DEV Community

Cover image for The Forty Billion Dollar Market the Public Cloud Cannot Lawfully Reach
Micky Irons
Micky Irons

Posted on • Originally published at mickai.co.uk

The Forty Billion Dollar Market the Public Cloud Cannot Lawfully Reach

The Forty Billion Dollar Market the Public Cloud Cannot Lawfully Reach

By Micky Irons, founder of Mickai.

The regulated market the public cloud cannot lawfully reach

Mickai is a sovereign intelligence operating system that regulated businesses own and run inside their own walls. We built it, and it is live today. It runs entirely on the customer's own hardware, on premises and air gapped, with zero data egress and no public cloud round trip. That single design decision is the reason a whole tier of the economy can finally deploy AI at all, and it is the reason the sovereign AI market is one of the clearest structural opportunities in enterprise technology.

The sovereign AI market sits at roughly USD 40 billion in 2025 and is projected to rise to about USD 148 billion by 2032. That growth is not driven by fashion. It is driven by law. Around 0.85 million UK businesses, about 15 percent of the total, and roughly 5 million across the EU, legally cannot send their data to public cloud AI. The constraint is not preference or caution. It is statute, regulation and contractual duty, and it does not relax when a vendor promises better encryption in transit.

The Forty Billion Dollar Market the Public Cloud Cannot Lawfully Reach

Why the constraint is permanent

We designed Mickai for the firms that regulators have effectively fenced off from the public cloud. The fence is built from named, durable rules. The PRA's model-risk expectations under SS1/23 require firms to evidence control over the models that touch material decisions. UK GDPR imposes special obligations on special category data. The NHS Data Security and Protection Toolkit governs what can happen to patient information and where. The EU AI Act places high-risk systems under obligations that a shared, opaque cloud struggles to satisfy. ITAR and EAR restrict defence and dual-use technical data. The NIS Regulations harden operators of essential services. The US CLOUD Act means that data resident with a US-linked provider can be reached by US legal process regardless of where the servers physically sit.

Taken together, these are not temporary frictions that a bigger data centre will remove. They are the operating reality of banking, insurance, healthcare, defence and critical infrastructure. We treat that reality as the specification, not the obstacle. A regulated buyer does not need to be persuaded that sovereignty matters. They need a system that delivers it without asking them to compromise on capability, and that is what we run.

The Forty Billion Dollar Market the Public Cloud Cannot Lawfully Reach

What we actually run

We run about fifty specialist models, 25 domain and 25 operational, with cross-model routing under a deterministic arbiter, so that outputs are reproducible rather than probabilistic guesses that change on every run. Reproducibility is not a nicety for a regulated firm. It is the difference between a decision you can defend to a supervisor and one you cannot. Our models stay inside the customer's estate throughout. Nothing about a query, a document or a decision leaves the walls.

On top of the models we run studios, each named from the Greek and each doing serious work. Nemesis handles fraud and AML. Plutus covers finance and FP&A. Tyche runs underwriting. Prometheus does forecasting. Iris handles customer service. Nomos covers compliance, Astraea covers legal, Panacea covers clinical work, Pythia covers business intelligence and Aletheia covers audit. Vinis provides voice. The Agentic Marketing Team, AMT, runs marketing operations. Trust Agent is the perimeter that guards the whole estate, and we offer OAR-as-a-Service for organisations that want the audit substrate on its own terms.

The Forty Billion Dollar Market the Public Cloud Cannot Lawfully Reach

The audit record a supervisor can verify without trusting us

Every consequential action inside Mickai is written to the Open Audit Record, the OAR. Each action is signed under post-quantum cryptography (FIPS 204 ML-DSA-65, with ML-KEM-768) and hash-chained into a tamper-evident, append-only ledger. Anyone can verify that ledger offline, for decades, without trusting the vendor and without a live connection to us. This is the point most AI narratives skip. A regulated firm cannot run its obligations on a system whose behaviour it must take on faith. We built the OAR so that the evidence stands on its own cryptography, not on our word.

For fielded deployments we extend that assurance across units through Pantheon, a post-quantum Layer 1 currently on testnet, which gives multi-node attestation across fielded units with no central server. Each node can attest to the others without routing trust through a headquarters that could be compromised, subpoenaed or simply switched off.

The moat is filed, and it is deliberate

We hold 104 filed UK patent applications, comprising roughly 2,340 claims across 13 invention families, owned by Mickai LTD, with named inventor Mickarle Sean Junior Wagstaff-Irons. These are filed, not granted. Filing is the point that matters here, because filing establishes priority and builds a prior-art moat around the specific architecture that makes sovereign, verifiable, on-premises AI work at scale. We are Mickai LTD, a UK company, Companies House number 17166618, with Birmingham manufacturing secured. Micky Irons is our founder and CEO.

The dual-buyer thesis

Our commercial thesis has two sides that reinforce each other. First, we sell sovereign AI directly to the regulated firms that the public cloud cannot lawfully reach, the 0.85 million UK businesses and 5 million across the EU that are fenced off by the rules above. Second, we license the patented stack to the platforms that want to reach those same firms and currently cannot.

Our internal analysis maps 196 companies and 311 patent-company pairs as potential licensees, including names such as Microsoft, AWS, NVIDIA, Google, Adobe and IBM. We are clear about what that is and is not. It is potential-licensee sizing, a map of where the architecture is relevant. It is not a signed book of business, and it is not an infringement claim against anyone. We are an ally to the AI majors, not an OpenAI killer. A platform that adds a sovereign layer of this kind instantly becomes able to serve a regulated market it cannot serve today, and the economics of that reach are considerable. We build the layer. The majors keep the customers they already have and gain the ones they cannot currently touch.

Why this is the moment

The regulatory pressure is tightening, not easing. The EU AI Act is phasing in. Model-risk supervision is maturing. Post-quantum requirements are moving from research into procurement language. Every one of those shifts widens the gap between what regulated firms are required to do and what a public cloud can lawfully offer them. We built Mickai to sit precisely in that gap, and we run it in production today rather than describing it as a future capability.

The market is large, the constraint is legal and durable, the architecture is filed and the product is live inside customer walls. Our pre-seed round is opening soon, and we welcome inquiries from interested partners by email at micky@mickai.co.uk or on LinkedIn. Whether you are a regulated firm that needs AI it can lawfully run, or a platform that wants to reach the market it cannot serve today, the sovereign layer is built, and it is running now.

Does Mickai really run without any cloud connection?

Yes. We run entirely on the customer's own hardware, on premises and air gapped, with zero data egress and no public cloud round trip. Queries, documents and decisions stay inside the customer's walls, which is what allows regulated firms to deploy AI within their legal obligations.

What does it mean that the patents are filed rather than granted?

We hold 104 filed UK patent applications, roughly 2,340 claims across 13 invention families. Filing establishes priority and creates a prior-art moat around the architecture. We describe them as filed, never granted, because that is the accurate legal status and it is the status that matters for priority.

How can a regulator trust the audit trail if they cannot trust the vendor?

They do not have to trust us. The Open Audit Record signs every consequential action under post-quantum cryptography and hash-chains it into an append-only ledger that anyone can verify offline, for decades. The evidence rests on cryptography rather than on our assurances.

Written by Micky Irons, founder of Mickai. Originally published at https://mickai.co.uk/articles/forty-billion-regulated-ai-market. More from Mickai at mickai.co.uk.

Top comments (0)