Compliance with Labour Law: Employer Obligations

Introduction: why employer compliance is a strategic issue

In 2026, compliance with labour law represents far more than an administrative constraint: it is a lever for legal protection, social trust and competitiveness. Employers face a dense regulatory framework — Labour Code, GDPR, NIS2 directive, collective agreements — whose mastery conditions their ability to recruit, manage and retain their teams. An error in formalising a contract, a delay in delivering a mandatory document or a failure in managing personal data can expose the company to severe sanctions. This article details the main employer obligations, associated risks and digital tools, in particular electronic signature for HR, which enable them to be met effectively.

---

Fundamental obligations regarding employment contracts

Drafting and delivery of the contract

The most visible obligation of any employer remains the formalisation of the employment contract. The Labour Code imposes specific rules depending on the nature of the contract:

• Permanent contract (CDI): although no written form is legally mandatory for a full-time CDI, the provision of a written contract is strongly recommended and imposed in practice by the vast majority of collective agreements. In case of dispute, the absence of a written document presumes the existence of an open-ended full-time contract.

• Fixed-term contract (CDD): the fixed-term contract must be drawn up in writing and handed to the employee within two working days following recruitment (article L.1242-13 of the Labour Code). Any failure results in automatic reclassification as a permanent contract.

• Part-time contract: the written form is mandatory and must specify the weekly or monthly duration, schedules and conditions for modification (articles L.3123-6 et seq.).

Since the entry into force of European directive 2019/1152 on transparent and predictable working conditions, transposed into French law by ordinance, the employer must also provide employees with a summary document of essential information (duration of probationary period, remuneration, leave, procedures in case of termination) within seven calendar days from the start date.

Probationary period and its formalities

The probationary period is not presumed: it must be expressly stipulated in the contract or engagement letter. Its maximum duration is set by the Labour Code and may be reduced by collective agreement. If omitted or if the duration is excessive, the probationary period is deemed non-existent, exposing the employer to reclassification of the termination as dismissal without real and serious cause.

Contract signature: issues and dematerialisation

Obtaining a valid signature on the employment contract is crucial. Electronic signature, governed by the eIDAS regulation, offers a legal and traceable alternative to paper signing. It guarantees the integrity of the document and the identity of the parties, two fundamental requirements of labour law. For employers managing large volumes of contracts, consulting a comparison of electronic signature solutions enables them to choose the tool best suited to their HR context.

---

Obligations regarding notices, information and mandatory registers

Mandatory notices in the workplace

Every employer, regardless of company size, is required to display a set of regulatory information in its premises. Article L.1221-13 of the Labour Code and numerous supplementary texts impose in particular:

• The title of applicable collective agreements and agreements

• Contact details of the labour inspectorate and occupational health physician

• Texts relating to professional equality, combating moral and sexual harassment, and discrimination

• Internal regulations (mandatory from 50 employees onwards)

• Safety instructions and emergency exits

• Collective working hours and compensatory rest periods

Since 2020, the URSSAF and DIRECCTE acknowledge that certain notices may be dematerialised via the intranet, provided that all employees have effective access to it.

Maintenance of mandatory registers

The employer must keep several registers up to date, including:

• The unique personnel register (article L.1221-13), which must contain the entries and exits of all employees

• The staff representatives register (replaced by the Works Council since 2020)

• The unique document assessing occupational risks (DUERP), updated at minimum once per year and whenever there is a significant change in working conditions (article R.4121-1 et seq.)

• The register of minor workplace accidents, subject to agreement with the labour inspectorate

Penalties for failure to comply can reach €750 per infringement (third-class contravention), and multiple infringements may be cumulative.

Internal regulations and IT charter

Mandatory in companies with at least 50 employees, the internal regulations must be submitted to the Works Council, sent to the labour inspectorate and displayed before coming into force. They establish rules relating to discipline, hygiene and safety. The IT charter, although not mandatory, is strongly recommended in a context where GDPR requires the formalisation of personal data use by employees.

---

Obligations regarding payroll and working time

Dematerialised payslip

Since the Labour Act of 8 August 2016, the employer may provide payslips in electronic format, unless the employee objects. This right of objection must be respected and documented. The dematerialised payslip must be stored in a digital safe accessible to the employee for at least fifty years or until they turn 75.

The mandatory items of the payslip are listed in articles R.3243-1 et seq. of the Labour Code. In 2024, the simplification of the payslip imposed by the Department of Labour reduced the number of mandatory lines while strengthening the clarity of social deductions.

Working hours and overtime

The employer must ensure compliance with maximum legal durations:

• 10 hours of actual work per day (unless exemption)

• 48 hours per week (or 44 hours on average over 12 consecutive weeks)

• 11 hours of consecutive rest between two working days

• 35 hours of legal weekly duration, beyond which the enhanced overtime regime applies (25% for the first 8 hours, 50% beyond)

Non-compliance with these durations exposes the employer to criminal prosecution (criminal obstruction) and compensation for harm suffered by employees.

Right to disconnect and teleworking

Integrated into the Labour Code since the El Khomri Act (2016) and clarified by the Macron ordinances (2017), the right to disconnect requires companies with more than 50 employees to negotiate its exercise modalities as part of the mandatory annual bargaining. Regarding teleworking, the agreement or teleworking charter must specify periods of availability, coverage of expenses and conditions for return to the office. Electronic signature in the enterprise facilitates rapid and auditable formalisation of amendments to the contract.

---

Obligations regarding data protection and security

GDPR and personal data of employees

The employer is responsible for processing personal data of its employees under the GDPR (Regulation EU 2016/679). To this end, it must:

• Maintain a register of processing activities (article 30 of GDPR) documenting each processing activity involving employee data

• Inform employees via an accessible and understandable privacy notice

• Limit collection to data strictly necessary (data minimisation principle)

• Regulate transfers of data outside the EU with appropriate safeguards (standard contractual clauses or adequacy decision)

• Manage data breaches and notify the CNIL within 72 hours if the risk to the individuals concerned is established

The CNIL may impose fines of up to €20 million or 4% of global annual turnover, with the higher amount being retained.

Cybersecurity and NIS2 directive

Since October 2024, the NIS2 directive (EU Directive 2022/2555) applies to a broader scope of companies called "essential entities" and "important entities". Affected employers must implement risk management measures for cybersecurity, train their employees and notify significant incidents to ANSSI. In this context, the use of certified electronic signature solutions, hosted in Europe and compliant with ETSI standards, contributes to the security of sensitive documentary processes. For further information, the complete guide to electronic signature details the compliance criteria to verify.

Health and safety at work

The employer is subject to a result safety obligation transformed into a strengthened obligation of means by the case law of the Court of Cassation (rulings of 2002 and evolution since 2015). In practical terms, it must:

• Assess occupational hazards and record them in the DUERP

• Implement a prevention plan

• Organise safety training for new recruits and exposed workers

• Ensure medical surveillance of employees via the inter-company occupational health service (SSTI)

Failure to comply with these obligations may engage the unforgivable fault of the employer, significantly increasing compensation for victims of workplace accidents or occupational diseases.

Legal framework applicable to employer obligations

Labour Code: fundamental provisions

The regulatory framework applicable to the employer in France is primarily structured around the Labour Code, whose following articles are central:

• Article L.1221-1: definition of employment contract and obligation of good faith in its execution

• Article L.1242-13: mandatory delivery of fixed-term contract within two working days

• Article L.3123-6: formalism of part-time contract

• Articles R.4121-1 et seq.: obligation to update DUERP annually

• Article L.4121-1: general safety obligation weighing on the employer

eIDAS Regulation and electronic signature

The European Regulation No. 910/2014 (eIDAS), applicable directly in all member states, defines three levels of electronic signature: simple, advanced and qualified. In labour law, case law accepts advanced or qualified electronic signature for employment contracts. Article 1366 of the Civil Code recognises the probative value of electronic writing as equivalent to that of paper writing, provided that its author can be duly identified and the document is preserved in conditions guaranteeing its integrity (article 1367). The eIDAS 2.0 revision, currently being rolled out, strengthens identity requirements and extends the scope of European digital identity wallets (EUDI Wallet).

GDPR and protection of employee data

The Regulation EU 2016/679 (GDPR) imposes on the employer, in its capacity as data controller, strict obligations: lawfulness of processing (article 6), information of individuals (articles 13 and 14), rights of employees (articles 15 to 22), maintenance of the register of processing (article 30) and notification of breaches (articles 33 and 34). The CNIL has sanctioning power that can reach €20 million. In 2023 and 2024, several French companies were sanctioned for transfers of HR data to sub-processors outside Europe without sufficient safeguards.

NIS2 Directive and organisational cybersecurity

Transposed into French law by ordinance of 17 October 2024, the NIS2 directive (2022/2555/EU) requires essential and important entities to establish formalised cyber governance, including management of supply chain-related risks. Affected employers must train their executives and employees, audit their digital service providers and notify significant incidents to ANSSI within 24 hours.

ETSI standards and quality of electronic signatures

The standards ETSI EN 319 132 (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES) define the technical formats of advanced and qualified electronic signatures. Compliance with these standards by qualified trust service providers (QTSPs) registered on the European trust list (Trust List) guarantees interoperability and admissibility of electronic evidence before EU courts.

Use cases: electronic signature serving employer compliance

Scenario 1 — An SME in distribution managing 150 contracts annually

An SME in the food distribution sector employs approximately 120 permanent employees and recruits about fifty seasonal fixed-term workers each year. Before dematerialisation, the HR department spent on average 45 minutes per contract on printing, postal delivery, tracking returned signatures and physical archiving. Over 150 contracts per year, this represented more than 110 hours of administrative work, not counting reminders for documents not returned within the legal timeframes (2 working days for fixed-term contracts).

By deploying an advanced electronic signature solution compliant with eIDAS, the company reduced the average time to signature from 4.2 days to less than 6 hours. Contracts are automatically archived in a digital safe, the unique personnel register is updated in real time and the labour inspectorate can be supplied with supporting documents in a few clicks. The estimated time saving exceeds 80%, representing a return on investment of less than six months according to sector benchmarks published by Syntec Numérique.

Scenario 2 — A health-at-home services group with dispersed teams

A provider of home care services employing approximately 300 nurses, care assistants and home care aides spread across several departments faced a recurring problem: signing amendments regarding schedule or location changes. These documents, often urgent, previously required a visit to headquarters or sending by registered mail, creating delays incompatible with operational constraints and exposing the employer to the risk of unilateral modification of working conditions without formal employee agreement.

Thanks to mobile electronic signature, each amendment is signed by the employee from their smartphone, with strong authentication via SMS OTP. The employer retains time-stamped and certified evidence of the employee's agreement, eliminating the risk of subsequent dispute. The rate of disputes over contractual modifications decreased by approximately 60% within eighteen months, according to comparable experience feedback in the medical-social sector.

Scenario 3 — A strategy consulting firm addressing GDPR compliance of its HR processes

A consulting firm of about fifteen consultants, subject to the dual requirement of GDPR and the Labour Code, needed to formalise its HR data processing: collection of bank details, management of sickness absence, training monitoring and delivery of dematerialised payslips. The absence of clear privacy notices provided upon contract signature constituted a CNIL risk identified in an internal audit.

By integrating the GDPR privacy notice directly into the electronic signature flow of the employment contract, the firm ensures that each new employee has acknowledged their rights before signing. The date and time of reading are time-stamped, constituting evidence that can be produced in the event of CNIL inspection. This approach, combining labour law and GDPR compliance in a single digital process, is now recommended by several professional associations in the consulting sector.

Conclusion

Compliance with labour law by the employer is not limited to drafting a compliant contract: it encompasses managing mandatory notices, maintaining registers, protecting personal data, cybersecurity and health at work. Each of these obligations, if neglected, exposes the company to financial sanctions, judicial reclassifications or costly disputes with employees.

The digitalisation of HR processes, and in particular the adoption of an eIDAS-compliant electronic signature solution, now constitutes one of the most effective levers for securing and accelerating employer compliance. Certyneo enables you to manage the entire lifecycle of your HR contractual documents from a single, sovereign and certified platform.

Discover Certyneo pricing and start digitalising your employer obligations today, or calculate your ROI in a few minutes.