The UK government has designated the world's largest cloud service providers—Microsoft, Google, Amazon Web Services (AWS) and Oracle—as critical third parties (CTPs), subjecting them to direct regulation by the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA). The move, announced by the Treasury on Friday, is intended to safeguard the UK's financial system by ensuring these technology firms have robust measures in place to prevent, manage and recover from operational disruptions that could affect the banking, insurance and other financial sectors.
What the Designation Means
As CTPs, the four companies must now comply with oversight from the three financial regulators, who will monitor their services for potential risks to financial stability. The Treasury stated that the designation applies to global cloud services and technology firms that provide critical infrastructure to the financial sector. Policymakers believe this step will significantly strengthen the resilience of the UK's financial system, and indicated that additional providers could be designated over time.
Industry and Government Reactions
Economic Secretary to the Treasury and City Minister Rachel Blake said: “We are a world-leading financial centre and maintaining trust in our financial system is essential to its success. These designations will help ensure the critical services financial firms rely on remain resilient, protecting consumers and businesses while supporting growth across the economy.”
Microsoft's deputy chief information security officer for Europe, Freddy Dezeure, commented: “For more than 40 years, Microsoft has worked closely with UK Government agencies to help support citizens, improve services and secure and enhance the resilience of the digital ecosystem. The designation of Microsoft Ireland Operations Limited as a critical third party marks a new chapter in this relationship and Microsoft remains fully committed to complying with the relevant oversight requirements and the UK’s cybersecurity and resilience laws.”
A Google Cloud spokesperson said: “We are confident that, with effective implementation and meaningful industry engagement, this new CTP framework can enhance the long-term resilience of the UK’s financial ecosystem and increase understanding, transparency and trust between all parties.”
Michael Jefferson, head of financial services public policy for EMEA at AWS, stated: “AWS supports the objectives of the UK authorities to ensure a robust UK financial system. AWS will comply with all applicable regulations and we remain committed to helping customers to meet their business and operational resilience objectives.”
Kevin Kimber, senior vice president general manager UK&I at Oracle, added: “Oracle supports the UK Government’s important objective of enhancing the operational resilience of the UK financial sector. We are committed to working closely with the regulators and our financial services customers toward that objective, while also supporting the Government in accelerating innovation and promoting long-term economic growth.”
Broader Context
The announcement comes as Google faces additional legal action in the UK from advertisers. The new regulatory framework is part of a broader push by UK authorities to tighten oversight of technology firms that underpin critical national infrastructure, particularly in finance. The Treasury noted that further providers could be added to the CTP list in the future to enhance overall system resilience.



