UK financial regulators will begin supervising critical services supplied by AWS, Google, Microsoft and Oracle on Monday, following HM Treasury’s first Critical Third Party designations on Thursday.
The FCA announcement names Amazon Web Services EMEA SARL, Google Cloud EMEA Limited, Microsoft Ireland Operations Ltd and Oracle Corporation UK Limited.
Joint oversight will come from the Financial Conduct Authority and the Bank of England, including its Prudential Regulation Authority.
The regime focuses on operational and cyber resilience, including incident management for services supplied to UK financial firms. Regulators can gather information, investigate providers and require action where permitted.
“When the same providers serve thousands of firms, a single failure can reverberate across the financial system,” FCA chief executive Nikhil Rathi said.
The designation applies only to the named entities and carries no regulatory approval or endorsement of their services; their wider businesses remain outside UK financial supervision.
Financial firms remain responsible for provider due diligence, monitoring, contingency planning and the resilience of their own important business services.
The regulators finalised the CTP framework in 2024, with rules taking effect on 1 January 2025. Monday marks the first designation-specific supervisory phase.



