Compliance Matrix
68a9c5b (Jul 14, 2026)Public, browsable compliance & regulation matrix at compliance.datasafe.dev. Shows, for each regulatory requirement, how Health Data Safe is compliant — and what an implementer building on HDS must still do themselves.
The three-layer model
Section titled “The three-layer model”Every requirement row answers three questions:
┌─ Pryv platform layer ──── inherited from pryv/compliance-matrix (open-pryv.io)├─ HDS layer ────────────── what HDS-as-operator + the HDS app stack adds└─ Implementer layer ────── what's still on the plate of whoever builds on HDS, tagged by persona + which agreement(s) to signCoverage taxonomy per layer: implemented · configurable · facilitated · documented · out-of-scope.
Scopes covered
Section titled “Scopes covered”- HIPAA — Security (§164.308/310/312/314/316), Privacy (Subpart E), Breach
- GDPR — full article coverage
- Swiss nLPD
- SOC 2 (drafted, parked pending Pryv’s upstream publication)
Plus downloadable agreement templates (BAA, subcontractor/subprocessor, DPA).
Data portability example
Section titled “Data portability example”The data-subject access / portability rows (GDPR Art. 15/20, HIPAA §164.524, Swiss nLPD Art. 25/28) cite the Download My Data tool as the HDS-layer self-service path — a concrete example of an HDS-layer claim backed by a live, public implementation.
How it’s built & deployed
Section titled “How it’s built & deployed”Static, dependency-free site (vanilla JS client-side filtering) generated by npm run site from the same YAML the validator reads. All rows are currently draft pending counsel review. Deployed to gh-pages via scripts/deploy.sh (manual, per HDS deploy policy).
Status
Section titled “Status”Production (content draft). Site live 2026-06-17.