The UK Government has introduced a new oversight regime that has designated four major cloud service providers as Critical Third Parties (CTPs) to strengthen data protection, improve operational resilience and support greater control over critical technology services used by the financial sector. These are: Microsoft Ireland Operations Limited, Google Cloud EMEA Limited, Amazon Web Services EMEA SARL and Oracle Corporation UK Limited.
Under the new regime, the Bank of England, Prudential Regulation Authority, and Financial Conduct Authority, will have powers to gather information, assess resilience measures and work with designated providers to address risks affecting critical services. This includes the ability to introduce and enforce requirements specific to CTPs where necessary as detailed in a Gov UK press release.
The framework is intended to improve transparency around how critical financial services data and technology infrastructure are managed, while strengthening protections against operational failures that could affect multiple financial institutions.
Rachel Blake MP, Economic Secretary to the Treasury and City Minister, said, “We are a world-leading financial center, and maintaining trust in our financial system is essential to its success. These designations will help ensure the critical services financial firms rely on remain resilient, protecting consumers and businesses while supporting growth across the economy.”.
Freddy Dezeure, Deputy Chief Information Security Officer, Microsoft Europe, said, “For more than 40 years, Microsoft has worked closely with UK government agencies to help support citizens, improve services, and secure and enhance the resilience of the digital ecosystem. The designation of Microsoft Ireland Operations Limited as a critical third party marks a new chapter in this relationship, and Microsoft remains fully committed to complying with the relevant oversight requirements and the UK’s cybersecurity and resilience laws.”
Michael Jefferson, Head, Financial Services Public Policy, AWS EMEA, said, “AWS supports the objectives of the UK Authorities to ensure a robust UK financial system. AWS will comply with all applicable regulations, and we remain committed to helping customers to meet their business and operational resilience objectives.”
Kevin Kimber, Senior Vice President and General Manager, UK&I Oracle, said, “Oracle supports the UK Government’s important objective of enhancing the operational resilience of the UK financial sector. We are committed to working closely with the regulators and our financial services customers toward that objective, while also supporting the Government in accelerating innovation and promoting long-term economic growth.”
The regime introduction reflects the growing dependence of banks, insurers, and financial market infrastructures on cloud platforms to store, process and manage critical data. The regulators will oversee the services provided by these companies to help ensure that appropriate protections, security controls and recovery arrangements are in place if disruption occurs.

