MICKAI
The Sectors

The regulated markets where the cloud is barred from the data.

Every regulated department wants the productivity of mainstream AI, and the law forbids it from sending customer, patient, client, or classified data to a third-party cloud. Mickai is the Sovereign Intelligence Operating System that delivers those same department tools on the organisation's own hardware, with operator-held keys and an Open Audit Record sealed trail. Below are the regulated markets we serve, with illustrative worked examples built only from public information.

29
Regulated markets
18
Enterprise studios
50
Brains they route to
Where sovereign AI is mandated

Most organisations have not adopted AI at all, and the regulated institutions that need it most are the ones a shared cloud cannot serve. Four mission-critical footprints sit at the centre of that demand, and the regulations that force a sovereign, on-premise answer are already on the books.

Government and Public Sector

Citizen records, tax data, and classified material that may not leave government-owned systems.

Healthcare

Patient records, genomics, and clinical data that cannot lawfully reach a third-party cloud.

Financial Institutions

Transaction histories, model-risk decisions, and client data under the heaviest regulation on earth.

Defence and Military

Blueprints, telemetry, and tenders barred from any commercial-cloud public API.

Region
The regulations that force the move
Timeline
United Kingdom
UK GDPR, Data Protection Act 2018, FCA operational resilience, NHS DSP Toolkit
Active and tightening through 2027
Europe (ex-UK)
EU AI Act, GDPR, NIS2, DORA, SecNumCloud, BSI C5
AI Act enforcement from 2025, full rollout by 2027
North America
FedRAMP, NIST AI RMF, HIPAA, FINRA, DoD Impact Levels
Active, expanding through 2026
Rest of world
PDPA (Singapore), PIPL (China), LGPD (Brazil), UAE AI policies
Fragmented, increasing through 2030
How Mickai compares

Cloud AI, hybrid sovereign platforms, and local model runtimes each cover part of the picture. Mickai is the only stack that is owned and offline, a complete operating system of department studios, sealed to a per-action cryptographic audit record, and bought as a capital asset rather than a per-seat subscription.

Owned and offline
Complete OS and studios
Per-action cryptographic audit
CapEx, not SaaS
Mickai SIOS
Yes
Yes
Yes
Yes
Public cloud AI
No
Partial
No
No
Hybrid cloud platforms
Partial
Partial
No
Partial
Local model runtimes
Yes
No
No
Yes

A comparison of category capabilities, not an endorsement. Named platforms are the property of their owners.

Regulated markets we serve
Retail with customer-data depth

Retail

The grocers, multi-site specialists, and loyalty operators that run one-to-one customer relationships at scale want the productivity of mainstream AI, and the law will not let them put loyalty profiles, purchase history, and regulated credit-broking decisions into a shared cloud. Mickai drops the retail department tools onto hardware the retailer owns, so the personalisation runs where the data already lives.

View the sector pack →
Law firms and legal-ops

Legal

From the Magic Circle to the high street, the confidentiality bar is absolute and client material is privileged by construction. Firms want the document-review productivity that mainstream legal AI promises, and they cannot send privileged client material to a third-party cloud. Mickai runs the legal department tools on the firm's own hardware, so nothing leaves the building.

View the sector pack →
Banking, insurance, and financial services

Finance

Banks, insurers, and the wider financial sector hold the most regulated data on the planet, and the major institutions have already pulled mainstream cloud AI out of staff workflows. Model-risk and outsourcing duties demand a named, sealed, auditable substrate. Mickai delivers the finance department tools on hardware the firm owns, with every model decision sealed to a record a regulator can verify.

View the sector pack →
NHS Trusts and private healthcare

Health

NHS Trusts and private healthcare want the clinician-hour savings that ambient AI scribes deliver, and patient records cannot lawfully be sent to a third-party cloud. Multiple Trust bans on mainstream cloud AI are already on record. Mickai runs the clinical department tools inside the Trust, so identifiable patient data stays where the law requires.

View the sector pack →
Defence and government

Public Sector

The MoD, central government departments, agencies, and the wider public estate hold data that is classified by definition, and the data path must exclude any commercial-cloud public API. Mickai runs the public-sector department tools inside accreditation envelopes the operator controls, on air-gapped hardware with operator-held keys.

View the sector pack →
Generational discretion and an uncompromised deal edge, on hardware you own.

VCs and Family Offices

Family offices and venture capital firms steward information that cannot be allowed to leak: generational wealth, asset locations, tax structures, unannounced pitch decks, cap tables and founder IP. They want the analytical leverage of modern AI across due diligence, portfolio monitoring and decades of private family history, but the cloud is barred because a single upload can breach an NDA or expose a structure that was never meant to leave the room. Mickai installs an air-gapped deployment on the customer's own hardware, under keys they hold, with local ingestion and retrieval over the deal pipeline on site. The data never leaves the building, no third party ever sees it, and the desk keeps both its discretion and its edge.

View the sector pack →
Multi-generational wealth, processed entirely inside your own walls.

Private Banking and Wealth

Private banks and wealth managers steward ultra-high-net-worth client relationships where asset locations, cross-border tax structures and full transaction histories are among the most sensitive records a firm holds. They want bespoke portfolio modelling, tax structuring and relationship intelligence at the speed of the public cloud, but financial-secrecy obligations, SEC and FCA expectations and Swiss banking rules make sending that client data to third-party infrastructure untenable. Mickai brings every cloud AI capability in-house onto hardware the bank owns, under keys it holds, so multi-generational structures are modelled off-grid and client net worth is not transmitted to external infrastructure. Because the data is processed on-premises, it does not leave the building and is not exposed to any third-party processor.

View the sector pack →
The ledger never leaves the firm.

Accounting, Tax and Audit

Accounting, tax and audit firms hold unredacted corporate ledgers, bank streams and tax structures for every client on their books, and they want to run modern AI over that decade of data to flag risk and accelerate fieldwork. The cloud is barred because moving those files off-premise creates a cross-border-transfer and third-party-processing exposure that sits directly against ICAEW and FRC confidentiality duties. Mickai brings the whole AI stack in-house, onto hardware the firm owns and under keys the firm holds, so client transactions are analysed inside the building rather than shipped to a vendor. Air-gapped anomaly and audit tooling runs over the full client history locally, which removes the third-party cloud-exposure vector.

View the sector pack →
Price the risk without surrendering the risk profile.

Insurance and Actuarial

Insurers and actuarial teams need to price risk on the most sensitive material a person owns: medical histories, criminal records, financial exposures and corporate liabilities. That same material is exactly what cannot sit on a third-party cloud, because special-category processing, high-risk AI obligations and prudential expectations all converge on it at once. Mickai runs underwriting models, claims adjudication and fraud screening locally, on hardware the insurer owns under keys it holds, so no client risk profile is ever handed to an external processor. The data never leaves the building, and the model still produces accurate, custom premiums with a fairness and explainability trail behind every decision.

View the sector pack →
Sovereign discovery infrastructure for assets too valuable to leave the building.

Pharma, Biotech and Pre-patent IP

Pharmaceutical and biotech firms hold molecular structures, trial protocols and synthesis routes that are worth billions long before a single patent is filed. They want AI that can mine decades of proprietary lab notes and failed trials to surface new formulations, but the cloud is barred because routing pre-patent assets through third-party processors opens a clear espionage and prior-disclosure vector. Mickai brings every retrieval and reasoning capability in-house, onto hardware the customer owns, under keys it holds. The data never leaves the building, no third party ever sees it, and the system runs independent of the internet and cloud vendors.

View the sector pack →
Quality auditing of device and calibration data that never leaves the building.

Medical Devices

Medical-device manufacturers carry ISO 13485 quality obligations, FDA 21 CFR Part 11 electronic-records duties and lasting product-liability exposure, all of which turn calibration and device-log data into evidence that must be controlled, traceable and sandboxed. They want to interrogate machine logs, calibration records and complaint data at scale without handing that material to a third-party cloud, because a breach or an uncontrolled transfer becomes a regulatory and litigation problem in its own right. Public AI services are barred precisely because they put the most sensitive design-history and traceability records outside the firewall, beyond the manufacturer's own controls. Mickai runs the entire AI capability on hardware the manufacturer owns, under keys it holds, so compliant quality auditing of machine logs happens locally and the data never leaves the building.

View the sector pack →
Bunker-grade AI for work that can never touch the public cloud.

Defence, Aerospace and Dual-Use

Defence primes, aerospace manufacturers and dual-use producers hold blueprints, telemetry and live tender material that export-control and secrecy regimes prohibit from leaving controlled facilities. They want modern AI for structural, CAD and supply-chain analysis, but ITAR, EAR and the Official Secrets framework bar that data from commercial cloud, where a foreign-jurisdiction provider and its sub-processors would gain access. Mickai runs the full capability inside the secure facility, fully offline, on hardware the customer owns and keys it holds, with network cards disabled at the BIOS so there is no connectivity to exfiltrate through. The data never leaves the building, which removes the third-party cloud-exposure vector entirely.

View the sector pack →
Off-grid intelligence for the systems a nation cannot afford to lose.

Critical Infrastructure, Maritime and Energy

Grid operators, port and maritime authorities, generators and pipeline operators want to run modern AI over their SCADA logs, OT telemetry and network schematics, yet NIS 2 and NERC CIP treat that data as too sensitive to place on commercial cloud, and IEC 62443 expects operational technology to stay isolated from internet-facing systems. The cloud route is effectively barred, so the analysis either does not happen or happens on spreadsheets and tribal knowledge. Mickai brings the full AI stack inside the isolated control room, on hardware the operator owns and under keys the operator holds. Predictive maintenance, vulnerability analysis and threat simulation run against live OT data while that data never leaves the building.

View the sector pack →
Your process is your moat. Keep it inside the factory walls.

Heavy Industry, Manufacturing and Semiconductors

Heavy industry, manufacturing and semiconductor firms want optimised lines and defect-free output without surrendering the trade secrets that define them. Process recipes, lithography files and material formulas are among the most-targeted data in industrial cyberattacks, and exporting them to a shared cloud creates both a theft surface and an export-control exposure. That is why the cloud is barred from the floor. Mickai runs air-gapped yield optimisation and floor-level vision defect detection on hardware the customer owns, under keys they hold, so the blueprints and the production data never leave the building.

View the sector pack →
Network intelligence that never leaves the core

Telecommunications

Telecommunications operators sit on call detail records, subscriber location and signalling metadata, the most heavily regulated data class in the network. They want real-time fraud and anomaly detection across the routing layer, yet sending that traffic to a public cloud triggers UK GDPR and PECR exposure, NIS 2 obligations and Ofcom security duties, so the cloud route is effectively barred. Mickai runs the anomaly, fraud and analytics models on hardware the operator owns inside its own core, under keys the operator holds. No user metadata crosses the web, the data never leaves the building, and what happens in the server room stays in the server room.

View the sector pack →
Sovereign research intelligence that keeps the IP, and the dual-use risk, on campus.

Academic and University Research

Universities and research institutes want a frontier AI co-pilot that can read, synthesise and reason across restricted and export-controlled datasets without ever shipping that material to an unverifiable third-party location. Ethics boards and research-integrity offices increasingly bar dual-use, government-funded and commercially sensitive work from public cloud AI, because they cannot attest to where the data physically sits or who else can read it. Mickai installs the full stack on the institution's own GPU clusters, under keys the institution holds, so model inference and retrieval happen on campus and the data never leaves the building. The research IP, the funder's restricted material and the unpublished findings stay inside the estate, and no third party ever sees them.

View the sector pack →
Sift the whole talent pool without the raw records ever leaving your building.

Executive Search and HR

Executive-search firms and corporate HR teams hold the most sensitive records an organisation produces: unredacted references, current and target salaries, board evaluations and performance files. They want to map, rank and shortlist candidates across that raw material at speed, but UK GDPR rules on special-category and automated processing mean those files cannot be handed to a cloud model for sifting. Mickai runs the entire talent-intelligence pipeline on hardware the firm owns, under keys it holds, so candidate mapping happens against the real records on-premise. The data never leaves the building, which removes the cross-border-transfer and third-party-processing exposure vector; the firm keeps its own obligations to candidates and clients.

View the sector pack →
Athlete telemetry and tactics that never leave the training ground.

Elite Sport and Performance

Elite clubs and performance teams hold some of the most sensitive data in any organisation: continuous athlete biometrics, medical histories, and the tactical playbook that defines competitive edge. Cross-referencing that telemetry against match and training footage is exactly the analysis that delivers injury prevention and tactical advantage, yet biometrics are special-category data under UK GDPR Article 9 and the same telemetry sits behind strict player NDAs and image-rights agreements, so sending it to a cloud vendor is rarely defensible. Mickai brings the full analytics stack in-house onto hardware the club owns, under keys it holds, so the data never leaves the building. The cross-reference of biometrics and footage runs on the premises, independent of the internet and cloud vendors, which removes the third-party cloud-exposure vector while the club keeps its own obligations.

View the sector pack →
The client black book that never leaves the room.

Luxury, Private Aviation and VIP Concierge

Luxury concierge houses, private aviation operators and VIP services firms hold the most sensitive client files in commerce: the movements, preferences, relationships and whereabouts of ultra-high-net-worth principals. They want hyper-personal service at the standard their clients expect, delivered from a single trusted client record. The public cloud is barred because a UHNW black book is a blackmail and kidnap target the moment it sits on infrastructure a third party can reach, and one breach ends the firm's reputation. Mickai brings the whole clienteling, service and intelligence stack in-house onto hardware the firm owns, under keys it holds, so the client file runs independent of the internet and cloud vendors and no third party ever sees it.

View the sector pack →
Clienteling and collections held in the house, not the cloud.

Luxury Fashion

Luxury fashion houses sit on two assets that define the brand: the VIP black book of named private clients and the unreleased collection months before it walks. Both are multi-million-pound intellectual property, and both are routinely exposed the moment clienteling data and design files pass through shared cloud tooling and third-party processors. That exposure is why the cloud is barred for the most sensitive previews and the most valuable client records. Mickai brings the AI in-house onto hardware the house owns, under keys it holds, so bespoke previews and pre-launch designs are generated and shown without the data ever leaving the building, which removes the third-party cloud-exposure vector while physical and insider controls remain the house's own.

View the sector pack →
Tag every frame on premises, so no pixel ever leaves the studio.

Commercial Photography and Media Houses

Commercial photography studios and media houses sit on vast libraries of unedited RAW assets that carry recognisable faces, biometric detail and licensed material long before a single shot is cleared for release. They want instant cataloguing, search and rights tagging across that archive without shipping frames to a public cloud vision service, because those RAW files contain UK GDPR biometric data, copyright-bearing imagery and confidential model-release subjects that cannot be exposed to a third-party processor. Mickai runs the vision and metadata models on hardware the studio owns, under keys it holds, so tagging, filtering and asset triage happen entirely off-grid. The pixels stay on the studio's own drives, the catalogue is built in the building, and no third party ever sees the work.

View the sector pack →
Sovereign deal intelligence for the agencies that hold the industry's secrets.

Talent and Literary Agencies

Talent and literary agencies sit on the most coveted private information in entertainment: the celebrity black book, unreleased contracts, and the true financial terms behind every signing. They want to negotiate from data, comparing live offers against the full history of deals they have struck, without that history ever becoming an extortion target. The public cloud is a poor fit because a single leaked deal sheet or contact list is a career-ending breach and a confidentiality liability, and many agencies are reluctant to put their principals' personal data and contract terms on infrastructure a third party administers. Mickai brings the full contract-analytics and deal-intelligence stack in-house, onto hardware the agency owns under keys it holds, so the black book and the deal book stay inside the building and the third-party cloud-exposure vector is removed.

View the sector pack →
Your catalogue, indexed and searchable, with no master ever leaving the building.

Music Studios and Labels

Music studios and labels sit on unreleased masters, stems and lyric sheets worth millions, and a single leak can destroy a release window and the value of a recording. They want every track organised, searchable and instantly retrievable across a growing catalogue, but they cannot accept the exposure of pushing pre-release audio into a shared cloud where a third party holds the keys and the copies. Mickai brings the full AI catalogue stack in-house onto hardware the studio owns, under keys it holds, so indexing, tagging, rights metadata and asset search all run off-grid. The data never leaves the building, and no third party ever sees it.

View the sector pack →
Source protection that never leaves the newsroom.

Press and Investigative Journalism

Investigative desks and newsroom legal teams need to read across thousands of leaked documents, find the connection that breaks the story, and stand it up before publication. The cloud is barred for this work because uploading unredacted leak dumps to a third-party processor exposes confidential sources, hands a discoverable copy to a vendor, and can compromise privilege. Mickai brings every AI retrieval and analysis capability in-house onto hardware the newsroom owns, under keys it holds, air-gapped from the internet and cloud vendors. The documents never leave the building, no third party ever sees the source material, and what happens in the server room stays in the server room.

View the sector pack →
The IP lifecycle stays under lock and key, from script to final pixel.

Film, TV and VFX

Film, television and visual-effects studios sit on some of the most leak-sensitive intellectual property in any industry: unreleased scripts, casting tapes, pre-release footage and the VFX assets that define a tentpole release. They want modern AI to read scripts, sort dailies and analyse casting and reference material at scale, but every one of those assets is wrapped in multi-party NDAs that bar handing the content to a third-party cloud. Mickai brings script and vision-model analysis in-house, onto hardware the studio owns and under keys it holds, so the material never leaves the building. The data stays inside the perimeter, which removes the third-party cloud-exposure vector, and the studio keeps its own contractual and copyright obligations.

View the sector pack →
Safeguarding intelligence that never leaves the trust.

Multi-Academy Trusts (Primary and Secondary)

Multi-academy trusts hold some of the most sensitive records in the public sector: child data, safeguarding logs, attendance flags and pastoral notes spanning thousands of pupils across dozens of schools. Trusts want to spot vulnerable students earlier by joining these signals together, but UK GDPR Article 8 protections for children's data and statutory safeguarding duties make it unacceptable to send that material to a third-party cloud for processing. Mickai installs the full AI capability on hardware the trust owns, under keys the trust holds, so safeguarding analytics run air-gapped inside the trust's own estate. This removes the third-party cloud-exposure vector for child data, and the trust keeps its existing safeguarding and data-protection obligations intact.

View the sector pack →
Where the question paper never leaves the vault until test day.

Examination and Testing Boards

Examination and testing boards live and die by the secrecy of unreleased questions, mark schemes and rubrics; a single leak can void a whole sitting, trigger a regulator inquiry and destroy public trust. These institutions want to draft, balance and review large banks of exam variants at scale, yet sending unreleased items to a public cloud model puts the crown jewels on third-party infrastructure and exposes candidate data to cross-border transfer. That is exactly why the cloud is barred for item development. Mickai brings the full generation, balancing and review pipeline in-house, onto hardware the board owns under keys it holds, so questions are written and kept secret inside the building until release.

View the sector pack →
Special-needs records that never leave the setting

SEN and Alternative Provision

SEN and alternative-provision settings hold some of the most sensitive records in education: psychological assessments, diagnostic reports, therapy notes and the health detail that sits inside every education, health and care plan. Leaders want to automate the drafting, review and tracking of those plans and to build genuinely bespoke accommodations for each learner, but the underlying material is UK GDPR Article 9 special-category health data that should not be shipped to a public cloud or a third-party processor. Mickai puts every AI capability inside the setting, on hardware the setting owns and under keys it holds, so EHCP automation, case summarisation and accommodation planning all run locally. The data never leaves the building, and no third party ever sees it.

View the sector pack →
Ship native AI for schools without inheriting the data-processing-agreement fight.

EdTech and LMS Vendors

EdTech platforms and learning-management vendors want to ship AI features into schools, but every school client demands a data-processing agreement that bars sending child data to third-party cloud models. The cloud route stalls the roadmap: each new AI capability reopens DPA negotiation, sub-processor disclosure, and parental-consent questions under UK GDPR Article 8. Mickai white-labels the sovereign engine as an OEM build that runs inside the vendor's own data centre, on hardware the vendor owns under keys it holds, so pupil records are never sent to an external model provider. The vendor gains native AI features with a strong child-data privacy posture and removes the third-party-processor exposure that blocks the sale; the data-controller obligations to its schools remain the vendor's own.

View the sector pack →
Worked examples

Illustrative blueprints, built only from public information, showing how an organisation of each scale would deploy the sovereign stack. These are sector blueprints, not customer relationships: none of these companies is a Mickai customer, and none has any engagement or endorsement with Mickai.

Worked example, global banking

HSBC

This is an illustrative blueprint, built only from public information, for how a global bank of HSBC's scale could run the Mickai sovereign stack on its own infrastructure. It walks the Finance vertical pack across the bank: anti-money-laundering and transaction monitoring at scale, model-risk-registered underwriting and analytics, and board-level reporting, with every piece of transaction and customer data staying inside the bank's own perimeter. No firm named here is a Mickai customer. The point is to show the shape of a deployment, where the studios sit, and which regulatory obligations the architecture is designed to ease, not to claim any engagement.

Illustrative analysis, public information onlyView the worked example →
Worked example, Magic Circle law

Clifford Chance

An illustrative blueprint for how a global elite law firm of this scale could deploy the Mickai sovereign stack, built only from public information. It walks the Legal vertical pack across a Magic Circle practice: overnight M&A due diligence over thousands of pre-deal documents, privilege-aware drafting and e-discovery, and meeting capture, with privileged material kept on the firm's own substrate rather than crossing a third-party boundary. The work stays inside the firm's own environment. What happens in the data room stays in the data room.

Illustrative analysis, public information onlyView the worked example →
Worked example, defence prime

BAE Systems

This is an illustrative blueprint, not a customer story. It takes a defence prime of roughly this scale and walks the Mickai Defence vertical pack across it, using only public information. The thesis is simple. A prime handling classified airframe blueprints, CAD diagnostics, OT telemetry and tender documents cannot send any of that to a public cloud or a third-party AI vendor. The Mickai SIOS runs the analysis on-premises, inside the building, on hardware with the network cards disabled at the BIOS, so the data never leaves the building and no third party ever sees it. Everything below shows how such a prime could deploy the sovereign stack. None of it asserts that any named firm has done so.

Illustrative analysis, public information onlyView the worked example →
Worked example, elite sport

Manchester City

This is an illustrative blueprint for how a Premier League football club of this scale, operating inside a multi-club group, could deploy the Mickai sovereign stack. It is built only from public information and is not based on any contact with the club. The premise is simple. An elite club runs on data that is among the most sensitive and most valuable in professional sport: athlete biometrics, injury histories, tactical footage, and multi-million-pound player assets. Today much of that pattern of work depends on external sports-science platforms, video vendors, and cloud analytics. This page walks the elite-sport pack across the club and shows what changes when the cross-reference of biometrics against tactical footage, the injury and tactical modelling, and the commercial intelligence all run on hardware that sits inside the club's own training ground and stadium.

Illustrative analysis, public information onlyView the worked example →
Worked example, retail at scale

Tesco

This is an illustrative blueprint, built only from public information, for how a national grocer at the scale of the United Kingdom's largest supermarket could run the Mickai sovereign stack on its own estate. It walks the Retail vertical pack across the operations that define a grocer of this size: forecasting demand store by store, personalising a loyalty base of tens of millions from owned data, serving customers in many languages, and making consumer credit decisions that sit under FCA scrutiny. The premise throughout is that the regulated customer data is processed inside the estate. By keeping processing on owned infrastructure, the deployment removes the third-party cloud-exposure vector, while the customer keeps its own physical, insider and governance obligations. Tesco is a target sector here, not a customer.

Illustrative analysis, public information onlyView the worked example →