Description

HM Treasury adopted regulations designating 4 cloud service providers as critical third parties

On 8 July 2026, HM Treasury adopted the Critical Third Parties (Designation) Regulations, designating 4 cloud service providers as Critical Third Parties (CTPs). The designated providers include Microsoft Ireland Operations Limited, Google Cloud EME…

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
other service provider, infrastructure provider: cloud computing, storage and databases
Implementation Level
national
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2026-07-08
adopted

On 8 July 2026, HM Treasury adopted the Critical Third Parties (Designation) Regulations, designati…

2026-07-13
in force

On 13 July 2026, the Critical Third Parties (Designation) Regulations enter into force and designat…