# UK designates AWS, Azure, Google Cloud and Oracle as Critical Third Parties to its financial system
> HM Treasury formally designated Amazon Web Services, Microsoft Azure, Google Cloud and Oracle as Critical Third Parties to the UK financial system on July 13, 2026, placing the four cloud providers under direct resilience oversight by UK financial regulators; the move extends regulatory reach into the cloud infrastructure that banks and other financial institutions rely on for core operations

**Meta:** type: event · date: 2026-07-13 · heads: Who Decides, The Quiet Shift · 3 takes · 3 lenses · 2 regions

## Summary

The [UK's](/en/entity/united-kingdom) HM Treasury formally designated [Amazon Web Services](/en/entity/corporate/amazon), [Microsoft Azure](/en/entity/corporate/microsoft), [Google Cloud](/en/entity/corporate/google) and [Oracle](/en/entity/oracle) as Critical Third Parties (CTPs) to the UK financial system on July 13, 2026. The designation places the four cloud providers under direct resilience oversight by UK financial regulators, extending regulatory reach into the cloud infrastructure that banks and financial institutions rely on for core operations. Previously, cloud providers were regulated only indirectly, through obligations on the banks and insurers that contracted them.

## Why it matters

Banks and insurers across the UK depend on these four providers for infrastructure that, if disrupted, could affect the whole financial system. The CTP designation gives UK regulators direct access and enforcement powers over the cloud companies themselves, rather than routing all oversight through their customers. It is a significant structural change in how the UK frames systemic technology risk.

## What to watch

- How the Bank of England, the FCA and the PRA set and enforce operational resilience standards for the four designated CTPs.
- Whether additional cloud or technology providers are added to the CTP register.
- Whether the EU, US or other jurisdictions adopt comparable direct-oversight frameworks for cloud providers to financial systems.

## Regional takes (batched by bias / lens)

### US insurance-sector trade press; first verified piece reporting the UK Treasury's formal CTP designation and its scope across the financial sector
- **Insurance Journal** (United States, en) — Insurance Journal reported that Britain designated cloud providers Microsoft, Google, Amazon and Oracle as critical third-party suppliers to its financial sector, bringing them under direct UK regulatory oversight for the first time.
  > "Britain has designated cloud service providers Microsoft, Google, Amazon and Oracle as critical third-party suppliers to its financial sector."
  Source: https://www.insurancejournal.com/news/international/2026/07/13/877158.htm

### AI and regulatory-tech specialist outlet; most detail on the HM Treasury action including the July 13 effective date and the four named providers
- **MLQ.ai** (Global, en) — MLQ.ai reported that HM Treasury's formal CTP designation of AWS, Azure, Google Cloud and Oracle took effect on July 13, 2026, extending UK financial regulatory reach into the cloud infrastructure that banks and insurers depend on for core operations.
  > "HM Treasury has formally designated Amazon Web Services, Microsoft Azure, Google Cloud, and Oracle as Critical Third Parties to the UK financial system, effective July 13, 2026."
  Source: https://mlq.ai/news/uk-treasury-designates-aws-azure-google-cloud-oracle-as-critical-third-parties-under-direct-oversight/

### unlabelled
- **GRC Report** (Global, en) — 
  Source: https://www.grcreport.com/post/uk-regulators-put-four-technology-giants-under-direct-resilience-oversight

## Across the graph
- Entities: Corporate:amazon, Corporate:microsoft, Corporate:google, Oracle, United Kingdom

---
Canonical: https://rbtfl.xyz/en/n/uk-cloud-finreg-jul13