Health Data Hosting (HDS) Guarantees Representation
Last update: 2025-09-19 Scope: Exoscale Compute (IaaS) and Exoscale DBaaS (Managed Database Services)
Purpose
This page summarizes the HDS guarantees implemented by Exoscale for its Compute and DBaaS services, in line with the HDS v2 (2024) framework. It is designed to help customers prepare their own compliance efforts and document requirements EXI 28–31 (localization, third-country access, exposure to non-EU laws, transparency).
The information below is for guidance purposes only. In case of discrepancies, contractual agreements and DPA annexes prevail.
Note: This document is also available in French.
The table of guarantees in the format required by the regulation is available on Exoscale’s Compliance Center: https://portal.exoscale.com/organization/legal/compliance.
1 — Exoscale Compute (IaaS)
1.1 — Regions CH / DE (Equinix)
| Item | Value |
|---|---|
| Main Actor | Exoscale SA |
| Role | Hosting provider (IaaS) |
| HDS Certified | In progress (v2) |
| HDS Activities | 2, 3, 4 |
| EXI 29 – Access from third countries | Yes — remote administration access may occur from Switzerland (non-EEA), with safeguards (GDPR Art. 45) |
| EXI 30 – Non-EU law exposure | Yes (residual risk controlled) |
| Item | Value |
|---|---|
| Sub-processor | Equinix (local CH/DE entities) |
| Role | Physical site provider |
| HDS Activities | 1 |
| EXI 29 | No (no remote access to HDS health data) |
| EXI 30 | Yes (potential, controlled – non-EU group ownership) |
Risk reduction measures:
- Health data storage remains exclusively within the EEA for EEA regions (EXI 28).
- Operations performed from Switzerland are treated as remote access (EXI 29) and do not imply storage outside the EEA.
- Legal basis: European Commission adequacy decision for Switzerland (GDPR Art. 45).
- Administrative access is performed through an encrypted private network (VPN, including Tailscale), with strong authentication (MFA).
- Controlled operator access: bastions, PAM, least privilege, and segregation of duties.
- Traceability: centralized logging of administrative access and actions (identity, source, timestamps), security monitoring, and retention per internal policies.
- Exfiltration prevention controls: access restrictions, intervention procedures, regular access reviews, and internal compliance checks.
- Equinix services are site utilities only (power, cooling, racks) – no data access.
Important (encryption): Exoscale implements encryption in transit and appropriate at-rest protection mechanisms depending on the service. The Customer remains responsible for any additional application-level encryption required by its own risk assessment, unless otherwise specified contractually.
1.2 — Region AT (A1 Telekom Austria)
| Item | Value |
|---|---|
| Main Actor | Exoscale SA |
| Role | Hosting provider (IaaS) |
| HDS Activities | 2, 3, 4 |
| EXI 29 | Yes — remote administration access may occur from Switzerland (non-EEA), with safeguards (GDPR Art. 45) |
| EXI 30 | No (EU-based actor) |
| Item | Value |
|---|---|
| Sub-processor | A1 Telekom Austria AG |
| Role | Physical site provider |
| HDS Activities | 1 |
| EXI 29 | No (no remote access to HDS health data) |
| EXI 30 | No |
Risk mitigation measures:
- Same as CH/DE: EEA-only storage for EEA regions, safeguarded remote admin access, encryption, segregation of duties, contractual clauses, and auditability.
2 — Exoscale DBaaS (Managed Databases)
| Item | Value |
|---|---|
| Main Actor | Exoscale SA |
| Role | Managed service provider (hosting and operations) |
| HDS Activities | 2, 3, 4 |
| EXI 29 | Yes — remote administration access may occur from Switzerland (non-EEA), with safeguards (GDPR Art. 45) |
| EXI 30 | No |
| Item | Value |
|---|---|
| Sub-processor | Aiven Oy |
| Role | Software orchestration (control plane) |
| HDS Activities | 4, 6 |
| EXI 29 | Conditional: no non-EEA access by default; if support requires access from a non-EEA country without adequacy → SCC (Art. 46) + supplementary measures, with customer information |
| EXI 30 | Yes (residual risk controlled) |
Risk reduction measures:
Localization (EXI 28): DBaaS services are configured so that customer data is stored within the EEA when the Customer selects an EEA region.
Remote access governance (EXI 29):
- Exoscale administrative access from Switzerland relies on the adequacy decision (GDPR Art. 45) and is protected by strong technical/organizational controls.
- For Aiven operations: no non-EEA access by default; if an intervention requires access from a non-EEA country without adequacy, Exoscale applies appropriate safeguards (GDPR Art. 46 — SCC) and supplementary measures (EDPB 01/2020) and informs the Customer according to contractual/DPA terms.
Controlled access path: technical access only through Exoscale bastions, MFA, and audited logs; segmentation and strict access scoping.
Cryptographic protection: encryption in transit; appropriate at-rest protection mechanisms depending on the service, with strict controls over secrets/keys access.
Purpose limitation: data is used only to provide the DBaaS service; transfers outside the EEA are prohibited without a legal basis and contractual controls.
Data erasure and reversibility formally defined (EXI 17–27).
3 — Common Principles
Localization (EXI 28): storage remains exclusively within the EEA for EEA regions selected by the Customer.
Third-country access (EXI 29):
- Switzerland: remote administration access may occur, relying on adequacy (GDPR Art. 45) and safeguarded by VPN encryption, MFA, PAM, least privilege, and audit logging.
- Other third countries: not permitted by default; if strictly necessary, requires Art. 46 (SCC) plus supplementary measures, and customer information.
Non-EU law exposure (EXI 30): mitigated via contractual, technical, and organizational controls; transfer/risk mapping and mitigation measures are maintained.
Auditability and traceability: auditable logging and customer audit rights as defined in the DPA.
Data erasure and reversibility: formally documented and implemented.
Contact
- Exoscale HDS / CISO Contact: security@exoscale.com
- Audit or compliance inquiries: via your standard Exoscale Support channel