MDMC is hosted in France with an HDS v2 certified operator. Zero Cloud Act, zero US jurisdiction, zero backdoor — your encryption key never leaves your device.
Your medical data will be hosted in France, on HDS v2 certified servers (target V1). No replication to foreign clouds. Full FHIR R4 export planned at any time.
Zero US jurisdiction. The US Cloud Act does not apply to MDMC: 100% French infrastructure, French law exclusively, public contractual commitments.
Zero-knowledge client-side encryption: your key never leaves your device. MDMC cannot read your data. No backdoor, no admin master key.
Data from public sources, court decisions and official reports.
| Criteria | Doctolib | Epic / hospital portals | MDMC |
|---|---|---|---|
| Hosting | AWS (US Cloud Act applicable) | US datacenters or AWS US depending on instance | France, HDS v2 certified operator (target V1) |
| Jurisdiction | French law + Cloud Act US exposure (AWS) | US law primarily | French law exclusively |
| Encryption | Server-side encryption (the provider can read data server-side) | Standard server-side encryption | Zero-knowledge client-side, MDMC cannot read your data |
| Pricing | +40% over 10 years per industry analysts | Proprietary license, complex cost audit | Public grid, contractual inflation cap +2 pts |
| Modularity | Forced bundling reported (ADLC decision 2023, €4.665M) | Monolithic suite, costly migration | Independent modules, each activable alone |
| Antitrust compliance | Fined by ADLC Nov. 2023: €4.665M for abusive bundling | Recurring US antitrust investigations | Open structure, no proprietary lock-in |
Sources: ADLC decision 2023 (Doctolib), Cloud Act US DOJ report 2022, AWS healthcare site, official Doctolib / Epic announcements.
Native = designed from day one. Target V1 = blocking commitment before go-live. Roadmap V2 = planned.
Infrastructure planned with an ANS HDS v2 certified operator. Blocking commitment before V1 go-live — not yet in production.
GDPR by design: granular consent, right to erasure planned. DPO designation and DPIA in progress — required before V1 go-live.
SecNumCloud qualification targeted for V2 — zero foreign influence on infrastructure.
INS-API (RNIV) integration for unique national patient identifier. Ségur V2 prerequisite.
Full passport export in FHIR R4. Portability guaranteed — you are never locked into MDMC.
Legal requirement in France (RGAA). Contrast, keyboard navigation, screen readers — audited at each release.
Data sovereignty is inseparable from technical security: 4-layer encryption, blockchain consent, zero-trust compliance.
See the security architectureArchitecture designed to minimize exposure to the Cloud Act and US extraterritoriality: sovereign EU infrastructure, no US subsidiary, no US cloud hosting. HDS v2 hosting in France reduces exposure to extraterritorial US subpoenas — full legal validation will be conducted before go-live.
HDS v2 is a contractual commitment blocking go-live V1 — not a post-launch promise. The certification will be published on the ANS website and accessible from this page upon receipt.
SecNumCloud is planned for V2 (2027 horizon). It is the most demanding ANSSI qualification — it guarantees the total absence of foreign legal influence. V1 targets HDS v2 + native GDPR as the minimal sovereign foundation.
Doctolib is the market leader in France — the comparison is legitimate and expected by healthcare professionals. The data cited (ADLC fine €4.665M, AWS hosting) come from official public sources.
Join the pioneers taking back control of their medical data. Hosted in France, zero Cloud Act.