Legal Compliance in Employment Law: Employer's Obligations

Introduction

In 2026, legal compliance in employment law represents a major strategic issue for every employer, whether running a small business with five employees or a group with several thousand staff members. The regulatory framework has become considerably denser: the El Khomri law, the 2017 Macron ordinances, the Employment Act of 8 August 2016 (n°2016-1088), not to mention the generalisation of GDPR and the growing use of electronic signatures in HR processes. A compliance error can be costly: contract reclassification, nullity of a clause, URSSAF enforcement action or condemnation by labour courts. This article reviews the fundamental obligations of the employer, associated risks and tools to sustainably secure your practices.

---

The Fundamental Obligations of the Employer in Employment Law

Formalising the Employment Contract

The employment contract is the foundation of every professional relationship. While the indefinite-term employment contract (CDI) can theoretically be concluded verbally for simple jobs, European Directive 2019/1152 of 20 June 2019 — transposed into French law by ordinance n°2022-1272 of 29 September 2022 — now requires that an employee be provided with a written or electronic document within seven days of hiring. This document must mention at a minimum: the identity of the parties, the start date, the duration and conditions of notice, remuneration, daily or weekly working hours, paid leave, and the applicable collective agreement.

For the fixed-term employment contract (CDD), article L.1242-12 of the French Employment Code makes written form mandatory under penalty of automatic reclassification to CDI. Similarly, temporary employment contracts (interim), apprenticeship and vocational training contracts each require specific formalities. The electronic signature for HR is today a robust solution for formalising these deeds in compliance with the eIDAS regulation.

Complying with Information and Training Obligations

The employer is required to inform each employee of their rights upon hiring: personal training account (CPF), training entitlements, access to the workplace risk assessment document (DUERP). The DUERP — made mandatory by decree n°2001-1016 and strengthened by the occupational health law of 2 August 2021 (n°2021-1018) — must be updated at least annually and whenever there is a significant change in working conditions. Its digitalisation and electronic storage are now possible, provided that the integrity and traceability of the document are guaranteed.

Furthermore, since 1 October 2022, every employer with at least 50 employees must file the DUERP on a national digitalised portal, managed by occupational health and safety organisations. This obligation is progressively extending to companies with fewer than 50 employees.

Ensuring Compliance on Working Time and Leave

Regulations on working time (articles L.3121-1 et seq. of the French Employment Code) impose strict maxima: 10 hours per day, 48 hours per week (44 hours on average over 12 consecutive weeks). Overtime hours must be paid or compensated according to the conditions of the applicable collective agreement. Non-compliance with these rules exposes the employer to criminal sanctions (article L.3171-4) and wage recovery claims.

Regarding paid leave, the Court of Cassation judgment of 13 September 2023 (n°22-17.340) — in line with CJEU case-law — has broadened the accrual of paid leave during non-work-related sickness absences. Employers have since had to review their accounting and inform their employees in writing within ten months from the publication of the adaptation law of 22 April 2024 (n°2024-364).

---

Obligations Regarding Protection of Employee Personal Data

GDPR and Processing of HR Data

The employer is a controller within the meaning of GDPR (Regulation n°2016/679). As such, it must maintain a record of processing activities, appoint a Data Protection Officer (DPO) where its activities require it (article 37 of GDPR), and ensure the lawfulness of each processing of employee personal data. The legal bases that may be used are mainly contract performance (art. 6.1.b), legal obligation (art. 6.1.c) and legitimate interest (art. 6.1.f).

The CNIL has published specific recommendations for human resources: limited retention periods (for example, three years for data of unsuccessful candidates), securing of electronic payslips, regulation of video surveillance at work. In the event of a data breach, the employer has 72 hours to notify the CNIL (article 33 of GDPR), on pain of fines reaching 4% of global turnover.

Security of HR Information Systems

The NIS2 Directive (EU Directive 2022/2555), transposed into French law by law n°2023-703 of 1 August 2023 and implementing decrees of 2024, imposes strengthened cybersecurity measures on operators of essential services and important entities. Even employers not directly subject to these requirements would be well advised to audit the security of their HR tools (HRMS, digital safe, signature platform), as responsibility for employee data breaches can be incurred.

For more information on technical standards, the comprehensive guide to electronic signature from Certyneo details the security levels required according to the types of documents.

---

Digitalisation of HR Documents: Framework and Best Practices

Legal Value of Electronic Employment Contracts

Since ordinance n°2005-674 of 16 June 2005, an employment contract may be concluded, amended and signed electronically. Article 1366 of the French Civil Code provides that "electronic writing has the same probative value as writing on paper", provided that the identity of the person from whom it originates is guaranteed and that the document is kept in conditions ensuring its integrity.

The level of signature required depends on the stakes involved in the document. Advanced or qualified electronic signature (in accordance with eIDAS regulation n°910/2014) is recommended for deeds significantly engaging the parties — mutual termination agreement, settlement, contract amendment. The electronic signature solution for enterprise should therefore be chosen carefully, verifying the eIDAS compliance of the service provider.

Conservation and Archiving of Work Documents

Retention obligations vary depending on the documents: five years for payslips (article L.3243-4 of the French Employment Code), five years for employment contracts after the end of the employment relationship, thirty years for documents relating to exposure to occupational hazards. The employer must guarantee the integrity, readability and accessibility of digital archives throughout their legal retention period.

The employee digital safe, provided for by the El Khomri law and operated by approved third-party trust service providers, allows payslips to be made directly available to the employee in a secure personal space. Dematerialised delivery is valid once the employee has not objected to it (article L.3243-2 of the French Employment Code).

Management of Terminations and Disciplinary Procedures

The approved mutual termination agreement (article L.1237-11 of the French Employment Code) requires the signature of CERFA form n°14598*01. Since 2022, the TéléRC remote procedure has made it possible to fully digitalise this process. However, the use of electronic signature for these forms requires particular caution: the DREETS (Regional Directorate for Economy, Employment, Labour and Solidarity) has clarified that qualified electronic signature is required to guarantee the authenticity of the consent of both parties.

For disciplinary procedures (warning, suspension, dismissal), notification by registered letter with acknowledgement of receipt remains the norm, but electronic registered letter (LRE), recognised by article L.100 of the Postal and Electronic Communications Code, offers a fully valid alternative. These developments are detailed in the comparison of electronic signature solutions available on Certyneo.

---

Social Dialogue and Collective Bargaining Obligations

Mandatory Annual Negotiations

In companies with a union representative, the employer must engage in negotiations each year on themes set by law (articles L.2242-1 et seq. of the French Employment Code): actual remuneration, duration and organisation of working time, gender equality, quality of working life. Failure to negotiate results in an increase in the employer contribution to vocational training.

CSE Consultations and Digitalisation of Minutes

The Social and Economic Committee (CSE), established by the 2017 Macron ordinances for companies with at least 11 employees, must be consulted on major decisions affecting the company (working conditions, restructuring, introduction of new technologies). Meeting minutes of the CSE may be signed electronically, which accelerates their distribution and archiving. The electronic signature for law firms and HR services precisely meets these document traceability and authenticity needs.

In terms of collective agreements, the law of 29 March 2018 (n°2018-217) has established the possibility of signing company agreements electronically, provided that each signatory has a valid electronic signature certificate. This advance significantly simplifies multi-site management and remote working situations.

Legal Framework Applicable to Employer HR Compliance

Legal compliance in employment law is based on a layering of national and European texts that every employer must master.

French Employment Code: Articles L.1221-1 to L.1221-26 govern the formation of employment contracts. Article L.1242-12 requires writing for CDD under penalty of reclassification. Articles L.3121-1 to L.3121-67 regulate working time. Article L.3243-2 authorises dematerialised delivery of payslips. Article L.1237-11 organises the mutual termination agreement.

Civil Code: Article 1366 establishes the principle of equivalence between electronic and paper writing. Article 1367 defines the conditions for the validity of electronic signature (reliability of the identification process, link with the deed). These provisions are directly applicable to dematerialised employment contracts.

eIDAS Regulation n°910/2014: It establishes three levels of electronic signature — simple, advanced, qualified — and their mutual recognition within the European Union. For sensitive HR deeds (mutual termination agreement, settlement, collective agreement), advanced or qualified signature is recommended. The eIDAS 2.0 revision (EU Regulation 2024/1183) strengthens interoperability and introduces the European digital identity wallet (EUDIW).

GDPR n°2016/679: Articles 6, 13, 14, 33 and 37 are particularly relevant for processing employee personal data. The employer must in particular inform employees of the processing of their data (articles 13-14), notify the CNIL in the event of a breach (article 33) and, depending on the case, appoint a DPO (article 37).

NIS2 Directive (2022/2555) and French law n°2023-703: Impose cybersecurity measures on essential and important entities, with progressive extension to subcontractors and suppliers. HR systems processing sensitive data are affected.

ETSI Standards: The ETSI EN 319 132 standard governs advanced electronic signature formats (XAdES, PAdES, CAdES). Qualified trust service providers must comply with ETSI EN 319 411.

Directive 2019/1152 transposed by ordinance n°2022-1272: Requires delivery of a written or electronic document within seven days of hiring.

Occupational Health Law n°2021-1018: Strengthens obligations relating to DUERP and occupational hazard prevention.

Risks in Case of Non-Compliance: Reclassification of CDD to CDI, nullity of contractual clauses, condemnations by labour courts (compensation potentially reaching 20 months' salary for unfair dismissal in companies with more than 10 employees), CNIL fines up to 20 million euros or 4% of global turnover, URSSAF enforcement action, and DREETS penalties. The criminal liability of the manager may also be engaged in the event of serious breaches of workplace safety rules (articles L.4741-1 et seq. of the French Employment Code).

Use Scenarios: HR Compliance in Practice

Scenario 1 — A Manufacturing SME Managing 150 Hirings per Year

A manufacturing SME of approximately 250 employees, specialising in mechanical subcontracting, faced a high volume of seasonal hirings: nearly 150 CDD and temporary contracts per year. Contracts were printed, manually signed, scanned and then archived in physical binders. The average time between the hiring decision and effective contract signature reached 4.8 working days, regularly generating delays in job commencement and risk of reclassification when the employee started before signing.

By deploying an advanced electronic signature solution compliant with eIDAS for all its HR contracts, this SME reduced the signature deadline to less than 4 hours on average. The rate of contracts signed before the first day of work increased from 61% to 98%. Savings on printing, postage and physical archiving costs were estimated at approximately 18,000 euros per year, representing a positive ROI within the first three months of use. Electronic traceability also made it possible to produce without delay the evidence required during a URSSAF audit.

Scenario 2 — A Multi-Site Retail Group with Generalised Remote Work

A retail group with around twenty establishments spread across the national territory had to manage the signature of remote work amendments for nearly 800 employees following a reorganisation. The paper process required postal delivery of amendments, an average return time of 12 days, and laborious manual follow-up. Approximately 15% of amendments were returned incomplete or unsigned.

By migrating to an electronic signature platform integrated with their HRMS, the group was able to issue all 800 amendments simultaneously via automated workflows. The signature rate within 48 hours reached 94%. The HR department estimated a 70% reduction in administrative time devoted to follow-up. Electronic storage of amendments, time-stamped and automatically archived, simplified responses to several individual labour court claims by instantly providing evidence of party agreement.

Scenario 3 — A Recruitment Firm Managing Sensitive Candidate Data

A recruitment firm specialising in senior profiles, handling approximately 3,000 applications per year, was served with a notice by the CNIL for excessive retention of personal data of unsuccessful candidates (retention period exceeding three years without legal basis). The firm did not have a formalised record of processing activities, nor an automatic data deletion procedure.

Following a GDPR compliance audit, the firm implemented a dematerialised document management process including electronic signatures on candidate consent forms, parameterised retention periods and automatic deletion workflows. Candidates now receive a link signed electronically specifying the conditions for processing their data. This arrangement made it possible to close the CNIL proceedings and demonstrate proactive compliance, strengthening the confidence of the firm's business clients.

Conclusion

Legal compliance in employment law is not a one-off constraint: it is a continuous process that engages the employer's responsibility at every stage of the employment relationship — from hiring to termination, including the daily management of personal data and social dialogue. Texts are multiplying, controls are intensifying, and sanctions are reaching significant levels. In this context, secure digitalisation of HR documents, supported by eIDAS-compliant electronic signature solutions, becomes both a compliance lever and an operational performance tool.

Certyneo supports employers in this transition with a certified platform, adapted to the most demanding HR challenges. Calculate from now the return on investment of your HR digitalisation with our ROI calculator, or contact our experts for a customised audit of your documentary processes.