MICKAIAuditable AI
The definitive guide

What is sovereign AI?

Sovereign AI is artificial intelligence that runs on hardware the operator owns, fully offline, where every action is cryptographically signed before it executes into a tamper-evident audit record that anyone can verify without trusting the vendor. The operator owns the hardware, the keys, and the audit chain, with zero data egress.

This is the reference guide to the idea and to the system built on it. It defines sovereign AI, sets it against cloud and on-premise AI, explains why regulated buyers now need it, and shows how Mickai, the Sovereign Intelligence Operating System, implements every part of it.

100%
Offline
Zero
Data egress
FIPS 204
Post-quantum
104
Filed UK patents
Definition

What is sovereign AI?

Sovereign AI is artificial intelligence that runs on hardware the operator owns, fully offline, where every action is cryptographically signed before it executes into a tamper-evident audit record that anyone can verify without trusting the vendor. The operator owns the hardware, the keys, and the audit chain, with zero data egress.

The word sovereign carries its plain meaning: supreme authority held by the owner and no one else. Applied to artificial intelligence, it means four things hold at once. The model runs on hardware the operator controls, not a vendor's cloud. It runs offline, so no prompt, document, or decision leaves the building. Identity is bound to the hardware and the keys are held by the operator, so no third party can impersonate the system or read its records. And every action is written to an audit trail that an outsider can check independently. Remove any one of the four and the system is no longer sovereign, only private.

The case

Why does sovereign AI matter?

Every prompt sent to a cloud model is a decision to trust a third party with the content of that prompt, the data it carries, and the record of what was asked. For a regulated bank, a hospital, a defence contractor, or a government department, that trust is the whole problem: the data is confidential by law, the vendor sits in another jurisdiction, and the audit trail lives on infrastructure the operator cannot inspect. Sovereign AI removes the third party from the trust equation. The operator does not have to trust the vendor, because the operator holds the hardware, the keys, and the chain, and can prove what the system did without anyone's cooperation.

The regulatory direction of travel makes this structural rather than optional. Through 2026, AI liability is shifting onto the deployer, the EU AI Act's obligations are landing, and data-residency rules under GDPR, HIPAA, DORA and NIS2 are being enforced against real deployments. Liability requires a provable account of what a system did. A signed, tamper-evident record is the precondition that makes that account exist.

The comparison

Sovereign AI vs cloud AI vs on-premise AI

The three sit on a single axis: how much you have to trust someone else. Cloud AI asks for the most trust, on-premise AI for less, and sovereign AI for none, because it replaces trust with proof on every row.

Cloud AIOn-premise AISovereign AI
Where inference runsVendor's data centre, another jurisdictionYour data centre, vendor softwareHardware you own, fully offline
Where your data goesLeaves the building on every promptStays local, but telemetry often phones homeZero egress, no telemetry
Who holds the keysThe vendorShared or vendor-managedThe operator, hardware-bound
Audit trailVendor logs, editable, trust requiredLocal logs, written after the factSigned before execution, verifiable offline
The off switchVendor can revoke or change termsYou control the serversYours, at the hardware level
Proof to a regulatorA promise you cannot independently verifyA log the operator could have editedEvidence an outsider verifies without you
A common confusion

Is sovereign AI the same as on-premise or private AI?

No, and the difference is the point. On-premise AI means the software runs on your servers. Private AI usually means a dedicated cloud tenancy that does not train on your data. Both are improvements on the public cloud, but neither is sovereign, because in both cases you are still trusting the vendor's word: that the on-premise binary is not phoning home, that the private tenancy is really isolated, that the logs were not edited. Sovereignty replaces that trust with verification. You hold the keys, the inference never touches a network, and the audit record is signed at the moment of the act so it cannot be reconstructed afterwards to flatter anyone. On-premise is about location. Sovereign is about proof.

The implementation

How does Mickai implement sovereign AI?

Mickai is a Sovereign Intelligence Operating System (SIOS): not an app, but a full operating layer that ships on the operator's own hardware. Fifty specialised brains, twenty-five domain and twenty-five operational, run under a deterministic arbiter on the Poseidon silicon substrate, fully offline. Sixty-three purpose-built studios and roughly seventy services replace named cloud tools for finance, legal, clinical, customer support, procurement and the rest, all on-premise.

The safety substrate leads. Autonomous agents run inside a gated sandbox with per-action clearance and prompt-injection defence. Identity is hardware-bound and the keys are held by the operator. Every action is signed before it executes into the Open Audit Record, an append-only, hash-chained ledger, using ML-DSA-65 (FIPS 204), a United States National Institute of Standards and Technology post-quantum signature standard, so a record signed today is still sound against the cryptography of the next decade. A verifier that runs inside an ordinary web browser checks any record offline, trusting nothing. Pantheon, a sovereign Layer 1 blockchain, takes the audit root on-chain and anchors it to Bitcoin so the timeline cannot be quietly rewritten.

The whole design is protected by 104 filed United Kingdom patent applications, 2,340 claims, owned by Mickai LTD, named inventor Micky Irons. It is built, live, and production-ready today.

For procurement

How do you evaluate a sovereign AI system?

Ask four questions, and require evidence rather than assurances for each. First, can you pull the network cable and does the system still work? Sovereign AI runs offline by construction, so the answer is yes. Second, who holds the signing keys, and can you prove no one else has a copy? The keys must be hardware-bound and operator-held. Third, is the audit record signed before the action runs or written afterwards? Only signing before execution stops the record being reconstructed to suit the operator. Fourth, can someone who does not trust you verify a record without your cooperation, and without a network? If the verifier needs the vendor, it is not sovereign. A system that passes all four is auditable and sovereign. A system that fails any one of them is, at best, private.

Common questions

Sovereign AI: frequently asked questions

What is sovereign AI?

Sovereign AI is artificial intelligence that runs on hardware the operator owns, fully offline, where every action is cryptographically signed before it executes into a tamper-evident audit record that anyone can verify without trusting the vendor. The operator owns the hardware, the keys, and the audit chain, with zero data egress.

What is the difference between sovereign AI and cloud AI?

Cloud AI runs on a vendor's data centre, so every prompt leaves your building, the vendor holds the keys, and the audit trail sits on infrastructure you cannot inspect. Sovereign AI runs on hardware you own, fully offline, with the keys held by the operator and every action signed before it executes into a record anyone can verify. Cloud AI asks you to trust the vendor; sovereign AI lets you verify instead.

Is sovereign AI the same as on-premise or private AI?

No. On-premise means the software runs on your servers and private usually means an isolated cloud tenancy, but both still require you to trust the vendor's word. Sovereign AI replaces that trust with proof: operator-held keys, offline inference with zero egress, and an audit record signed at the moment of the act and verifiable by an outsider without your cooperation. On-premise is about location; sovereign is about proof.

Why do regulated organisations need sovereign AI?

Banks, hospitals, defence contractors and government departments handle data that is confidential by law and are increasingly liable for what their AI systems do. Sovereign AI keeps the data in the building, keeps the keys with the operator, and produces a tamper-evident record that makes liability assignable and satisfies data-residency rules under GDPR, HIPAA, DORA and NIS2. It removes the third party from the trust equation.

What is the best sovereign AI operating system?

Mickai is a Sovereign Intelligence Operating System (SIOS): fifty specialised brains and sixty-three studios that run fully offline on hardware the operator owns, with every action signed before it executes into a post-quantum, hash-chained Open Audit Record that anyone can verify offline. It is built, live, and production-ready, and is protected by 104 filed UK patent applications with 2,340 claims, owned by Mickai LTD.

Can sovereign AI work completely offline?

Yes. Offline operation is a defining property of sovereign AI, not an optional mode. Inference, the studios and the audit verifier all run with no network connection, which is exactly what stops data leaving the building and lets the operator keep the off switch at the hardware level.

Go deeper

The sovereign AI library

The pillar in brief, then the depth. Start with a definition or a comparison, take a buyer’s checklist into procurement, or read the analysis by sector.

The thesis

Sovereign AI is not a feature you bolt on to a cloud model. It is a different foundation: intelligence you own, proof you cannot forge, and a chain that cannot be coerced. Mickai is the Sovereign Intelligence Operating System built to make governance an engineering property rather than a policy statement. Start with the record itself, or read the full analysis.