Description

HM Treasury implemented the designation of 4 cloud service providers as Critical Third Parties

On 13 July 2026, the Critical Third Parties (Designation) Regulations enter into force and designate four cloud service providers as Critical Third Parties (CTPs). The designated providers are Microsoft Ireland Operations Limited, Google Cloud EMEA …

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
other service provider, infrastructure provider: cloud computing, storage and databases
Implementation Level
national
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2026-07-08
adopted

On 8 July 2026, HM Treasury adopted the Critical Third Parties (Designation) Regulations, designati…

2026-07-13
in force

On 13 July 2026, the Critical Third Parties (Designation) Regulations enter into force and designat…