Progress

Current status
in force
13 Jul 2026 in force
08 Jul 2026 adopted

Scope

Implementers
United Kingdom
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
other service provider
infrastructure provider: cloud computing, storage and databases
Government Branch
executive
Government Body
central government
Implementation Level
national

Timeline of events

13 Jul 2026
in force

HM Treasury implemented the designation of 4 cloud service providers as Critical Third Parties

On 13 July 2026, the Critical Third Parties (Designation) Regulations enter into force and designate four cloud service providers as Critical Third Parties (CTPs). The designated providers are Microsoft Ireland Operations Limited, Google Cloud EMEA …

Event type order
Action type implementation
Government branch executive
Government body central government
08 Jul 2026
adopted

HM Treasury adopted regulations designating 4 cloud service providers as critical third parties

On 8 July 2026, HM Treasury adopted the Critical Third Parties (Designation) Regulations, designating 4 cloud service providers as Critical Third Parties (CTPs). The designated providers include Microsoft Ireland Operations Limited, Google Cloud EME…

Event type order
Action type adoption
Government branch executive
Government body central government