UK designates Microsoft, Google, Amazon, Oracle as critical suppliers to financial sector
UK designates Microsoft, Google, Amazon, Oracle as critical suppliers

The UK government has officially designated cloud service providers Microsoft, Google, Amazon, and Oracle as critical third-party suppliers to the financial sector, effective July 13. This move places these tech giants under direct regulatory oversight by the Bank of England, the Prudential Regulation Authority, and the Financial Conduct Authority.

New Regulatory Requirements

The designated firms—Microsoft Ireland Operations Ltd, Google Cloud EMEA Ltd, Amazon Web Services EMEA SARL, and Oracle Corporation UK Ltd—must now undergo resilience testing, conduct regular self-assessments, and report major incidents. The aim is to reduce the risk of widespread disruption from cyber attacks or technology outages that could affect multiple financial firms simultaneously.

Government Statement

“As banks, insurers and financial market infrastructures become increasingly reliant on cloud services, disruption at a major supplier could affect multiple firms at the same time, potentially impacting services customers depend on,” the government said in a statement on Friday.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

Comparison with EU Approach

Britain’s approach contrasts with that of the European Union, which in November designated 19 technology and services firms under a similar framework. The UK’s more targeted designation focuses on the four largest cloud providers.

Industry Response

A Google Cloud spokesperson said: “With effective implementation and meaningful industry engagement, this new Critical Third Party framework can enhance the long-term resilience of the UK's financial ecosystem and increase understanding, transparency, and trust between all parties.”

Pickt after-article banner — collaborative shopping lists app with family illustration