The UK government has designated Microsoft, Google Cloud, Amazon Web Services (AWS) and Oracle as Critical Third Parties (CTPs), bringing the major cloud providers under direct financial regulatory oversight for the first time.
From 13 July 2026, the four companies will come under direct oversight by the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA), with the aim of strengthening the operational resilience of the UK financial system.
The new regime reflects the financial sector’s growing dependence on cloud infrastructure. Regulators will be able to assess the resilience of critical services, gather operational information and require providers to address risks that could disrupt banking, insurance or financial market infrastructure.
The oversight applies only to services considered systemically important to the financial sector, rather than to the companies’ wider commercial operations.
The UK government described the framework as a proportionate, risk-based approach designed to reduce the likelihood of widespread service disruptions affecting millions of consumers and businesses. It also said additional technology providers could be designated in the future if they meet the statutory threshold for systemic importance.
Microsoft, Google Cloud, AWS and Oracle all welcomed the framework, saying they would comply with the new requirements and continue supporting the resilience of the UK’s financial sector.
Why does it matter?
The designation marks a significant shift in financial regulation by extending direct oversight beyond banks and financial institutions to the technology providers that underpin critical financial services. As cloud infrastructure becomes increasingly central to banking, payments and financial markets, regulators are treating operational resilience as a systemic issue rather than solely a commercial responsibility.
The UK’s approach could also influence regulators in other jurisdictions. As financial institutions become more dependent on a small number of hyperscale cloud providers, governments may increasingly seek direct oversight of technology companies whose services have become essential to the stability of critical sectors.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
