The Clinical Studio: AI for Health Data That Never Leaves the Trust
We built a Sovereign Intelligence Operating System so that NHS trusts can put AI to work on special category data without a single record ever leaving the building.
The data governance question that stops most clinical AI at the door
Ask any information governance lead in an NHS trust what worries them about artificial intelligence and the answer rarely turns on model accuracy. It turns on where the data goes. Patient records are special category data under UK GDPR. They are protected by the common law duty of confidentiality, by the National Data Guardian standards, and by the Data Security and Protection Toolkit that every trust must complete each year. The moment a clinical dataset is sent to an external service for processing, the trust has to explain that flow, defend the lawful basis, map the data processing agreement, and account for every place a copy might come to rest. For most teams that is where a promising pilot quietly dies.
We built Mickai to remove that failure point entirely. Mickai is a Sovereign Intelligence Operating System, a SIOS, and the founding principle is simple. The intelligence comes to the data. The data does not go to the intelligence. When Mickai runs inside a trust, it runs on the trust's own hardware, on premises and, where the estate demands it, fully air gapped. There is no public cloud round trip, no external inference endpoint, and no egress of clinical information to a third party. What the trust processes stays inside the trust's own boundary, under the trust's own control.
What a clinical studio actually does
We describe the health configuration of Mickai as a clinical studio because it is a working environment, not a single function. Inside it, fifty specialist brains cooperate under deterministic governance. Twenty five of those brains are domain focused and twenty five are operational, handling the coordination, checking, and record keeping that clinical work demands. A studio can read a discharge summary, reconcile coded diagnoses, draft correspondence for a clinician to approve, summarise a long and messy record into something a multidisciplinary team meeting can use, or surface the cohort that matches a set of inclusion criteria for a service evaluation. Every one of those tasks happens on the trust's own machines, against the trust's own data, and nothing is shipped out to be processed elsewhere.
The governance is the point that matters most to a caldicott guardian or a senior information risk owner. The brains do not act freely. They act within rules the trust sets, and every action they take is written to a cryptographically signed audit record. We call it the Open Audit Record, and it is created on every action, not sampled and not reconstructed after the fact. That means an information governance team can answer the hardest question in health data with evidence rather than assurance. Who or what touched this record, when, under what instruction, and what did it do next.
Mapping onto the DSP Toolkit
The Data Security and Protection Toolkit is the language trusts already speak, so we designed the clinical studio to produce evidence in that language rather than against it. The controls a governance team has to demonstrate line up closely with the way a sovereign system behaves by default.
- Data flows and egress: because processing happens on premises with zero data egress, the flow map for a Mickai deployment is short and honest. There is no external processor to contract with, no cross border transfer to justify, and no shadow copy sitting in someone else's cloud region.
- Access control and accountability: every action carries a signed entry in the Open Audit Record, so least privilege, role separation, and monitoring are demonstrable from the record itself rather than inferred from policy documents.
- Data ownership and retention: the memory the studio builds up belongs to the trust. It sits on the trust's storage, it is retained and deleted on the trust's schedule, and it is never mined, pooled, or reused to train anyone else's system.
- Business continuity and resilience: an air gapped deployment does not fail because an internet link drops or an external vendor has an outage, which changes the risk picture for any service that has to keep running.
- Cryptographic assurance for the long term: signatures use post-quantum cryptography, specifically ML-DSA-65, so an audit record created today remains verifiable as cryptographic standards move forward.
None of this is a claim that Mickai completes the DSP Toolkit for a trust. The toolkit is a whole organisation exercise and it should be. What we can say plainly is that a sovereign, on premises system removes several of the hardest assertions a governance team otherwise has to make about a third party they cannot see inside, and it replaces assurance with an audit record they can read.
“The safest place for patient data to be processed is the place it already lives, under the control of the people already accountable for it. We built the clinical studio so that using AI does not mean giving that up.”
Why sovereignty is not a compromise on capability
There is an old assumption that keeping AI on premises means accepting a weaker version of it. We do not accept that trade. The clinical studio runs the full weight of the fifty brains locally, with the memory the trust owns growing richer over time as it works with the trust's own documents, terminology, and pathways. Because that memory never leaves and is never shared, it can be specific to the trust in a way a general external service can never be. A model that has learned the local coding conventions, the local referral routes, and the local letter styles, and that keeps all of that behind the trust's own walls, is more useful to a clinician, not less.
We should be equally clear about what protects this work over the long term. The full specification of how the clinical studio behaves, the governance model, the audit record, the post-quantum signing, and the way memory is held and owned, sits inside a body of filed intellectual property. We have 104 filed UK patent applications carrying approximately 2,340 claims, with full specifications, claims, and figures, and they are building toward examination and grant. That matters to a trust because it means the architecture we are describing is documented and defensible, not a marketing outline.
The signal that the direction is right
We are early and we are candid about that. The proof we can point to today is our own public standing rather than a roster of names we are not going to invent. On Crunchbase our founder now ranks number two, and the company Heat Score reached 94 out of 100, having climbed from single digits. That is a public signal that the sovereign approach is landing with the people who watch where this field is going. It is not a substitute for a live trust deployment, and we will not dress it up as one.
What comes next for clinical teams
The path we want to walk with a trust is deliberate. Start inside a single service where the data flows are already well understood, run the clinical studio fully on premises against a defined dataset, and let the information governance team read the Open Audit Record for themselves rather than take our word for anything. From there the same pattern extends, service by service, with every step producing its own evidence and every record staying inside the trust's boundary. Sovereign AI for health is not a distant idea. It is a system that runs where the data already lives, keeps that data still, and shows its working. We built the clinical studio so that clinical teams can finally say yes to AI without ever having to say goodbye to their data.





