MICKAI
Worked example · Worked example, retail at scale

Tesco

This is an illustrative blueprint, built only from public information, for how a national grocer at the scale of the United Kingdom's largest supermarket could run the Mickai sovereign stack on its own estate. It walks the Retail vertical pack across the operations that define a grocer of this size: forecasting demand store by store, personalising a loyalty base of tens of millions from owned data, serving customers in many languages, and making consumer credit decisions that sit under FCA scrutiny. The premise throughout is that the regulated customer data is processed inside the estate. By keeping processing on owned infrastructure, the deployment removes the third-party cloud-exposure vector, while the customer keeps its own physical, insider and governance obligations. Tesco is a target sector here, not a customer.

Illustrative analysis · public information only

This page is an illustrative analysis built only from public information. Tesco is not a Mickai customer and has no relationship, engagement, trial, or endorsement with Mickai. Nothing here implies that Tesco uses, has trialled, or has engaged the Mickai SIOS. It is a sector blueprint showing how a national grocer of this scale could deploy the sovereign stack.

Tesco is publicly reported as the United Kingdom's largest grocer. Published and approximate figures put group revenue at around sixty-eight billion pounds, with over 300,000 colleagues and a Clubcard base in the tens of millions. These are public, rounded reference points used to size the blueprint, not internal numbers, and the real operation will differ in detail.

The sovereign advantages

Five advantages hold across every sector, and they are architectural, not promotional. The third-party cloud-exposure vector is removed; your own physical, insider, and compliance controls remain yours.

Zero-trust data privacy

The data never leaves your hardware, so no third party and no cloud-provider employee ever sees it. What happens in the server room stays in the server room.

No vendor lock-in or outage exposure

You own the compute and the capability, so the system runs independent of the internet and of any cloud vendor's pricing, terms, or availability.

Data residency by default

The data never crosses a geographical or digital border because it never leaves the building, which removes the cross-border-transfer and third-party-processing friction of UK GDPR, Schrems II, and the sector rules. You keep your own obligations.

Proprietary advantage stays private

Fine-tune and run retrieval on your deepest archives to build a hyper-customised co-pilot, with no risk of your proprietary edge training a public model or leaking.

Predictable total cost of ownership

After the hardware and licence, queries cost essentially electricity. A capital asset you own and depreciate, instead of volatile per-token cloud bills.

The zero-espionage trust vault

There is no third-party cloud path, so no competitor and no vendor insider can scrape, intercept, or subpoena your prompts or your fine-tuned weights from the internet. The trust vault is closed by architecture.

Immunity to regulatory drift

You own the software snapshot on your own hardware, so a change to a cloud vendor's terms, a model deprecation, or an outage cannot reach you. The system stays predictable and auditable on-premise as the rules evolve.

The regulatory wedge

The specific rules that bar mainstream cloud AI from this sector's regulated data. Each one demands a named, auditable perimeter the operator controls, which a shared multi-tenant cloud cannot give.

UK GDPR Article 5(1)(f): the integrity and confidentiality principle. Running models on owned infrastructure means regulated Clubcard and customer data is processed inside the estate, which removes the third-party cloud-exposure vector. Physical and insider controls remain the buyer's own.
UK GDPR Article 32: security of processing. A sovereign on-premise deployment removes the cross-border-transfer and third-party-processing friction and keeps appropriate technical measures under the buyer's direct control. The customer keeps its own obligations.
PCI-DSS: payment-card data handling. Keeping card-linked decisioning and analytics on the estate, rather than shipping it to an external processor, reduces the surface where cardholder data is exposed to outside parties.
FCA SYSC: senior management arrangements, systems and controls. Decision logic for credit and other regulated activity stays auditable and on-premise, supporting the firm's own governance and record-keeping duties.
FCA Consumer Duty: the requirement to deliver good outcomes for retail customers. Sealed, explainable flexpay credit decisions keep the evidence of fair treatment inside the firm and available to its own reviewers and the regulator.
The lead studios

The enterprise studios that lead in this sector, drawn from the eighteen that sit on the one sovereign substrate. Each runs on hardware the organisation owns, under one set of operator-held keys, writing to one Open Audit Record.

Prometheus

Demand Forecasting

Demand Forecasting. Generates per-store, per-line forecasts across a very large estate so ordering, replenishment and waste reduction are tuned to local demand rather than a single national average, with the underlying sales data staying on-premise.

Xenia

CRM

CRM. Drives Clubcard personalisation from the grocer's own first-party data. Offers, segments and journeys are built on owned data that stays inside the estate, so personalisation does not depend on shipping customer profiles to an outside platform.

Iris

Customer Service

Customer Service. Handles multilingual contact across stores, online and delivery in the languages the customer base actually speaks, resolving queries and complaints while keeping conversation content and personal data inside the estate.

Nomos

Compliance and Regulator Mode

Compliance and Regulator Mode. Wraps the flexpay credit decisions so each one is sealed, explainable and evidenced for FCA Consumer Duty and SYSC, giving the firm and the regulator a record without exposing customer data to a third party.

Triton

After-Sales and Field Service

After-Sales and Field Service. Coordinates returns, refunds, deliveries that go wrong and in-home and in-store service follow-up, closing the loop after the sale while keeping order and customer detail on the estate.

See all eighteen on the sovereign services catalogue.

The illustration of scale

To illustrate the scale qualitatively rather than quantitatively: a grocer of this size runs thousands of stores and an online and delivery operation on top, each location with its own local demand pattern, weather sensitivity and shopper mix. Multiply a small per-store forecasting and waste-reduction gain across thousands of sites and millions of weekly baskets and the aggregate is large. Layer on a loyalty base in the tens of millions, where even a modest lift in personalisation relevance compounds across a vast number of customer touches, and a service operation fielding very high contact volumes in many languages. The opportunity is not one big win but a very large number of small, repeatable decisions, every one of which can be made on the estate with the regulated customer data processed inside the building.

The outcome

Money won, money saved, risk removed, on hardware you own.

A buyer evaluating this pack would see a sovereign stack that runs independent of the internet and cloud vendors, sitting on its own infrastructure. They would see per-store demand forecasts feeding ordering and waste reduction; Clubcard personalisation built on owned first-party data; multilingual customer service that keeps conversation content inside the estate; and flexpay credit decisions that arrive sealed and explainable, with the evidence pack ready for FCA Consumer Duty and SYSC review. The defining property across all of it is data locality: regulated customer and card data stays on the estate. The stack removes the third-party cloud-exposure vector, and the firm's own physical, insider and governance controls remain its responsibility.

Lawful B2B engagement

Map the sovereign stack to your organisation estate.

Briefings are for organisations weighing a sovereign, on-premises deployment. Tell us about your estate and we will walk the pack, the regulatory crosswalk, and the deployment that fits your estate.

Note: This page is an illustrative analysis built only from public information. Tesco is not a Mickai customer and has no relationship, engagement, trial, or endorsement with Mickai. Nothing here implies that Tesco uses, has trialled, or has engaged the Mickai SIOS. It is a sector blueprint showing how a national grocer of this scale could deploy the sovereign stack.

Other sectors
Retail with customer-data depth
Retail
Law firms and legal-ops
Legal
Banking, insurance, and financial services
Finance
NHS Trusts and private healthcare
Health
Defence and government
Public Sector
Generational discretion and an uncompromised deal edge, on hardware you own.
VCs and Family Offices
Multi-generational wealth, processed entirely inside your own walls.
Private Banking and Wealth
The ledger never leaves the firm.
Accounting, Tax and Audit
Price the risk without surrendering the risk profile.
Insurance and Actuarial
Sovereign discovery infrastructure for assets too valuable to leave the building.
Pharma, Biotech and Pre-patent IP
Quality auditing of device and calibration data that never leaves the building.
Medical Devices
Bunker-grade AI for work that can never touch the public cloud.
Defence, Aerospace and Dual-Use
Off-grid intelligence for the systems a nation cannot afford to lose.
Critical Infrastructure, Maritime and Energy
Your process is your moat. Keep it inside the factory walls.
Heavy Industry, Manufacturing and Semiconductors
Network intelligence that never leaves the core
Telecommunications
Sovereign research intelligence that keeps the IP, and the dual-use risk, on campus.
Academic and University Research
Sift the whole talent pool without the raw records ever leaving your building.
Executive Search and HR
Athlete telemetry and tactics that never leave the training ground.
Elite Sport and Performance
The client black book that never leaves the room.
Luxury, Private Aviation and VIP Concierge
Clienteling and collections held in the house, not the cloud.
Luxury Fashion
Tag every frame on premises, so no pixel ever leaves the studio.
Commercial Photography and Media Houses
Sovereign deal intelligence for the agencies that hold the industry's secrets.
Talent and Literary Agencies
Your catalogue, indexed and searchable, with no master ever leaving the building.
Music Studios and Labels
Source protection that never leaves the newsroom.
Press and Investigative Journalism
The IP lifecycle stays under lock and key, from script to final pixel.
Film, TV and VFX
Safeguarding intelligence that never leaves the trust.
Multi-Academy Trusts (Primary and Secondary)
Where the question paper never leaves the vault until test day.
Examination and Testing Boards
Special-needs records that never leave the setting
SEN and Alternative Provision
Ship native AI for schools without inheriting the data-processing-agreement fight.
EdTech and LMS Vendors