When an AI provider processes protected health information, the compliance question is never just about security — it is about sovereignty, trust, and the structural power that healthcare systems expect to hold over their patients' data. France understood this before most countries wrote their first AI policy. Its Hébergeur de Données de Santé (HDS) certification framework has been mandatory for health data hosts since 2018, and in May 2024 it received a sweeping update that every AI company with European healthcare ambitions needs to understand.
If you are an AI provider building clinical decision support tools, training models on patient datasets, or selling SaaS platforms to French hospitals, HDS certification is not optional. It is a market access requirement. And the certification landscape just changed significantly enough that organizations still operating under the old framework are now on a formal compliance clock with a hard deadline of May 16, 2026.
This guide covers what HDS actually requires, who must obtain it, what the HDS v2.0 update changed and why it matters for AI providers specifically, the step-by-step certification pathway with realistic timelines and costs, and — critically — how HDS fits into a broader AI governance architecture that includes ISO 42001 as the standard governing AI system behavior itself.
What Is HDS Certification?
HDS stands for Hébergeur de Données de Santé, which translates directly as "Health Data Host." The certification is issued by accredited audit bodies in France and evaluates whether an organization hosting or processing personal health data maintains secure, ethical, and transparent operations that meet the strict standards the French healthcare system demands.
The framework comprises 31 rigorous requirements organized across four primary areas:
- Information Security Management Systems (ISMS): Controls governing data protection, access management, incident response, and continuity of operations
- Contractual Relationship Requirements: The legally binding terms that must exist between the certified host and the healthcare organizations it serves
- Data Sovereignty: Requirements ensuring that health data remains under French and European legal jurisdiction and that patients' rights are preserved
- Representation of Guarantees: The obligation to demonstrate and document that all security and operational commitments are actually being met in practice
The certification is not self-declared. Audits must be conducted by organizations accredited by COFRAC — the Comite Francais d'Accreditation, France's national accreditation body. That COFRAC requirement matters because it establishes a level of third-party rigor that is meaningfully higher than many self-assessment compliance programs. You cannot buy your way through an HDS audit with documentation theater. COFRAC-accredited auditors are there to verify real operational practice.
Who Is Required to Obtain HDS Certification?
The legal obligation is clear: HDS certification is mandatory for any organization that hosts personal health data in France. For AI providers, this obligation triggers across a range of common product and service configurations:
- Training machine learning models on patient datasets, even if the raw data is anonymized downstream
- Operating clinical decision support tools that generate recommendations informing patient care
- Performing patient analysis for medical intervention recommendations
- Providing SaaS platforms to French hospitals, clinics, medical laboratories, or other healthcare providers
- Processing health data on behalf of healthcare organizations as a subprocessor
The "on behalf of" element deserves attention. Many AI companies do not think of themselves as health data hosts — they think of themselves as analytics platforms or AI infrastructure providers. But if the data flowing through your infrastructure is personal health data belonging to French individuals, and you are processing it as part of a healthcare delivery chain, you are a health data host within the meaning of French law, and HDS certification applies to you.
The consequences of operating without certification are not merely reputational. French healthcare organizations are legally prohibited from contracting with non-certified hosts. Certification is, in the most literal sense, the price of entry to the French healthcare market.
HDS v2.0: What Changed in 2024 and Why AI Providers Must Act Now
The original HDS framework was published in 2018 and last significantly revised in 2019 as HDS v1.1. For most of its five-year lifespan, it served its purpose reasonably well. But the French government recognized that the threat landscape for health data had evolved, that ISO information security standards had been updated, and that the rise of AI in healthcare had introduced new sovereignty and transparency obligations that the original framework did not contemplate. HDS v2.0 was published in May 2024, and it introduces changes that go well beyond cosmetic updates.
Mandatory EEA Data Storage
Perhaps the single most consequential change in v2.0 for US-based and non-European AI providers is the mandatory European Economic Area data storage requirement. Under HDS v1.1, there was flexibility around where data could physically reside as long as adequate protections were in place. HDS v2.0 closes that flexibility: health data must be stored within the EEA.
This is not a technicality. For AI providers whose infrastructure runs primarily on US-based cloud infrastructure, or who rely on hyperscaler services that process data across multiple geographies, meeting this requirement demands real architectural decisions. It is not enough to have a European endpoint — the data must actually reside and be processed within the EEA boundary. Organizations that built their infrastructure assuming geographic flexibility will need to restructure it before they can certify under v2.0.
Alignment with ISO 27001:2022
HDS v1.1 was built on ISO 27001:2013. The 2022 version of ISO 27001 introduced significant structural and control changes — including 11 new controls around threat intelligence, cloud security, data masking, configuration management, and physical security monitoring. HDS v2.0 explicitly aligns with ISO 27001:2022, which means that organizations whose ISMS was certified under ISO 27001:2013 will need to complete their own ISO 27001 transition audit before their HDS certification can be renewed or obtained under the new framework.
This is a sequencing issue that many organizations underestimate. ISO 27001:2022 transition audits are not trivial — they require updating controls, remapping the Statement of Applicability, and demonstrating compliance with the new control categories. Budget and plan for it as a distinct workstream.
Expanded Risk Management Requirements
HDS v2.0 extends the risk management scope to explicitly include two risk categories that v1.1 handled ambiguously: loss of control over storage media and data compromise. For AI providers, this matters because AI systems often create intermediate data artifacts — feature vectors, embeddings, cached outputs — that contain derivable personal health information but do not look like traditional "health records." The expanded risk management requirements effectively require organizations to think carefully about where these artifacts go, how they are protected, and how their loss would be detected and contained.
Stricter Subcontractor Oversight
v2.0 introduces a requirement that certified hosts actively monitor changes made to security measures by their subcontractors. This is specifically challenging for AI providers that rely on cloud infrastructure subprocessors, third-party API services, or AI model hosting platforms. The passive "we have a contract with them" approach to subcontractor compliance is no longer sufficient. You need processes to detect when a subcontractor changes a security control, evaluate the impact of that change, and document your response.
For AI companies using major cloud providers, this means developing a structured process for tracking and reviewing cloud provider security bulletins, policy updates, and service changes — and maintaining auditable records of those reviews.
Explicit Encryption Requirements
HDS v2.0 requires that contracts between a certified host and its healthcare clients explicitly mention encryption requirements for health data, both at rest and in transit. This is not simply a technical requirement — it is a contractual transparency requirement. Your customer agreements must state what encryption standards you apply, not leave it implicit in your security documentation. This will require legal review and contract updates for most AI providers entering the French market.
The Transition Timeline
The transition timeline is firm and non-negotiable:
- November 16, 2024: All initial and renewal HDS audits must be conducted under the HDS v2.0 framework
- May 16, 2026: Every active HDS certificate must be on HDS v2.0. Organizations still holding v1.1 certificates that have not transitioned will be out of compliance
If you are reading this in 2026 and your organization holds a v1.1 certificate, you are in the final stretch of a mandatory transition window. The time to act was yesterday. The time to start if you have not already is today.
Key Takeaway
HDS certification is not a one-time compliance checkbox. It is a living program. HDS v2.0 has introduced mandatory EEA data residency, ISO 27001:2022 alignment, expanded subcontractor oversight, and explicit contractual encryption obligations. Organizations that treat certification as a procurement hurdle to clear once and forget will face audit surprises and market access risk. The AI providers that will thrive in the French healthcare market are those that build governance programs designed for continuous compliance, not point-in-time checkboxes.
The HDS Certification Process: Step by Step
Obtaining HDS certification is a structured process with defined phases. Understanding the sequence, realistic timeframes, and what is actually happening in each phase prevents the planning errors that derail timelines.
Prerequisite: ISO 27001:2022 Certification
HDS certification does not begin at the first HDS-specific audit. It begins with ISO 27001:2022 certification, which is a hard prerequisite. You cannot obtain HDS without first holding a current ISO 27001:2022 certificate from an accredited body.
This sequencing requirement has a practical implication for planning: organizations that are starting from scratch must build their ISMS and achieve ISO 27001:2022 certification before their HDS audit timeline even begins. For organizations that already hold ISO 27001:2013, the transition to 2022 must be completed first. Budget 6 to 18 months for the ISO 27001:2022 implementation and certification process depending on your current state.
HDS builds on ISO 27001 rather than replacing it. The relationship is additive: ISO 27001 provides the information security management foundation, and HDS adds the healthcare-specific obligations — data sovereignty, enhanced traceability, guaranteed service availability, and the contractual and transparency requirements that specifically address the French healthcare regulatory context.
Phase 1: Gap Analysis and ISMS Build (2 to 6 Months)
Before any audit engagement, the organization needs an honest assessment of where it stands relative to HDS v2.0 requirements. A gap analysis should cover not just technical controls but the four structural areas of the HDS framework: ISMS controls, contractual requirements, data sovereignty posture, and guarantee representation mechanisms.
For AI providers, gap analysis frequently surfaces specific issues: cloud infrastructure that does not yet satisfy EEA residency requirements, customer contracts that do not include the required encryption language, subcontractor oversight processes that are informal or undocumented, and risk management scope that has not been updated to account for AI-specific data artifacts.
The ISMS build phase addresses these gaps systematically. It is not a documentation exercise — it is an operational change program. Technical remediation of infrastructure, legal revision of customer contracts, establishment of subcontractor monitoring processes, and staff training all happen during this phase.
Phase 2: Internal Audit (2 to 4 Weeks)
Before submitting to an external COFRAC-accredited audit, organizations should conduct a formal internal audit to identify remaining nonconformities. Internal auditors must be competent and independent from the activities they are auditing — the same standard that ISO 27001 applies. A well-run internal audit should surface real problems, not provide a rubber stamp. Organizations that treat internal audits as bureaucratic formalities consistently get surprised in Stage 2 external audits.
Phase 3: Stage 1 Audit — Documentation Review (1 to 2 Days)
The Stage 1 audit is conducted by the COFRAC-accredited certification body and focuses primarily on documentation. Auditors review whether the organization's ISMS documentation, HDS-specific policies, risk assessments, and operational procedures are complete, coherent, and aligned with HDS v2.0 requirements.
Stage 1 is a readiness checkpoint, not a pass/fail gate. Its purpose is to identify whether the organization is ready for the more intensive Stage 2 assessment, and if not, to surface the specific gaps that must be addressed before Stage 2 proceeds. Most organizations receive minor observations at Stage 1 — the goal is to resolve them cleanly before Stage 2 begins.
Phase 4: Stage 2 Audit — Technical and Organizational Assessment (3 to 15 Days)
Stage 2 is the substantive audit. Auditors assess not just documentation but actual operational practice — are the controls that are documented actually functioning as described? Are staff following procedures? Is the ISMS actively managed or essentially static?
The duration of Stage 2 ranges from 3 days for small organizations to 15 days for large, complex ones. For AI providers with multiple product lines, multiple data processing environments, or multi-site operations, plan toward the longer end of that range. Auditors will want to examine infrastructure configurations, interview technical staff, review incident records, and test that subcontractor oversight processes are actually operating.
Phase 5: Certification Committee Validation
Following a successful Stage 2 audit, the certification body's internal committee reviews the audit findings and formally decides on certification. This step exists to ensure consistency across certifications and is normally a procedural step rather than a substantive obstacle if the Stage 2 audit was successful.
HDS certificates are valid for three years, with annual surveillance audits to verify that the certified organization maintains compliance between certification cycles. Surveillance audits are lighter in scope than initial certification audits but are not perfunctory — they will review whether corrective actions from previous audit findings have been implemented and whether any significant changes to infrastructure, services, or risk profile have been managed appropriately.
Total timeline from starting the gap analysis to receiving a certificate typically runs three to twelve months, depending on organization size, the starting state of information security maturity, and how cleanly the ISMS is built.
What HDS Certification Costs
Cost expectations vary significantly based on organization size, starting maturity, and whether ISO 27001:2022 certification is already in place. These are realistic benchmarks based on current market rates:
| Organization Size | ISO 27001:2022 Audit Fee | Full 3-Year HDS Cycle |
|---|---|---|
| Small company | $8,000 – $15,000 | $30,000 – $60,000 |
| Mid-market organization | $15,000 – $30,000+ | $80,000 – $175,000 |
These figures reflect audit and certification body fees. They do not include consulting fees for implementation support, internal staff time, the cost of technical remediation (infrastructure changes to achieve EEA residency, contract redrafting, tool implementations for subcontractor monitoring), or the ongoing operational cost of maintaining a functioning ISMS.
The EEA data residency requirement introduced in v2.0 deserves specific cost attention. For AI providers running primarily US-based infrastructure, the cost of spinning up or migrating to EEA-compliant infrastructure can easily equal or exceed the certification fees themselves. This is not a compliance cost — it is an infrastructure investment. Budget it accordingly.
The business case for absorbing these costs should be evaluated against the revenue opportunity in the French healthcare market, which is the second-largest healthcare market in Europe. A single enterprise hospital contract typically dwarfs the total cost of HDS certification many times over.
The ISO 42001 Connection: Building the Complete Healthcare AI Governance Stack
This is where most treatment of HDS certification falls short. Existing guides treat HDS as a standalone compliance requirement — get the certificate, keep it current, done. That framing misses something important about the nature of the risk AI providers are actually being asked to manage in healthcare.
HDS addresses whether your infrastructure is secure and sovereign. It does not address whether your AI systems behave safely, fairly, and transparently. Those are different questions, and in the post-EU AI Act regulatory environment, they are both being asked simultaneously.
Healthcare AI Is Explicitly High-Risk Under the EU AI Act
The EU AI Act, which entered into force in August 2024, explicitly classifies AI systems used in healthcare as high-risk applications. This includes AI for clinical decision support, patient risk stratification, medical diagnosis assistance, and AI that influences the administration of critical treatments. High-risk designation under the EU AI Act triggers a set of obligations that go well beyond what HDS certification covers: conformity assessments, mandatory human oversight mechanisms, bias testing and documentation, transparency obligations to affected persons, and post-market monitoring requirements.
An AI provider that holds HDS certification and believes that alone satisfies their EU regulatory obligations is operating with a significant blind spot. HDS certifies your data hosting. The EU AI Act regulates your AI systems. They are complementary frameworks governing different dimensions of the same product.
What ISO 42001 Adds to the Stack
ISO 42001:2023 is the international standard for AI Management Systems (AIMS). Where ISO 27001 governs information security and HDS governs health data hosting, ISO 42001 governs the behavior, governance, and lifecycle management of AI systems themselves. Its requirements address the dimensions of AI risk that HDS does not touch:
- Ethics and fairness: Systematic processes for identifying and mitigating bias in AI systems serving diverse patient populations
- Explainability: Requirements to document AI system decision logic in ways that can be communicated to affected persons and reviewed by regulators
- Lifecycle management: Formal procedures governing AI system design, development, testing, deployment, monitoring, and decommissioning
- Human oversight: Documented roles and processes ensuring human review of high-stakes AI recommendations
- Risk management: An AI-specific risk assessment process that extends beyond the infrastructure-focused risk management of ISO 27001
For AI providers in healthcare, the combination of ISO 27001, HDS, and ISO 42001 creates what is most accurately described as a complete governance stack:
| Standard | What It Governs | Healthcare AI Relevance |
|---|---|---|
| ISO 27001:2022 | Information security management | Foundation for HDS; mandatory prerequisite |
| HDS v2.0 | Health data hosting security, sovereignty, transparency | France-specific legal requirement for patient data processing |
| ISO 42001:2023 | AI system governance, ethics, lifecycle, oversight | EU AI Act alignment; AI system behavior governance |
The efficiency argument for pursuing these together is not incidental. Organizations with ISO 27001 certification in place can achieve ISO 42001 compliance up to 40% faster, because both standards use the same High Level Structure — common documentation architecture, shared internal audit processes, integrated management review cycles, and aligned corrective action procedures. Adding HDS on top of an ISO 27001 base is already the required pathway. Adding ISO 42001 on top of that same base leverages the same infrastructure a third time.
The result is a governance program that does not just satisfy French market access requirements but positions the organization credibly against EU AI Act scrutiny, the commercial due diligence requirements of large European healthcare buyers, and the reputational demands of an industry where trust is not a differentiator — it is a prerequisite.
Market Reality: Healthcare Buyers Are Asking for Both
It is worth naming what is actually happening in procurement conversations. When a large French hospital system or a European healthcare insurer evaluates an AI vendor today, they are not running independent compliance checks for each standard. They are asking a more fundamental question: does this vendor have a mature, auditable AI governance program that we can defend to our board, our regulators, and our patients?
HDS certification answers the question about data hosting. ISO 42001 certification answers the question about AI system governance. Together they provide the kind of credentialed evidence that reduces buyer risk perception — not by eliminating risk, but by demonstrating that the vendor has a systematic, independently verified approach to managing it. In a crowded AI marketplace where differentiation is genuinely difficult, this combination of credentials functions as a credibility filter that most competitors have not yet cleared.
Common Mistakes AI Providers Make in HDS Certification
Several recurring failure patterns are worth naming directly because they are preventable and consistently cause timeline delays, audit findings, and, in some cases, failed certifications.
Treating ISO 27001 Transition as a Parallel Workstream
Organizations that attempt to pursue HDS certification and ISO 27001:2022 transition simultaneously, treating them as parallel tracks, consistently underestimate the sequencing dependency. HDS auditors expect to see a current, valid ISO 27001:2022 certificate before HDS scope work begins. Attempting to run ISO 27001 and HDS preparation in parallel does not compress the timeline — it creates confusion, divided attention, and documentation debt. Sequence them properly: ISO 27001:2022 first, HDS second.
Underestimating the Subcontractor Oversight Requirement
The HDS v2.0 requirement to actively monitor changes made by subcontractors to their security measures sounds straightforward until you consider what it means for an AI provider using multiple cloud services, third-party data processing APIs, and AI model hosting platforms. Many organizations have no formal process for tracking subcontractor security changes. Building one is not a documentation task — it requires identifying the relevant subcontractors, determining what "security measure changes" means for each, establishing monitoring mechanisms, and creating review and documentation procedures. This workstream typically takes longer than expected. Start it early.
Leaving Contract Updates to the End
HDS v2.0's requirement that customer contracts explicitly mention encryption requirements for health data at rest and in transit means that legal work is on the critical path for certification — not just on the compliance checklist. Organizations that defer contract reviews until the audit phase are setting themselves up for last-minute delays. Customer contract negotiations take time. Legal reviews take time. Start the contract update process in parallel with the technical ISMS work, not after it.
Scoping Too Narrowly to Avoid Complexity
There is a temptation to define a narrow HDS certification scope that excludes complex or high-risk AI systems in order to simplify the audit. This is a strategic mistake. Healthcare customers know their regulatory landscape. When they ask an AI provider for HDS certification documentation and discover that the specific product or service they are buying was excluded from scope, the certification provides no assurance value — and it raises questions about what the vendor is trying to avoid disclosing. Scope your HDS certification to match the actual services you provide to healthcare customers.
Ignoring AI-Specific Risk Artifacts
HDS v2.0's expanded risk management requirements, including data compromise and loss of control over storage media, require AI providers to think about data artifacts that traditional IT security frameworks typically ignore. Embeddings, feature vectors, model outputs, and cached inference results can contain or enable derivation of personal health information. If your risk assessment does not address these artifacts, your HDS audit will surface that gap. Include them explicitly.
The Business Case for Pursuing HDS Certification
Compliance programs generate genuine returns when they are structured well. For HDS certification, the business case rests on several distinct value drivers.
Market access is the most direct: without HDS certification, you cannot legally operate as a health data host in France. For AI providers with serious European healthcare ambitions, the certification cost is simply the price of admission to a market that represents significant revenue opportunity.
Competitive differentiation is the more nuanced case. The French healthcare market is not monolithic. There are AI companies operating in France today that are not fully certified, relying on gray areas in how their service is structured or hoping that enforcement remains limited. The companies that obtain proper certification stand in a qualitatively different position with enterprise buyers who conduct rigorous vendor due diligence. Certification converts governance claims into verifiable evidence.
Operational maturity is the often-underestimated benefit. Organizations that build a functioning HDS-compliant ISMS are organizations that have formalized their infrastructure documentation, their incident response processes, their staff training programs, and their subcontractor oversight. These are not regulatory boxes to check — they are operational capabilities that reduce the probability and cost of security incidents, make the organization more auditable by any party, and create the kind of institutional knowledge that survives employee turnover.
International alignment is the strategic benefit. HDS v2.0 aligns with ISO 27001:2022 and operates in the same regulatory neighborhood as GDPR. An organization that builds a proper HDS-compliant ISMS is an organization that has also made significant progress on GDPR compliance, is positioned to achieve ISO 27001:2022 certification, and can extend that governance investment into ISO 42001 with substantially reduced incremental effort. These certifications compound. Each one builds on the same organizational foundation.
Frequently Asked Questions
Is HDS certification mandatory for AI providers operating in France?
Yes. HDS certification is mandatory for any organization that hosts personal health data in France. For AI providers, the obligation is triggered by training models on patient datasets, operating clinical decision support tools, performing patient analysis for medical intervention recommendations, or providing SaaS platforms to French hospitals or medical providers. Operating without certification prevents healthcare organizations from legally contracting with you as a health data host.
What changed in HDS v2.0 published in May 2024?
HDS v2.0 introduced mandatory European Economic Area data storage, enhanced transparency requirements for international data transfers, alignment with ISO 27001:2022, expanded risk management scope including loss of storage media control and data compromise, stricter subcontractor oversight obligations, and an explicit requirement for contracts to reference encryption for health data at rest and in transit. All audits have been conducted under v2.0 since November 16, 2024, and all existing HDS certificates must transition to v2.0 by May 16, 2026.
How long does HDS certification take for an AI provider?
The total certification timeline typically runs three to twelve months from gap analysis to certificate receipt, depending on organization size and complexity. This does not include the time required to achieve the ISO 27001:2022 prerequisite, which for organizations starting from scratch typically adds another six to eighteen months. Organizations that already hold ISO 27001:2022 can move more quickly through the HDS-specific phases.
How does ISO 42001 complement HDS certification for healthcare AI providers?
HDS governs health data hosting — security, sovereignty, and contractual transparency. ISO 42001 governs AI system behavior — ethics, bias mitigation, explainability, lifecycle management, and human oversight. For AI providers in healthcare, both dimensions of governance are required: the EU AI Act imposes high-risk AI obligations on clinical AI systems that extend beyond what HDS certification addresses. ISO 42001 fills that gap, and organizations with ISO 27001 can achieve ISO 42001 compliance up to 40% faster by leveraging their existing management system infrastructure.
What does HDS certification cost for a small AI company?
Small companies should plan for $30,000 to $60,000 for the full three-year HDS certification cycle, plus $8,000 to $15,000 for the ISO 27001:2022 audit fees that are a prerequisite. Mid-market organizations typically spend $80,000 to $175,000 total. These figures cover audit and certification body fees only and do not include infrastructure changes for EEA data residency, consulting support, contract legal review, or internal staff time.
Next Steps
HDS certification is a market access requirement for healthcare AI in France, and HDS v2.0 has raised the bar significantly. The organizations best positioned to succeed are those that treat HDS not as a one-time compliance hurdle but as the first layer of a comprehensive healthcare AI governance program — one that includes ISO 27001:2022 as the foundation, HDS as the health-data-hosting layer, and ISO 42001 as the AI system governance layer that addresses what HDS cannot.
If your organization is planning European healthcare market entry, assessing whether your current infrastructure meets HDS v2.0 requirements, or working through the transition from v1.1 before the May 2026 deadline, the certification pathway is well-defined. What matters most is starting with an honest gap analysis and a sequenced implementation plan that accounts for the full scope of what these frameworks require.
Last updated: 2026-04-07
Jared Clark, JD, MBA, PMP, CMQ-OE, CPGP, CFSQA, RAC, is Principal Consultant at Certify Consulting, a management system consulting firm specializing in ISO 42001, ISO 27001, and integrated compliance programs for regulated industries including healthcare, pharmaceutical, and life sciences organizations.
Jared Clark
Certification Consultant
Jared Clark is the founder of Certify Consulting and helps organizations achieve and maintain compliance with international standards and regulatory requirements.