Legal compliance in employment law: employer obligations

Introduction

Legal compliance in employment law represents one of the most critical challenges for any business, regardless of size. In France, the Labour Code imposes on the employer a precise set of obligations: drafting contracts, regulatory notices, maintaining registers, respecting working hours, managing employees' personal data. Non-compliance with these rules exposes the company to potentially severe administrative, criminal and civil sanctions. This article reviews the main legal obligations, associated risks and digital best practices — notably electronic signature — to secure each stage of the employee lifecycle.

---

The fundamental contractual obligations of the employer

Drafting and delivery of the employment contract

In French law, a full-time open-ended employment contract (CDI) is not subject to a formal written requirement, except where a collective agreement provides otherwise. However, the transposition of European Directive 2019/1152 of 20 June 2019 — the "Transparent and Predictable Working Conditions Directive" — requires the employer to provide each employee, no later than the 7th calendar day following employment, with a document or set of documents containing essential information about the employment relationship (article L. 1221-5-1 of the Labour Code, from Decree No. 2023-1004 of 30 October 2023).

For fixed-term contracts (CDD), temporary employment contracts, apprenticeship contracts and internship agreements, a written document is mandatory and must be delivered within very strict timeframes (generally 2 working days for a CDD). Failure to deliver a written contract within legal deadlines may result in the fixed-term contract being reclassified as an open-ended contract by the employment tribunal.

Electronic signature for HR is today an effective solution for ensuring traceability and timestamp certification of these contractual deliveries, whilst reducing administrative delays.

Mandatory clauses in contracts

The employment contract must include a certain number of legal clauses:

• Identity of the parties (name, address, SIRET number of the employer)

• Date the employment relationship begins

• Place of work and, where applicable, remote working arrangements

• Job title, employment category, pay grade

• Working hours and distribution of schedules

• Remuneration (base salary, bonuses, benefits in kind)

• Duration of the probation period and conditions for renewal

• Applicable collective agreement

• Supplementary social protection scheme

Omission of certain clauses may constitute a punishable breach, and in some cases allow the employee to claim damages.

---

Mandatory notices and employee information

Documents to be displayed in the workplace

Article L. 1221-16 of the Labour Code and numerous specific texts require the employer to display or bring to the notice of employees an exhaustive list of documents. Mandatory notices include:

• The internal rules (mandatory from 50 employees onwards, article L. 1311-2 of the Labour Code)

• Working hours and weekly rest days

• Address and name of the competent labour inspector

• Details of emergency services

• The title of applicable collective agreements and bargaining agreements

• Texts relating to occupational equality (article L. 1142-6)

• List of members of the Works Council (CSE) employee delegation

• National discrimination prevention number (3928)

• Criminal Code provisions relating to moral and sexual harassment

Since the law No. 2021-1018 of 2 August 2021 called "Occupational Health", obligations to prevent occupational hazards have been strengthened, notably the mandatory annual updating of the Risk Assessment Document (DUERP) in companies with at least 11 employees.

Digital communication: between opportunity and compliance

The law of 8 August 2016 (the "Labour" law or El Khomri law) opened the way for dematerialisation of certain mandatory information, provided that employees have easy access to it. The employer may thus make this information available via an intranet or secure HR portal. However, proof of consultation remains the employer's responsibility, which requires traceable solutions. The use of tools such as an AI contract generator or a digital signature platform allows these proofs of access and delivery to be automated.

---

Management of working time and mandatory registers

Legal durations and derogations

The Labour Code sets the legal working duration at 35 hours per week (article L. 3121-27). Overtime may be worked within the limits of legal maximum durations:

• 10 hours per day (article L. 3121-18)

• 48 hours per week (article L. 3121-20)

• 44 hours on average over a period of 12 consecutive weeks (article L. 3121-22)

Exceeding these limits without a collective agreement or labour inspector authorisation constitutes an offence subject to a fine of €1,500 per employee concerned (article R. 3124-3).

Day-based forfeit arrangements, reserved for senior managers and certain autonomous employees, must be expressly provided by a collective agreement and stipulated in the individual contract. Absence of a valid collective agreement renders the forfeit arrangement unenforceable against the employee, who may then claim payment for overtime.

Mandatory registers

The employer is required to maintain several registers, some of which must be kept for specific periods:

• The staff register: mandatory from the first employee onwards (article L. 1221-13), kept for 5 years after the employee's departure

• The DUERP: kept for at least 40 years under the 2021 Occupational Health law

• The Works Council (CSE) delegation register and meeting minutes

• The minor work accident register (if the company has a medical service)

• The personal data processing register (GDPR, article 30 of Regulation 2016/679)

Digital maintenance of these registers is authorised provided that their integrity, confidentiality and accessibility to enforcement agents are guaranteed. Electronic signature solutions for businesses make it possible to ensure these documentary integrity requirements.

---

Protection of employee personal data (GDPR)

Specific obligations in an HR context

The General Data Protection Regulation (GDPR, EU Regulation 2016/679) applies fully to the processing of employee data. As a data controller, the employer must:

• Inform employees of the nature of data collected, its purpose, its retention period and their rights (articles 13 and 14 of the GDPR)

• Maintain a record of processing activities (article 30)

• Appoint a Data Protection Officer (DPO) in certain circumstances (article 37), in particular where large-scale processing of sensitive data occurs (medical files, trade union affiliations)

• Regulate data transfers to third countries outside the EU

• Implement appropriate security measures (encryption, pseudonymisation, access controls)

The French Data Protection Authority (CNIL) has published several HR sector frameworks, including the framework relating to administrative personnel management (decision of 22 November 2012, updated post-GDPR). Breaches may result in sanctions of up to €20 million or 4% of annual worldwide turnover.

Electronic signature as a GDPR compliance tool

The use of a certified electronic signature platform, as explained in the comprehensive guide to electronic signature, offers a dual advantage: it secures the delivery of contractual documents whilst minimising personal data processed (data minimisation principle, article 5.1.c of the GDPR). Signature biometric data are replaced by cryptographic mechanisms that do not involve biometric collection in the strict sense.

---

Obligations relating to health, safety and prevention

The general safety obligation… becoming reinforced due diligence

Since the Court of Cassation ruling of 25 November 2015 (No. 14-24.444), case law has nuanced the safety obligation imposed on the employer: it is no longer an absolute result obligation but a reinforced due diligence obligation. An employer who demonstrates having taken all necessary measures to protect the physical and mental health of employees may be exonerated from liability.

This judicial evolution does not lighten practical requirements:

• Assessment of occupational hazards formalised in the DUERP

• Annual prevention programme (PAPRIPACT) for companies with 50 or more employees

• Safety and first aid training

• Medical examinations (information and prevention visit upon employment, enhanced individual monitoring for at-risk positions)

• Adjustment of workstations for employees with disabilities or pregnant employees

The criminal liability of the employer

Non-compliance with safety obligations may engage the criminal liability of the employer (manager, authorised representative) for deliberate endangerment of others (article 223-1 of the Penal Code), involuntary injury (article 222-19) or even involuntary manslaughter (article 221-6), with sentences up to 3 years' imprisonment and €45,000 fine in cases of manifestly deliberate violation of a safety obligation.

Implementation of documented procedures, timestamped registers and electronic signatures on safety protocols constitutes valuable evidence in the event of litigation, as highlighted in our comparison of electronic signature solutions.

Legal framework applicable to employer obligations in employment law

Fundamental texts of domestic law

Employer obligations in terms of legal compliance have their source in a dense legislative and regulatory corpus:

• Labour Code: articles L. 1221-1 onwards (contract formation), L. 1311-1 onwards (internal rules), L. 3121-1 onwards (working hours), L. 4121-1 onwards (health and safety), L. 2311-1 onwards (employee representation)

• Decree No. 2023-1004 of 30 October 2023: transposition of EU Directive 2019/1152 on transparent and predictable working conditions

• Law No. 2021-1018 of 2 August 2021 called "Occupational Health": strengthening of the DUERP, creation of the prevention passport, obligation to retain the DUERP for 40 years

• Law No. 2022-1598 of 21 December 2022 on emergency measures for the labour market

• Civil Code, articles 1366 and 1367: legal validity of electronic signature — article 1366 provides that "electronic writing has the same probative force as writing on paper" and article 1367 defines electronic signature as "the use of a reliable identification process guaranteeing its link with the deed to which it is attached"

Applicable European regulation

• eIDAS Regulation No. 910/2014 (and its revised version eIDAS 2.0, EU Regulation 2024/1183): defines three levels of electronic signature (basic, advanced, qualified) and establishes the principle of non-discrimination between qualified electronic signature and handwritten signature. For employment contracts, an advanced electronic signature (AES) or qualified signature (QES) is recommended to maximise legal security

• GDPR Regulation No. 2016/679: applicable to employee data processing. Article 88 allows member states to provide specific rules for processing in the context of employment relationships, subject to appropriate protective measures

• NIS2 Directive (EU 2022/2555): transposed in France by the law on resilience of vital importance activities (LOPMI and implementing order), imposes cybersecurity measures on essential and important operators, which includes critical HR systems

• ETSI EN 319 132 standard: European technical standard defining advanced electronic signature formats XAdES, applicable to HR contractual documents

Legal risks in case of non-compliance

| Breach | Potential sanction | |---|---| | Absence of written contract (fixed-term) | Reclassification to open-ended contract, damages | | Exceeding maximum working hours | Fine of €1,500 per employee (R. 3124-3) | | Absence of DUERP | Fine of €1,500 (R. 4741-1) | | Serious GDPR violation | Up to €20M or 4% of worldwide turnover | | Failure to display mandatory notices | Fine of €750 per breach (R. 1227-1) | | Failure to prevent harassment | Employer civil and criminal liability |

The employer may validly use electronic signature for all HR documents provided that the signature level chosen is appropriate to the document's sensitivity and that employee consent is free and informed (recital 155 of the GDPR).

Usage scenarios: strengthened HR compliance through electronic signature

Scenario 1 — A 120-employee industrial SME facing fixed-term contract reclassification

An SME in the manufacturing sector employing around 120 workers made extensive use of fixed-term contracts to absorb seasonal activity peaks. Contracts were sent by postal mail or delivered in person, without timestamped proof of delivery within the legal 2 working day timeframe. Over two financial years, three employment tribunal cases resulted in reclassifications to open-ended contracts, representing a total estimated cost of €47,000 (wage recovery, compensation and legal costs).

Following deployment of an advanced electronic signature solution integrated into its HR information system, the SME reduced contract delivery time to zero (instant transmission, certified timestamp). The rate of signed returns within the legal timeframe increased from 64% to 99%, and no litigation relating to late delivery was recorded in the following 18 months. Return on investment, calculated via a dedicated ROI calculator, proved positive from the 4th month of use.

Scenario 2 — A retail distribution group with 800 points of sale and decentralised HR management

A food retail network managing several hundred franchised points of sale faced critical documentary heterogeneity: non-updated internal rules, contract amendments not returned signed in 30% of cases, incomplete DUERPs in some entities. During a labour inspection, several enforcement notices were issued.

The group HR department standardised the entire documentary cycle via a centralised electronic signature platform, coupled with automatic reminders and compliance dashboards by entity. Within 6 months, documentary completeness increased from 68% to 97%. HR teams recovered an average of 2.5 hours per week per manager previously spent on manual follow-ups — representing savings equivalent to 1.2 FTEs at group level.

Scenario 3 — An accounting firm managing HR outsourcing for SME clients

An accounting firm with around twenty staff members offered social management services to around a hundred SME clients. The multiplicity of contacts, geographic dispersion and variety of applicable collective agreements made managing proof of contractual delivery particularly complex.

By integrating a electronic signature solution for law firms and accounting firms, the firm was able to create dedicated signature workflows by document type (contract, amendment, final settlement, settlement receipt), with automatic archiving for the required retention periods. The added value perceived by clients led to an 18% increase in the average HR services package, according to the firm's internal estimates based on half-yearly satisfaction surveys.

Conclusion

Legal compliance in employment law is not an ancillary administrative constraint: it determines the validity of contracts, employee protection and the civil and criminal liability of the employer. From contractual obligations to notice requirements, through working time management, maintenance of registers and protection of personal data, each stage of the HR cycle is governed by precise texts and sanctioned in case of breach.

Dematerialisation of documentary processes, supported by an electronic signature solution compliant with the eIDAS regulation, is today the most effective lever for securing all these obligations whilst reducing administrative burden. Certyneo offers you a turnkey, certified and compliant platform, tailored to the HR challenges of French and European companies.

Ready to secure your HR compliance? Discover our offers and start free on Certyneo today.