HDShealthtechcompliance

HDS 2.0 mandatory May 16, 2026: security checklist for healthtech

Name: CleanIssue
Price range: €€

Published on 2026-04-077 min readFlorian

The countdown is on

HDS 2.0 is mandatory for new certificates since November 2024. By May 16, 2026, all old HDS 1.1 certificates become invalid.

What changes

EEA storage mandatory

Enhanced transparency on transfers

Strengthened encryption and access control

Security checklist

Encryption in transit (TLS 1.3) and at rest (AES-256)

Per-patient access controls (RLS)

Health data access logging

Data retention and deletion policies

CNIL notification procedure (72h)

Regular documented security tests

Strong authentication (2FA)

Three adjacent analyses to keep exploring the same attack surface.

CNILcompliance

CNIL compliance audit: the complete guide for SMBs in 2026

What CNIL expects, the Article 32 checklist, how to prepare your SMB for an inspection, and what the audit report should contain.

2026-03-26 · 9 min read

CNILcompliance

CNIL priority sectors 2026: healthcare, finance, justice in focus

CNIL targets healthcare, finance and justice for 2026 controls. How to prepare.

2026-04-02 · 5 min read

healthtechvulnerabilities

The 5 vulnerabilities we find in 90% of healthtech startups

APIs exposing patient data, public buckets, missing RLS — recurring mistakes in e-health.

2026-03-01 · 6 min read

Sources

Written by Florian

Reviewed on 2026-04-07

Editorial analysis based on official vendor, project, and regulator documentation.

Related services

If this topic maps to a real risk in your stack, these are the most relevant CleanIssue audits.

External Review

Get a fast, clear read on your product’s real external exposure.

Full Audit

Document all priority flaws and get a real remediation plan.

Ongoing Review

Track new exposure as your stack changes over time.