at which the architecture meets the desk.

What an engineering CTO does this week

Three steps that fit inside any existing controlled-IT engagement model, applicable across every vertical above, and which do not require any site-egress posture change.

• Inventory the design-engineering, scientific, analytic, and developer workstations across your estate where an AI surface would lift throughput materially but the egress posture forbids it. The list is usually long and well understood inside the IT, OT, and engineering functions.
• Pilot one Mickai sovereign hardware AI workstation against one role, at one site, for one engineering quarter. The integration is a certified workstation on the existing controlled estate. The audit substrate satisfies the sector regulator's expectation by construction.
• Document the pilot as a transferable artefact (the audit chain, the verifier verdict log, the throughput delta in operator language, the regulator engagement record). The artefact transfers across your estate and is reusable across the defence-nuclear, civil-nuclear, defence prime, aerospace, finance, pharma, CNI, and government-primer verticals named above.

An invitation, to every named operator

Engineering leadership at BAE Systems, Rolls-Royce, Rolls-Royce Submarines, Babcock International, AWE, Cavendish Nuclear, Sellafield Ltd, Magnox Ltd, Dounreay Site Restoration Ltd, EDF Energy UK, Hinkley Point C, Sizewell C, the Nuclear AMRC, Leonardo UK, Thales UK, MBDA UK, QinetiQ, Lockheed Martin UK, Raytheon UK, Northrop Grumman UK, Cobham, Ultra Electronics, Chemring, Meggitt, Marshall, GKN Aerospace, Airbus UK, HSBC UK, Barclays, Lloyds Banking Group, NatWest Group, Santander UK, Standard Chartered, GSK, AstraZeneca, Pfizer UK, Novartis UK, Roche UK, MSD UK, Janssen UK, Eli Lilly UK, National Grid, SSE, Drax, Centrica, ENW, UK Power Networks, BT, Openreach, Virgin Media O2, Thames Water, Severn Trent, United Utilities, Capita, Serco, Atos UK, Fujitsu UK, KPMG UK, PwC UK, EY UK, and Deloitte UK are open to a fifteen-minute briefing at any time. press@mickai.co.uk. The workstation surface is the engineering counterpart to the existing controlled-IT posture, not a replacement for it. The substrate is on the UK IPO public register. The trade mark Mickai is registered at UK00004373277. The next move is institutional, and the right institutions to make it are the ones whose engineering throughput is most directly bounded by the egress constraint named above.

Sources and references

• Nuclear Decommissioning Authority, portfolio and site licensee community: gov.uk/government/organisations/nuclear-decommissioning-authority.
• Office for Nuclear Regulation (ONR), regulatory expectations on engineering substantiation.
• Sellafield Ltd, site operations and decommissioning programme.
• JSP 440, MOD defence manual on the security of information, JSP 440 derivatives apply to the defence-nuclear estate.
• PRA Supervisory Statement SS1/23, model risk management principles for banks.
• NHS Digital Data Security and Protection Toolkit (DSPT).
• NCSC, AI Cyber Security Code of Practice (DSIT consultation 2024 to 2025).
• NCSC, Timelines for migration to post-quantum cryptography.
• FIPS 204 (ML-DSA), NIST post-quantum digital signature standard.
• Mickai SIOS, six subsystems and twenty-five brains: mickai.co.uk/brains.
• Mickai trade mark UK00004373277, classes 9 and 42, filed 15 April 2026.