The foundational UK sovereign-AI patents are filed. The collaboration door is open.

Sovereign AI in the United Kingdom is no longer an open green field. It is a patent-fenced market. Twenty-one filed UK patent applications, six hundred and seventy-five cryptographically signed claims, one inventor, one filing reference (UK00004373277). Ten of those twenty-one are not optional for anyone building sovereign AI infrastructure on British soil. They cover the primitives that cannot be composed around. They are the load-bearing claims of the architecture.

This article walks each one. If you operate, advise, or invest in any UK sovereign-AI play, this is the perimeter you are working inside. If you are a regulator looking for the boundary between commercially routable AI and AI that has structural protections under UK patent law, this is the boundary.

The thesis in one sentence

Sovereign AI is not 'an LLM running locally'. Sovereign AI is the composition of a privacy perimeter, a tenancy model, a clearance-aware retrieval surface, a post-quantum signed audit primitive, a hardware-bound identity layer, an action ontology with rollback, and a runtime interceptor that gates everything an autonomous agent does. Mickai owns the filed UK claim coverage on each of those primitives. Composing them is the product. Working around them is not, in practice, available.

The load-bearing ten

1. Trust Agent (Patent 01) — privacy router and tamper-evident audit ledger

Every sovereign AI stack needs a layer that mediates inbound requests, classifies them, enforces per-tenant egress rules, and writes the routing decision to an audit ledger that the operator cannot quietly amend. Patent 01 covers that primitive end to end. Without it no UK regulator will sign off on a deployment that touches classified or clinical data, because there is no audit trail with cryptographic guarantees of immutability.

3. Sovereign Security Framework (Patent 03) — egress firewall, injection detection, per-tool rate limits

Defence in depth for AI: outbound traffic is filtered against a per-tenant allowlist, retrieved context is inspected for prompt injection before it reaches a brain, and every callable tool is rate-limited so a single compromised credential cannot exfiltrate a database. UK government procurement frameworks for AI are converging on these requirements. Patent 03 covers the composition.

4. Adaptive Multi-Tenant OS (Patent 04) — cryptographic tenant isolation with voice-gated switching

One device, multiple tenants (clinical, enterprise, individual), cryptographic isolation between them, voice-biometric gating on tenant switches. Required the moment a clinician moves from a hospital tenant to a private tenant on the same hardware. Required the moment a defence contractor needs to keep classified and unclassified work on the same workstation. Patent 04 is the structural answer.

5. Privacy-Preserving Sovereign RAG (Patent 05) — clearance-ceiling retrieval

Classified RAG without leakage. Every chunk is tagged with a clearance ceiling. A query that lacks the right clearance receives the same response as a query for content that does not exist. The system never reveals that classified material was hidden, only that nothing was found. This is the only way to safely run RAG inside a multi-clearance environment. Patent 05 is the load-bearing claim.

8. Quantum-Safe Attestation, ML-DSA-65 (Patent 08) — FIPS 204 signed ledger

Every tool invocation, decision, and routing step signed under the post-quantum FIPS 204 ML-DSA-65 algorithm. Means the audit ledger remains verifiable after a cryptographically relevant quantum computer arrives. UK government cryptographic guidance is moving towards post-quantum signatures as a procurement requirement. Patent 08 covers the application of ML-DSA-65 to the AI-decision audit substrate.

12. Typed-Action Ontology (Patent 12) — hardware-bound actor identity with inverse-action schema

Every action the system can perform is typed against a strict ontology and bound to a hardware-attested actor identity. Each action declares its inverse at definition time, so any side effect is reversible by construction. The ontology becomes the schema for both authorisation and rollback. Required for any auditable agentic system inside a regulated UK environment. Patent 12 covers the binding.

14. First-Class Actions with Compensating Rollback (Patent 14)

Actions are first-class entities with persistent identity. Every action stores its compensating inverse at execution time. The user, or a regulator, can issue a retroactive undo against any signed action and the system constructs the inverse chain to revert side effects. This is the structural answer to the regulator question 'what happens when the AI does the wrong thing'. Patent 14 is the answer.

16. Decision Lineage and PQ-Signed Audit Ledger (Patent 16) — DAG of decisions, regulator-verifiable

The audit ledger is a causally linked DAG: every decision references its inputs and the prior signed decisions that informed it. Every node is post-quantum signed. A regulator can take any output and walk the lineage all the way back to the originating prompt and operator identity. This is what 'audited AI' means in practice. Patent 16 owns the construction.

18. Granular Row/Column ACL with per-voiceprint revocation (Patent 18)

Access control descends to the row and column of a data store, gated per voiceprint rather than per username. When a voiceprint is revoked (employee departs, account compromise), previously authorised reads are retroactively flagged in the ledger and the actor is excluded from future composition. Required for clinical, financial, and HR data. Patent 18 is the only filed UK claim that combines voiceprint revocation with row/column ACL retroactivity.

21. Sentinel (Patent 21) — universal AI-agent action interceptor with signed audit

Sentinel adds 91 claims across eleven blocks (A through K) covering the runtime perimeter for every AI coding agent on the host: process tagging without source modification, deterministic-placeholder secret redaction with reverse mapping, pre-execution destructive-pattern classifier with inline approval, copy-on-write shadow workspaces with promotion gates, and per-session Ed25519-signed hash-chained ledgers. Required the moment Cursor, Claude Code, Codex, Aider, Cline, Windsurf, GitHub Copilot Workspace, or Roo Cline runs against any UK government, NHS, or defence workstation. Patent 21 is the runtime perimeter.

An open invitation to collaborate

We would rather build with you than around you. The portfolio above was filed to make sovereign AI in the UK structurally British and structurally auditable. It was not filed to shut anyone out. The whole point of having the load-bearing claims under one filing reference, with a single inventor, with no parent operator entity in the chain, is that the licensing conversation can happen in a single email.

We are explicitly open to:

• Licensing collaborations with vendors building sovereign AI infrastructure for UK government, NHS, defence, financial regulators, or regulated enterprise. The licence terms can be structured per-deployment, per-vertical, or as a strategic cross-licence. Direct, from the inventor, no intermediary.
• Joint architecture work with primes that are tendering for UK sovereign-AI contracts and want their bid to be defensible against the procurement question 'is the architecture British and patent-protected'. We co-author the architecture brief.
• Engineering partnerships where a vendor wants to integrate a specific Mickai primitive (for example clearance-ceiling RAG, or the Sentinel runtime perimeter, or the post-quantum signed audit ledger) into their existing platform. We provide reference implementation and ongoing claim support.
• Investor and acquirer conversations where the patent portfolio is a strategic asset rather than a defensive moat. The portfolio is owned 100% by the founder and is not encumbered.
• Defensive cross-licensing with peer sovereign-AI vendors to keep the substrate open for British operators while protecting the joint position against non-British architectural defaults being imposed by larger US or PRC platforms.

The conversation is direct and short. The contact is press@mickai.co.uk. We answer.

If you are a regulator, this is your structural answer to 'how do we prevent foreign sovereign-AI vendors from setting the architectural defaults for British infrastructure'. The answer is that the architectural defaults are already filed. The patent-protected architecture is British, the claim language was drafted by the inventor of record, and the licensing model is collaborative rather than exclusionary. Procurement decisions can rely on this without depending on any single vendor's commercial roadmap.

The other eleven patents

The remaining eleven patents (Multi-Brain Cooperative Intelligence, Voice-Biometric Extreme-Environment Verification, ChatClone Anti-Deepfake, Attestable Avatar Rendering, Hereditas Post-Mortem Activation, AudioSeal Dual-Layer Watermark, Voice-Gated Deterministic Tool Invocation, Pre-Commit Dry-Run Simulation, Federated Fleet Coordination, Branch-Based Workflow Federation, Per-Skill Clearance-Gated Execution) extend the surface in directions specific to particular use cases (defence, healthcare, finance, digital estate, anti-deepfake provenance, federation across organisations). They are not load-bearing for the generic sovereign-AI substrate. They are load-bearing the moment a deployment touches the corresponding vertical.

The full portfolio is browsable at mickai.co.uk/patents. Each patent has its own dedicated page with the full description and the list of brains that implement it.

Where this sits

Mickai is the sovereign AI operating system. Twenty-one filed UK patent applications. Six hundred and seventy-five claims. Sole inventor: Micky Irons. The portfolio is the legal spine of the architecture and the structural answer to the question 'who owns the foundational layer of sovereign AI in the United Kingdom'. The answer, in writing, at the UK Intellectual Property Office, is a single name. Mickai is held privately by its founder; the engagement model is direct.

“Sovereign means the architecture itself is owned. The cryptographic guarantees compose. The licence sits with the inventor.”

Sources

• Mickai patent portfolio: mickai.co.uk/patents (21 filed UK patent applications, application reference UK00004373277, 675 cryptographically signed claims, sole inventor Micky Irons).
• FIPS 204 (ML-DSA): the NIST post-quantum digital signature standard adopted as a federal requirement in 2024.
• UK government procurement guidance on AI: developing toward post-quantum signature requirements and audit-ledger transparency.