Breaking News
The UK government has designated Microsoft, Google, Amazon Web Services (AWS), and Oracle as critical third-party suppliers to the country's financial sector, bringing the cloud providers under direct regulatory oversight to reduce the risk of widespread disruption from cyberattacks or technology outages.
The designation, which takes effect on July 13, covers Microsoft Ireland Operations Ltd, Google Cloud EMEA Ltd, Amazon Web Services EMEA SARL, and Oracle Corporation UK Ltd. The companies will be jointly supervised by the Bank of England, the Prudential Regulation Authority (PRA), and the Financial Conduct Authority (FCA).
The move reflects regulators' growing concern over the financial sector's dependence on a small number of cloud providers for critical technology infrastructure.
"As banks, insurers and financial market infrastructures become increasingly reliant on cloud services, disruption at a major supplier could affect multiple firms at the same time, potentially impacting services customers depend on," the UK government said in a statement.
Under the framework, the designated providers will be required to undergo resilience testing, conduct regular self-assessments, and report major operational incidents to regulators.
The regime is intended to strengthen the operational resilience of the UK's financial system by enabling regulators to directly assess the resilience of technology providers whose services underpin critical banking, insurance, and financial market operations.
Britain's approach mirrors a broader global regulatory push to increase oversight of major cloud providers that support critical infrastructure, although it differs in scope from the European Union's Digital Operational Resilience Act (DORA) framework. The EU designated 19 technology and service providers under its equivalent oversight regime in November.
A Google Cloud spokesperson welcomed the UK's framework, saying: "With effective implementation and meaningful industry engagement, this new Critical Third Party framework can enhance the long-term resilience of the UK's financial ecosystem and increase understanding, transparency, and trust between all parties."
The designation underscores regulators' increasing focus on concentration risk in cloud computing, where outages or cyber incidents affecting a handful of hyperscale providers could have cascading consequences across multiple financial institutions simultaneously.
The designation, which takes effect on July 13, covers Microsoft Ireland Operations Ltd, Google Cloud EMEA Ltd, Amazon Web Services EMEA SARL, and Oracle Corporation UK Ltd. The companies will be jointly supervised by the Bank of England, the Prudential Regulation Authority (PRA), and the Financial Conduct Authority (FCA).
The move reflects regulators' growing concern over the financial sector's dependence on a small number of cloud providers for critical technology infrastructure.
"As banks, insurers and financial market infrastructures become increasingly reliant on cloud services, disruption at a major supplier could affect multiple firms at the same time, potentially impacting services customers depend on," the UK government said in a statement.
Under the framework, the designated providers will be required to undergo resilience testing, conduct regular self-assessments, and report major operational incidents to regulators.
The regime is intended to strengthen the operational resilience of the UK's financial system by enabling regulators to directly assess the resilience of technology providers whose services underpin critical banking, insurance, and financial market operations.
Britain's approach mirrors a broader global regulatory push to increase oversight of major cloud providers that support critical infrastructure, although it differs in scope from the European Union's Digital Operational Resilience Act (DORA) framework. The EU designated 19 technology and service providers under its equivalent oversight regime in November.
A Google Cloud spokesperson welcomed the UK's framework, saying: "With effective implementation and meaningful industry engagement, this new Critical Third Party framework can enhance the long-term resilience of the UK's financial ecosystem and increase understanding, transparency, and trust between all parties."
The designation underscores regulators' increasing focus on concentration risk in cloud computing, where outages or cyber incidents affecting a handful of hyperscale providers could have cascading consequences across multiple financial institutions simultaneously.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.




