Schellman Announces Strategic Partnership with Goldman Sachs Alternatives

Learn More
866.254.0000
Contact Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
SOC 1 / SSAE 18 Examination
SOC 2 Examination
SOC 3 Examination
SOC for Supply Chain
SOC for Cybersecurity
SOC Essentials for Early-Stage Companies
C5 Attestation
CSA STAR Programs
Payment Card Assessments
Payment Card Assessments
PCI DSS Validation
PCI SSF
PCI P2PE Validation
PCI PIN Assessments
PCI 3DS Compliance
ISO Certifications
ISO Certifications
ISO 27001
ISO 42001
ISO 27701
ISO 9001
ISO 22301
ISO 20000-1
ISO 14001
ISO 45001
ISO 50001
Privacy Assessments
Privacy Assessments
Global CBPR & PRP Certification
GDPR Assessment
International Privacy Assessments
US State Privacy Assessments
Microsoft SSPA/DPR Assessment
FERPA Assessment
EU Cloud Code of Conduct
Federal Assessments
Federal Assessments
FedRAMP®
CMMC / NIST SP 800-171
FISMA/NIST
ITAR
CJIS
IRAP
FTC Consent Decrees
DoD IL6
Healthcare Assessments
Healthcare Assessments
HITRUST Certification
HIPAA Compliance
HIPAA Express
EPCS-DEA Audits
Health Data Host (HDS) Certification
Penetration Testing
Penetration Testing
Application
Network
Mobile
Red Teaming
Social Engineering
Cloud
Physical
Hardware and IoT
Advanced Services
AI Red Teaming
Cybersecurity Assessments
Cybersecurity Assessments
Cloud Configuration Assessments
Ransomware Assessments
NIST Cybersecurity Framework Assessments
Schellman Software Security Assessment (S3A)
TISAX®
SWIFT Customer Security Programme
Internal Audit Co-Sourcing
MTCS Certification
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
Learning Center
About Us
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships
Certificate Directory
Contact Us

«  View All Posts

How the HDS Certification is a Competitive Advantage for AI Providers Blog Feature
Greg Binder

By: Greg Binder

Print/Save as PDF

How the HDS Certification is a Competitive Advantage for AI Providers

Healthcare Assessments | HDS Certification | Artificial Intelligence

Published: Mar 25, 2026

In the ever-changing world of information technology, the biggest topic of discussion is artificial intelligence (AI) and the influence it is having on security, compliance, and the administration of data. However, regarding data, the most important consideration should be how AI will impact our personal health information (PHI).

As AI becomes increasingly integrated into our healthcare systems through patient portfolios, automated diagnostic assistance, and health-related analytics, a key question is whether AI can be trusted with this information.

It is clear that AI is here to stay, but how can we ensure that the security and reliability of our health data can be trusted when it is managed by something that is artificial? To address this concern, regulatory frameworks and certifications help organizations demonstrate that sensitive health data is handled securely and responsibly.

In France, the notion of whether a particular system can be trusted to manage health-related data is associated with one certification, known as HDS (Hébergeur de Données de Santé) Certification. In this article, we’ll explain what the HDS certification is, its compliance requirements for AI providers, and the benefits and value it provides.

What Is HDS Certification?

The HDS certification was created to evaluate whether organizations hosting or processing French health data is secure, ethical, and transparent. However, with the light-speed progress of AI and the market being eager to implement AI-related solutions, one strategic question has emerged:

Is an HDS certification just a compliance initiative, or could the certification represent a true competitive advantage for AI providers?

In short, the HDS certification is becoming an increasingly popular compliance initiative; however, it could also represent a competitive advantage for AI providers as well. Let’s break down why.

What Does the HDS Certification Require for AI Providers?

The HDS certification applies to organizations that host, process, or manage French health data. For AI providers, this could be considered in any one of the following examples:

  • Training models for patient datasets;
  • Operating clinical decision support tools;
  • Performing interpretative analysis on patients to reach conclusions on medical intervention; and
  • Providing SaaS platforms for hospitals or medical providers.

To achieve the HDS certification, an AI provider must meet the 31 requirements as outlined in the HDS certification framework created by the Agence du Numérique en Santé (ANS). The 31 rigorous requirements broadly cover the following topics:

  • ISMS Requirements
  • Requirements Relating to the Contractual Relationship
  • Data Sovereignty
  • Representation of Guarantees

These requirements help ensure that any entity who has successfully achieved the HDS certification has demonstrated sound control processes for:

  • Data confidentiality and security controls;
  • Access governance;
  • Auditability and traceability; and
  • Data residency and sovereignty (i.e., the data is physically hosted only in the European Economic Area (EEA)).

In summary, the HDS certification validates that the AI provider is not just protecting the PHI, but that the information itself is confidential, reliable, and auditable.

The Benefits of HDS Certification for AI providers

HDS certification serves as a competitive advantage for AI providers by bringing the following benefits:

Establishes Trust Among Healthcare Buyers

Healthcare companies currently interested in working with AI providers include hospitals, clinics, insurance providers, and digital healthcare platforms, among others. A significant commonality across these entities is that they are all required to adhere to strict regulatory obligations.

Having an HDS certification enables AI providers to lower buyer risk perception and skepticism. Providers who cannot demonstrate that they have achieved HDS certification immediately open themselves up to additional legal barriers, security assessments, and overall hesitation from decision-makers.

Thus, being HDS certified would increase the sales cycle for AI providers and open up opportunities across an industry that may otherwise have been ignored.

Differentiation in a Crowded AI Market

The AI space is the most popular industry segment within the already popular information technology industry. While the market grows daily with AI providers, many of them make similar promises that include but are not limited to faster diagnostics, improved patient experience, and improved efficiency.

For an AI provider, being HDS certified indicates to the market that in addition to being at the cutting edge of innovation, creativity, and transformation, the provider is also dependable, reliable, and trustworthy.

These are all the qualities we want in systems that handle our health information. That said, in an era where markets, specifically those where healthcare companies reside, are constantly being pitched the latest and greatest AI models, the HDS certification represents a creditability filter.

Stronger Internal Processes and Product Quality

Compliance initiatives of any nature force service providers to rethink internal processes that eventually serve as safeguards to confidential information. For AI providers, this notion is becoming increasingly more relevant.

The HDS certification for AI providers forces management to mature operationally by:

  • Formalizing processes
  • Improving documentation
  • Securing supporting infrastructure and networks
  • Training staff
  • Implementing audit trails/logs

By maturing internal processes with the above in mind, AI providers in turn become more reliable, market-ready, and structured. This results in easier scalability, fewer internal failures, quicker troubleshooting, and better stability – all of which are key characteristics that healthcare entities are focused on.

Compliance-focused management coupled with a willingness to adapt to the latest compliance initiatives, improve quality and beat out the competition.

Alignment with Recognized International Standards

While the HDS certification specifically focuses on ensuring the protection of health data, it also aligns with the ISO 27001 standard and heavily refers to GDPR for precedent on data sovereignty and localization. This alignment is particularly valuable in helping AI providers recognize efficiencies across compliance frameworks and optimize audit cycles.

Although HDS is a French legal requirement, any service provider hosting personal health information of French citizens is required to obtain HDS certification. While it may seem as though HDS certification has limited applicability, it very well could open the door for global European expansion for youthful AI providers looking to grow their client base.

As such, AI providers already aligned with ISO 27001 and GDPR standards are better positioned to obtain HDS certification for European regulatory trends.

HDS Certification is an advantage not just because of the many benefits that come with regulatory compliance and strengthened security posture, but also because of its impact on partnerships, investor confidence, and international recognizability.

Potential Challenges of HDS Certification for AI Providers

Like any business venture, there are risks and rewards. Similar to other compliance initiatives, the HDS certification requires time, money, and effort. For AI providers still in the infancy stage of their business, the prospect of pursuing the HDS certification may incur hesitation from executive management.

For instance, an entity must be ISO 27001 certified prior to receiving the HDS certification. Additionally, compliance initiatives of any nature in the infancy of an entity can cause overworked internal personnel, slow early development, and create burdensome tasks that take personnel away from the organization’s core mission.

That said, for AI providers with a relatively mature customer base selling to entities within the healthcare industry, a lack of certification can become a deal-killer, leading to lost revenue. Therefore, while the initial commitments of time, money, and effort may represent a challenge, the long-term value represents a future strategic advantage.

The Value of HDS Certification for AI Providers

The HDS certification is more than just a legal requirement or marketing material, but rather a meaningful market differentiator.

The nature of the HDS certification helps AI providers win customer trust, access multiple markets, align with other well-recognized European regulatory requirements, and above all, separates those providers with certification from the competition.

In an industry where security, reliability, and the protection of data are paramount, the HDS certification is a strategic asset that can provide several competitive advantages.

For AI providers hosting or processing French heath data and who sell to entities within the healthcare industry, the HDS certification should be part of your compliance roadmap sooner rather than later.

To learn more about getting HDS certified and the requirements and process involved, contact us today. In the meantime, discover additional HDS certification insights in these helpful resources:

About Greg Binder

As a Manager at Schellman, Greg specializes in leading SOC, ISO, and HDS engagements for clients across industries, including information technology, insurance, financial services, cloud services, and manufacturing. His work is supported by certifications such as the CISSP and CISA, as well as expertise in IT audit, administration organization, and finance. Greg’s mission is to deliver high-quality assurance and compliance services, leveraging a strong foundation in technology and business risk. By collaborating with his clients and intimately understanding their needs, Greg’s contributions enable his clients to build trust in their systems and processes. Greg’s career is defined by a commitment to excellence in auditing and a dedication to helping organizations navigate complex regulatory environments.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Read delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.