The Right to an Explanation: Automated Decisions and a Per-Decision Signed Record
From August 2026 an automated decision must be explainable, and a signed per-decision record can answer a regulator without exposing the model.
On 2 August 2026 the EU AI Act reaches full application for high-risk systems, and a duty that was once good practice becomes a matter of law. Where an automated system makes or materially shapes a decision about a person, that person acquires a right to a meaningful explanation of the logic involved. A rejected loan, a flagged benefits claim, a triaged patient, a screened job applicant: each now sits inside a legal expectation that the operator can account for what happened and why.
This lands in a year already crowded with the same question asked in different accents. The UK Sovereign AI programme is pressing public bodies to keep sensitive inference on infrastructure they control. The NHS continues to wrestle with data sovereignty as clinical decision support spreads. ISO/IEC 42001 has given boards a management-system standard to point at, and the debate about agentic-audit governance is asking how organisations supervise systems that act rather than advise. The common thread is accountability, a harder problem than it first appears.
Why explanation and secrecy have been treated as opposites
The instinct, when a regulator asks how a decision was reached, is to open the box: show the model, the weights, the prompt, the data. That instinct is a trap. A model that can be fully inspected can be fully copied, probed for its training data, and reverse engineered by anyone with a copy of the file. For a public body running inference on citizen data, or a bank running it on financial records, exposure of the model is often the least acceptable outcome.
So operators sit between two poor options. They either open the model and accept the intellectual-property and security cost, or they keep it closed and offer explanations a regulator cannot verify. The second is worse than it sounds, because an unverifiable explanation is indistinguishable from a plausible story written after the fact. What the law is really asking for is not disclosure of the model. It is proof that the account of a decision is true.
What a per-decision record actually contains
The unit that resolves this is not the model and not a monthly compliance report. It is the individual decision, captured as a record at the moment it is made. A useful record binds together the inputs that were present, the model version and configuration that ran, the policy constraints that applied, the intermediate reasoning where the system produces it, and the output that was returned. It is written once, at decision time, never in hindsight.
Two properties turn that record from a log entry into evidence. First, it must be tamper evident, so any later change is detectable rather than silent. Second, it must be independently verifiable, so a regulator or auditor can confirm its integrity without trusting the operator's word and without access to the model that produced it. A record with both properties answers the right-to-an-explanation question honestly while the model stays sealed.
The cryptography that makes a record hold
Within Mickai, our Sovereign Intelligence Operating System, every action is sealed at the moment it occurs into a signed audit chain. Each decision record is signed and linked to the one before it, so the sequence forms a chain in which no entry can be altered, removed or back-dated without breaking the links that follow. This is the difference between a database an administrator can quietly edit and a record that carries its own proof of order and integrity.
We sign with post-quantum algorithms rather than only classical ones, and the reason is a governance horizon, not a fashion. A benefits, mortgage or clinical decision may need to remain defensible for many years, and a signature that is safe today but forgeable by a future quantum-capable adversary is a liability disguised as a control. Identity matters as much as the signature: each record is bound to a hardware-attested identity, so it proves not only that a decision was made and left unaltered, but which specific, attested machine made it.
“A regulator should be able to verify that a decision happened exactly as stated without ever being handed the model that made it.”
Verification without exposure
The record is what makes the earlier trade-off dissolve. Because verification runs against signatures and the audit chain rather than against the model, an auditor can confirm that a given decision was produced by a stated version, under stated constraints, on stated inputs, and has not been touched since. The model weights never leave the operator's hardware. The explanation is checkable and the intellectual property stays intact, at the same time.
This runs offline by design. Mickai operates on operator-owned hardware behind a zero-egress inbound perimeter, so data and models are not shipped to a third party to be explained. Verification is a local, mathematical act, which suits precisely the buyers for whom this question is sharpest: a public-sector body under the UK Sovereign AI expectation, a health service holding patient data, a regulated financial institution that cannot let inference leave its estate.
Guarding against a confident wrong answer
An explanation that faithfully records a bad decision is honest but not sufficient. A right to explanation is thin comfort if the underlying reasoning was a single model's unexamined guess. For decisions that carry weight, Mickai can route the question across several sovereign models running in parallel and require consensus before an output stands, capturing the agreement, and any disagreement, inside the same signed record. That consensus reduces the chance that one model's blind spot becomes an operator's liability, and a recorded disagreement is itself evidence about how contested a decision was. For an agentic system that acts rather than merely suggests, this is the substance behind agentic-audit governance: actions are constrained, cross-checked and sealed, not simply logged after the fact.
What this asks of operators before August
The practical work is less about acquiring a clever feature than about changing where accountability lives. An operator preparing for 2 August should be able to answer, for any single automated decision, four questions: what went in, which version and policy ran, what came out, and how any of that can be proved to a third party who does not trust them. If the honest answer to the last question is a log an administrator could edit, the system is not yet ready for the standard the law now sets. None of this requires opening the model, or sending citizen data to someone else's estate to be understood. The mechanisms that make a decision explainable, offline verifiability, hardware-attested identity, a post-quantum signed audit chain and cross-model consensus, are the same mechanisms that keep the operator sovereign over their own system. These capabilities sit within the wider architecture covered by 104 filed UK patent applications, approximately 2,340 claims, owned by Mickai LTD.
The shape of the next few years
The right to an explanation will not stay confined to one regulation or one continent. The direction of travel, visible across the EU AI Act, the UK Sovereign AI programme, ISO/IEC 42001 and the emerging norms of agentic governance, is towards a world where an automated decision is only as legitimate as the record that can vouch for it. We built Mickai on that premise: that the account of a decision should be sealed at the instant it is made, verifiable by anyone with cause to ask, and produced without surrendering the model, the data or the hardware. A right to an explanation is, in the end, a demand for trustworthy evidence, and the task now is to make sure that evidence exists before the question is asked.




