Legal Compliance in Employment Law: Employer Obligations

Legal compliance in employment law represents one of the pillars of modern HR management. Between concluding employment contracts, managing employees' personal data, maintaining the personnel register and complying with mandatory disclosure obligations, the employer navigates a dense and constantly evolving regulatory environment. Non-compliance with these obligations exposes the company to significant civil, criminal and administrative penalties. This article details the main legal obligations incumbent on every employer in France, integrating contributions from digital law and notably the use of electronic signature in the workplace to secure and accelerate HR documentary processes.

The employer's fundamental contractual obligations

Drawing up and delivering the employment contract

Article L. 1221-1 of the French Labour Code recalls that the employment contract is subject to the rules of common law. For fixed-term contracts (CDDs), Article L. 1242-12 requires transmission of a written document to the employee no later than two business days following hiring, on pain of reclassification as a permanent contract (CDI). For part-time contracts (Article L. 3123-6), written form is also mandatory.

Since the transposition of European Directive 2019/1152 on transparent and predictable working conditions, the ordinance of 2 November 2023 expanded the mandatory provisions that must appear in the contract or in an information document provided at hiring. Among these: the duration of the trial period, notice requirements, the identity of social protection bodies, or training rights.

Digitalisation of these contracts is now fully legal: qualified or advanced electronic signature compliant with the eIDAS regulation gives the signed contract the same legal value as a paper original, in application of Article 1367 of the French Civil Code.

The unique personnel register

Article L. 1221-13 of the French Labour Code requires every employer to maintain a unique personnel register. This register must contain, in chronological order of hiring, the following information: employee identification, nationality, date of birth, gender, job, qualification, dates of entry and departure, type of contract. The register must be kept for five years after the employee's departure. Its absence or irregular maintenance is liable to a fine of €750 per employee concerned (4th class misdemeanour).

Trial period and hiring formalities

The employer must submit the pre-hiring declaration (DPAE) no later than eight days before the expected hiring date, to URSSAF (Article R. 1221-1 of the French Labour Code). Failure to submit the DPAE constitutes an offence of undeclared work (Article L. 8221-5), exposing the company to a fine of up to €45,000 and two years' imprisonment for natural persons.

Obligations regarding health, safety and working conditions

The general obligation of safety

Article L. 4121-1 of the French Labour Code establishes the employer's obligation of safety as a result: it must take the necessary measures to ensure the safety and protect the physical and mental health of workers. This obligation is broken down into actions to prevent occupational risks, information and training for employees, and the implementation of appropriate organisation and resources.

The Unique Document for the Assessment of Occupational Risks (DUERP), made mandatory by the decree of 5 November 2001 (Article R. 4121-1 of the French Labour Code), must be drawn up from the first employee, updated annually or whenever there is a significant change in working conditions. The Workplace Health Act of 2 August 2021 (Act no. 2021-1018) strengthened this obligation by requiring the DUERP to be kept for 40 years and made available to former employees.

Medical visit and health monitoring

The employer must organise the information and prevention visit (VIP) within three months of the employee taking up their position (Article R. 4624-10 of the French Labour Code), except for positions with particular risks for which a pre-hire medical examination is required. The occupational physician may issue an unfitness opinion, which the employer is bound to take into account on pain of engaging their liability.

Obligations related to harassment and discrimination

Since the Professional Future Act of 5 September 2018 (Act no. 2018-771), companies with at least 250 employees must appoint a sexual harassment liaison officer within the Works Council (CSE) and a dedicated HR liaison. Every company, regardless of size, is required to display the contact details of competent services in matters of harassment (Article L. 1153-5 of the French Labour Code). Non-compliance on this point exposes the employer to civil and criminal liability actions.

Obligations regarding employees' personal data

GDPR applied to human resources

The General Regulation on Data Protection (GDPR, no. 2016/679) applies fully to the processing of employee data: payroll files, performance evaluations, biometric data, absence tracking, etc. The employer acts as a data controller within the meaning of Article 4(7) of the GDPR.

Its main obligations are:

• The record of processing activities (Article 30 of the GDPR): mandatory for any company with more than 250 employees or processing sensitive data;

• Informing employees (Articles 13 and 14 of the GDPR): at the time of data collection, via a clear information notice;

• Limiting data retention: an employee's data cannot be kept indefinitely after contract termination;

• Data security (Article 32 of the GDPR): the employer must implement appropriate technical and organisational measures.

In the event of a data breach, the employer has 72 hours to notify the CNIL (Article 33 of the GDPR). The amount of fines can reach €20 million or 4% of annual global turnover. In 2023, the CNIL imposed more than €42 million in penalties, several of which directly concerned HR processing.

Data protection in electronic signature processes

When deploying an electronic signature solution for HR documents (contracts, amendments, company agreements), the employer must ensure that the service provider complies with the GDPR. Biometric data possibly collected during authentication constitutes sensitive data within the meaning of Article 9 of the GDPR. Using a comprehensive guide to electronic signature helps identify compliant solutions and avoid common mistakes in data processing.

Obligations relating to staff representation and collective negotiations

Setting up and operating the Works Council

Since the 2017 Macron ordinances (ordinances no. 2017-1386 and 2017-1388), the Social and Economic Committee (CSE) is the sole body for staff representation in companies with at least 11 employees. The employer is required to organise CSE elections and provide it with the necessary means to function: premises, delegation hours, access to economic and social information via the Economic, Social and Environmental Database (BDESE) for companies with at least 50 employees (Article L. 2312-36 of the French Labour Code).

The failure to organise employee elections constitutes an offence of obstruction liable to one year's imprisonment and a €7,500 fine (Article L. 2317-1 of the French Labour Code).

Mandatory annual negotiation (NAO) obligations

Article L. 2242-1 of the French Labour Code requires companies with union representatives to conduct mandatory annual negotiations covering notably: remuneration, working time, value-added sharing, gender equality and quality of working life (QVT). Since the Value Sharing Act of 29 November 2023 (Act no. 2023-1107), companies with 11 to 49 employees achieving net fiscal profit of at least 1% of turnover for three consecutive years must implement a value-sharing scheme.

Digitalisation of HR documents: compliance issues and best practices

Documents that can be digitalised

The digitalisation of HR processes is now an operational and legal reality. The electronic payslip has been authorised since the Act of 8 August 2016 (Labour Act, Article L. 3243-2 of the French Labour Code), unless the employee objects. Employment contracts, amendments, end-of-contract documents (settlement statement, receipt for settlement) can be signed electronically provided the solution used guarantees the identification of the signatory and the integrity of the document.

HR solutions dedicated to electronic signature allow you to automate these documentary flows while ensuring their probative value. For high-stakes documents (series of CDDs, company agreements), it is recommended to use an advanced or qualified electronic signature within the meaning of the eIDAS regulation. A comparison of electronic signature solutions will help you choose the tool adapted to your volumes and sector constraints.

Retention and archiving of HR documents

Legal retention periods vary depending on the nature of the document:

• Employment contract and amendments: 5 years after the end of the contract (statute of limitations under common law, Article 2224 of the French Civil Code);

• Payslips: 5 years (statute of limitations for wage claims, Article L. 3245-1 of the French Labour Code);

• Documents relating to social contributions: 3 years for URSSAF inspections;

• DUERP: 40 years (Workplace Health Act 2021).

An electronic archiving system (EAS) compliant with standard NF Z 42-020 guarantees the probative value of digitalised documents throughout the legal retention period. The ROI calculator available on Certyneo allows you to quickly assess the return on investment of complete digitalisation of your HR documentary processes.

Legal framework applicable to employer compliance

Employer compliance falls within a multi-layered normative framework, combining national law, European law and technical standards.

French Civil Code:

• Article 1366 of the French Civil Code recognises electronic writing as evidence in the same way as paper writing, provided that the identity of the person from whom it emanates is duly established and that it is drawn up and preserved in conditions such as to guarantee its integrity.

• Article 1367 of the French Civil Code defines electronic signature and specifies that it consists of the use of a reliable identification process guaranteeing its link with the document to which it is attached.

eIDAS Regulation (no. 910/2014): This European regulation establishes three levels of electronic signature (simple, advanced, qualified). Qualified electronic signature (QES) benefits from a presumption of reliability and cannot be refused as evidence in a judicial dispute within the EU. The eIDAS 2.0 revision (Regulation 2024/1183 entering into force on 20 May 2024) introduces the European Digital Identity Wallet (EUDI Wallet), which will impact HR onboarding processes from 2026.

GDPR (no. 2016/679): The employer as data controller is subject to the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality (Article 5 of the GDPR). Recourse to an electronic signature service provider involves concluding a data processing agreement compliant with Article 28 of the GDPR, specifying in particular security guarantees and procedures for data return or deletion.

NIS2 Directive (2022/2555): Transposed into French law by Act no. 2024-449 of 21 May 2024, the NIS2 Directive extends cybersecurity obligations to essential and important entities, which include many employers in the health, energy and transport sectors. HR information systems processing sensitive data must integrate enhanced security measures (multi-factor authentication, business continuity plans, incident reporting).

ETSI Standards: ETSI standards EN 319 132 (XAdES signature formats) and ETSI EN 319 122 (CAdES) define the technical formats of electronic signatures recognised in Europe. Qualified trust service providers (QTSPs) listed on the national Trust List published by ANSSI guarantee compliance with these standards.

Employment law: The French Labour Code (Articles L. 1221-1, L. 1242-12, L. 3243-2, L. 4121-1, L. 2242-1, etc.) forms the basis of the employer's contractual, organisational and social obligations. Any breach can result in civil sanctions (reclassification, damages), administrative penalties (CNIL and DIRECCTE fines) and criminal penalties (obstruction, undeclared work).

Use cases: HR compliance in practice

Scenario 1 — A manufacturing SME with 80 employees digitalises its employment contracts

A manufacturing SME managing between 80 and 120 employees, with significant seasonal turnover (CDDs in production), encountered recurring difficulties: CDD signing delays exceeding the two-business-day legal requirement, risk of reclassification, unsecured paper archiving. By deploying an advanced electronic signature solution compliant with eIDAS, the company integrated an automated flow: contract generation from the HRIS, secure email sending to the candidate, signing in less than 10 minutes on mobile, automatic archiving with qualified time-stamping.

Results observed after six months of deployment: 85% reduction in CDD signing time (from an average of 2.4 days to less than 4 hours), total elimination of risks of non-delivery within legal time limits, estimated savings of €3,200 per year in printing, sending and filing costs.

Scenario 2 — A multi-site retail group brings its BDESE and NAO into compliance

A retail group comprising around twenty establishments and approximately 1,200 employees needed to centralise its Economic, Social and Environmental Database (BDESE) and digitalise the signing of minutes of CSE meetings and company agreements resulting from NAOs. The lack of formalised signature on certain collective agreements exposed the group to disputes over their enforceability.

By adopting a qualified electronic signature solution for high-stakes legal documents (profit-sharing agreements, teleworking charter, profit-sharing agreement), the group secured the probative value of all its social documentation. The time saving on signature processes involving 3 to 7 signatories per agreement was estimated at 60% compared to the traditional paper circuit with registered mail.

Scenario 3 — An HR consulting firm supports its TPE/SME clients on payroll GDPR

An HR consulting firm specialising in advising fifty micro and small businesses identified that the majority of its clients did not have a GDPR information notice to provide to employees at hiring, yet mandatory since 2018. The firm integrated the automatic generation of these notices into its support offering, relying on AI-powered contract generation and an electronic signature solution for delivery and formalised acknowledgement of receipt.

This system allowed the firm's clients to come into GDPR compliance in less than two weeks, with a 94% adoption rate among employees contacted electronically, compared with 67% via the traditional paper circuit. The risks of CNIL fines for failure to inform were completely eliminated across the firm's client portfolio.

Conclusion

Legal compliance in employment law is not limited to formal compliance with the Labour Code: it now encompasses obligations arising from the GDPR, the NIS2 Directive, the eIDAS regulation and recent legislative developments such as the Value Sharing Act. For the employer, every HR document — contract, amendment, company agreement, information notice — represents a legal act whose probative value must be guaranteed.

Electronic signature compliant with eIDAS is the most effective compliance tool: it secures contracts, accelerates hiring processes, facilitates legal archiving and significantly reduces litigation risks. Certyneo supports you in the complete digitalisation of your HR documentary flows, with certified solutions, simple to deploy and compliant with European legal requirements.

Discover Certyneo's offerings and start for free to transform your HR compliance into a competitive advantage.