The UK government designated Microsoft Ireland Operations, Google Cloud EMEA, Amazon Web Services EMEA, and Oracle Corporation UK as Critical Third Parties effective July 13. Regulators including the Bank of England, PRA, and FCA will jointly oversee them. The goal is to reduce systemic risks from outages or cyberattacks affecting multiple financial firms. Providers must do resilience testing, self-assessments, and report incidents. This addresses heavy reliance on a few cloud giants for critical infrastructure. The approach is proportionate and may expand. It differs from the EU's broader DORA framework, which designated 19 providers. Companies like Google welcomed it for building trust and resilience.
The UK government designated Microsoft Ireland Operations, Google Cloud EMEA, Amazon Web Services EMEA, and Oracle Corporation UK as Critical Third Parties effective July 13. Regulators including the Bank of England, PRA, and FCA will jointly oversee them. The goal is to reduce systemic risks from outages or cyberattacks affecting multiple financial firms. Providers must do resilience testing, self-assessments, and report incidents. This addresses heavy reliance on a few cloud giants for critical infrastructure. The approach is proportionate and may expand. It differs from the EU's broader DORA framework, which designated 19 providers. Companies like Google welcomed it for building trust and resilience.