France Shifts Health Data Hub from Azure to SecNumCloud EU Cloud by 2026

France has moved decisively to end the long-running dispute over where the nation’s most sensitive health data should be hosted: the government has launched a formal procurement process to move the Health Data Hub off Microsoft Azure and onto a SecNumCloud‑qualified, European or French cloud provider, with the award expected by the end of March 2026 and a full migration targeted by the end of the year.

Background​

The Health Data Hub (HDH) — legally the Plateforme des Données de Santé — was created in 2019 to centralize, standardize and provide secure researcher access to vast streams of French health data, including the Système National des Données de Santé (SNDS) held by the Caisse nationale de l’Assurance Maladie. The platform was intended to accelerate public health research, epidemiology and medical AI by enabling large‑scale, controlled access to harmonized, pseudonymized datasets.
From the outset, the decision to rely on Microsoft Azure as host triggered political and regulatory pushback. Privacy authorities and many digital‑sovereignty advocates warned that placing national health archives under an American hyperscaler risked exposure to extraterritorial US legislation and limited France’s control over governance, access and incident response. The CNIL (France’s data protection authority) repeatedly recommended a European hosting alternative for such sensitive data. That political and regulatory pressure has now produced a concrete operational plan to shift to a provider carrying ANSSI’s SecNumCloud qualification.

---

What the government announced and what it means​

On the stimulus of a joint decision by the ministries responsible for health, state reform and digital affairs, a public procurement procedure tied to the UGAP “Nuage Public” framework was opened: the future host must be SecNumCloud‑qualified and therefore meet ANSSI’s current security and sovereignty requirements. The ministries indicated that the award will be made by the end of March 2026, and that the migration should be completed within the year, replacing Microsoft Azure as the platform’s primary provider.
Why SecNumCloud? The ANSSI qualification is designed to identify cloud offerings that provide stronger guarantees against cyber threats and against the legal exposure posed by non‑European extraterritorial laws. In practice, SecNumCloud 3.2 sets operational, technical and governance requirements — and in many cases requires structural arrangements that prevent a non‑EU entity from exercising decisive control over the qualified provider. ANSSI explicitly positions SecNumCloud as a way to reduce the risk of extraterritorial access to sensitive data.
This is an explicit pivot from the prior model, where HDH operated on Microsoft Azure under tight CNIL oversight and contractual constraints. The move to a SecNumCloud provider is the government’s answer to the political demand for “sovereign” custody of health records and to the CNIL’s insistence that sensitive datasets be insulated from foreign state access risks.

---

Timeline and procurement mechanics​

• The procurement procedure was announced publicly in early February 2026, with a formal opening of competitive bids tied to the UGAP purchasing framework shortly afterward. The ministers set a tight timetable: award selection by end of March 2026, and platform bascule (cut‑over) to the new environment before the close of 2026.
• The tender specification requires an ANSSI SecNumCloud visa, effectively excluding standard offers from US hyperscalers unless those offers are delivered via a legally and operationally independent French/EU entity that meets the SecNumCloud ownership and control conditions. Candidates may therefore include established French cloud operators and the new “cloud of trust” entities backed by European industrial champions.
• The procurement will be run using an interministerial buying mechanism to accelerate contracting and leverage pre‑qualified catalogs. This structure aims to shorten procurement lead times and reduce legal friction; still, migrating a live national scale health platform remains a complex, multi‑phase technical project with regulatory and governance gates.

---

The technical scope: what must be moved and why it is hard​

At the heart of the HDH is the SNDS (the national health data backbone managed by CNAM), which aggregates very large, longitudinal records: reimbursed care, hospital activity, causes of death, chronic disease markers, and related metadata used by public‑interest research. Access modes range from open aggregated datasets to highly controlled, pseudonymized individual‑level extractions for approved projects. Moving this breadth and depth of data is not an administrative detail — it is a sustained engineering, legal and security program.
Key technical challenges include:

• Data volume and transfer: the SNDS is an exhaustive, long‑range dataset. Replicating the full dataset to a new environment requires sustained, resilient data transfer pipelines with robust integrity checks and encryption-at-rest and in-transit.
• Pseudonymization and re‑identification risk: moving pseudonymized individual‑level records must preserve privacy guarantees; all migration steps must maintain pseudonymization keys and processing logs under strict control.
• Service parity and tooling: the new environment must provide compute, storage, analytics and AI toolsets compatible with research use cases; differences in platform capabilities could delay or limit research workloads.
• Continuity and governance: the HDH is regularly used by projects with active timelines. Migration necessitates staged cutovers, replica synchronization, rollback plans and seamless verification by the CNIL and other supervisory bodies.
• Certification and proof: the target provider must not only be SecNumCloud‑qualified but also able to demonstrate operational readiness for Health‑Data‑specific requirements, including health‑data hosting standards where applicable.

These are not theoretical concerns: earlier work by HDH and ministerial teams proposed an interim or “solution intercalaire” — a temporary arrangement to host a copy of the SNDS in a sovereign cloud while a final target was sourced — specifically to reduce operational risk during transition. That program had an estimated envelope and scheduling; the government now says a direct migration to a SecNumCloud host is technically doable and preferable, reducing the need for a prolonged interim step.

---

Who could host the Health Data Hub?​

Several types of providers are in scope:

• Native French or European cloud operators already SecNumCloud‑qualified (examples include established players and specialist “cloud de confiance” providers).
• New French “cloud of trust” ventures that combine European industrial ownership with technology licensed from hyperscalers but organized to meet ANSSI’s ownership and control thresholds (e.g., Bleu, S3NS, Sens).
• Consortia involving postal, defense, or telecom incumbents paired with established cloud tooling vendors.

Recent SecNumCloud milestones changed the competitive landscape. In late 2025 and early 2026, ANSSI awarded qualifications or validation milestones to several trust‑cloud offers (notably S3NS, the Thales/Google‑backed trusted cloud, and Bleu, the Orange/Capgemini‑led Azure‑based sovereign offering), which immediately positioned them as credible bidders for high‑sensitivity public contracts. However, qualification is a necessary but not sufficient condition: performance, operational maturity, health‑data experience and pricing will also decide the award.
Potential candidates widely mentioned in press coverage include OVHcloud (with HDS and other health‑sector certifications), Cloud Temple, Bleu, S3NS (Premi3ns), Sens and other consortiums that combine French operational control with high‑grade tooling. The government’s use of the UGAP “Nuage Public” framework will make it easier to call on these pre‑qualified operators.

---

Legal and regulatory guardrails: CNIL, ANSSI and GDPR​

The CNIL’s longstanding concern has been both technical and legal: ensuring that data subjects’ rights under GDPR are upheld and that the operational architecture minimizes the risk that foreign public authorities could compel access. The CNIL historically urged an EU‑based operator for the HDH; it has also overseen constraints on transfers and has limited approvals to narrow, time‑bound, project‑specific flows when Microsoft Azure was used. Any migration must therefore secure CNIL approvals and demonstrate that privacy and data‑protection safeguards are preserved during and after transfer.
ANSSI’s SecNumCloud visa plays a complementary role: it focuses on the provider’s security posture and governance, including measures to mitigate extraterritorial legal risk. But it’s important to be precise: SecNumCloud is a high‑bar cybersecurity and sovereignty framework, not an absolute legal firewall. Experts and ANSSI itself acknowledge limits — for instance, supply‑chain dependencies and the use of foreign‑developed software components can create residual exposure. Qualified providers substantially reduce legal and operational risk, but SecNumCloud status does not automatically guarantee immunity from all extraterritorial legal claims or technical supply‑chain vulnerabilities. That nuance matters for procurement risk analysis.

---

Costs, procurement realities and previous budgets​

Migration is not free. Earlier HDH procurement rounds included a specific project for an “interim solution” with a budget estimated at roughly €6.2 million for four years to handle ingestion, pseudonymization and secure transfers to a sovereign environment. That exercise demonstrated both that the program had already set aside funds for transfer work and that the project’s architects had been planning for staged migration steps for some time. Procurement costs will now include not only hosting fees but also extensive integration, testing, validation and regulatory compliance work — and likely vendor support agreements for multi‑year operations.
From a contracting perspective, using the UGAP catalogue and a fast‑track purchase mechanism helps reduce bureaucratic friction; but the technical acceptance criteria (functional parity with Azure, SLAs, certification proofs, interoperability with existing HDH tooling) will be the real negotiation battlegrounds. Bidders may compete on price, but the government is likely to weight security guarantees and operational continuity more heavily given the sensitivity of the data.

---

Benefits: why this is a defensible policy shift​

• Reasserting national and European digital sovereignty: selecting a SecNumCloud provider aligns the HDH with France’s long‑standing objective to host sensitive public data within a legal and operational perimeter controlled by European actors. It reduces dependence on US‑jurisdiction providers and addresses the political demand for data sovereignty.
• Regulatory clarity and public trust: migrating to a provider explicitly accredited to mitigate extraterritorial legal exposure can remove one of the most visible blockers to broader CNIL approvals and to uptake by conservative research institutions and hospitals. That can broaden the platform’s user base once governance concerns are settled.
• Stimulus for local cloud ecosystem: the contract would be a major anchor customer for EU‑based cloud offerings and could accelerate capability investments in the French cloud market (compute scale, managed services, secure enclaves oriented to health analytics).

---

Risks, tradeoffs and the practical downsides​

• Technical maturity and feature parity: American hyperscalers offer deep tooling for analytics, ML training at scale, and a vast partner ecosystem. Not all SecNumCloud providers currently match that breadth. If the new host cannot replicate HDH users’ tooling and performance, research workflows could be degraded or require costly refactoring.
• Vendor dependencies masked as sovereignty: some SecNumCloud‑qualified offers depend on non‑European technologies beneath the surface (managed services built on foreign tech stacks). ANSSI’s qualification framework and public clarifications underscore that qualification does not equate to zero dependency. Procurement teams must rigorously examine the technical stack and contractual controls to avoid false security assurances.
• Migration risk to live research: copying and synchronizing a production‑grade, active health dataset is operationally risky. Any incident during migration would disrupt ongoing studies and might require complex rollback or dual‑write strategies. The plan must include staged testing, CNIL‑approved acceptance tests, and transparent timelines for researcher re‑onboarding.
• Legal residuals: even with SecNumCloud, legal exposure is not zero. Supply‑chain risks, software dependencies and the difficulty of guaranteeing total independence from foreign jurisdictions create residual legal vectors that must be mitigated by contract, transparency and continuous oversight.
• Budget and political risk: changing priorities or procurement protests can delay award or push the migration into a multi‑year process — prolonging the period of uncertainty the policy decision is meant to resolve. Past debates suggest the political consequences of any misstep would be amplified.

---

Practical checklist for the migration program (recommended)​

• Publish a precise, machine‑readable tender with clear technical acceptance tests and security milestones tied to ANSSI validation artifacts.
• Require disclosure of the full technology stack and subcontracting chains so procurement can evaluate supply‑chain exposure.
• Define a phased migration plan that includes: dry‑run replication, parallel operation windows, incremental CNIL sign‑offs and a clearly documented rollback strategy.
• Fund and staff a dedicated migration cell with legal, data‑protection, cloud engineering and scientific liaison responsibilities.
• Commit to open, reproducible baselines for researcher tooling to ensure continuity of experiments and reproducibility of published research.
• Include independent third‑party audit and continuous monitoring obligations as part of the contract.

---

What this means for researchers, patients and the public​

For researchers: the move promises to unlock wider access pathways once the new host proves compliance, but there will be a transition period of interrupted or modified access that teams must anticipate. Prepare to revalidate pipelines and to potentially migrate compute workflows to new runtime environments.
For patients and data subjects: the government’s explicit aim is to strengthen legal protection and reduce extraterritorial access risk; however, real gains will depend on contractual safeguards, technical isolation and independent auditing. Patients should expect clearer, public‑facing governance statements as the migration proceeds.
For the broader public sector: this procurement sets a precedent for other sensitive national datasets. If executed smoothly, it could accelerate France’s and Europe’s broader adoption of “trust‑cloud” procurement for critical infrastructure and public data services.

---

Final assessment: an opportunity with non‑trivial engineering and legal work​

The decision to move the Health Data Hub off Microsoft Azure toward a SecNumCloud‑qualified host is politically and symbolically significant, and it addresses a persistent regulatory pain point that has stalled full exploitation of the HDH’s potential. The strategy aligns legal objectives (reducing extraterritorial risk) with political priorities (digital sovereignty) and market developments (emergence of SecNumCloud‑qualified providers).
That said, the transition is neither trivial nor risk‑free. Achieving feature parity, preserving scientific continuity, and ensuring that SecNumCloud qualification translates into real operational independence will require meticulous procurement specification, robust technical testing and sustained oversight by ANSSI and CNIL. The government’s compressed timetable (award by late March 2026, migration by end‑of‑year) is ambitious; success will depend on careful planning, transparent vendor commitments and sensible contingency funding.
If the process is executed with technical rigor, legal clarity and open oversight, France can both protect citizens’ health data and reinvigorate the national research ecosystem. If corners are cut, the same legal, operational and reputational hazards that plagued the HDH in its early years could resurface. The next six to twelve months will be decisive: the procurement outcome and the first migration milestones will determine whether this long‑running controversy finally ends with strengthened public trust and renewed scientific opportunity — or simply starts a new chapter of complex vendor transitions.

---

Source: Telecompaper France's Health Data Hub to migrate away from Microsoft Azure by year-end