The UK’s critical third party regime came into force on 1 January 2025. The CTP regime enables the Government to designate entities - including tech firms - providing services to the UK financial sector as a “critical third party” if they meet certain criteria.
CTPs must comply with rules set by the UK financial regulators: the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA) and Bank of England. These rules stipulate how CTPs should manage operational risks and interact with their financial services clients. The CTP regime also gives powers to the regulators to oversee CTPs and enforce their rules.
See our guide for an overview of the CTP regime, the designation process, requirements for CTPs and how the regulators will supervise them. We also compare the regime with the EU’s DORA.
Get in touch with us to discuss what the CTP regime means for your business.
/Passle/5c4b4157989b6f1634166cf2/MediaLibrary/Images/2025-11-18-11-52-26-962-691c5dfa104d74a7c40dcb41.jpg)
/Passle/5c4b4157989b6f1634166cf2/MediaLibrary/Images/2025-11-18-11-52-26-962-691c5dfa104d74a7c40dcb41.jpg)