The UK designated four major cloud providers—Microsoft, Google, Amazon, Oracle—as "critical third parties" to its financial sector. This first-of-its-kind direct regulation aims to prevent a single tech outage from collapsing multiple banks and insurers. Meanwhile, India maintains its indirect oversight, leaving banks responsible for third-party cloud risks.
Britain's Financial Services and Markets Act 2023 authorised this move, with final framework rules published November 2024. The actual designations for Microsoft, Google, Amazon, and Oracle only went live this Monday, with the new regime taking full effect July 13, 2026.
The current regulations fully take effect on July 13, 2026, marking a critical operational deadline for these four providers. Regulators plan to identify and include additional systemically important cloud providers in the regime going forward.
🇮🇳 Why This Matters for India
For Indian banks and fintechs in Mumbai or Bangalore, relying heavily on AWS or Azure means they alone carry the burden of cloud-related operational risks and compliance.
The Take
The UK is fundamentally redefining hyperscalers as critical national infrastructure for its financial system, accepting the deep overhead. India, by contrast, continues to treat cloud as a third-party vendor problem, prioritizing adoption speed but offloading systemic resilience onto individual FIs.
Source:  MediaNama ↗