UK to regulate cloud service providers Microsoft, Google and others to protect financial stability
Britain Brings Major Cloud Providers Under Financial Regulatory Oversight
LONDON, July 10 (Reuters) - Britain has designated cloud service providers Microsoft, Google, Amazon and Oracle as critical third-party suppliers to its financial sector, bringing them under direct regulatory oversight.
The move is aimed at strengthening the resilience of financial firms by reducing the risk of widespread disruption from cyber attacks or technology outages.
Government Statement on Cloud Service Risks
"As banks, insurers and financial market infrastructures become increasingly reliant on cloud services, disruption at a major supplier could affect multiple firms at the same time, potentially impacting services customers depend on," the government said in a statement on Friday.
Details of the Designation
Critical Third Parties Named
The government designated Microsoft Ireland Operations Ltd, Google Cloud EMEA Ltd, Amazon Web Services EMEA SARL, and Oracle Corporation UK Ltd as critical third parties, effective July 13.
Supervision and Compliance Requirements
The firms will be supervised jointly by the Bank of England, the Prudential Regulation Authority and the Financial Conduct Authority. They will be required to undergo resilience testing, conduct regular self-assessments and report major incidents.
Comparison with European Union Approach
Britain's approach contrasts with that of the European Union, which in November designated 19 technology and services firms under a similar framework.
Industry Response
Google Cloud's Statement
A Google Cloud spokesperson said: "With effective implementation and meaningful industry engagement, this new Critical Third Party framework can enhance the long-term resilience of the UK's financial ecosystem and increase understanding, transparency, and trust between all parties."
Reporting Credits
(Reporting by Phoebe Seers and Muvija M. Editing by William James and Mark Potter)

