UK Designates Four Cloud Giants as Critical Financial Third Parties
The Government of the United Kingdom placed Microsoft, Google, Amazon, and Oracle under direct regulatory oversight to protect the financial sector from systemic technology failures.
The Government of the United Kingdom designated Microsoft Ireland Operations Ltd, Google Cloud EMEA Ltd, Amazon Web Services EMEA SARL, and Oracle Corporation UK Ltd as critical third-party suppliers to the financial sector, effective July 13, 2026. The move brings these cloud service providers under the joint regulatory oversight of the Bank of England, the Prudential Regulation Authority, and the Financial Conduct Authority.
This regulatory framework requires the designated firms to undergo resilience testing, conduct regular self-assessments, and report major incidents to regulators. The initiative aims to mitigate the risk of widespread disruption from cyberattacks or technical outages as financial institutions increase their reliance on cloud computing. This targeted approach follows a period of evidence collection and engagement with third parties and differs from a similar European Union initiative that designated 19 companies in November.
Rachel Blake, the Economic Secretary to the Treasury and City Minister, stated that the designations will protect consumers and businesses while maintaining trust in the UK's financial system. The designated entities have expressed their commitment to complying with the new oversight requirements, with Google Cloud EMEA Ltd noting that the framework can enhance the long-term resilience of the UK financial ecosystem.