Signatory Client Portal in the Public Sector: Practical Guide

The dematerialisation of administrative procedures is accelerating in French local authorities and administrations. Since the entry into force of the "Action publique 2022" plan and the obligations arising from the eIDAS regulation, public bodies must offer smooth, secure and enforceable digital pathways. At the heart of this mechanism: the signatory client portal, a dedicated portal allowing each user or partner to receive, consult, sign and archive official documents online. This article details the concrete steps to create such a portal in the public sector, the regulatory requirements to comply with and best practices from the field.

Why the signatory client portal has become strategic for the public sector

The regulatory context and user expectations

In France, Ordinance No. 2014-1330 of 6 November 2014 on the right of users to contact the administration electronically laid the initial foundations for a dematerialisation obligation. Since then, the ESSOC law (2018), the 3DS law (2022) and successive inter-ministerial circulars have strengthened this momentum. According to the dematerialisation benchmark published by DINUM in 2025, over 87% of first-level administrative procedures are now available online, but only 54% incorporate a legally valid electronic signature mechanism.

Users, meanwhile, will no longer tolerate back-and-forth paper transfers. An OpinionWay study from 2024 indicates that 72% of French citizens prefer to sign an administrative document online rather than travel, provided the system is simple and reassuring. The signatory client portal responds precisely to this expectation by offering a single point of access, secure and traceable for all dematerialised acts.

Differences with the private sector

Unlike the private sector, public bodies are subject to additional constraints: public procurement governed by the Public Procurement Code, resolutions subject to legality review by the prefecture, civil status acts regulated by the Civil Code. The level of electronic signature required varies according to the nature of the document: a simple partnership agreement may be satisfied with an advanced electronic signature (AES), whilst a notarial deed or municipal council resolution may in some cases require a qualified signature (QES) as defined in Article 26 of the eIDAS regulation.

To select the appropriate level for each type of act, consult our comprehensive guide to electronic signature which details the three eIDAS levels and their conditions of use in the public sphere.

Steps to create a signatory client portal in a local authority or administration

Step 1 — Map document flows and stakeholders

Before deploying any tool, it is essential to carry out a flow mapping. This phase consists of identifying:

• The types of documents involved (resolutions, public procurement, agreements, planning permissions, HR documents, etc.);
• Internal signatories (elected representatives, chief executives, heads of department) and external (service providers, associations, citizens, agents from other public entities);
• Annual volumes and the contractual or regulatory deadlines associated;
• Existing information systems (business software such as SEDIT, CIVIL NET, CIRIL, Berger-Levrault) with which the client portal will need to interface.

This mapping makes it possible to define the functional scope of the platform and avoid duplication with existing tools. It also determines the level of security and authentication to be implemented for each category of users.

Step 2 — Choose the technical solution adapted to public sector requirements

The choice of an electronic signature solution for the public sector meets specific criteria that the private sector does not always impose with the same rigour:

1. Sovereign hosting: the public body's data must be hosted in France or the European Union, on infrastructures certified HDS (if health data) or SecNumCloud (if sensitive data). ANSSI's SecNumCloud qualification became a differentiating criterion following the Prime Minister's circular of 5 July 2021.
2. Interoperability: the solution must expose documented REST APIs compatible with RGI (General Interoperability Framework) and RGS (General Security Framework) benchmarks.
3. RGAA Accessibility: under Law No. 2005-102 of 11 February 2005 and its implementing decrees, public portals accessible to citizens must comply with the General Reference Framework for Improving Accessibility (RGAA 4.1) at a minimum AA level.
4. eIDAS compliance: signature certificates must be issued by a qualified Trust Service Provider (TSP) appearing on the European Trusted List published by the European Commission.

To compare the solutions available on the market according to these criteria, our comparison of electronic signature solutions offers an evaluation grid adapted to public buyers.

Step 3 — Configure the signatory client portal: authentication and user journey

Configuration of the signatory client portal rests on three technical pillars:

Authentication of signatories: the public sector has a structural advantage with FranceConnect+, the national digital identity system managed by DINUM. FranceConnect+ enables substantial or high authentication in the eIDAS sense, making signed acts enforceable without ambiguity. For external service providers (companies, associations), strengthened email authentication (OTP) coupled with documentary identity verification may suffice for intermediate-level acts.

The signature journey must be designed to minimise friction: email or SMS notification, direct access to the document from the dedicated portal, content visualisation before signature, signature application in one or two clicks depending on the level required, and confirmation by timestamped certificate. Qualified timestamping (RFC 3161) guarantees document integrity and the definite date of signature, elements essential in the event of litigation.

Management of delegations and validation circuits: in a local authority, an act often bears only a single final signature, but it is preceded by an internal visa circuit. The signatory client portal must allow configuration of multi-step workflows (electronic file tracking) with delegation rules compliant with the organisation's signature delegation order.

Step 4 — Ensure conservation and probative archiving

A signatory client portal is not limited to signature: it must guarantee the probative value of documents over time. The Heritage Code (Articles L. 211-1 and following) imposes on public bodies specific retention periods depending on the nature of acts (10 years for public procurement, unlimited duration for resolutions, etc.).

The NF Z 42-020 standard defines the requirements for an electronic archiving system with probative value (SAE). The signatory client portal must interface with the organisation's SAE or natively offer a digital safe with compliant storage. Recourse to a certified third-party archiver makes it possible to outsource this obligation whilst maintaining the traceability required by CNIL and administrative courts.

Note that signed documents remain accessible to each signatory from their personal portal, in accordance with access rights provided for by GDPR and the CADA law.

Governance, training and change management in the public sector

Structure project governance

Deploying a signatory client portal is an organisational transformation project as much as a technical one. Governance must involve:

• Senior management (CEO/COO) for political sponsorship and validation of acts involved;
• The information systems department (IT) for technical integration and security;
• The Data Protection Officer (DPO), mandatory in public bodies since Article 37 of GDPR, to validate the impact assessment (DPIA);
• The legal department to map risks and validate the legal value of each category of dematerialised acts.

A quarterly steering committee, bringing together these stakeholders, makes it possible to adjust the roll-out and prioritise flows to dematerialise according to observed operational gains.

Train agents and external signatories

Adoption of a signatory client portal depends largely on the quality of change management. Public agents, accustomed to paper processes or heterogeneous tools, need brief but targeted training: understanding the legal value of electronic signature, knowing how to identify a forged document, mastering the signature circuit in their remit.

For external signatories (service provider companies, subsidised associations), a simple usage guide, accessible from within the client portal itself, significantly reduces support requests. Modern platforms now integrate contextual tutorials and dynamic FAQs directly into the signature journey. The Certyneo Help Centre provides, for example, educational resources adaptable to your internal communications.

Measure benefits and drive by data

The return on investment of a signatory client portal in the public sector is measured across several dimensions:

• Average signature time: dematerialisation reduces the average signature cycle from 7 to 14 days to less than 48 hours according to feedback from pioneering local authorities;
• Rate of lost or poorly archived documents: tends to zero with an interfaced SAE;
• Direct costs: printing, postage, courier fees, reprocessing of non-compliant documents;
• Satisfaction of external signatories: measurable via an NPS integrated at the end of the signature journey.

These indicators feed the steering committee's dashboard and justify the progressive extension of the dematerialised scope. To estimate precisely the potential gains for your organisation, our electronic signature ROI calculator allows personalised projections in less than 5 minutes.

Legal framework applicable to the signatory client portal in the public sector

The establishment of a signatory client portal in a French local authority or administration is part of a dense legal corpus, structured at several levels.

The eIDAS Regulation No. 910/2014 of the European Parliament and Council constitutes the European foundation. It distinguishes three levels of electronic signature (simple, advanced, qualified) and provides that only the qualified signature benefits from a presumption of reliability equivalent to a handwritten signature in all Member States. For sensitive public acts, recourse to a qualified certificate issued by a Trust Service Provider (TSP) registered on the European Trusted List is mandatory. The eIDAS 2.0 Regulation (EU Regulation 2024/1183), in force since May 2024, strengthens these requirements by introducing the European Digital Identity Wallet (EUDIW), whose integration into public portals must be operational by 2026-2027 according to the timeline set by the Commission.

The Civil Code, in Articles 1366 and 1367, sets out the conditions for validity of electronic writing in French law: reliable identification of the author and guarantee of document integrity. These conditions are met by the cryptographic mechanisms of advanced and qualified signatures.

The GDPR No. 2016/679 requires any organisation processing personal data (name, email, FranceConnect identifier of signatories) to carry out a Data Protection Impact Assessment (DPIA) prior to the deployment of the client portal, in accordance with Article 35 of the regulation. This obligation is strengthened for public bodies. The appointment of a DPO (Article 37) is mandatory for all public authorities.

The General Security Reference Framework (RGS v2.0), published by ANSSI, sets the security levels required for the State's and local authorities' online services. Signature platforms deployed in this context must be audited and, depending on the sensitivity level of the data, qualified or certified by ANSSI.

ETSI standards technically frame signature formats: ETSI EN 319 132 (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES for PDFs). The PAdES format is recommended for public documents due to its native readability in standard PDF viewers.

The NIS2 Directive (EU 2022/2555), transposed into French law by Law No. 2024-449 of 21 May 2024, extends cybersecurity obligations to essential and important entities, of which many public bodies form part (municipalities with over 30,000 inhabitants, departments, regions, healthcare establishments). Signature platforms must be incorporated into the organisation's information systems security policy (ISSP) and be subject to incident reporting to ANSSI in the event of a breach.

Finally, the Public Procurement Code (Articles R. 2132-1 and following) imposes dematerialisation of public contracts above EUR 40,000 and requires electronic signature of commitment documents. Non-compliance with this obligation exposes the organisation to a risk of nullity of acts and sanctions during prefectural legality review.

Use scenarios: the signatory client portal in action in the public sector

Scenario 1 — An urban agglomeration dematerialises its partnership agreements

An urban agglomeration grouping approximately twenty municipalities manages annually more than 350 partnership agreements with local associations, educational establishments and private service providers. Before implementing a signatory client portal, each agreement required on average 18 days between internal validation and signature by both parties, with an estimated document loss rate of 4% (documents poorly archived or unsigned versions retained by mistake).

After deploying a signatory client portal integrated into the existing business information system, the average signature time fell to 3.5 days. Partner associations access their portal via FranceConnect, receive email notification as soon as a document is ready to sign and find all their agreements archived in their personal space. The document loss rate has been zero since deployment. The estimated annual saving on printing, postage and administrative reprocessing costs exceeds EUR 15,000, not counting the time savings for agents.

Scenario 2 — A department dematerialises the public procurement acts of its departments

A departmental council processing over 1,200 public contracts per year (all thresholds combined) faced signature timelines incompatible with the operational constraints of its departmental offices. The paper circuit involved up to 7 internal stakeholders (review, legal visa, financial visa, signature by the president or delegated vice-president) before transmission to the service provider.

The implementation of an electronic tracking system integrated into the signatory client portal made it possible to configure multi-step workflows with automatic delegations in case of absence. The average time for the internal circuit fell from 11 days to 2.8 days. The department also saw a 60% reduction in telephone follow-ups from services to find out the progress of signatures. The client portal offered to external service providers allows them to sign commitment documents directly from their interface, with a timestamped signature certificate automatically archived in the department's SAE.

Scenario 3 — A public healthcare establishment secures HR documents for its practitioners

A hospital group of approximately 1,200 agents (including 180 practitioners) managed its engagement contracts, amendments and temporary recruitment documents by post or mandatory physical presence, creating delays incompatible with recruitment needs (cover for absences, medical interim).

The signatory client portal deployed for human resources now allows each practitioner or agent to receive, consult and sign their contract from a secure portal, accessible from any terminal. Authentication relies on FranceConnect+ for permanent agents and on documentary identity verification for temporary workers. The average time to deployment after verbal agreement fell from 8 days (paper file processing time) to less than 24 hours. The establishment also reduced HR file completeness errors by 40% thanks to guided forms integrated into the signature journey, in accordance with recommendations from the hospital public service.

Conclusion

Creating a signatory client portal in the public sector is no longer an option: it is a progressive regulatory obligation and a growing expectation of users and institutional partners alike. The approach rests on four inseparable pillars — mapping of flows, choice of a sovereign and eIDAS-compliant solution, configuration of a smooth user journey, and probative archiving — supported by solid governance and rigorous change management.

Local authorities and administrations that have taken this step observe measurable gains: signature times divided by five on average, reduced administrative costs and impeccable archiving quality. Certyneo supports public bodies at every stage of this project, from initial audit to operational deployment.

Ready to take the leap? Contact our Certyneo experts for a free audit of your document flows and a personalised demonstration adapted to public sector constraints.