MICKAI
Mickai Ebook · 16 pages · 13 May 2026

Sovereign AI for the UK Regulated Workstation

An engineering playbook for defence-nuclear, civil-nuclear, defence primes, finance, pharma, and critical national infrastructure.

By , Founder and named inventor, Mickai LTD · Crunchbase · LinkedIn · GitHub
Download PDF  →Free · English · PDF
Inside this ebook

This ebook is the engineering counterpart to the UK regulated workstation's egress posture. It reads what the constraint is, where it binds across the verticals, why the cloud AI security platform stack cannot satisfy it, what a sovereign hardware AI workstation actually delivers at the desk, and how an engineering CTO inside the buyer organisation pilots, documents, and scales the answer across an estate. The substrate primitives are filed at the UK Intellectual Property Office under the GB2607309.8 to GB2610422.4 patent family, and the Mickai trade mark is registered at UK00004373277.

Part I: The Constraint
1. The structural constraint at the UK regulated workstation
2. Where the constraint binds, vertical by vertical
3. Why cloud AI security platforms cannot satisfy the constraint
Part II: The Substrate Answer
4. The Mickai sovereign hardware AI workstation, in plain terms
5. The audit substrate underneath: FIPS 204 ML-DSA-65, hash-linked CBOR
6. Trust-domain externalisation as the operating pattern
7. The browser-resident offline verifier
Part III: At the Desk
8. CAD copilot examples across the verticals
9. P&ID, ladder logic, simulation harness, document classification
10. Throughput lift in operator language
11. Compliance fit, by regulator
Part IV: The Engineering CTO Playbook
12. Inventory, pilot, document, transfer
13. Procurement-officer rubric (twelve dimensions)
14. Working with ONR, JSP 440, PRA, ICO, MHRA, OFCOM, OFWAT, OFGEM
15. Closing
Frequently asked questions

What is a UK regulated workstation, and why does it constrain AI adoption?

A UK regulated workstation is any engineering or analyst seat inside an organisation whose regulator (ONR, JSP 440, PRA SS1/23, ICO, MHRA) requires that production data does not leave the operator's perimeter. Cloud AI offerings, where inference happens on a vendor's server with a vendor-held key, are structurally unacceptable at that perimeter. The engineering question is what AI throughput the operator can deliver at the desk without breaching the egress posture.

Why can a cloud AI security platform not satisfy the regulated workstation constraint?

Cloud AI security platforms (DLP wrappers, prompt firewalls, vendor SaaS audit dashboards) sit outside the cryptographic boundary. The data, the inference call, and the audit record are all under the AI vendor's key in the AI vendor's format. The regulator cannot replay the chain six months later with no recourse to the vendor. Trust-domain externalisation as a primitive moves the audit chain into the operator's custody, which is what the regulated buyer actually requires.

What is FIPS 204 ML-DSA-65, and why does the Mickai substrate use it?

FIPS 204 ML-DSA-65 is the United States NIST post-quantum digital signature standard, finalised in August 2024. It is the cryptographically-relevant primitive that survives a future quantum adversary. The Mickai Open Audit Record (OAR) primitive uses ML-DSA-65 to sign every decision a brain in the SIOS emits, so the audit chain is post-quantum-secure today, ahead of the NCSC 2031 and 2035 migration deadlines.

What does trust-domain externalisation actually mean in operator language?

Trust-domain externalisation is the architectural pattern where the audit record of an AI decision is held under the operator's key in an open format, not the AI vendor's key. The operator, the regulator, the union, the worker, and any third party can replay the same chain offline. The vendor's continued cooperation is not required for the audit to be valid.

How does an engineering CTO actually pilot sovereign AI inside a regulated estate?

The Mickai engineering CTO playbook is four steps: inventory the AI-relevant workflows, pilot the substrate on one workflow (typically CAD copilot, document classification, or transaction monitoring), document the egress posture and audit chain against the regulator's expectation, and transfer the pattern across the estate. The procurement-officer rubric in the ebook gives twelve dimensions for scoring any vendor against the buyer's posture before purchase.

Suggested citation
Irons, M. (2026). Sovereign AI for the UK Regulated Workstation: An engineering playbook for defence-nuclear, civil-nuclear, defence primes, finance, pharma, and critical national infrastructure. Mickai LTD. https://mickai.co.uk/ebooks/sovereign-ai-for-the-uk-regulated-workstation
About the author

Micky Irons

Founder of Mickai LTD (Companies House 17166618, England and Wales). Named inventor on the Mickai SIOS patent corpus, recorded on the UK Intellectual Property Office public register at numbers GB2607309.8 to GB2610422.4. Trade mark Mickai registered at UK00004373277 (classes 9 and 42, filed 15 April 2026). Before founding Mickai, Micky was a Sellafield site worker, and the egress constraint observed from inside the regulated workstation is the engineering origin of the substrate.