Signatory Customer Portal in the Public Sector: A Practical Guide

The dematerialisation of administrative procedures is accelerating in French local authorities and public administrations. Since the implementation of the "Action publique 2022" plan and the obligations arising from the eIDAS regulation, public bodies must offer fluid, secure and enforceable digital journeys. At the heart of this system: the signatory customer portal, a dedicated platform allowing each user or partner to receive, consult, sign and archive official documents online. This article details the concrete steps to create such a space in the public sector, the regulatory requirements to comply with and best practices from the field.

Why the signatory customer portal has become strategic for the public sector

The regulatory context and user expectations

In France, Ordinance No. 2014-1330 of 6 November 2014 relating to the rights of users to contact the administration electronically laid the first foundations for a dematerialisation obligation. Since then, the ESSOC law (2018), the 3DS law (2022) and successive inter-ministerial circulars have reinforced this momentum. According to the dematerialisation benchmark published by DINUM in 2025, more than 87% of first-level administrative procedures are now available online, but only 54% include a legally valid electronic signature mechanism.

Users, meanwhile, no longer tolerate paper back-and-forth. An OpinionWay study from 2024 indicates that 72% of French citizens prefer to sign an administrative document online rather than travel, provided the system is simple and reassuring. The signatory customer portal responds exactly to this expectation by offering a single point of access, secure and traceable for all dematerialised acts.

Differences with the private sector

Unlike the private sector, public bodies are subject to additional constraints: public procurement governed by the Public Procurement Code, resolutions subject to legal review by the prefecture, civil status acts governed by the Civil Code. The level of electronic signature required varies depending on the nature of the document: a simple partnership agreement can be satisfied with an advanced electronic signature (AES), whilst a notarial deed or municipal council resolution may require in some cases a qualified signature (QES) as defined in Article 26 of the eIDAS regulation.

To choose the appropriate level for each type of act, consult our complete electronic signature guide which details the three eIDAS levels and their conditions of use in the public sphere.

Steps to create a signatory customer portal in a local authority or administration

Step 1 — Map document flows and stakeholders

Before deploying any tool, it is essential to conduct a flow mapping. This phase consists of identifying:

• The types of documents involved (resolutions, public procurement, agreements, town planning authorisations, HR acts, etc.);
• Internal signatories (elected officials, chief executives, department heads) and external (contractors, associations, citizens, agents of other public entities);
• Annual volumes and contractual or regulatory deadlines associated;
• Existing information systems (specialist software such as SEDIT, CIVIL NET, CIRIL, Berger-Levrault) with which the customer portal will need to interface.

This mapping makes it possible to define the functional scope of the platform and avoid duplicating existing tools. It also conditions the level of security and authentication to be implemented for each category of users.

Step 2 — Choose the technical solution suited to public sector requirements

The choice of an electronic signature solution for the public sector responds to specific criteria that the private sector does not always impose with the same rigour:

1. Sovereign hosting: the public body's data must be hosted in France or in the European Union, on infrastructure certified HDS (if health data) or SecNumCloud (if sensitive data). ANSSI's SecNumCloud qualification has become a differentiating criterion since the Prime Minister's circular of 5 July 2021.
2. Interoperability: the solution must expose documented REST APIs compatible with RGI (General Interoperability Framework) and RGS (General Security Framework) benchmarks.
3. RGAA accessibility: pursuant to Law No. 2005-102 of 11 February 2005 and implementing decrees, public portals accessible to citizens must comply with the General Framework for Improving Accessibility (RGAA 4.1) at a minimum AA level.
4. eIDAS compliance: signature certificates must be issued by a qualified Trust Service Provider (TSP) listed on the European Trust List published by the European Commission.

To compare available solutions on the market according to these criteria, our comparison of electronic signature solutions offers an evaluation grid tailored to public procurement buyers.

Step 3 — Configure the signatory customer portal: authentication and user journey

The configuration of the signatory customer portal rests on three technical pillars:

Authentication of signatories: the public sector has a structural advantage with FranceConnect+, the national digital identity system managed by DINUM. FranceConnect+ allows substantial or high authentication under eIDAS, which makes signed acts enforceable without ambiguity. For external contractors (companies, associations), authentication by reinforced email (OTP) coupled with documentary identity verification may be sufficient for intermediate-level acts.

The signature journey must be designed to minimise friction: notification by email or SMS, direct access to the document from the dedicated space, content viewing before signature, signature application in one or two clicks depending on the level required, and confirmation by time-stamped certificate. Qualified time-stamping (RFC 3161) guarantees document integrity and the certain date of signature, essential elements in the event of litigation.

Management of delegations and validation circuits: in a local authority, an act often bears only a single final signature, but it is preceded by an internal visa circuit. The signatory customer portal must allow configuration of multi-stage workflows (electronic parapheur) with delegation rules compliant with the delegation of signature order of the body.

Step 4 — Ensure conservation and probative archiving

A signatory customer portal is not limited to signature: it must guarantee the evidential value of documents over time. The Heritage Code (Articles L. 211-1 et seq.) requires public bodies to maintain specific retention periods depending on the nature of acts (10 years for public procurement, unlimited duration for resolutions, etc.).

The NF Z 42-020 standard defines the requirements of an electronic archiving system with evidential value (EAS). The signatory customer portal must interface with the body's EAS or natively offer a digital safe compliant with standards. Recourse to a certified third-party archivist allows this obligation to be externalised whilst maintaining the traceability required by the CNIL and administrative courts.

Note that signed documents remain accessible to each signatory from their personal space, in accordance with access rights provided for by the GDPR and the CADA law.

Governance, training and change management in the public sector

Structure project governance

The deployment of a signatory customer portal is an organisational transformation project as much as a technical one. Governance must involve:

• Senior management (DGS/DGA) for political support and validation of acts involved;
• Information Systems Department (DSI) for technical integration and security;
• Data Protection Officer (DPO), mandatory in public bodies since Article 37 of the GDPR, to validate the impact analysis (DPIA);
• Legal department to map risks and validate the legal value of each category of dematerialised acts.

A quarterly steering committee, bringing together these stakeholders, allows the deployment to be adjusted and document flows to be prioritised based on operational gains observed.

Train agents and external signatories

Adoption of a signatory customer portal largely depends on the quality of change management. Public agents, accustomed to paper processes or heterogeneous tools, need short but targeted training: understanding the legal value of electronic signature, knowing how to identify a forged document, mastering the signature circuit of their area.

For external signatories (contractor companies, subsidised associations), a simple user guide, accessible from the customer portal itself, significantly reduces support requests. Modern platforms now integrate contextual tutorials and a dynamic FAQ directly into the signature journey. The Certyneo Help Centre offers for example educational resources that can be adapted to your internal communications.

Measure benefits and manage by data

The return on investment of a signatory customer portal in the public sector is measured across several dimensions:

• Average signature time: dematerialisation reduces the signature cycle on average from 7 to 14 days to less than 48 hours according to feedback from pioneering local authorities;
• Rate of lost or poorly archived documents: trending to zero with an interfaced EAS;
• Direct costs: printing, postage, courier delays, reprocessing of non-compliant documents;
• Satisfaction of external signatories: measurable via an NPS integrated at the end of the signature journey.

These indicators feed into the steering committee's dashboard and justify the gradual expansion of the dematerialised scope. To precisely estimate the potential gains for your body, our electronic signature ROI calculator allows a personalised projection in less than 5 minutes.

Legal framework applicable to the signatory customer portal in the public sector

The implementation of a signatory customer portal in a French local authority or administration is part of a dense legal corpus, structured at several levels.

The eIDAS Regulation No. 910/2014 of the European Parliament and of the Council constitutes the European foundation. It distinguishes three levels of electronic signature (simple, advanced, qualified) and requires that only qualified signature benefits from a presumption of reliability equivalent to handwritten signature in all Member States. For sensitive public acts, recourse to a qualified certificate issued by a Trust Service Provider (TSP) listed on the European Trust List is imperative. eIDAS Regulation 2.0 (EU Regulation 2024/1183), in force since May 2024, strengthens these requirements by introducing the European Digital Identity Wallet (EUDIW), whose integration into public portals must be operational by 2026-2027 according to the timetable set by the Commission.

The Civil Code, Articles 1366 and 1367, set the conditions for the validity of electronic writing in French law: reliable identification of the author and guarantee of document integrity. These conditions are met by the cryptographic mechanisms of advanced and qualified signatures.

The GDPR No. 2016/679 requires any body processing personal data (name, email, FranceConnect identifier of signatories) to carry out a Data Protection Impact Analysis (DPIA) prior to deployment of the customer portal, in accordance with Article 35 of the regulation. This obligation is reinforced for public bodies. The appointment of a DPO (Article 37) is mandatory for all public authorities.

The General Security Framework (RGS v2.0), published by ANSSI, sets the security levels required for State and local authority online services. Signature platforms deployed in this context must be audited and, depending on the level of data sensitivity, qualified or certified by ANSSI.

ETSI standards technically govern signature formats: ETSI EN 319 132 (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES for PDFs). The PAdES format is recommended for public documents due to its native readability in standard PDF viewers.

NIS2 Directive (EU 2022/2555), transposed into French law by Law No. 2024-449 of 21 May 2024, extends cybersecurity obligations to essential and important entities, including many public bodies (towns with over 30,000 inhabitants, departments, regions, healthcare facilities). Signature platforms must be part of the body's information systems security policy (PSSI) and be subject to incident reporting to ANSSI in the event of a breach.

Finally, the Public Procurement Code (Articles R. 2132-1 et seq.) requires dematerialisation of public procurement above €40,000 ex VAT and requires electronic signature of engagement acts. Failure to comply with this obligation exposes the body to a risk of nullity of acts and penalties during prefectoral legal review.

Use scenarios: the signatory customer portal in action in the public sector

Scenario 1 — An urban agglomeration community dematerialises its partnership agreements

An urban agglomeration community comprising about twenty municipalities manages over 350 partnership agreements annually with local associations, educational establishments and private contractors. Before implementing a signatory customer portal, each agreement required on average 18 days between internal validation and signing by both parties, with an estimated document loss rate of 4% (documents poorly archived or unsigned versions incorrectly retained).

Following deployment of a signatory customer portal integrated into the existing business information system, the average signature time fell to 3.5 days. Partner associations access their portal via FranceConnect, receive an email notification as soon as a document is ready to sign and find all their agreements archived in their personal space. The document loss rate has been zero since deployment. The estimated annual saving on printing, postage and administrative reprocessing costs exceeds €15,000, not to mention the time saving for staff.

Scenario 2 — A department dematerialises public procurement acts across its departments

A departmental council processing over 1,200 public procurement contracts annually (all thresholds combined) faced signature delays incompatible with its departments' operational constraints. The paper circuit involved up to 7 internal stakeholders (instruction, legal review, financial review, signature by the president or delegated vice-president) before transmission to the contractor.

The implementation of an electronic parapheur integrated into the signatory customer portal made it possible to configure multi-stage workflows with automatic delegations in case of absence. The average internal circuit time fell from 11 days to 2.8 days. The department also saw a 60% reduction in telephone follow-ups to services to find out signature progress. The customer portal offered to external contractors allows them to sign engagement acts directly from their interface, with a time-stamped signature certificate automatically archived in the departmental EAS.

Scenario 3 — A public health establishment secures HR acts for its medical practitioners

A hospital group with approximately 1,200 staff (including 180 practitioners) managed its engagement contracts, amendments and temporary recruitment acts by post or mandatory physical presence, creating delays incompatible with recruitment needs (on-call replacement, medical interim).

The signatory customer portal deployed for human resources now allows each practitioner or agent to receive, consult and sign their contract from a secure portal, accessible from any terminal. Authentication relies on FranceConnect+ for tenured staff and documentary identity verification for temporary workers. The average time to employment following oral agreement fell from 8 days (paper file processing time) to less than 24 hours. The establishment also reduced HR file completeness errors by 40% thanks to guided forms integrated into the signature journey, in accordance with public hospital service recommendations.

Conclusion

Creating a signatory customer portal in the public sector is no longer optional: it is a progressive regulatory obligation and a growing expectation of users and institutional partners alike. The approach rests on four indissociable pillars — flow mapping, choice of a sovereign and eIDAS-compliant solution, configuration of a fluid user journey, and probative archiving — supported by strong governance and rigorous change management.

Local authorities and administrations that have taken this step observe measurable gains: signature times divided by an average of five, reduced administrative costs and impeccable archiving quality. Certyneo supports public bodies at each stage of this project, from initial audit to operational deployment.

Ready to take the leap? Contact our Certyneo experts for a free audit of your document flows and a personalised demonstration tailored to public sector constraints.