EU Names 19 Tech Giants as Critical Providers for Financial Sector
European Union regulators have designated 19 major technology firms, including Amazon Web Services, Google Cloud and Microsoft, as critical third-party computing providers for the bloc’s financial industry. The move, announced on Tuesday, marks a key step in strengthening the EU’s defences against technology-related risks to the financial system.
Oversight Under the Digital Operational Resilience Act
The designations fall under the EU’s Digital Operational Resilience Act (DORA), which came into effect in January 2025. Under the legislation, the European Banking Authority, the European Insurance and Occupational Pensions Authority, and the European Securities and Markets Authority (ESMA) can jointly identify and directly supervise technology providers deemed critical to financial stability.
The initiative seeks to safeguard Europe’s financial sector from potential disruptions caused by its growing dependence on external technology services, particularly cloud computing. Regulators have warned that widespread outages or cyber incidents involving a key provider could have serious repercussions for the banking system.
Companies Under Scrutiny
Among the firms named were the European branches of Amazon Web Services, Bloomberg, Google Cloud, IBM, Microsoft, London Stock Exchange Group, Orange and Tata Consultancy Services. These companies will now face direct EU-level oversight to ensure they maintain robust risk management and governance frameworks capable of withstanding operational disruptions.
In a statement published on ESMA’s website, regulators said they would assess whether these providers have “appropriate resilience measures” in place. Representatives from several companies welcomed the designation. A spokesperson for the London Stock Exchange Group said the firm supported the move, while Google Cloud also expressed approval. Microsoft confirmed its commitment to complying with EU cybersecurity and resilience standards, and Amazon Web Services noted that it had been preparing for the designation. IBM stated it continues to strengthen its cybersecurity and looks forward to engaging with regulators. Bloomberg, Orange and Tata did not immediately comment.
Broader Context and Global Parallels
The EU’s decision comes amid rising concerns over the resilience of Europe’s financial sector. The European Central Bank recently cited geopolitical tensions and technological vulnerabilities as key risks to the region’s banking system.
The United Kingdom has also introduced a similar framework, though no firms have yet been named. Regulators there have advised the finance ministry on potential candidates, with a government minister indicating that the first designations are expected by next year.
with inputs from Reuters
