United Kingdom: New legislation to enable UK financial watchdog to visit and regulate cloud data centers and other "critical third parties"

HM Treasury has published a policy paper which is proposing a new regulatory framework, whereby the Bank of England (BoE) and the Financial Conduct Authority (FCA) would have powers to visit and regulate the cloud sector. The ministry outlined that currently, over 65% of UK banking and insurance firms use the same four cloud providers, which has created concerns around disruption if one of these four providers was hacked. As such, the new legislation will allot powers enabling the regulations of third parties it views as "critical."

As per proposed plans, the regulator will be able to demand information about its infrastructure, make onsite visits to data centers, and take formal action where necessary, although further details around this are yet to be released. 

"This will enable the regulators to ensure that services critical third parties provide to firms in the finance sector are resilient, thereby reducing the risk of systemic disruption," the finance ministry said in a statement.

The government will reportedly pass this legislation permitting the new powers "when parliamentary time allows." Following this, the FCA will publish a discussion paper, and a consultation paper which will take in feedback from the first paper once the bill has received royal assent.