ANNOUNCEMENTVoyage AI joins MongoDB to power more accurate and trustworthy AI applications on Atlas. Learn more >
NEWMongoDB 8.0: Experience unmatched speed and performance. Check it out >
AnnouncementMongoDB 8.0: Experience unmatched speed and performance. Check it out >

Back to Trust Center


Hébergeur de Données de Santé (HDS)

France’s HDS regulations establish strict security and compliance requirements for hosting personal health data collected in France. As mandated by the French Public Health Code, all organizations hosting personal health data collected during healthcare activities in France must obtain HDS certification. This certification ensures compliance with stringent controls related to data protection, access management, contractual obligations, and data sovereignty. Organizations must undergo a rigorous audit process to demonstrate adherence to the latest HDS framework.

MongoDB has successfully achieved certification under the updated HDS Certification Referential (2024 version) for MongoDB Atlas. The certification was conducted by the Certification Body of Schellman Compliance, LLC, an independent certifying body accredited by French authorities to perform HDS audits. This certification confirms MongoDB’s commitment to securing sensitive healthcare data in compliance with France’s evolving regulatory landscape, including enhanced integration with ISO 27001, expanded contractual obligations, and updated data localization requirements.

View HDS compliance documentation in MongoDB’s Customer Trust Portal.

What is HDS?

HDS, which stands for Hébergeur de Données de Santé or Health Data Hosting, is a set of French regulations as well as a related certification which serve to verify an organization’s compliance with a baseline set of requirements concerning the hosting of personal health data. The French Public Health Code mandates that all organizations hosting personal health data collected during health activities in France must achieve HDS certification.

What is the new HDS framework, and how does it impact MongoDB?

The updated HDS framework, published in May 2024, revises France’s regulations for hosting personal health data. It introduces a streamlined set of requirements, deeper integration with ISO 27001, expanded contractual obligations, and stricter data localization rules, requiring healthcare data to be hosted within the European Economic Area (EEA). As part of our commitment to security and compliance, MongoDB Atlas has been certified under this new HDS framework, ensuring organizations can securely store and manage healthcare data in compliance with French regulations.

Why is HDS important to MongoDB customers?

Since MongoDB is an HDS certified service provider, customers can store personal health data collected during health activities in France in MongoDB Atlas. Customers can use Atlas to create MongoDB clusters in the HDS compliant regions of Amazon Web Services (AWS), Google Cloud Platform (GCP), and/or Microsoft Azure, which are each HDS compliant.

What MongoDB products and services are in the scope of this certification?

MongoDB’s HDS certification covers MongoDB Cloud Services hosted in AWS, Azure, and GCP and comprised of MongoDB Atlas, MongoDB Atlas App Services-Realm, MongoDB Atlas Data Federation, MongoDB Charts, MongoDB Cloud Manager, and MongoDB Atlas Serverless Database, and colocated and decoupled Atlas Search and Vector Search.

Are MongoDB Cloud Services hosting providers HDS certified?

MongoDB Cloud Services are hosted on Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure, which have each achieved HDS certification. More information about HDS compliance for these providers is available at their respective websites:

Who performed the independent third-party audit of MongoDB for HDS?

Schellman and Company, LLC.

Can my organization be HDS certified by association?

Organizations pursuing HDS certification while operating all or part of their system(s) on MongoDB are not automatically certified by association. It is the customer's responsibility to evaluate their own compliance requirements per MongoDB's Shared Responsibility Model.

However, using an HDS certified cloud service provider like MongoDB can simplify their certification process.
For example, organizations can leverage MongoDB’s compliance reports as evidence for their own HDS programs and industry-specific quality programs. Organizations are responsible for engaging an assessor to evaluate their implementation for compliance and for the controls and processes within their organization.

It is important to not that, in order to ensure the integrity and security of health information within Atlas, any MongoDB clients requiring HDS certification must comply with the General Policy of Information Systems Security for Health (PGSSI-S) guidelines mandated by the French Ministry of Health.

Where can I get a copy of MongoDB’s HDS Certification?

The MongoDB HDS Certificate of Registration and Statement of Applicability (available in English and French) are available upon request. Existing customers can request documentation here. Prospective customers, please contact us.

The information about how MongoDB complies with HDS Requirement No. 31 is available here.

Hébergeur de Données de Santé (HDS)

Information relevant to Requirement No. 31 is below.

Business name of the actor
Role in the hosting service
HDS certified
SecNumCloud 3.2 qualifiedHosting activities in which the player is involved
Access to personal health data from countries outside the European Economic Area, by the Host or one of its processors
Host or processor subject to a risk of access to personal health data from countries outside the European Economic Area, imposed by the legislation of a third country in breach of EU law
Business name of the actor
MongoDB, Inc.
Amazon Web Services
Microsoft Azure
Google Cloud Platform
Role in the hosting service
MongoDB Atlas is a multi-cloud developer data platform that runs on top of Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. These three cloud providers host the personal health data that customers upload to Atlas.
Public Cloud
Public Cloud
Public Cloud
HDS certified
Yes
Yes
Yes
Yes
SecNumCloud 3.2 qualified
No
No
No
No
Hosting activities in which the player is involved
Activities 3-5
Activities 1-6
Activities 1-6
Activities 1-6
Access to personal health data from countries outside the European Economic Area, by the Host or one of its processors

Please see FAQ 4.2 of MongoDB's Privacy Hub, which provides more information on the limited circumstances when data uploaded to Atlas may be accessed outside the European Economic Area.

When customers engage MongoDB technical support, customers’ personal health data uploaded to Atlas, may be accessed by MongoDB personnel in one of the following affiliate locations (United States, United Kingdom, Australia, Canada, Israel, India, Brazil and Singapore).

Customers select the region where their personal health data will be hosted. Link
Customers select the region where their personal health data will be hosted. Link
Customers select the region where their personal health data will be hosted. Link
Host or processor subject to a risk of access to personal health data from countries outside the European Economic Area, imposed by the legislation of a third country in breach of EU law

Yes. The MongoDB Atlas Control Plane is based in the United States.

However, Atlas offers customers tools to mitigate risks of access. For more information, please see FAQs 4.3 and 4.4 of MongoDB’s Privacy Hub.

Yes. The MongoDB Atlas Control Plane is based in the United States. However, Atlas offers customers tools to mitigate risks of access. For more information, please see FAQs 4.3 and 4.4 of MongoDB’s Privacy Hub.
Yes. The MongoDB Atlas Control Plane is based in the United States. However, Atlas offers customers tools to mitigate risks of access. For more information, please see FAQs 4.3 and 4.4 of MongoDB’s Privacy Hub.
Yes. The MongoDB Atlas Control Plane is based in the United States. However, Atlas offers customers tools to mitigate risks of access. For more information, please see FAQs 4.3 and 4.4 of MongoDB’s Privacy Hub.