By Micky Irons, founder and CEO of Mickai.
Across public-sector procurement and regulated industry in 2026, a familiar reassurance is being tested. A buyer selects an EU region of a large cloud provider, ticks the residency box, and treats the matter as closed. The data sits in Frankfurt or Dublin, so surely it is European and surely it is safe. The location is real. The conclusion drawn from it is not.
The gap between those two things has a name in law. The United States CLOUD Act allows US authorities to compel a US-incorporated provider to produce data in its possession, custody or control, wherever in the world the bytes physically reside. An EU data centre operated by a company subject to that Act does not sit outside its reach. This is not an accusation against any single firm. It is the structural consequence of choosing a custodian who answers to a foreign court.
Residency answers where, sovereignty answers who
Data residency and data sovereignty are routinely spoken of as the same guarantee. They are not. Residency is a statement about geography: the storage hardware sits within a chosen border. Sovereignty is a statement about authority, meaning which legal systems can compel disclosure, alter access or override the operator's wishes.
A record can be perfectly resident and entirely un-sovereign. If the entity holding the encryption keys, the operational access and the obligation to comply is reachable by a foreign statute, the location of the disk is a detail. What matters is who can be served an order, and whether it can be enforced without the data owner being told.
This is why residency clauses are a weak proxy for control. They describe where a provider promises to keep things, not who can lawfully reach in.
How extraterritorial reach actually works
Under the CLOUD Act a qualifying provider can be compelled to hand over data it controls, and in defined circumstances that demand can arrive with a non-disclosure provision attached. The data owner may have no notice, no opportunity to object in advance, and no visibility that the disclosure happened at all.
European law has grappled with this collision directly. The invalidation of earlier transatlantic transfer frameworks, and the scrutiny that followed each replacement, turned on a single unresolved tension: European rights of access, redress and proportionality do not neatly bind a foreign intelligence or law-enforcement process. A European region does not dissolve that tension. It relocates the hardware while leaving the chain of legal control intact.
For a regulated operator, this is not an abstract civil-liberties debate. It is an operational exposure, touching obligations under GDPR, the operational-resilience duties of DORA in force since January 2025, the security-of-network duties of NIS2, and the governance expectations of ISO/IEC 42001. Each regime asks an operator to demonstrate control, and delegated custody under a foreign statute is difficult to demonstrate control of.
The layer that most sovereignty claims never reach
Encryption is where many sovereignty conversations stop, and it is where they should not. Encryption at rest and in transit is necessary but not sufficient. If the custodian of the keys is the same entity that can be compelled to disclose, encryption is a lock whose keyholder answers to another court.
The harder problem sits above storage, in the operating layer, meaning who can invoke a running system, who can read a working memory, who can approve an action, and whether any of that can be reconstructed by the data owner alone. A system that processes sensitive information in a foreign-controlled environment leaks meaning through its operation long before anyone touches the encrypted data at rest.
Sovereignty is not the place your data sleeps, it is whether anyone but you can be lawfully compelled to wake it.
What genuine jurisdictional control requires
If location is not the answer, control is, and control has to be built, not asserted. Mickai, our Sovereign Intelligence Operating System, was designed around a single premise: the operator should be able to prove, without trusting us or anyone else, that no external authority holds the keys to their intelligence.
That premise resolves into concrete mechanisms. Mickai runs offline on the operator's own hardware, so there is no foreign custodian to serve. Identity is hardware-attested, so an action is bound to a specific machine and holder rather than a remote account. Every action is written to a post-quantum signed audit chain, so the record is sealed, ordered and independently verifiable long after the event. Decisions of consequence pass through cross-model consensus, so no single compromised path can act unobserved.
The perimeter is deliberately asymmetric. A zero-egress inbound design means data can be brought in and worked on, but the system is not architected to phone home, to sync to a foreign region, or to expose an operational surface a distant subpoena could reach.
Why offline verifiability changes the compliance question
A regulator or an auditor does not want to be told a system is sovereign. They want to be shown. That distinction between claim and proof is the whole of the matter under the EU AI Act, whose high-risk obligations, once due to reach full application on 2 August 2026, now apply from 2 December 2027 following the Digital Omnibus deferral, and which places systems used in critical infrastructure, justice and essential services within its high-risk category. The proof requirements survive the move unchanged, so we read the later date as a build window and not a reprieve, and the sensible response is to build now.
Offline verifiability answers that demand directly. Because the audit chain is cryptographically sealed and held by the operator, an inspector can reconstruct exactly which model reasoned over which data, under whose attested identity, in what order, without depending on a foreign provider's logs. It is also how the failure modes catalogued in the OWASP work on AI risks, from unlogged actions to opaque data flows, become inspectable facts rather than unanswerable questions.
The architecture underpinning this sits within a body of work comprising 104 filed UK patent applications, approximately 2,340 claims, owned by Mickai LTD, all filed and patent pending. We note it not as a credential but to be clear the mechanisms described here are specific and documented, not marketing shorthand.
Reading a sovereignty claim before you sign
For a CISO, a regulator or a public-sector buyer, the practical task is to ask better questions of any offering that calls itself sovereign, and the right ones are not about geography.
- Who is legally capable of being compelled to disclose this data, and under which country's law?
- Who holds the encryption keys, and can that same party be served an order the data owner never sees?
- Can the operator reconstruct a complete, tamper-evident record of access and action without the provider's cooperation?
- Does the system depend on any outbound connection to a foreign-controlled environment to function?
- Can sovereignty be demonstrated to an auditor as evidence, rather than described in a contract as a promise?
An honest answer to those five questions tells a buyer more than any regional data-centre map. Where they point back to a custodian in another jurisdiction, the residency clause is a comfort, not a control.
Where this leaves the serious buyer
The regulatory direction of travel through 2026 is consistent, and it is unforgiving of ambiguity. DORA, NIS2, the AI Act and ISO/IEC 42001 all move away from asserted assurance and towards demonstrable control. A European region on a foreign-owned cloud satisfies the letter of a residency requirement while leaving the substance of the sovereignty question open.
The reasonable conclusion is neither alarm nor complacency. It is precision. Ask who can compel, not only where the data sits, and insist on evidence you can hold and verify yourself. Sovereignty that cannot survive that test was never sovereignty. It was geography wearing its name.
Written by Micky Irons. Originally published at https://mickai.co.uk/articles/the-cloud-act-problem-an-eu-region-is-not-the-same-as-out-of-reach. More from Micky Irons and Mickai at mickai.co.uk.





Top comments (0)