MICKAI
Article · 1 July 2026

The Head of Model Risk and Sovereign AI: Validation, Challenge and Lineage You Actually Control

For the Head of Model Risk, owning the model, its weights and its validation evidence inside your own walls is the only posture you can defend to a regulator, a board and an auditor at the same time.

The Head of Model Risk and Sovereign AI: Validation, Challenge and Lineage You Actually Control
Author
Micky Irons
Published
1 July 2026
Follow Micky Irons
LinkedInX
Sovereign AIMickaiArtificial IntelligenceOpen Audit RecordPatents

The validation problem nobody wants to sign

The Head of Model Risk and Sovereign AI: Validation, Challenge and Lineage You Actually Control, illustration 1

If you run model risk in a regulated firm, you carry a signature nobody else in the building wants. Under PRA SS1/23, the Head of Model Risk is accountable for independent validation, effective challenge and a defensible record of a model's lineage from data to decision. That accountability does not pause when the model becomes a large language model rented from a hyperscaler.

Here is the uncomfortable part. You cannot validate what you cannot inspect. When the model, the weights and the update cadence sit behind a vendor API, your validation evidence is a screenshot of someone else's terms. You are asked to attest to soundness while the thing you are attesting to changes underneath you without notice, without a version pin and without a reproducible trail. That is not effective challenge. That is trust dressed as governance.

Mickai closes that gap. It is a sovereign AI operating system, an SIOS, that regulated businesses own and run inside their own walls, on-premise and air-gapped. Every action the system takes is written to a tamper-evident, post-quantum-signed audit record we call the OAR. It is built and it is LIVE, and we are building to scale.

What "own the model" means in model-risk terms

The Head of Model Risk and Sovereign AI: Validation, Challenge and Lineage You Actually Control, illustration 2

Ownership is not a slogan here. It is the difference between a validation file that holds and one that evaporates at the next silent update.

When you own the model on Mickai, three things become true that a public-cloud endpoint cannot give you:

  • The weights are yours and they are pinned. A model version does not change unless you change it. Validation done on Tuesday is still valid on Friday because nothing moved.
  • The lineage is captured, not narrated. Data in, retrieval context, the deterministic arbiter's routing, the output and the rollback path are all recorded in the OAR under an ML-DSA-65 post-quantum signature bound to hardware identity.
  • Challenge is reproducible. You can rerun the same input against the same pinned model inside your own environment and get the same behaviour, which is the precondition for any independent review that will survive scrutiny.

That is the posture SS1/23 actually asks for: a model inventory you control, tiering you can justify, validation you can reproduce, and monitoring that does not depend on a vendor's goodwill.

The architecture that makes evidence, not claims

The Head of Model Risk and Sovereign AI: Validation, Challenge and Lineage You Actually Control, illustration 3

Mickai runs 50 brains under a deterministic arbiter. The arbiter matters for model risk because it removes the coin-flip. Given the same input and the same policy, routing and control flow are deterministic, so your challenge runs are repeatable rather than probabilistic theatre.

Retrieval is air-gapped. The RAG corpus lives inside your boundary, so the context feeding a decision is a known, versioned set of documents, not the open internet on the day. When a validator asks why the model said what it said, the answer is a specific retrieved passage with a signed reference, not a shrug.

The OAR schema is the spine. Each entry carries the actor, the model version, the inputs, the retrieved context, the output, the arbiter path and a signature. Because signing uses ML-DSA-65, the record is designed to hold up even against a future quantum adversary, and because identity is hardware-bound, an entry cannot be forged by lifting a key onto another box. For irreversible-looking actions there is compensating rollback, so a wrong decision has a recorded, reversible remediation path rather than a silent overwrite. For high-authority actions, voice-biometric quorum can gate execution behind named human approval.

For a Head of Model Risk, that is the whole game. You are no longer describing controls in a policy document. You are pointing at a signed, replayable record of exactly what the model did and why.

This is also a resilience and third-party-risk story

The Head of Model Risk and Sovereign AI: Validation, Challenge and Lineage You Actually Control, illustration 4

Model risk does not live alone. DORA and the PRA and FCA operational resilience regime treat a critical AI dependency as a concentration risk on your own balance sheet of obligations. A public-cloud model is, in resilience terms, an unmanaged third party you cannot substitute inside your impact tolerance.

Running the model on-premise collapses that dependency. There is no cross-border data egress to reconcile against UK GDPR or the CLOUD Act, no foreign-jurisdiction exposure to explain to your board, and no vendor outage that can take your decisioning offline. The model becomes an owned asset inside your resilience perimeter rather than a supply chain you merely hope holds.

That same posture answers the neighbouring desks. The DPO gets special-category data that never leaves the building. The CISO gets an air-gapped system with hardware-bound identity. The General Counsel gets records that survive a discovery request. The MLRO and the CCO get a fraud, AML and compliance stack, Nemesis and Nomos in our Greek-named Studios, that produces the same signed evidence. And under FCA Consumer Duty and SM&CR, the accountable individual can finally show, not assert, that the model treated customers fairly.

The market this sits in

The Head of Model Risk and Sovereign AI: Validation, Challenge and Lineage You Actually Control, illustration 5

The barrier is not appetite. It is admissibility. Roughly 0.85 million UK businesses, around 15 percent, and close to 5 million across the EU are legally constrained from putting regulated workloads on public-cloud AI. That is the wedge, and the sovereign AI market reflects it: on independent estimates it moves from about USD 40 billion in 2025 toward USD 148 billion by 2032.

As a dated third-party signal, in June 2026 Crunchbase ranked our founder number four globally, with the company inside the top one to two percent. That is external momentum, not the argument. The substance is the estate: Mickai holds 104 filed UK patent applications, roughly 2,340 claims, in Mickai LTD. Filed, not granted, which is precisely the posture that establishes priority and a prior-art moat while the field is still forming.

An ally, not a replacement

The Head of Model Risk and Sovereign AI: Validation, Challenge and Lineage You Actually Control, illustration 6

Mickai is not positioned against the frontier labs. Their models are extraordinary, and for open, non-regulated work they belong in your stack. Our job is the part they structurally cannot serve: the model you own, the weights you pin, the evidence you sign, inside a boundary a regulator recognises. Two buyers, the enterprise that runs it and the eventual strategic owner, both want that category to exist.

Where this goes next

The firms who help shape a sovereign validation standard now will be the ones citing it later. If you carry the model-risk signature and want validation evidence you can actually defend, I would like to talk.

Micky Irons, founder and CEO, Mickai. Reach me directly at micky@mickai.co.uk.

Frequently asked questions

How does Mickai support SS1/23 model risk management?

Mickai runs on models you own and pin inside your own walls, so validation stays reproducible and does not break under silent vendor updates. Every model action, with its inputs, retrieved context and output, is written to the OAR, a tamper-evident, post-quantum-signed audit record, giving independent validation and effective challenge a signed, replayable evidence base rather than a vendor screenshot.

What makes model behaviour reproducible for effective challenge?

A deterministic arbiter routes 50 brains under fixed policy, so the same input against the same pinned model version produces the same behaviour inside your environment. Retrieval is air-gapped against a known, versioned corpus, so a validator can trace any output back to a specific signed reference.

How does running on-premise address DORA and operational resilience?

Owning the model on-premise removes a critical AI dependency from your third-party supply chain and brings it inside your resilience perimeter. There is no cross-border data egress to reconcile against UK GDPR or the CLOUD Act, and no vendor outage that can take your decisioning offline.

Is Mickai a replacement for frontier AI labs?

No. Mickai is an ally, not a competitor. Frontier models remain the right choice for open, non-regulated work. Mickai serves the part they structurally cannot: the model you own, the weights you pin and the signed evidence you can defend, inside a boundary a regulator recognises.

What is the OAR and why is post-quantum signing relevant?

The OAR is Mickai's audit record. Each entry carries the actor, model version, inputs, retrieved context, output, arbiter path and a signature. Signing uses ML-DSA-65 so the record is designed to withstand a future quantum adversary, and identity is hardware-bound so an entry cannot be forged by moving a key to another machine.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/the-head-of-model-risk-and-sovereign-ai. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles