The Schellman Blog

Just when you thought the transition to Version 2.0 of France's Hébergeur de Données de Santé (HDS) — or health data hosting — was almost complete, the certification framework is undergoing another significant update. Following the publication of the Law on Securing and Regulating the Digital Space (SREN) decree on March 24, 2026, a new version of the standard, referred to as HDS v2.1, is now in development.

Effective May 16, 2024, Version 2 of the Health Data Host (HDS) Referential went into force with a two-year transition period. This means if you are currently HDS certified, you’ll have to transition to the new version before May 16, 2026. This transition brings many positive changes, including a clarification of the applicable hosting activities, removal of distinction between physical hosting and IT managed services providers, removal of references to controls within the ISO 20000-1 and ISO 27018 standards, requirement for data localization within the European Economic Area (EEA), and more. However, we have noticed particular challenges that companies pursuing HDS certification tend to struggle with. In this article, we’ll break down those trends faced by organizations within the new HDS framework so that you can focus on those areas that may take more time for implementation or remediation in your own compliance journey.

As technology continues to evolve and embed itself more into society, regulations to govern its use and protect consumers are struggling to keep up in parts of the world. But not so in the European Union (EU), where they’ve recently made progress on a wave of new cyber legislation—among those is the NIS 2 Directive.

Back in 2018, the French government introduced—by way of its Public Health Code (Article L.1111-8)— HDS certification, mandating that all entities hosting personal health data must successfully achieve certification. Now, in 2024, they’ve published a new HDS framework with changes, expositions, and removals of language that organizations affected will need to know in order to comply.

In the dynamic world of business, where compliance is becoming more important either as requested assurance from customers or a key market differentiator, more and more organizations are turning to assessment firms to help them communicate these advantages. And while some will always look at compliance in the most oversimplified, checkbox manner, many customers and regulators recognize good (and poor) quality of delivery.

As the French health data regulation known as “Hébergeur de Données de Santé” (HDS) becomes increasingly important in the healthcare industry, organizations that can benefit must ensure they are prepared to meet its requirements.

In an increasingly data-driven healthcare landscape, protecting sensitive information has become paramount. The French health data regulation, known as Hébergeur de Données de Santé (HDS), plays a crucial role in safeguarding health data. Understanding HDS and its implications is vital for any organization that may host French health data.

You may be wondering why a financial services company would need a SOC 1 report. Well, in today’s financial services landscape, trust is currency—and transparency is the key to earning it.