- The UK has designated Microsoft, Google, Amazon and Oracle as critical third-party suppliers to the financial sector.
- The firms will come under direct regulatory oversight from July 13.
- The move aims to reduce risks from cyber attacks and major technology outages.
The UK is tightening its grip on the technology companies that power much of the country's financial system, placing four of the world's biggest cloud providers under direct regulatory oversight.
The UK cloud regulation move will see Microsoft, Google, Amazon and Oracle designated as critical third-party suppliers to Britain's financial sector from July 13. The government says the new framework is designed to strengthen the resilience of banks, insurers and financial market infrastructure as they become increasingly dependent on cloud computing.
The designation covers Microsoft Ireland Operations Ltd, Google Cloud EMEA Ltd, Amazon Web Services EMEA SARL and Oracle Corporation UK Ltd.
Cloud giants face closer scrutiny
Under the new regime, the companies will be jointly supervised by the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA).
They will be required to carry out resilience testing, conduct regular self-assessments and report major operational incidents to regulators. The measures are intended to reduce the risk of widespread disruption if a major cloud provider experiences a cyber attack, system failure or prolonged outage.
The UK government said banks, insurers and financial market infrastructure are becoming increasingly reliant on cloud services. A disruption at one major provider could affect several financial institutions simultaneously, potentially interrupting services relied on by businesses and consumers, as quoted in a government statement.
The new rules also place greater responsibility on cloud providers to demonstrate that they can withstand operational shocks and recover quickly when incidents occur.
A growing focus on digital resilience
Britain's approach differs from that of the European Union, which designated 19 technology and service providers under a similar framework in November. Rather than adopting the same list, the UK has initially focused on the cloud providers considered most critical to the country's financial system.
Responding to the announcement, a Google Cloud spokesperson reportedly said the new Critical Third Party framework could strengthen the long-term resilience of the UK's financial ecosystem while improving transparency and trust between regulators, financial firms and technology providers.
For the companies involved, the designation is expected to bring closer regulatory scrutiny and greater accountability for major outages or cyber incidents that could affect financial services. While the government has framed the changes as a resilience measure, industry observers suggest the additional compliance requirements could also increase operating costs over time.










