The Agence du Numérique en Santé (ANS) administers the framework under Article L.1111-8 of the French Public Health Code, which mandates appropriate certification for entities hosting certain personal health information. Major cloud vendors—Google Cloud, Microsoft, AWS, and OVHcloud—publicly track HDS compliance because it is a prerequisite for serving French health-data workloads. The framework was published in the French Official Journal in May 2024 and provided a two-year transition window now expiring.
HDS v2.0 tightened requirements around data sovereignty, including exclusive storage within the EEA, greater transparency on international access and transfers, and alignment with ISO 27001:2022. Providers can no longer rely on the prior framework for new or renewed certifications. Any organization hosting French health data must now audit its cloud architecture, vendor certifications, and contract terms against the new standard. This is a hard compliance deadline for the health-tech and cloud sectors.