UK designates four cloud providers as critical third parties
UK Government
· July 10, 2026
· ✓ verified
The UK Government has announced that four global cloud service providers will be designated as Critical Third Parties (CTPs) from 13 July 2026, bringing them under direct regulatory oversight for services used by the financial sector.
- The designated firms are Microsoft Ireland Operations Limited, Google Cloud EMEA Limited, Amazon Web Services EMEA SARL, and Oracle Corporation UK Limited.
- The Bank of England, PRA, and FCA will jointly oversee the critical services they provide to banks, insurers, and financial market infrastructures under the Financial Services and Markets Act 2023.
- The regime is intended to improve operational resilience, reduce disruption risk, and allow regulators to gather information and enforce CTP-specific rules where needed.
- The announcement says oversight applies only to the systemic services provided to the financial sector, not firms’ wider operations.