MICKAI
Article · 19 June 2026

The Sovereign-Cloud Exit Is a Treasury Decision Now

When hyperscaler repricing meets fiscal accountability, the model layer becomes a budget-line risk no finance ministry can ignore.

The Sovereign-Cloud Exit Is a Treasury Decision Now
Author
Micky Irons
Published
19 June 2026
Follow Micky Irons
LinkedInX
sovereign cloud exittreasurypublic sector aiauditabilitymickai

There is a number sitting in the back of every public-sector accounts department that nobody wants to read aloud. It is the cloud bill. Not the headline figure that gets negotiated once a year, but the compounding one, the line that grows in the direction the vendor chooses, on terms the customer agreed to before anyone understood what artificial intelligence would cost to run at scale. For a decade that number was treated as plumbing, a cost of doing business in the modern state. That era is ending. The bill has crossed a threshold, and on the far side of it the question is no longer technical. It is fiscal.

The people who should be most alarmed by hyperscaler repricing are not chief technology officers. They are finance ministers, permanent secretaries, and the auditors who answer to parliaments. The decision to move intelligence off rented infrastructure has quietly become a treasury decision, and the part nobody is pricing properly is not the compute. It is the evidence.

The bill stopped being plumbing

When a government department first lifted its workloads into a public cloud, the pitch was elasticity. Pay for what you use, scale when you need to, never buy a server you might not fill. That bargain held while the workloads were predictable. Email, storage, the odd web service. The spend was a utility, and utilities are boring, which is exactly what a treasury wants from a cost line.

Artificial intelligence broke the bargain. Inference is not a utility, it is an appetite. The moment a department starts running models against its own data, the consumption curve stops looking like a flat bill and starts looking like a mortgage taken out at a rate the lender resets at will. The hyperscalers have noticed. Reserved-capacity discounts narrow, egress fees bite when you try to leave, and the premium accelerator instances the better models demand are priced as scarcity, because they are scarce. The customer who built a public service on that infrastructure now discovers the supplier holds the repricing pen.

Hermes stands at a void-black treasury gate holding two ledgers aloft, gold scales suspended between them, one pan glowing with a dissolving cloud sigil, the other weighted by a sealed tablet.
Hermes at the exchequer gate, weighing a rented ledger against a sealed one, before a single coin has moved.

Repricing is a sovereignty event, not a procurement footnote

Procurement teams treat a price rise as something to be renegotiated. Add a clause, tender it again, push back on the egress schedule. That instinct misreads what is happening. When the cost of running the intelligence a nation depends on can be moved unilaterally by a foreign vendor, the price is not the exposure. The dependence is. A supplier who can reprice your central nervous system can shape your policy by shaping your budget, and they need never say a word to do it.

This is why I call the sovereign cloud exit a treasury decision rather than an IT one. The choice to repatriate intelligence onto infrastructure a state controls is, at bottom, a decision about fiscal autonomy. It is the difference between a cost you can forecast and a cost that is forecast for you. Every finance ministry understands the value of a fixed liability over a floating one. They have simply not yet been shown that the model layer is now the largest floating liability they hold.

A supplier who can reprice your central nervous system can shape your policy by shaping your budget, and they need never say a word to do it.

Micky Irons

The part no auditor can sign

Here is the harder problem, the one that should keep oversight bodies awake. Set the money aside for a moment. Suppose a department is perfectly happy with its cloud bill. The deeper failure is evidentiary. When a model running on rented infrastructure makes a decision that affects a citizen, a benefit refused, a flag raised, a case prioritised, who can produce the record of what happened?

In almost every current arrangement, the answer is the vendor. Partially, on request, under their retention policy, in their format, subject to their outages. The state that bought the service did not buy the chain of custody. It cannot independently attest to which model version ran, on whose silicon, against which inputs, with what result. Fiscal oversight depends on the ability to follow money to outcomes and to reconstruct decisions after the fact. A model layer that cannot be reconstructed is a hole in the audit, and it is a hole the auditor did not dig and cannot fill.

Consider what a public accounts committee actually needs to discharge its duty:

  • A tamper-evident record of every consequential automated decision, held by the state and not the supplier.
  • Proof of which model produced a given output, on which hardware, at which moment.
  • The ability to verify that record years later, independent of any vendor remaining in business.
  • Assurance that the record itself cannot be quietly rewritten, by anyone, including the operator.
  • A cost base that is owned and depreciated rather than leased and repriced.

No hyperscaler arrangement I have examined delivers that list. The infrastructure was never designed to. It was designed to sell capacity, and capacity is the easy part.

A close view of the gold scales, the left pan holding a rented cloud sigil thinning into vapour, the right pan holding a heavy sealed tablet bound by a chain that runs down into the void-black exchequer floor.
One pan dissolves into vapour. The other is anchored. The auditor can only sign the one that holds its weight.

Leasing the evidentiary chain

There is a sentence I keep returning to. A nation that cannot produce a sealed record of what its models decided, on whose hardware, has not bought a service. It has leased away the evidentiary chain fiscal oversight depends on. That is not rhetoric, it is a description of the contract most states have signed without reading it in those terms.

When you rent intelligence, you rent the conditions under which its decisions can be examined. The retention window is theirs. The log format is theirs. The right to inspect the underlying weights is, in nearly every case, explicitly denied to you. So the moment a citizen, a court, or a committee asks the obvious question, what did the system actually do and on what basis, the state must turn to the very vendor whose pricing power it was trying to escape. The dependence and the opacity are the same dependence. You cannot reprice your way out of one without addressing the other.

Why a screenshot is not a record

I should be precise, because this is where these arguments usually go soft. A dashboard is not evidence. A log the operator can edit is not evidence. A vendor report assembled after the question is asked is not evidence. Evidence, in the sense an auditor or a court means it, is a record created at the moment of the decision, sealed so it cannot be altered without detection, and verifiable by a party who trusts neither the operator nor the supplier. Until the model layer produces that, the audit of any automated public decision is an act of faith dressed as assurance.

What sovereign cloud exit actually buys

So let me be concrete about what a sovereign cloud exit is and is not. It is not on-premises nostalgia, the urge to drag a rack back into a basement for its own sake. It is not protectionism wearing a security badge. It is the deliberate repatriation of two things that should never have left state control. The cost base, so the liability is owned and forecastable. And the evidentiary chain, so every consequential decision a model makes can be reconstructed and attested by the state itself.

Done well, the exit converts a floating, vendor-controlled operating expense into a depreciating, state-owned asset, and it converts an opaque decision layer into one that produces its own court-admissible record. Those are two distinct wins, and they are usually sold separately. They should not be. The same architecture that lets you stop renting compute is the architecture that lets you start sealing evidence. Treating them as one programme is what turns a technical migration into a treasury strategy.

The balanced gold scales settle level over a vast void-black exchequer floor inscribed with faint ledger lines, the sealed tablet now anchored by its chain into the stone, Hermes withdrawing his hand.
The exit is the moment the floating cost settles into an owned asset and the evidence finds its anchor.

This is the problem we built Mickai to answer

I have spent the last several years building toward exactly this, so I will be direct about what we have and what it is for. Mickai is a Sovereign Intelligence Operating System, a SIOS, and it runs fifty specialised brains on the operator's own hardware, fully offline-capable. The intelligence does not phone home. It does not depend on a rented accelerator in another jurisdiction. The state owns the silicon, owns the models, and owns the cost base, which is the first half of the answer.

The second half is the part that matters most to an auditor. Every consequential action is sealed into a post-quantum Open Audit Record under FIPS 204 ML-DSA-65. A tamper-evident record is created at the moment of the decision, signed with a scheme built to survive the arrival of quantum computers, and verifiable by anyone, independent of whether Mickai or any vendor still exists. The record cannot be quietly rewritten, including by the operator. That is the evidentiary chain a finance ministry can actually stand behind, held by the state and not leased from a supplier.

Underneath it sits Pantheon, our sovereign Layer 1, anchored to Bitcoin, so the integrity of the record has a settlement layer no single party controls. I mention it not to wander into the weeds but because it is the reason the sealed record is durable rather than merely well intentioned. The protection of the audit trail does not rest on Mickai's goodwill. It rests on infrastructure designed to outlive us.

The objection worth taking seriously

The strongest counter is not about cost or evidence, it is about capability. Surely, the argument runs, no state-owned deployment can match the frontier scale of a hyperscaler, so the exit means accepting weaker intelligence. I take that seriously because it was true, and for the very largest frontier workloads it remains partly true. But it is the wrong frame for public-sector decisions. The vast majority of consequential automated decisions a government makes do not require a frontier model. They require a competent, specialised one whose behaviour can be fixed, audited, and reproduced. A model you can attest to beats a more capable model you cannot, every time the decision lands in front of a tribunal.

Sovereignty here is not a vote against capability. It is a vote for capability you can account for. The state that can prove what its systems did, on its own hardware, with a sealed record, is in a stronger position than the one renting marginally cleverer intelligence it can neither inspect nor reconstruct. Accountability is a capability. It is simply one the procurement spreadsheets have never had a column for.

The window is a budget cycle, not a decade

Timing decides this. Repricing is not a future risk, it is the current trajectory, and every budget cycle spent renting deepens the dependence and lengthens the egress bill the exit will eventually cost. The states that move now do so while the cost base is still small enough to repatriate cleanly, and while the evidentiary gap can be closed before, not after, the decisions that fill a future inquiry have been made on infrastructure that kept no record anyone can trust.

I would put it plainly to any treasury weighing this. You are not choosing between two vendors. You are choosing whether the intelligence your state runs on is a liability someone else controls or an asset you can account for to your own parliament. We are opening a thirty million pound PAN token round precisely because we believe enough finance ministries are about to ask that question to make answering it a serious undertaking. The sovereign cloud exit is no longer an IT preference filed under modernisation. It is a treasury decision about who holds the evidence, and the answer should never be the supplier.

Wide cinematic view of the void-black exchequer hall, the gold scales now still and level on a plinth, the sealed chained tablet glowing faintly, the cloud sigil gone entirely, Hermes' silhouette receding into gold-lit darkness.
When the vapour clears, what remains on the scales is what the state can prove. That is the whole of the decision.

Rent the compute if you must. Never rent the evidence.

ShareLinkedInXHacker NewsRedditMastodonBlueskyEmail
Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/the-sovereign-cloud-exit-is-a-treasury-decision. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
19 Jun 2026
Digital Independence Is Earned at Execution, Not Declared
I keep reading governments declare digital sovereignty in strategy documents while their keys, weights and logs sit offshore. Independence is not a press release with a flag on it. It is earned at execution, on owned hardware, under owned keys, every single time.
19 Jun 2026
The Depreciation Schedule for a Model You Own
I keep asking finance directors what they own after five years of a cloud AI subscription. The honest answer is nothing. Here is why an owned, sealed, auditable model belongs on the balance sheet, and a rental never will.
19 Jun 2026
Watts Per Decision: The Energy Envelope of Sovereign AI
I think the joule is the number frontier labs work hardest to hide. I argue watts per decision is the honest unit of regulated AI, and that sealing the energy a decision drew into the audit record is itself a sovereignty claim.
19 Jun 2026
The Real Total Cost of Renting Intelligence
I have read enough cloud AI invoices to know the headline rate is the smallest number on the page. Here I cost the egress, the missing audit record and the migration you cannot afford, and I show why ownership wins.
See all articles →