Business & Technology
BoE to oversee AWS, Google Cloud, Microsoft & Oracle
The Bank of England, the Prudential Regulation Authority and the Financial Conduct Authority will begin joint oversight of the first Critical Third Parties designated by HM Treasury, bringing four major technology providers into a new UK regulatory regime.
HM Treasury has designated Amazon Web Services, Google Cloud, Microsoft and Oracle as the first Critical Third Parties. The category covers providers whose services underpin parts of the UK financial system. The framework focuses on the resilience of the critical services they provide to financial firms rather than on authorising them as regulated financial companies.
Under the regime, the three regulators will jointly supervise providers and seek to identify system-level risks that could disrupt and spread across multiple firms or markets. The framework is intended to address the growing dependence of banks, insurers and other financial institutions on a small number of external technology suppliers.
The new powers apply where a designated provider’s disruption or failure could affect large parts of the sector simultaneously. That risk has become more prominent as cloud computing and other outsourced technology services have become deeply embedded in financial operations.
First designations
The four companies named by HM Treasury are the EMEA or UK entities of Amazon Web Services, Google Cloud, Microsoft and Oracle. Their designation marks the first use of powers created under amendments to the Financial Services and Markets Act, which gave the Bank, the PRA and the FCA authority to oversee third-party suppliers judged critical to the sector.
The rules underpinning the regime were finalised in late 2024 and took effect at the start of 2025, applying to providers once they are formally designated by the Treasury. HM Treasury remains responsible for deciding which suppliers are brought into the framework and for any future removal of that status.
The regulators will periodically review whether designated providers continue to meet the criteria and may recommend future designations or de-designations to the Treasury. They also plan to assess the effectiveness of the oversight approach as the framework develops.
System risk
The authorities distinguished between the new regime and existing operational resilience and outsourcing rules that apply to banks and other regulated firms. Financial companies will still be responsible for their own due diligence, risk management and contingency planning for outsourced services.
Oversight of Critical Third Parties is intended to complement, not replace, the obligations already placed on firms that rely on external technology providers. Designated providers will be expected to identify and manage risks to critical services and to maintain timely communication with regulators and clients, especially during major incidents.
“As critical third parties become increasingly embedded in the operations of financial institutions, they can introduce new forms of systemic risk. Our proportionate approach to overseeing these providers will ensure that these dependencies are managed in a way that safeguards financial stability,” said Sarah Breeden, Deputy Governor for Financial Stability at the Bank of England.
“By bringing critical third parties into the scope of oversight, we are ensuring that the infrastructure underpinning UK financial services is robust enough to support UK financial stability and confidence. This directly supports the PRA’s objective to promote the safety and soundness of regulated firms,” Katharine Braddick, Deputy Governor for Prudential Regulation and CEO of the PRA, said.
“Critical third parties provide essential services which support innovation and growth. At the same time, when the same providers serve thousands of firms, a single failure can reverberate across the financial system. Operationalising this regime strengthens our ability to tackle those risks and improve overall resilience, ensuring the UK remains a safe and attractive place to do business,” said Nikhil Rathi, Chief Executive at the FCA.
Wider context
UK regulators have spent several years examining concentration risk in outsourced technology, particularly in cloud services, where a limited number of companies account for a large share of the market. The concern is not only whether an individual firm can withstand an outage, but whether many firms could be affected at once by the same incident or service breakdown.
The UK framework also sits alongside similar efforts in other jurisdictions to increase scrutiny of important technology suppliers to the financial sector. Regulators in the UK and the EU have already agreed on arrangements intended to support coordination and information sharing in the oversight of Critical Third Parties.
Designation does not mean the technology groups are being treated as banks, insurers or market infrastructure operators. Oversight is limited to the resilience of the services they provide to UK financial firms, to limit knock-on disruption across the wider financial system.
The first companies brought into the framework are Amazon Web Services EMEA, Google Cloud EMEA, Microsoft Ireland Operations and Oracle Corporation UK.
Business & Technology
Hart council expands KHIPU cyber monitoring partnership
Hart District Council has expanded its cyber security partnership with KHIPU to provide round-the-clock security monitoring aimed at protecting council systems and residents’ data.
The arrangement gives the Hampshire local authority continuous monitoring and threat response without having to build its own in-house security operations centre, a costly model that can be difficult for smaller councils to staff.
Local authorities have become frequent targets for cyber attacks as more public services move online and councils hold large volumes of personal and operational data. For district councils, the challenge is often not recognising the risk but finding the funding and specialist staff needed to maintain a 24-hour cyber defence operation.
Hart’s deal with Fleet-based KHIPU reflects a wider shift among public bodies towards outsourcing parts of their cyber security operations to specialist providers. KHIPU has added six councils to its security monitoring service in the past six months, pointing to growing demand from the sector.
Skills gap
The partnership is intended to supplement Hart District Council’s internal IT team rather than replace it. Under the agreement, KHIPU will continuously monitor systems for suspicious activity and respond to potential threats that could disrupt council services or expose sensitive data.
The model addresses a long-running issue in local government: cyber security expertise is expensive and in short supply, while many councils face budget pressures across core services. Building an internal operation that can monitor networks and systems at all hours requires recruitment, training and retention budgets that smaller authorities often struggle to sustain.
Using an external monitoring service also allows councils to spread costs more predictably, though it increases the importance of supplier oversight, incident processes and clear accountability between the authority and the provider.
Councillor Tony Clarke, portfolio holder for digital and communications at Hart District Council, said: “Protecting council services and our residents’ data is a key priority, and KHIPU’s support is helping us meet those responsibilities in a practical, affordable, and resilient way.”
Local focus
The agreement also has a local economic dimension. KHIPU is based in Fleet, near Hart District Council, and has presented the work as an example of a local authority buying specialist digital services from a nearby supplier rather than looking further afield.
That approach may appeal to councils under pressure to support regional economies while modernising public services, although procurement decisions in the public sector remain driven by cost, compliance and operational need.
Matt Ashman, chief commercial officer at KHIPU, said the contract had significance beyond the commercial relationship itself. “We are incredibly proud to strengthen our relationship with Hart District Council. As a business proudly based in Fleet, working with our own local authority is particularly meaningful. It perfectly demonstrates how investing in specialist capability close to home can drive regional economic development and retain high-value tech expertise within our district.
“Delivering 24×7 security monitoring to local councils is about more than just technology; it’s about protecting residents, vital public services, and sensitive data. We look forward to expanding this partnership and continuing to work together to secure our shared community.”
Sector pressure
The deal comes as councils face a more complex cyber risk environment. Attacks on public bodies can lead to service outages, disrupted communications, delayed transactions and data exposure, with effects that can quickly reach residents who depend on local services.
For smaller authorities, a managed monitoring model offers a way to gain round-the-clock coverage that would otherwise be out of reach. It also reflects the growing concentration of advanced cyber security skills in specialist firms, leaving many public organisations to decide whether to build internal capability, share services with other bodies or contract out key functions.
KHIPU said its services are designed to meet the compliance and security requirements that apply to UK public sector bodies. That matters because local authorities must balance operational resilience with procurement scrutiny, data handling rules and the need to show that external suppliers can meet public sector standards.
The Hart partnership shows how that balancing act is increasingly being managed through outsourced services rather than internal expansion. In a sector where staffing constraints and financial pressure rarely ease at the same time, access to continuous monitoring is becoming less a matter of in-house scale and more a question of whether councils can find a supplier they trust.
Business & Technology
London workers lead UK in AI use as hiring rebounds
JOSEPH GABRIEL LAGONSIN
News Editor
Employment Hero has published data showing that London workers use artificial intelligence more often and feel more confident using it than workers elsewhere in the UK. The figures also suggest hiring by small and medium-sized businesses in the capital has picked up.
Its UK research found that 54% of workers in London use AI every day, compared with 36% nationally. In the capital, 61% said they considered themselves competent in using AI, against a UK average of 41%.
The regional gap extends beyond headline usage. Daily AI use falls to 34% in the North West and 31% in Yorkshire and the Humber, pointing to a clear divide between London and other parts of the country.
The findings also suggest London workers rely more heavily on the tools. Some 83% said AI had affected the quality of their work, compared with 73% nationally, while 42% said they would struggle to do their job without it.
Jobs rebound
Separate platform data based on payroll activity among SMEs showed employment in London grew 3.3% month on month in June, ahead of the 2.5% national average. Wages in the capital rose 1.9% over the month, taking the median full-time wage to £55,872.
Employment Hero said the capital’s jobs market had weakened sharply in April 2025 and remained subdued until the end of last year. Since the start of 2026, the data shows employment growth has picked up, with June running 4.0% higher than March.
The latest figures add to a wider debate over whether the benefits of AI investment are becoming concentrated in London. The capital has attracted policy attention and funding around AI, but the data suggests workforce familiarity with the technology is not evenly spread across the country.
Skills divide
Workers in London also appear more likely to seek AI training through informal channels. The research found that 78% were learning AI skills on social media, compared with 56% nationally.
Businesses in the capital were slightly more likely to place importance on AI skills. Some 41% of London-based firms said those skills matter, against a national average of 36%.
The survey also linked AI adoption with entry-level hiring. In London, 57% of firms said they had increased entry-level roles over the past two years, the highest share of any region covered by the research, compared with a national average of 50%.
Across the UK, Australia, Canada and New Zealand, businesses with AI at the centre of their operations were more likely to report growth in junior hiring. Among those companies, 62% said they had increased entry-level headcount in the past two years, compared with 30% of businesses that were not AI adopters.
UK business leaders were more likely than those in the other three countries to say AI would increase the need for entry-level roles. Nearly a quarter, or 24%, of UK respondents held that view, compared with 13% in Australia, 15% in Canada and 12% in New Zealand.
The figures come from a survey conducted by Focaldata for Employment Hero covering more than 3,500 UK employers and employees, alongside a wider international study. The jobs data is drawn from 4,599 businesses and 140,829 employees on the company’s platform, reflecting activity in the SME labour market.
Kevin Fitzgerald, UK Managing Director at Employment Hero, said: “London’s jobs market moves fast. A few months ago employment growth in the capital was stalling and today our data shows that SMEs are hiring again.”
He said the research suggested both opportunity and risk in the way AI is spreading through the labour market. “It’s clear that AI is going to play a central role in the future of employment, whether that’s large AI companies choosing to call London home or small businesses leveraging the technology for growth. Our new research shows that Londoners have embraced AI in numbers. That’s great for the capital, but there’s a real risk the rest of the UK gets left behind if that momentum isn’t matched.
“AI isn’t just changing how work gets done, it’s starting to shape where opportunities are too. While London’s role as global AI hub is key, we must also make sure that businesses across the nation have the investment and training needed to build AI-confident workforces.”
Business & Technology
NCC Group & Siemens team up on UK OT cyber security
NCC Group and Siemens have agreed to collaborate on cyber security for UK critical infrastructure, with a focus on operational technology used across industry, energy and defence.
The companies have signed a Memorandum of Understanding on cyber resilience for critical national infrastructure, particularly where information technology systems intersect with operational technology that manages physical processes and assets.
The collaboration combines Siemens’ expertise in industrial automation, control systems and operational technology with NCC Group’s cyber security and resilience services. Support will be aimed at asset owners, operators and supply chains.
Operational technology has become a growing concern for operators of essential services as industrial systems become more connected to corporate networks and external data environments. That convergence has widened the potential attack surface for organisations running energy networks, manufacturing sites, transport systems and defence-related infrastructure.
In the UK, the issue carries broader economic and security implications because disruption to operational technology can affect physical operations, not just data or office systems. Critical infrastructure operators have faced increasing pressure to strengthen defences as cyber threats become more frequent and more sophisticated.
OT focus
The agreement is framed around that shift, with both companies arguing that industrial cyber security now requires a joined-up approach across digital and physical environments. Their plan centres on an end-to-end resilience model that combines industrial systems expertise with cyber security oversight.
Siemens has a long-standing presence in industrial software, automation and control environments used in factories, utilities and infrastructure. NCC Group, which operates internationally in cyber security, has presented the tie-up as a way to address risks earlier in modernisation and connectivity projects.
Paul Hingley, Cyber Security Expert, Siemens UK & Ireland, said: “Organisations responsible for keeping the country powered, connected and secure are under growing pressure to protect not just their IT systems, but the operational technology that controls physical assets on the ground. This collaboration brings together complementary strengths to help customers protect the physical systems that keep the country running.”
The agreement reflects a broader trend across industrial sectors, where cyber security spending is increasingly linked to operational continuity, safety and regulatory expectations. In these environments, the consequences of a cyber incident can extend beyond data loss to outages, equipment disruption and interruptions to essential services.
Shared ambition
The arrangement also points to a closer working relationship between the two businesses on industrial cyber security. They described the threat landscape as large in scale and urgent in nature.
Peter Vorley, Chief Commercial Officer, NCC Group, said: “Cyber resilience is now a fundamental enabler of industrial performance. Our collaboration with Siemens reflects a shared ambition to support organizations as they connect, automate and modernize their operational environments. By combining our strengths, we can help customers move forward faster and more safely, while shaping a more secure digital future for the sector.”
The UK market for industrial cyber security has drawn increasing attention from technology suppliers, consultants and specialist security firms as operators update legacy systems and connect more equipment to digital platforms. That shift has created demand for services that cover both conventional IT security and the specialist requirements of industrial control systems.
Unlike office-based IT environments, operational technology often includes equipment with long life cycles, strict uptime requirements and safety-critical functions. Those characteristics can make patching, monitoring and system changes more complex, especially in sectors where downtime is expensive or unacceptable.
Supply chain exposure is also a factor in industrial security planning, as operators rely on equipment vendors, maintenance providers and software partners that may connect to production or infrastructure environments. The collaboration will also cover support for supply chains alongside asset owners and operators.
Siemens is one of the largest industrial technology groups active in infrastructure and automation markets, while NCC Group has built its business around cyber resilience and software escrow services. NCC Group says it has more than 2,000 employees across Europe, North America and Asia Pacific.
The partnership places operational technology security at the centre of efforts to defend critical infrastructure, as cyber threats increasingly affect the systems that run essential services and industrial operations.
-
Oxford News3 weeks agoJune heatwave would be ‘virtually impossible’ in 1976
-
Oxford Events3 weeks agoStage Watch: ‘I think we need much more laughter in the world’ says John Cleese
-
UK News4 weeks agoUS to review benefits of having troops in Europe with ‘era of free-riding’ over – Europe live | World news
-
UK News4 weeks agoDriver killed in Bedford train crash named
-
UK News4 weeks agoCCTV shows moments leading up to arrest in anti-Muslim attacks probe
-
Business & Technology4 weeks agoCyberCube & Affinity Marketplace streamline SME cyber quotes
-
Oxford News4 weeks agoDidcot kids wanted by police for throwing eggs at cars
-
Business & Technology4 weeks agoAccess PaySuite buys Ordo Open Banking infrastructure
