Underwriting on Data That Cannot Leave

The data an insurer is not allowed to lose

An insurance carrier holds one of the densest concentrations of regulated personal and financial data in the economy. Health declarations, medical histories, claims narratives, credit and behavioural signals, the precise terms on which a person was rated and the loss that followed. Every line of that estate is governed. Under the United Kingdom General Data Protection Regulation (UK GDPR) and the Financial Conduct Authority (FCA) Senior Management Arrangements, Systems and Controls (SYSC) framework, the carrier remains accountable for where the data sits, who can read it, and whether each consequential decision can be explained after the fact. Solvency II layers a second, heavier obligation on top. The firm must be able to reconstruct how its capital position was calculated, model by model, assumption by assumption, to the satisfaction of the Prudential Regulation Authority (PRA).

None of that accountability survives a round trip through a shared, multi-tenant cloud. The moment a rating factor, a claims note or a reserving triangle leaves the building to be processed on infrastructure the insurer neither owns nor controls, the chain of custody breaks. The carrier can no longer prove, from the outside, who touched the data or how the model behaved. That is the structural reason the Cisco data-privacy benchmark found 27% of organisations had banned generative artificial intelligence outright, 63% restrict what data can be entered, and 61% restrict which tools are permitted. Insurers sit at the unforgiving end of that distribution, and for sound reasons.

Mickai approaches the problem from the opposite direction. The Mickai Sovereign Intelligence Operating System (SIOS) runs fifty specialised artificial-intelligence brains entirely offline, on hardware the customer owns. The data never leaves the building. Underwriting on data that cannot leave stops being a constraint to engineer around and becomes the default state of the system.

Solvency II makes the cloud a modelling problem, not just a privacy one

For most regulated sectors the cloud objection is about confidentiality. For insurance it is also about the integrity of the model itself. Solvency II requires that a firm's internal model, or its application of the standard formula, be documented, validated and reproducible. The Own Risk and Solvency Assessment (ORSA) demands a living account of how capital adequacy is reached. When an actuary cannot demonstrate exactly how a number was produced, the number is not usable for capital purposes, however accurate it may be.

This is precisely where shared cloud large language models (LLMs) fail actuarial work, and the failure is architectural rather than incidental. A reserving model or a rating engine needs stable, owned memory. The assumptions an actuary fed in last quarter must mean the same thing this quarter.

“When companies use the Mickai Sovereign Intelligence Operating System, the context-compression problem that plagues cloud LLMs is removed at the architectural level. Cloud systems hallucinate and drift off topic because shared multi-tenant storage forces aggressive context compression, summary-pass swaps, and lossy recall. Inside Mickai, the operator owns the memory. They expand it inside their own data centre or workstation, scale it on Poseidon rack-scale or local NVMe, and never compete with another tenant for context budget. The result is a measurable reduction in drift and hallucination.”

On a frontier cloud, the working context is repeatedly compressed and re-summarised to share scarce storage across thousands of tenants, and the model's grasp of a long, specialised brief decays in ways the firm cannot see or control. For open, non-regulated research that drift is tolerable, and the leading cloud AI providers remain the right tool there. The frontier cloud providers are partners for that work, not adversaries. For a Solvency II internal model the same behaviour is disqualifying. An assumption that silently shifts between runs is not a model, it is a liability.

Tyche: rating, underwriting and actuarial on owned ground

The studio built for this work is **Tyche**, the Mickai underwriting, rating and actuarial environment. Tyche reads the full submission, the proposal form, the medical evidence, the broker notes, the loss history, and supports the rating and reserving workflow without any of that material crossing a network boundary. The actuarial team expands the model's memory inside its own data centre, on Poseidon rack-scale silicon or local non-volatile memory express (NVMe) storage, so the brief stays whole across an entire pricing cycle.

Because the system is sovereign, the constraints invert. Cloud deployments force teams to redact, tokenise or synthesise data before a model is allowed to see it, which degrades the very signal underwriting depends on. Inside Mickai the model can read the real medical history and the real claims narrative, because the real data never leaves the operator's perimeter. The accuracy that redaction destroys is recovered, and the regulatory exposure that motivated the redaction is removed at source.

This serves both halves of the Mickai market thesis. There are insurers being forced off cloud artificial intelligence after a restriction or an incident, the rescue case, in motion since major global banks and NHS Trusts began curbing generative tools in 2023 and a major electronics manufacturer banned a public AI chatbot following a source-code leak. There are also carriers and managing general agents who never started, who looked at SYSC and Solvency II and concluded that public cloud artificial intelligence was simply off the table. Tyche is the same architecture for both. One serves spend already lost to a ban, the other serves spend that was never claimable until now.

Nemesis: fraud and anti-money-laundering inside the perimeter

Insurance fraud detection has a particular sensitivity. To find organised fraud, a carrier must cross-reference claims, identities, payment patterns and prior losses across its whole book, which is exactly the data it is least willing to expose. Running that analysis through a third-party service means assembling the firm's most complete picture of vulnerability on infrastructure it cannot audit from the outside.

**Nemesis** performs fraud and anti-money-laundering monitoring entirely within the operator's environment. It links claims, surfaces network patterns and flags suspicious activity against the requirements of the Money Laundering Regulations and the firm's own financial-crime controls, with no data leaving the building. The investigative graph that fraud detection depends on is also the graph a competitor or a hostile insider would most want. Keeping it sovereign is not a convenience, it is the control.

“If you are a multibillion-dollar company running on Anthropic or OpenAI, and your direct competitor of comparable scale sits on the same vendor stack, what stops them paying a vendor insider to leak your data, your tactics, your leads, your sales strategy? Inside a third-party cloud, there is no safeguard you can verify from the outside. The only answer is a sovereign system where you hold the keys, with no third-party cloud data path.”

In a market where a handful of large carriers and reinsurers compete on the same pricing and the same fraud signals, the insider-threat question is not theoretical. The book that prices the risk and the book that detects the fraud are the two assets an insurer can least afford to place on shared infrastructure.

Nomos and Aletheia: the report and the proof

A model that prices well is only half the obligation. The other half is showing the regulator how, and that is where **Nomos** and **Aletheia** carry the workload that usually consumes an actuarial function's time.

**Nomos** is the Mickai compliance and regulator-reporting environment, the governance, risk and compliance (GRC) studio. It assembles Solvency II and Own Risk and Solvency Assessment reporting, maps decisions and assumptions to PRA and FCA expectations, and produces the documentation a supervisor will ask for. **Aletheia** runs continuous controls assurance and audit, so the firm is not reconstructing its control environment in a panic before a review but evidencing it continuously as work happens.

What binds the two together, and what makes the whole system defensible, is the Open Audit Record (OAR). Every action a Mickai brain takes is sealed under a post-quantum cryptographic signature that anyone can verify offline. When Tyche rates a risk, when Nemesis flags a claim, when Nomos files a return, the action is recorded in a tamper-evident artefact that does not depend on trusting Mickai, the cloud, or anyone else. The operator holds its own keys. A reviewer can take the Open Audit Record and confirm, independently and without a network connection, that the decision happened as claimed and was not altered afterwards.

For an industry whose regulatory burden is essentially the burden of proof, this changes the economics of compliance. The explainability that the FCA Consumer Duty demands of every consequential customer decision, and the reproducibility that Solvency II demands of every capital figure, stop being a documentation project bolted on after the fact. They become a property of the system, produced automatically, signed at the moment of action.

The market this opens, and on what terms

The numbers behind the opportunity are large and specific. Enterprise artificial-intelligence software is projected to reach roughly £122.6bn by 2030 at a 37.6% compound annual growth rate. The slice eligible for regulated, private deployment is about £40bn, and the governed, auditable served market sits near £4.6bn and is growing around 45% a year. The European Union Artificial Intelligence Act (EU AI Act) adds urgency. Its high-risk obligations apply from 2 December 2027, with fines reaching 35 million euros or 7% of global turnover, and insurance pricing and risk assessment fall squarely within its scope.

The Mickai commercial model fits the way insurers already account for systems. The Sovereign Intelligence Operating System is a capital purchase, not a subscription. Access for a fee, deployed free. The carrier buys the system, runs it on hardware it owns, and holds its own keys. Above roughly 50 million tokens a month on owned hardware, it runs 70 to 90 percent cheaper than cloud application programming interfaces (APIs), with break-even commonly inside eighteen months and, at high volume, as fast as four to eight weeks. The ladder runs from Solo at £4,500 to £6,500 through to Sovereign deployments at £2m to £25m and beyond, sized to a managing general agent at one end and a global reinsurer at the other.

The filed United Kingdom patent estate behind this architecture, one hundred and one applications carrying roughly 2,234 claims and owned by Mickai LTD with Micky Irons as named inventor, is evidence that the approach is engineered and defensible. It is not the headline. The headline is simpler. An insurer's rating models, reserving triangles and fraud graphs are the data the firm is least permitted to lose and least willing to expose. Underwriting on data that cannot leave is not a slogan. It is the only posture under which an actuary can hand a regulator a number and prove, signature by signature, exactly how it was made.