DEV Community

Cover image for ISO 42001 and Sovereign AI: Assured by Construction, Not by Paperwork
Micky Irons
Micky Irons

Posted on • Originally published at mickai.co.uk

ISO 42001 and Sovereign AI: Assured by Construction, Not by Paperwork

ISO 42001 and Sovereign AI: Assured by Construction, Not by Paperwork

By Micky Irons, founder and CEO of Mickai.

ISO 42001 is the first international standard for an artificial intelligence management system. It asks a demanding question of any organisation that builds or runs AI: can you show, with evidence, that your systems are governed, risk-assessed, monitored and accountable across their whole life. Most organisations reach for the same answer. They write policies, assemble a binder of controls, and hope the paperwork holds when an auditor, a regulator or an incident comes knocking.

We think that answer is fragile. Paperwork describes intentions. It does not stop a system from doing the wrong thing at three in the morning. At Mickai we have taken a different route. Our Sovereign Intelligence Operating System, a SIOS, treats ISO 42001 not as a documentation exercise but as a property of the machine. The controls the standard asks for are built into how every action is authorised, executed and recorded. Assurance becomes a consequence of the architecture, not a report written after the fact.

What ISO 42001 actually demands

ISO 42001, published as the International Organization for Standardization standard for AI management systems, is deliberately broad. It requires a defined scope, leadership accountability, risk and impact assessment, operational controls, monitoring, and continual improvement. It sits alongside the NIST AI Risk Management Framework (the National Institute of Standards and Technology AI RMF) and the EU AI Act, and it overlaps heavily with the obligations that sectoral rules such as DORA (the Digital Operational Resilience Act), the GDPR (General Data Protection Regulation) and HIPAA (the Health Insurance Portability and Accountability Act) already place on regulated firms.

The hard part is not writing the policy. The hard part is proving, continuously, that the live system behaves the way the policy says it should. An auditor does not want a promise that high-risk actions require human approval. They want to see that the system cannot execute a high-risk action without one, and they want the record to be impossible to backdate or quietly edit. That is a technical demand dressed as a governance requirement, and it is exactly where most AI deployments come undone.

A towering marble statue of the goddess of law holding balanced scales, lit by gold light on a black background

Themis weighs the demand behind the standard: not a promise of order but proof of it.

Safe by construction, not by attestation

An attestation is a claim that something is true. Safety by construction means the unsafe thing is not reachable in the first place. These are very different guarantees. A policy that says an agent must not move funds without dual approval is an attestation. A system in which the fund-moving action physically will not run until two revocable brains and a voice-biometric approval have signed for it is safe by construction. The second needs no trust in the honesty or diligence of whoever wrote the document.

We build for the second case. In our SIOS, the management-system controls that ISO 42001 enumerates are wired into the execution path. Risk classification is not a spreadsheet a manager fills in once a year. It is a property attached to every operation, evaluated before the operation is allowed to proceed. When the standard asks whether high-impact decisions are controlled, the honest and demonstrable answer is that the control is the gate through which the decision must pass.

A massive marble statue of the smith god at an anvil with gold sparks rising against a black background

Hephaestus builds safety into the metal itself, so it holds without anyone having to promise it will.

The Operation Attestation Record

At the centre of this sits the Operation Attestation Record, our OAR. Before any action executes, whether a brain drafts a filing, moves a record or calls an external system, the SIOS produces a signed attestation describing what is about to happen, which brain proposed it, what data it touches and which policy governs it. The action does not run until that record is signed. The record is created before execution, not after, so there is no window in which the machine acts and the log catches up later.

Each OAR is signed with a post-quantum signature, FIPS 204 ML-DSA-65, and hash-linked into a SHA-3-512 chain so that every record depends cryptographically on the one before it. You cannot alter an earlier action without breaking every link that follows. This is what turns a log file into evidence. When ISO 42001 asks for records of operational control and traceability, we do not present a database an administrator could edit. We present a tamper-evident, cryptographically-signed audit ledger that can be verified offline, on the customer's own hardware, without trusting us at all.

Governance the standard can read directly

ISO 42001 places heavy weight on roles, responsibilities and the ability to intervene. Our brains, the specialised subsystems that do the work, are individually revocable. A brain's authority can be narrowed or withdrawn without taking the whole system down, and every change of authority is itself an attested, logged event. High-stakes operations require multi-brain agreement plus voice-biometric approval, so a single compromised component or a single careless operator cannot push a consequential action through alone.

A grand marble statue of the goddess of memory holding an unbroken chain, lit in gold on a black background

Mnemosyne keeps the record whole: break one link and every link after it shows the wound.

Because all of this is signed and chained, the management system is not something a compliance team reconstructs from interviews and screenshots at audit time. It is legible in the ledger. An assessor can trace a decision from the moment it was proposed, through the policy that governed it and the approvals it required, to the action that resulted, and confirm that nothing in that chain was altered. The evidence the standard wants becomes a query, not a project.

Sovereignty is what makes the assurance real

None of this holds if your data and your logs live somewhere you do not control. That is why the sovereign part matters. Our SIOS runs on hardware the customer owns, air-gapped or on-premise, with zero data egress. The audit ledger is the customer's. The keys are the customer's. Verification does not depend on a vendor portal that could change, lapse or be subpoenaed. For a bank under Basel and MiFID II (the Markets in Financial Instruments Directive), a hospital under HIPAA, or a defence supplier under ITAR (the International Traffic in Arms Regulations), that boundary is not a preference. It is the line the public cloud is not built to cross on the customer's own terms.

A colossal marble statue of the hearth goddess guarding a small flame in her hands, lit in gold on a black background

Hestia keeps the fire within the customer's own walls, where the keys and the ledger stay.

This is where we sit alongside the cloud giants rather than against them. OpenAI, Microsoft, AWS, Google and Oracle operate a different layer and serve it superbly. We serve the regulated boundary that layer is not built to occupy: the workloads that must stay inside the customer's walls, prove their own behaviour and survive an audit years later. The capabilities behind this, the attestation record, the post-quantum signing, the offline-verifiable chain and the revocable multi-brain approval, are described across our 104 filed UK patent applications, comprising about 2,340 claims and owned by Mickai LTD.

The bottom line

ISO 42001 is a good standard, and it deserves a better answer than a binder. An AI management system should be assured because of how it is built, not because someone wrote down that it is safe. When every action is signed before it runs, every decision is chained into a ledger no one can quietly rewrite, and every high-stakes step demands more than one authority, conformance stops being an annual scramble and becomes the ordinary state of the machine. That is the standard we hold ourselves to, and it is the standard we think regulated AI should be held to everywhere.


Written by Micky Irons. Originally published at https://mickai.co.uk/articles/iso-42001-and-sovereign-ai. More from Micky Irons and Mickai at mickai.co.uk.

Top comments (0)