HDS-certified hosting services for Composable Commerce

The French HDS (Hébergement de Données de Santé) defines the legal and technical requirements for the secure processing and hosting of health data. It is governed by the French Digital Health Agency (ANS).

commercetools is certified under HDS version 1.1, covering Activity 4 (Provision and maintenance in operational condition of the virtual infrastructure of the information system used to process the health data) and Activity 5 (Management and operation of the information system containing the health data). The certificate was issued on 5 January 2024 and is valid until 4 January 2027.

This certification confirms that commercetools meets the relevant security and organizational requirements for these two critical areas of health data hosting.

A new version of HDS 2.0 was introduced on 16 May 2024 and formalized under the national standard NF 203. After a two-year transition period ending on 15 May 2026, it will fully replace HDS-framework version 1.1.

commercetools currently works on the transfer of the HDS certificate from V1.1 to V2.0.

HDS contact information

As part of our commitment to compliance with HDS requirements (V1.1 and V2.0), all Customers must designate a dedicated contact person (“HDS Contact”) during the Customer onboarding process.

Purpose of the HDS Contact

The HDS Contact on Customer side serves as the primary communication point in the event of an incident involving health data or service availability. This person must:

  • Be reachable for incident coordination.
  • Be able to provide or facilitate access to additional subject matter experts when required, at least a healthcare professional who is explicitly authorized to access the Personal Health Data (DSCP - Données de Santé à Caractère Personnel) under their responsibility, for example, in the context of patient management, data access, or operational support.

Mandatory entry in onboarding process

The HDS Contact is collected as a mandatory information during the Customer onboarding process. This step cannot be bypassed or completed without providing valid contact details. As a result, it is technically ensured that every Customer has a designated HDS Contact before the service is activated.

Data storage and availability

HDS Contact details are stored in our CRM system and can be retrieved at any time by authorized personnel. This ensures:

  • Continuous compliance with HDS v.2.0 Requirement 11 (maintaining an up-to-date list of HDS-relevant Customer contacts).
  • Compliance with HDS v.2.0 Requirement 20 (ensuring a designated contact is available in the event of an incident).

Maintain up-to-date information

Every Customer is obligated to deliver the appropriate HDS-specific required contact information, triggered by our process design. Updated contact details are immediately reflected in the CRM system and available for operational and compliance purposes.