Legal Compliance in Employment Law: Employer Obligations

Introduction

In 2026, legal compliance in employment law remains one of the absolute priorities for any business manager or HR director. Between the constant evolution of the Labour Code, GDPR requirements, contract dematerialisation and strengthened labour inspection controls, the obligations weighing on the employer have never been more numerous or precise. Failing to master them exposes the organisation to administrative, criminal and civil sanctions that can threaten business continuity. This article provides a comprehensive overview of the main categories of obligations, associated risks and best practices for meeting them effectively.

---

Fundamental employer obligations upon hiring

Prior Declaration of Hiring (DPAE)

Before any recruitment, the employer is obliged to submit a Prior Declaration of Hiring (DPAE) to URSSAF, at the latest 8 days before the employee's start date (article R. 1221-1 of the Labour Code). This formality triggers the employee's affiliation to the general social security scheme, opens rights to unemployment insurance and arranges the pre-employment medical examination. In 2024, URSSAF audited over 180,000 employers and imposed adjustments totalling several million euros for non-compliance with this obligation.

Drafting and provision of the employment contract

The employment contract is the cornerstone of the legal subordination relationship. For fixed-term contracts (CDD), provision of a written document is mandatory within 48 hours of hiring (article L. 1242-12 of the Labour Code), failing which it may be reclassified as an open-ended contract (CDI). For part-time CDIs, written documentation is also required. Since Law No. 2019-1428 of 24 December 2019 and its transposition of European Directive 2019/1152, the employer must provide a written declaration specifying the essential conditions of the contract within the first seven working days.

Electronic signature for HR now offers a secure solution, compliant with the eIDAS regulation, to formalise these contracts remotely, reduce signing delays and archive documents with probative value. Solutions such as those described in our comprehensive guide to electronic signature enable HR practices to align with the most recent legal requirements.

Mandatory employee information

Since the transposition of Directive 2019/1152 (the "Transparent Working Conditions" directive), the employer must inform every new employee in writing about: the identity of the parties, place of work, job title, remuneration, working hours, holiday entitlements, applicable collective agreement, and procedures for termination. This information must be provided no later than the seventh calendar day following the employee's start date. Failure to comply exposes the employer to a civil penalty of up to €750 per uninformed employee.

---

Ongoing obligations regarding personnel management

Keeping mandatory registers

Every employer must maintain and keep up to date several legal registers, which may be consulted by labour inspectors and employee representatives:

• The Single Personnel Register (article L. 1221-13 of the Labour Code): must contain, in chronological order of hiring, the names, forenames, nationality, date of birth, gender, job, qualifications and dates of entry/departure of each employee. Information must be entered at the time of hiring and kept for 5 years after the employee leaves.

• The Unique Document for Professional Risk Assessment (DUERP): mandatory from the first employee (article R. 4121-1), it must be updated at least annually or whenever there is a significant change in working conditions. The Law of 2 August 2021 to strengthen occupational health prevention requires, since 31 March 2022, the storage and digital submission of the DUERP to a dedicated national portal.

• The Safety Register: records periodic checks of equipment, evacuation exercises and incidents.

Payroll, payslips and social declarations

The employer is obliged to provide a payslip with each salary payment (article L. 3243-2 of the Labour Code). From 1 January 2027, complete dematerialisation of the Declarative Social Nominative (DSN) will be mandatory for all companies, regardless of size. The payslip must contain specific items (gross salary, contributions, net salary before and after tax, net payment, etc.) on penalty of sanctions. The employer must retain these documents for a minimum of five years.

The use of electronic signature in the enterprise facilitates the dematerialised validation of employee amendments, individual pay rises or summary payslips, in compliance with the probative requirements of the Civil Code.

Compliance with maximum working hours and leave

The Labour Code sets imperative limits:

• Maximum daily working time: 10 hours (except by exception)

• Absolute maximum weekly working time: 48 hours per week, 44 hours on average over 12 consecutive weeks

• Mandatory daily rest: 11 consecutive hours

• Paid leave: 2.5 working days per month of work actually performed, equivalent to 30 working days (5 weeks) per year

Non-compliance with these provisions engages the criminal liability of the employer (article L. 3171-4 and following). Time management tools coupled with digital signature systems allow working time agreements or daily allowance agreements to be traceable in a legally binding manner.

---

Obligations regarding health, safety and risk prevention

The general safety obligation

Article L. 4121-1 of the Labour Code requires the employer to take necessary measures to ensure the safety and protect the physical and mental health of workers. This obligation of result (case law of the Court of Cassation, "asbestos" rulings of 2002 and their evolution towards a reinforced obligation of means since 2015) covers: preventive action on occupational risks, training and information of employees, establishment of appropriate organisation and resources.

Medical surveillance and monitoring by the prevention service

Since the Occupational Health Law of 2 August 2021 (applicable since 31 March 2022), individual health monitoring has been strengthened. The information and prevention visit (VIP) must take place within 3 months of start date (30 days for night workers or those assigned to at-risk positions). The employer must organise and finance this monitoring through an inter-company occupational health and safety service (SPSTI) or internal service.

Prevention of psychosocial risks (PSR)

Moral harassment (article L. 1152-1), sexual harassment (article L. 1153-1) and sexist conduct are active prevention obligations. The employer must designate a harassment contact in companies with 250 or more employees (article L. 1153-5-1). The establishment of a confidential internal reporting mechanism is recommended by the CNIL and may be required by the Sapin II Law for large companies.

---

Digital and GDPR obligations in the employment relationship

Protection of employee personal data

The employer is a data controller under the GDPR (EU Regulation 2016/679) for all personal data of its employees: HR files, payslips, geolocation, work communications, biometric data. It must:

• Keep a record of processing activities (article 30 of the GDPR)

• Inform employees of the use of their data (articles 13 and 14)

• Appoint a Data Protection Officer (DPO) if the activity involves large-scale processing of sensitive data

• Contractually regulate any sub-processor processing employee data

In 2025, the CNIL imposed total penalties of €90.4 million, including several for failures to protect employee data (abusive geolocation, disproportionate video surveillance, lack of information).

Dematerialisation of HR documents and electronic signature

Dematerialisation of HR processes is now unavoidable. The comparison of electronic signature solutions available on the market shows that eIDAS-compliant tools allow signing employment contracts, amendments, confidentiality agreements, internal regulations or termination documents with legal value equivalent to handwritten signature, in accordance with article 1366 of the Civil Code.

It is advisable to choose a solution offering at minimum an advanced electronic signature (AES) for high-stakes documents, and to ensure that the service provider is eIDAS-qualified or certified to avoid any later dispute. The AI-powered contract generator offered by Certyneo also enables automation of compliant HR document drafting, reducing error risk and processing times.

Cybersecurity and the NIS 2 directive

Since October 2024, the NIS 2 Directive (transposed into French law by the Law of 17 October 2024) imposes on essential and important entities strengthened obligations regarding cybersecurity, including securing HR information systems. Affected employers must adopt appropriate technical and organisational measures, report significant incidents to ANSSI within 72 hours, and provide regular cybersecurity training to teams.

---

Penalties for non-compliance

Criminal penalties

The Labour Code provides for criminal penalties for numerous violations:

• Undeclared work (absence of DPAE or written contract): up to 3 years' imprisonment and €45,000 fine for a natural person, €225,000 for a legal entity (article L. 8224-1)

• Non-compliance with health and safety rules resulting in an accident: putting others in danger (article 223-1 of the Criminal Code)

• Moral or sexual harassment: up to 2 years' imprisonment and €30,000 fine

Civil and employment tribunal penalties

Non-compliance with a contractual or legal obligation may result in employment tribunal convictions: wage arrears, compensation for unfair dismissal, damages. Reclassification of a CDD as a CDI automatically triggers payment of a reclassification indemnity of at least one month's salary (article L. 1245-2).

Administrative penalties

Labour inspectors have expanded powers since the 2016 "Work" Law and the Law of 5 September 2018: formal notice, temporary closure of premises, administrative fines up to €10,000 per affected employee for certain violations. DREETS (Regional Directorate for Economy, Employment, Work and Social Solidarity) can also impose compliance plans.

Legal framework applicable to employer compliance

Employer compliance is based on a dense regulatory framework, linking national and European law.

French Labour Code

The Labour Code is the central reference. Hiring obligations are governed by articles L. 1221-1 and following (employment contract), L. 1242-1 and following (CDD), R. 1221-1 (DPAE). Working time is governed by articles L. 3121-1 and following, and paid leave by articles L. 3141-1 and following. Occupational health and safety fall under articles L. 4121-1 to L. 4741-1, including the obligation to assess risks (DUERP, article R. 4121-1). Harassment is prohibited by articles L. 1152-1 (moral) and L. 1153-1 (sexual).

Civil Code — Legal validity of electronic signature

Article 1366 of the Civil Code establishes the probative value of electronic writing: "Electronic writing has the same evidentiary force as writing on paper, provided that the person from whom it emanates can be duly identified and that it is established and stored in conditions such as to guarantee its integrity." Article 1367 specifies that electronic signature consists in the use of a reliable identification process guaranteeing its connection to the deed to which it relates.

eIDAS Regulation No. 910/2014

The eIDAS European regulation (Electronic IDentification, Authentication and trust Services) defines three levels of electronic signature: simple, advanced (AES) and qualified (QES). For employment contracts and HR documents with high probative value, advanced or qualified electronic signature is recommended. The eIDAS 2.0 Regulation (EU Regulation 2024/1183), which entered into force on 20 May 2024, further strengthens these requirements, particularly for European digital identity wallets.

GDPR — EU Regulation No. 2016/679

The employer, as a data controller, is subject to articles 5 (processing principles), 6 (lawfulness of processing), 13-14 (information to individuals), 30 (record of processing activities) and 32 (data security). The deadline for notifying CNIL of data breaches is 72 hours (article 33). Maximum penalties reach €20 million or 4% of global turnover (article 83).

NIS 2 Directive — French Law of 17 October 2024

Transposing Directive (EU) 2022/2555, this text imposes on essential and important entities obligations regarding cyber risk management, incident reporting and internal governance. HR information systems and human resources management may be affected if the entity meets the size and sector criteria defined in article 3 of the directive.

ETSI EN 319 132 and 319 102 Standards

These European technical standards define the formats for advanced electronic signature (XAdES, CAdES, PAdES) and validation procedures. They apply to qualified trust service providers (QTSP) listed on the European trust lists (Trusted Lists). For an employer, using a certified service provider under these standards guarantees the admissibility of signatures in any employment tribunal proceedings.

Use cases: HR compliance in practice

Scenario 1 — A mid-sized industrial group (800 employees)

An industrial group employing around 800 employees across three sites in France faced a recurring problem: signing seasonal CDD contracts and working time variation amendments required postal exchanges of 3 to 7 working days. In case of urgent start dates, the legal deadline for contract provision (48 hours for a CDD) was not met, exposing the company to a systemic risk of reclassification.

By deploying an advanced electronic signature solution compliant with eIDAS across all HR processes, the group reduced the average signing time to less than 4 hours, eliminated the risk of non-provision within legal deadlines and achieved estimated savings of €35,000 per year on printing, postage and physical archiving costs. The single personnel register was fully digitised, with certified time-stamping for each entry.

Scenario 2 — An accounting firm with 45 employees

An accounting firm employing 45 people managed internally the payroll and HR procedures for several dozen SME clients. Compliance obligations (DPAE, payslips, contracts, DUERP) were handled manually, creating a high risk of omission. Following a labour inspection audit at a client, the absence of a written contract for three part-time employees resulted in reclassification as full-time, representing a cost of €18,000 in contribution arrears and compensation.

By adopting an integrated platform combining automatic generation of compliant contracts and electronic signature, the firm structured its workflows to make hiring without electronically signed contract impossible. Documentary compliance achieved 100% at the next audit, and average processing time for hiring procedures was reduced by a third.

Scenario 3 — A retail chain with 2,500 employees across multiple sites

A retail chain employing 2,500 employees across 60 outlets had to daily manage temporary employee contracts, amendments for additional hours and individual holiday agreements. Geographic dispersion made collection of handwritten signatures almost impossible within legal timeframes. Additionally, CNIL had noted, during an audit, the absence of information to employees on the processing of their geolocation data (connected time clocks).

The company deployed simple electronic signature for low-risk documents (notices, collective information) and advanced signature for contracts and amendments. It simultaneously updated its GDPR information notices and integrated traceable electronic consent. Results: zero documentary non-compliance at the next DREETS audit, temporary worker signature delays reduced from 72 hours to less than 30 minutes, and complete documented GDPR compliance.

Conclusion

Legal compliance in employment law is an ongoing undertaking for every employer: hiring obligations, register management, working hours compliance, data protection, risk prevention… Each failure can result in serious sanctions, employment tribunal orders, criminal or administrative penalties. In 2026, dematerialisation of HR processes — and in particular the use of eIDAS-compliant electronic signature — has become one of the most effective levers to secure these obligations, reduce delays and create a legally binding audit trail.

Certyneo supports employers in this approach with a certified electronic signature platform, a compliant HR contract generator and workflows adapted to French employment law constraints. Get ahead of your obligations: discover Certyneo's HR solutions or calculate your ROI in just a few clicks to measure the concrete impact of dematerialised and compliant HR management.