DEV Community

Cover image for The NIST AI Risk Management Framework, Sovereign
Micky Irons
Micky Irons

Posted on • Originally published at mickai.co.uk

The NIST AI Risk Management Framework, Sovereign

The NIST AI Risk Management Framework, Sovereign

By Micky Irons, founder and CEO of Mickai.

The NIST AI Risk Management Framework, published by the United States National Institute of Standards and Technology, has become the quiet backbone of responsible AI governance. Its four functions, Govern, Map, Measure and Manage, give regulated organisations a shared language for trustworthy systems. Yet a framework only earns its keep when the evidence behind it is real, retained and impossible to quietly rewrite after the fact.

That is the gap we built Mickai to close. Most teams run the NIST AI RMF on infrastructure they do not control, producing screenshots and spreadsheets that prove intent rather than fact. We treat every function of the framework as an operation that must be signed before it happens, on hardware the customer owns, with a tamper-evident ledger that answers the only question an auditor really asks: can you prove it.

Why the framework needs a sovereign substrate

The NIST AI RMF is deliberately voluntary and outcome-focused. It tells you what trustworthy looks like: valid and reliable, safe, secure and resilient, accountable and transparent, explainable, privacy-enhanced and fair. What it cannot do is guarantee the integrity of your answers. If your risk register lives in a cloud tenancy you share with a vendor, your evidence is only as trustworthy as their access controls and your own after-the-fact discipline.

Mickai is a Sovereign Intelligence Operating System, a SIOS. It runs air-gapped or on-premise on hardware the customer owns, with zero data egress. That matters for the framework because the four functions stop being a paper exercise and become live subsystems. When Govern sets a policy, Map records a risk, Measure runs a test or Manage retires a model, the SIOS captures the act itself, cryptographically, at the moment it occurs. The framework describes the destination. The sovereign substrate is how you arrive with proof.

Govern: policy that signs itself

Govern is the function everyone underestimates. It is the culture, roles and accountability that make the other three functions meaningful. In Mickai, governance is not a wiki page. Every policy, every role assignment and every risk-tolerance threshold is enforced by revocable brains, the domain intelligences that carry out work inside the system, each bound to what it is permitted to do.

A towering marble statue of the goddess Themis holding scales, lit by gold light against a black void

Like Themis holding the scales, governance is only trustworthy when no single hand can tip the balance.

High-stakes governance actions, such as changing an approval threshold or authorising a model into production, require multi-brain plus voice-biometric approval. No single operator can unilaterally weaken a control. Because the SIOS runs on the customer's own iron, the governance layer cannot be reached by an outside administrator, a shared-tenancy misconfiguration or an insider on someone else's payroll. Accountability, the word NIST uses most, becomes a property of the machine rather than a promise in a slide.

Map: risk context that cannot be quietly edited

The Map function is about establishing context: who is affected, what could go wrong, where the system's limits lie. This is where most governance programmes decay, because the map drifts out of date and nobody can say when a given risk was identified or by whom. We anchor every Map entry to an Operation Attestation Record, an OAR, that signs the action before it executes.

An OAR captures who acted, what changed, which brain was involved and the exact state of the system at that instant, then commits it to a SHA-3-512 hash-linked chain. Each record is chained to the one before, so the risk map becomes a tamper-evident history, not a mutable document. If a regulator under the EU Artificial Intelligence Act (EU AI Act) or a Digital Operational Resilience Act (DORA) supervisor asks when you first understood a risk to a high-impact system, the answer is a signed record with a verifiable timestamp, not a recollection.

A colossal marble statue of Mnemosyne gazing back over her shoulder, gold light on marble against black

Mnemosyne, memory herself, keeps the record no one can quietly rewrite.

Measure: signed evidence, not screenshots

Measure is the analytic heart of the framework: testing, evaluating and monitoring the system against the trustworthiness characteristics. Bias assessments, robustness tests, drift monitoring and red-team exercises all live here. The recurring failure is that the results of these tests are captured as artefacts that can be regenerated, cropped or lost. A screenshot proves that a chart once existed, nothing more.

In Mickai, every measurement is an operation, so every measurement produces its own signed attestation. The output of a fairness test, the score from a robustness evaluation, the moment a drift threshold was breached, each is written to the audit ledger with a post-quantum signature. We use FIPS 204 ML-DSA-65, the standardised Module-Lattice Digital Signature Algorithm, so the evidence remains verifiable even against a future adversary with a quantum computer. The measurement and the proof of the measurement are the same event, which is a capability our 104 filed UK patent applications, carrying about 2,340 claims and owned by Mickai LTD, describe in detail.

Manage: acting on risk with a chain of custody

Manage is where the framework turns knowledge into action: prioritising risks, applying mitigations, responding to incidents and, when necessary, retiring a system. These are precisely the actions a regulator, an auditor or a board will scrutinise after something goes wrong. Under the framework, a decision to accept a residual risk must be traceable to the person and the rationale behind it.

Because the SIOS signs actions before they execute, the entire management lifecycle carries a chain of custody. When a brain is revoked, when a mitigation is deployed, when a model is rolled back, the OAR records the decision, the approvers and the pre-existing state. Offline verification means an examiner can validate the whole chain on an isolated machine, with no call home to Mickai and no dependence on a live service. The evidence outlives the system that produced it, which is exactly what accountability under audit demands.

A colossal marble statue of Hephaestus at a forge, gold sparks and light against a black void

Hephaestus tests every joint at the forge, because a measurement only counts when it is proven.

How this satisfies the wider regulatory map

The NIST AI RMF was never meant to stand alone. It maps naturally onto ISO 42001, the AI management-system standard, and onto the obligations arriving with the EU Artificial Intelligence Act. For financial institutions it dovetails with the Digital Operational Resilience Act (DORA) and the operational-resilience expectations that sit alongside the Basel framework and the Markets in Financial Instruments Directive (MiFID II). For those handling personal data it supports the General Data Protection Regulation (GDPR), and for health systems the Health Insurance Portability and Accountability Act (HIPAA).

A single signed ledger, produced on infrastructure the customer owns, becomes the shared evidence base for all of them. Rather than assembling a fresh audit pack for each regime, the organisation points every examiner at the same cryptographically-verifiable record. The framework supplies the structure. Mickai supplies the proof, once, in a form that every regulator can independently check.

Allies at a different layer

None of this competes with the public cloud. OpenAI, Microsoft, Amazon Web Services, Google and Oracle operate a layer of extraordinary capability, and they are allies in the broader mission of useful, safe AI. There are simply boundaries the public cloud cannot cross on the customer's own terms: the air-gapped facility, the sovereign dataset, the regulated function where data must never leave the building.

A colossal marble statue of the many-eyed giant Argus keeping watch, gold light on marble against black

Argus of the hundred eyes never sleeps, and neither does a chain of custody that signs before it acts.

That boundary is where we live. Mickai runs the NIST AI RMF where the hyperscalers are not permitted to follow, on owned hardware, with zero egress, and hands the customer signed evidence they alone hold the keys to. It is a complement to the cloud, positioned at the regulated edge, not a rival to it.

The bottom line

The NIST AI Risk Management Framework tells you what trustworthy AI looks like. It does not, by itself, prove that you achieved it. By binding Govern, Map, Measure and Manage to an Operation Attestation Record that signs every action before it executes, and by committing that record to a post-quantum, hash-linked ledger on hardware the customer owns, Mickai turns the framework from an aspiration into attested fact.

For any organisation operating under the EU Artificial Intelligence Act, DORA, GDPR or ISO 42001, the difference is decisive. You stop hoping your evidence survives scrutiny and start knowing it will. That is the NIST AI RMF, sovereign, and it is built and live today. Micky Irons, founder and CEO of Mickai.


Written by Micky Irons. Originally published at https://mickai.co.uk/articles/nist-ai-rmf-sovereign. More from Micky Irons and Mickai at mickai.co.uk.

Top comments (0)