Health Data Hosting (HDS) Guarantees Representation

Last update: 2025-09-19
Scope: Exoscale Compute (IaaS) and Exoscale DBaaS (Managed Database Services)

Purpose

This page summarizes the HDS guarantees implemented by Exoscale for its Compute and DBaaS services, in line with the HDS v2 (2024) framework.
It is designed to help customers prepare their own compliance efforts and document requirements EXI 28–31 (localization, third-country access, exposure to non-EU laws, transparency).

⚠️ The information below is for guidance purposes only. In case of discrepancies, contractual agreements and DPA annexes prevail.

Note: This document is also available in French.

1 — Exoscale Compute (IaaS)

1.1 — Regions CH / DE (Equinix)

ItemValue
Main ActorExoscale SA
RoleHosting provider (IaaS)
HDS CertifiedIn progress (v2)
HDS Activities2, 3, 4
EXI 29 – Access from third countriesNo
EXI 30 – Non-EU law exposureYes (residual risk controlled)
ItemValue
Sub-processorEquinix (local CH/DE entities)
RolePhysical site provider
HDS Activities1
EXI 29No
EXI 30Yes (potential, controlled – non-EU group ownership)

Risk reduction measures:

  • Site-only services (power, cooling, racks) – no data access.
  • Full encryption of data at rest and in transit, keys managed by Exoscale only.
  • Operator access restricted via bastions, MFA, PAM, and audited logs.
  • Contractual clauses prohibiting data access; right to audit included.
  • HDS zones located exclusively within the EEA (EXI 28).

1.2 — Region AT (A1 Telekom Austria)

ItemValue
Main ActorExoscale SA
RoleHosting provider (IaaS)
HDS Activities2, 3, 4
EXI 29No
EXI 30No (EU-based actor)
ItemValue
Sub-processorA1 Telekom Austria AG
RolePhysical site provider
HDS Activities1
EXI 29No
EXI 30No

Risk mitigation measures:

  • Same as CH/DE: encryption, EEA-only zones, role separation, contractual clauses, and auditability.

2 — Exoscale DBaaS (Managed Databases)

ItemValue
Main ActorExoscale SA
RoleManaged service provider (hosting and operations)
HDS Activities2, 3, 4
EXI 29No
EXI 30No
ItemValue
Sub-processorAiven Oy
RoleSoftware orchestration (control plane)
HDS Activities4, 6
EXI 29Case-by-case: No by default; if support outside EEA → SCC + safeguards
EXI 30Yes (residual risk controlled)

Risk reduction measures:

  • Data Processing Agreement (Art. 28 GDPR) + Standard Contractual Clauses (Art. 46).
  • No data transfer outside EEA without Exoscale’s written approval.
  • Technical access only through Exoscale bastions, MFA, audited logs.
  • State-of-the-art encryption, with keys managed solely by Exoscale.
  • Purpose limitation: data used only for providing the DBaaS service.
  • Data erasure and reversibility formally defined (EXI 17–27).

3 — Common Principles

  • Localization (EXI 28): all storage and processing occur exclusively within the EEA.
  • Third-country access (EXI 29): not permitted by default; exceptions require adequacy or SCC + safeguards.
  • Non-EU law exposure (EXI 30): mitigated via contractual, technical, and organizational controls.
  • Auditability and traceability: customers have access to relevant audit logs per DPA.
  • Data erasure and reversibility: formally documented and certified.

Contact

  • Exoscale HDS / CISO Contact: security@exoscale.com
  • Audit or compliance inquiries: via your standard Exoscale Support channel