VERIK / V095 / 13 JUL 2026
Five CategoriesGovernance

The Substrate Was Named This Morning

On Monday, July 13, 2026, four commercial legal entities came under direct supervision of the United Kingdom's central bank and its two principal financial regulators. The entities are Amazon Web Services EMEA SARL, Google Cloud EMEA Limited, Microsoft Ireland Operations Limited, and Oracle Corporation UK Limited. The instrument is Statutory Instrument 2026/777, The Critical Third Parties (Designation) Regulations 2026, signed by His Majesty's Treasury and coming into force this morning. From this date, according to the Financial Conduct Authority, the Bank of England, the Prudential Regulation Authority, and the FCA jointly oversee the systemic services these four companies provide to the United Kingdom's financial sector.

The Treasury press release frames the designation as targeted and proportionate. Regulators will be able to gather information, assess resilience, require stress testing, receive incident notifications, and enforce rules against the four designated firms. As The Guardian noted, the notifications include cyber threats, power failures, and the effects of natural disasters.

What is unusual is not the fact of the designation. The Critical Third Parties regime has been on the statute book since the Financial Services and Markets Act 2023, and the joint rules took effect on January 1, 2025. What is unusual is that the substrate on which the country's regulated financial firms increasingly run has now been named, in law, as itself a regulated object. The four hyperscalers are no longer merely vendors to firms the regulators supervise. They are, in respect of their systemic services, direct supervisees.

The category that did not exist

For most of the last two decades, the regulatory perimeter around banks, insurers, and market infrastructure stopped at the boundary of the regulated firm. What sat behind that boundary was a matter of outsourcing risk management, third-party contracts, and firm accountability. If a cloud provider suffered an outage, the regulator's question was whether the firm had planned for it. The provider itself sat outside the perimeter.

That framing held for a long time because it was mostly true. Substitution was in principle possible. The number of firms depending on any one provider was smaller. The systemic footprint of an individual cloud region was less well understood. The financial sector did not run, as a matter of infrastructural fact, on four companies.

It does now. The 2022 policy statement that opened the door to this regime observed, in its opening paragraphs, that firms are increasingly relying on a small number of third parties outside the finance sector for key functions or services, such as cloud-based computing services. Four years later, the small number has a legal name and a designation date.

What the instrument is doing

The regime does not claim to regulate the four firms in general. As the Treasury emphasises, oversight applies only to the systemic services they provide to the financial sector, not to their wider operations. The FCA's policy statement PS24/16 and the corresponding Bank of England supervisory statement set the shape of that oversight: minimum resilience standards, targeted resilience testing, information-gathering, skilled-person reviews, investigations, and enforcement including publicity and, as a last resort, prohibition of further service provision.

The regulators are not asserting authority over the firms' consumer products, their advertising markets, their AI research units, or the internal governance of their board rooms. They are asserting authority over one narrow layer: the layer on which regulated financial services are actually running.

In January 2026 the Bank of England signed a Memorandum of Understanding with the European Supervisory Authorities to coordinate oversight across the UK regime and the European Union's Digital Operational Resilience Act. Two supervisors of the same underlying substrate now have a written protocol for talking to each other during an incident.

What the instrument is not doing

The regime does not extend the perimeter to cover the workloads themselves. The four designated entities host, among other things, the model-serving infrastructure and agentic orchestration platforms of a growing share of financial services applications. The regulators can now ask questions about the resilience of the platform on which those workloads run. They have not, in this instrument, taken any position on the resilience of the workloads themselves, on the models being served, on the agents being orchestrated, or on the machine-speed decision loops that increasingly execute within those environments.

That is by design. The regime is an operational-resilience regime, not an artificial-intelligence regime. It concerns itself with the servers staying up, the region failovers succeeding, and the incident reporting flowing to the right supervisor within the right window. It is not, by its own account, about what runs on top.

The Pinsent Masons analysis of the designation reads the regime as bringing critical third parties life. It reads, more soberly, as bringing one very specific layer of critical infrastructure into the visible regulatory perimeter, and leaving the layers above it where they were.

What remains on the table

The AI Act in the European Union, the framework for AI cybersecurity emerging in ENISA's Frontier AI publication, and the growing body of pre-deployment evaluations coming out of national safety institutes are all describing a governance object that lives higher in the stack than the servers. The July 13 designation names the substrate. It does not name what is running on the substrate.

The governance artifact is retained. The governance function is not.