New UK cloud oversight majors on the wrong risk
MSFT•Context news
On July 13, the Bank of England, the Prudential Regulation Authority and the Financial Conduct Authority began formal oversight of four leading cloud providers for the first time. This follows their designation as “critical third parties” (CTPs) by the Treasury.
The firms – Microsoft, AWS, Google and Oracle – now have regulatory obligations around testing, information sharing and incident management. The new regime is “focused on the resilience of the critical services they provide to the UK financial sector,” according to a statement from the Bank.
Reuters Breakingviews column
The author is a Reuters Breakingviews columnist. The opinions expressed are her own.
By Jennifer Johnson
LONDON, July 17 (Reuters Breakingviews) - Rules requiring critical tech suppliers to meet resilience standards are overdue. But AWS and Microsoft's grip on up to 80% of the UK's core cloud market is a sovereignty issue, not just an operational one. European neighbours like France seem to have grasped this more fully.




