Legal news

  1. Accueil
  2. News
  3. Legal news
  4. The CNIL and the French National Authori...

The CNIL and the French National Authority for Health Join Forces to Support Digital Health Stakeholders

The CNIL and the French National Authority for Health ("HAS") signed a partnership agreement on 10 March 2026 aimed at strengthening best practices in personal data protection and promoting fundamental rights relating to digital tools in the healthcare, social and medico-social sectors [1].

The partnership is intended to enable both authorities to collaborate and share their respective expertise for the benefit of healthcare professionals, institutions and companies developing digital solutions. Its objectives include promoting the protection of personal data and fundamental rights in connection with the use of digital tools incorporating artificial intelligence (AI), operationally adapting European requirements to the specific context of the French healthcare system, and improving practices in relation to health data security.

The agreement also provides that both institutions will issue, where relevant, a joint position for the attention of healthcare professionals and institutions. This approach should, in practice, facilitate the articulation between the requirements of the General Data Protection Regulation ("GDPR") and those relating to the certification of healthcare institutions or the assessment of establishments and services in the social and medico-social sector.

A first concrete deliverable has already been announced : a joint recommendation on the appropriate use of AI in care settings is expected for the second quarter of 2026. This document should clarify the applicable legal and regulatory framework, in particular with regard to the GDPR and the European AI Regulation ("AI Act"). It follows on from a public consultation jointly launched by both authorities on 5 March 2026 on a draft guide on AI in healthcare.

This partnership sends an important signal to digital health stakeholders, who will need to integrate the converging positions of these two reference authorities into their compliance processes going forward.