Compliance with employment law: employer obligations

Employment law compliance represents a major challenge for all French businesses, regardless of size. Between mandatory notice requirements, contract drafting, personal data management and legal document archiving, the regulatory framework continues to expand. In 2026, digital transformation imposes additional requirements: how can you go paperless without compromising compliance? This article guides you through the main employer obligations, associated legal risks, and concrete solutions to secure your HR practices on a daily basis.

Legal foundations of employer compliance

The Labour Code: pillar of legal obligation

The Labour Code is the central reference for any employer established in France. It sets rules regarding working hours, paid leave, minimum wage (minimum wage set at €11.88/hour gross on 1 January 2026), conditions for contract termination, and union rights. The employer must not only know these provisions, but be able to prove their effective application in the company at all times.

Several documentary obligations structure this compliance: keeping a single personnel register (art. L.1221-13), providing a detailed payslip to each employee (art. L.3243-1), and concluding a written employment contract for fixed-term contracts (art. L.1242-12) and part-time contracts (art. L.3123-6). For permanent contracts, the law has required since the transposition of European Directive 2019/1152 (the "Transparent Working Conditions" directive) written information on essential elements of the employment relationship within seven days of hiring.

Collective agreements and company agreements

Beyond the Labour Code, the employer must comply with the provisions of the collective agreement applicable to their sector of activity. These texts may provide more favourable conditions than the law regarding minimum wages, notice periods, bonuses or working hours. In case of dispute, employment tribunals systematically check whether the company's practices comply with these agreements. Failure to comply with a collective agreement constitutes a fault that may engage the employer's civil liability.

Company agreements negotiated with employee representatives (works council) supplement this framework. Since the Macron ordinances of 2017, their scope of application has been significantly broadened, particularly on issues of working time, variable remuneration and remote work.

Documentary obligations and mandatory notices

Documents to be displayed in the workplace

The employer is required to display a set of mandatory information in its premises, under penalty of administrative fines. The main required notices include:

• The address and contact details of the territorial labour inspectorate

• Collective working hours and rest day schedules

• Legal and regulatory texts relating to gender equality in the workplace

• Contact details of the occupational health physician and occupational health service

• Prohibition on smoking and vaping in the premises

• The applicable collective agreement (or its title with an indication of where it can be consulted)

Since 2023, certain notices can be provided electronically, provided that all employees have access to them from their workstations. This development opens the way to a gradual digitalisation of information obligations.

Management and retention of HR documents

The retention of personnel documents is subject to specific deadlines. Employment contracts must be retained for five years after the end of the contractual relationship (statute of limitations for claims for wage payment). Payslips, since the El Khomri Act of 2016, must be retained indefinitely when dematerialised on a digital safe conforming to electronic signature standards. Documents relating to social contributions must be retained for three years.

The stakes are significant: according to a study by Deloitte published in 2024, nearly 38% of employment tribunal disputes are aggravated by the employer's inability to produce original contractual documents within the prescribed deadlines.

Dematerialisation of employment contracts: issues and compliance

The legal framework for electronic signatures in employment law

Since Ordinance No. 2016-131 of 10 February 2016 reforming contract law, electronic signatures are legally equivalent to handwritten signatures provided they meet the requirements of Article 1367 of the Civil Code. In employment contracts, the General Directorate of Labour (DGT) confirmed in its 2017 circular that permanent contracts, fixed-term contracts and amendments can be electronically signed, provided the signatory is reliably identified and the document's integrity is ensured.

The eIDAS Regulation No. 910/2014 defines three levels of signature: simple, advanced and qualified. For the vast majority of HR documents (employment contracts, amendments, contract termination documents), advanced electronic signature offers a sufficient level of security and is recognised by the courts. For certain specific acts such as approved amicable termination or collective agreements, particular attention must be paid to the required signature level. Companies wishing to digitalise their HR processes can rely on Certyneo's dedicated HR solution, compliant with eIDAS regulation and CNIL requirements.

Operational benefits of HR dematerialisation

Electronic signature of HR documents generates substantial gains. According to the IDC 2025 report on digital transformation of support functions, companies that have dematerialised their contract signature process reduce the average return time of signed contracts by 75% (from 8 to 2 days), and reduce printing, mailing and archiving costs by around €60 per contract. For an SME of 50 employees with an average of 25 recruitments per year, annual savings exceed €1,500, not counting the time saved by employees.

The enhanced traceability offered by a qualified electronic signature solution also provides strong evidence in case of dispute: each step of the signature process is timestamped and logged, creating an irrefutable audit trail. To precisely evaluate the return on investment of your dematerialisation project, Certyneo's ROI calculator allows you to obtain a personalised estimate in just a few minutes.

Protection of employees' personal data (GDPR)

Employer obligations as data controller

The employer is a data controller under the GDPR (General Data Protection Regulation, No. 2016/679) for all personal data collected on its employees. As such, it must:

• Maintain a record of processing activities (art. 30 GDPR)

• Inform employees of the collection and use of their data (art. 13-14 GDPR)

• Implement technical and organisational measures guaranteeing data security

• Appoint a data protection officer (DPO) if processing requires it

• Conduct an impact assessment (DPIA) for high-risk processing

The CNIL recalled in its 2024 guidelines that employee monitoring (geolocation, email control, biometric access) is subject to strict proportionality conditions and must be preceded by information to employee representatives.

Sensitive data and heightened vigilance

Certain categories of data collected in the context of the employment relationship are considered "sensitive" under Article 9 of the GDPR: health data (sick leave, medical restrictions from the occupational health physician), data relating to union or political affiliation, biometric data. Their processing is prohibited except in strictly defined exceptions and requires, in all cases, heightened safeguards.

Violation of these obligations exposes the employer to administrative penalties of up to 4% of annual worldwide turnover or €20 million. In 2025, the CNIL issued 135 penalties, including several targeting employers for shortcomings in HR data management.

Prevention of occupational hazards and single document

The DUERP: a central obligation

The Single Document for the Assessment of Occupational Risks (DUERP) is mandatory for any employer, from the first employee (art. L.4121-3 of the Labour Code). It must record all health and safety risks to which employees are exposed, and must be updated at least annually, and following any significant change in working conditions or any occupational accident.

Since the Health at Work Act No. 2021-1018 of 2 August 2021, the DUERP must be deposited on a dedicated digital portal managed by employer organisations. The employer must retain successive versions of the document for at least 40 years. Failure to comply with this obligation is punished by a Class 5 fine (penalty of up to €1,500 per employee).

Training and information for employees

The employer has a general safety obligation towards its employees, enshrined in case law under the term "contractual safety liability of result" (French Supreme Court, 28 February 2002, Asbestos case). This obligation includes, in particular, providing safety training upon hiring, in case of job change or following an accident at work. Records of this training must be retained and may be requested during a labour inspectorate inspection.

The dematerialised management of these training documents — notices, certificates, attendance sheets — naturally fits into an overall HR digitalisation approach. Contract templates and HR documents available on Certyneo allow you to automate the production and signature of these documents in full regulatory compliance.

Legal framework applicable to employer compliance

Compliance with employment law is based on a dense legal corpus, articulating national law and European regulation.

French Labour Code: It is the primary source of employer obligations. Its provisions relating to the conclusion and performance of employment contracts (Book II, first part), working hours (Book I, third part), health and safety (fourth part) and employee representative bodies (second part, Book III) apply to all private-sector employers.

Civil Code — Articles 1366 and 1367: These provisions, resulting from Ordinance No. 2016-131, establish the principle of equivalence between handwritten and electronic signatures. Article 1366 states that "electronic documents have the same probative force as documents on paper". Article 1367 conditions the validity of electronic signature on reliable identification of the signatory and the integrity of the signed document.

eIDAS Regulation No. 910/2014: This European regulation, directly applicable in France, defines three levels of electronic signature (simple, advanced, qualified) and establishes the conditions for their mutual recognition between Member States. The revised eIDAS 2.0 version (EU Regulation 2024/1183, which came into force in May 2024) strengthens requirements for trust service providers and introduces the European digital identity wallet (EUDIW). ETSI standards EN 319 132 and EN 319 122 define technical formats for compliant signatures (XAdES, CAdES, PAdES).

GDPR No. 2016/679: The processing of personal data of employees is subject to the GDPR. The employer must in particular respect the principles of data minimisation, limitation of retention periods and integrity/confidentiality (art. 5). In case of personal data breach, the employer has 72 hours to notify the CNIL (art. 33).

NIS2 Directive (2022/2555), transposed into French law by the law of 26 September 2025: it extends cybersecurity obligations to a wide spectrum of entities, including digital service providers used by employers for document management and electronic signatures. Employers using SaaS tools must ensure that their service providers comply with NIS2 requirements.

Legal risks and sanctions: Non-compliance with Labour Code obligations exposes the employer to employment tribunal convictions (wage arrears, damages), administrative fines imposed by the labour inspectorate, and in the most serious cases, criminal prosecutions (undeclared work, moral or sexual harassment). Use of an electronic signature solution not compliant with eIDAS may result in the nullity of signed acts and deprive the employer of any valid evidence in case of dispute.

Usage scenarios: dematerialised HR compliance in practice

An 80-employee industrial SME facing contract return deadlines

An SME in the metalworking sector, employing 80 employees and frequently using seasonal fixed-term contracts, faced a recurring problem: contracts sent by post to candidates were returned signed with an average delay of 9 days, sometimes after the start of the assignment. This situation exposed the company to the risk of reclassifying fixed-term contracts as permanent contracts, due to lack of a signed contract before taking up duties (art. L.1242-13 of the Labour Code).

By deploying an advanced electronic signature solution integrated into its HRIS, the company reduced this delay to less than 4 hours on average. The rate of contract returns before the first working day increased from 62% to 99%, virtually eliminating the risk of reclassification. The time saving for HR was estimated at 3.5 hours per week, equivalent to approximately €18,000 in annual salary costs reallocated to higher value-added tasks.

A multi-site retail group managing several hundred amendments annually

A retail group operating twenty retail outlets in France had to manage more than 400 employment contract amendments each year (modification of schedules, changes to part-time status, individual wage increases). The manual process involved back-and-forth between store managers, head office and employees, generating average validation delays of 12 days and an error rate (unsigned or poorly archived amendments) exceeding 15%.

After migration to a SaaS electronic signature platform compliant with eIDAS with automated workflows, the average signature delay for amendments fell to 48 hours. The archiving error rate was reduced to less than 1%, and the company now has a complete timestamped audit trail for each document, which allowed it to win an employment tribunal dispute by immediately producing proof of signature during a hearing.

A consulting firm in strong growth adapting its practices to GDPR

A 50-person strategy consulting firm, in rapid growth, was collecting and storing sensitive HR data (personal information sheets, identity documents, bank details, medical information related to sick leave) in unsecured shared folders. Following a GDPR audit commissioned by its external Data Protection Officer, several critical non-compliance issues were identified: lack of formalised legal basis for certain processing, non-compliant retention periods, lack of encryption of data at rest.

The firm restructured its document architecture around an electronic document management (EDM) platform coupled with a certified electronic signature solution, enabling end-to-end encryption and fine-grained access rights management. A processing register was updated and retention policies automated. This compliance work made it possible to avoid a CNIL procedure and reassure institutional clients requiring contractual guarantees on data security.

Conclusion

Compliance with employment law is an ongoing exercise that engages the civil, criminal and administrative liability of every employer. From properly formalised employment contracts to protection of employees' personal data, through prevention of risks and mandatory notices, each obligation requires rigorous organisation and appropriate tools.

Dematerialisation of HR processes — provided it is carried out in compliance with eIDAS regulation and GDPR — is today the most effective lever for reconciling legal compliance with operational efficiency. It reduces delays, strengthens traceability and secures evidence in case of dispute.

Certyneo supports employers in this transition with a 100% compliant electronic signature solution, integrable with your existing HR tools. Create your free account on Certyneo and dematerialise your first employment contracts in full compliance today.