Legal Compliance in Employment Law: Employer's Obligations

Introduction

Legal compliance in employment law represents one of the most critical issues for any business, regardless of size. In France, the Labour Code imposes on the employer a set of precise obligations: contract drafting, regulatory posting, maintenance of registers, respect of working hours, management of employees' personal data. Non-compliance with these rules exposes the company to potentially heavy administrative, criminal and civil sanctions. This article reviews the main legal obligations, associated risks and digital best practices — in particular electronic signature — to secure each stage of the employee lifecycle.

---

Fundamental Contractual Obligations of the Employer

Drawing Up and Delivery of the Employment Contract

Under French law, an open-ended full-time employment contract (CDI) is not subject to a mandatory written form requirement, unless a collective agreement provides otherwise. However, the transposition of European Directive 2019/1152 of 20 June 2019 — known as the "Transparent and Predictable Working Conditions Directive" — requires the employer to provide each employee, no later than the 7th calendar day following recruitment, with a document or set of documents containing essential information relating to the employment relationship (article L. 1221-5-1 of the Labour Code, resulting from decree no. 2023-1004 of 30 October 2023).

For fixed-term contracts, temporary work contracts, apprenticeship contracts and internship agreements, writing is mandatory and must be delivered within very strict timeframes (generally 2 working days for a fixed-term contract). Failure to deliver a written contract within the legal timeframes may result in the reclassification of the fixed-term contract as an open-ended contract by the Employment Tribunal.

Electronic signature for HR is now an effective solution to guarantee traceability and timestamping of these contractual deliveries, while reducing administrative delays.

Mandatory Clauses in Contracts

The employment contract must contain a certain number of legal clauses:

• Identity of the parties (name, address, SIRET number of the employer)

• Date of commencement of the employment relationship

• Place of work and, where applicable, arrangements for remote work

• Job title, employment category, hierarchical coefficient

• Working hours and distribution of schedules

• Remuneration (base salary, bonuses, benefits in kind)

• Duration of the probation period and conditions for renewal

• Applicable collective agreement

• Supplementary social protection scheme

The omission of some of these clauses may constitute a punishable breach, and in certain cases, enable the employee to seek damages.

---

Mandatory Posting and Information of Employees

Documents to be Posted in the Company

Article L. 1221-16 of the Labour Code and many specific texts require the employer to post or notify employees of an exhaustive list of documents. Mandatory postings include:

• The internal regulations (mandatory from 50 employees onwards, article L. 1311-2 of the Labour Code)

• Working hours and weekly rest periods

• Address and name of the competent labour inspector

• Contact details of emergency rescue services

• Title of applicable collective agreements and contracts

• Texts relating to professional equality (article L. 1142-6)

• List of members of the staff delegation to the CSE (Social and Economic Committee)

• National discrimination prevention number (3928)

• Provisions of the Criminal Code relating to moral and sexual harassment

Since the law no. 2021-1018 of 2 August 2021 known as "Occupational Health", obligations to prevent occupational hazards have been strengthened, in particular the mandatory updating of the Single Occupational Risk Assessment Document (DUERP) at least once a year in companies with at least 11 employees.

Digital Communication: Between Opportunity and Compliance

The law of 8 August 2016 (the "Labour" law or El Khomri law) paved the way for the dematerialisation of certain mandatory information, provided that employees have easy access to it. The employer can thus make this information available via the intranet or a secure HR portal. However, proof of consultation remains the employer's responsibility, which requires traceable solutions. The use of tools such as an AI-powered contract generator or a digital signature platform makes it possible to automate such proof of access and delivery.

---

Management of Working Time and Mandatory Registers

Legal Durations and Their Exceptions

The Labour Code sets the legal working time at 35 hours per week (article L. 3121-27). Overtime may be worked within the limits of legal maximum durations:

• 10 hours per day (article L. 3121-18)

• 48 hours per week (article L. 3121-20)

• 44 hours on average over a period of 12 consecutive weeks (article L. 3121-22)

Exceeding these ceilings without a collective agreement or authorisation from the labour inspector constitutes an offence punishable by a fine of €1,500 per employee concerned (article R. 3124-3).

Forfeit day agreements, reserved for managers and certain autonomous employees, must be expressly provided for by a collective agreement and stipulated in the individual contract. The absence of a valid collective agreement renders the forfeit agreement unenforceable against the employee, who may then claim payment of overtime.

Mandatory Registers

The employer is required to maintain several registers, some of which must be kept for specific periods:

• The single personnel register: mandatory from the first employee onwards (article L. 1221-13), kept for 5 years after the employee's departure

• The DUERP: kept for at least 40 years under the 2021 Occupational Health law

• The CSE delegation register and meeting minutes

• The register of minor workplace accidents (if the company has a medical service)

• The data processing register (GDPR, article 30 of regulation 2016/679)

The dematerialised maintenance of these registers is permitted provided that their integrity, confidentiality and accessibility to supervisory agents are guaranteed. Electronic signature solutions in the company make it possible to ensure these document integrity requirements.

---

Protection of Employees' Personal Data (GDPR)

Specific Obligations in an HR Context

The General Data Protection Regulation (GDPR, regulation EU 2016/679) applies fully to the processing of employees' data. As a data controller, the employer must:

• Inform employees of the nature of the data collected, its purpose, duration of retention and their rights (articles 13 and 14 of the GDPR)

• Maintain a register of processing activities (article 30)

• Appoint a Data Protection Officer (DPO) in certain cases (article 37), in particular where large-scale processing of sensitive data is involved (medical records, union membership)

• Regulate transfers of data to third countries outside the EU

• Implement appropriate security measures (encryption, pseudonymisation, access control)

The CNIL has published several sectoral HR frameworks, including the framework relating to administrative personnel management (deliberation of 22 November 2012, updated post-GDPR). Breaches may result in fines of up to €20 million or 4% of annual global turnover.

Electronic Signature as a GDPR Compliance Tool

The use of a certified electronic signature platform, as explained in the comprehensive guide to electronic signature, presents a dual advantage: it secures the delivery of contractual documents while minimising the personal data processed (principle of minimisation, article 5.1.c of the GDPR). Signature biometric data is replaced by cryptographic mechanisms that do not involve biometric collection in the strict sense.

---

Obligations in Relation to Health, Safety and Prevention

The General Safety Obligation of Result… Now Strengthened Means

Since the Court of Cassation ruling of 25 November 2015 (no. 14-24.444), case law has nuanced the safety obligation weighing on the employer: it is no longer an absolute obligation of result but a strengthened obligation of means. An employer who justifies having taken all necessary measures to protect the physical and mental health of its employees may be exonerated from liability.

This change in case law does not, however, lighten practical requirements:

• Assessment of occupational hazards formalised in the DUERP

• Annual prevention programme (PAPRIPACT) for companies with 50 or more employees

• Safety training and first aid training

• Medical visits (information and prevention visit on recruitment, enhanced individual monitoring for at-risk positions)

• Adaptation of workstations for employees with disabilities or pregnancy

Criminal Liability of the Employer

Failure to comply with safety obligations may engage the criminal liability of the employer as a natural person (manager, delegate of authority) for deliberate endangerment of others (article 223-1 of the Criminal Code), involuntary injuries (article 222-19) or even involuntary manslaughter (article 221-6), with penalties of up to 3 years' imprisonment and €45,000 fine in the event of manifestly deliberate violation of a safety obligation.

The implementation of documented procedures, timestamped registers and electronic signatures on safety protocols constitutes valuable evidence in the event of litigation, as highlighted in our comparison of electronic signature solutions.

Legal Framework Applicable to Employer's Obligations in Employment Law

Fundamental Texts of Domestic Law

The employer's obligations regarding legal compliance have their source in a dense legislative and regulatory framework:

• Labour Code: articles L. 1221-1 and following (contract formation), L. 1311-1 and following (internal regulations), L. 3121-1 and following (working time), L. 4121-1 and following (health and safety), L. 2311-1 and following (staff representation)

• Decree no. 2023-1004 of 30 October 2023: transposition of EU directive 2019/1152 on transparent and predictable working conditions

• Law no. 2021-1018 of 2 August 2021 known as "Occupational Health": strengthening of the DUERP, creation of the prevention passport, obligation to keep the DUERP for 40 years

• Law no. 2022-1598 of 21 December 2022 relating to emergency measures for the labour market

• Civil Code, articles 1366 and 1367: legal value of electronic signature — article 1366 provides that "electronic writing has the same probative force as writing on paper" and article 1367 defines electronic signature as "the use of a reliable identification process guaranteeing its link with the act to which it relates"

Applicable European Regulation

• eIDAS Regulation no. 910/2014 (and its revised version eIDAS 2.0, regulation EU 2024/1183): defines three levels of electronic signature (simple, advanced, qualified) and establishes the principle of non-discrimination between qualified electronic signature and handwritten signature. For employment contracts, an advanced (AES) or qualified (QES) electronic signature is recommended to maximise legal certainty

• GDPR Regulation no. 2016/679: applicable to the processing of employees' personal data. Article 88 allows Member States to provide specific rules for processing in the context of employment relationships, subject to appropriate protection measures

• NIS2 Directive (EU 2022/2555): transposed in France by the law relating to the resilience of vital activities (LOPMI and transposition ordinance), imposes cybersecurity measures on essential and important operators, including critical HR systems

• ETSI EN 319 132 Standard: European technical standard defining advanced electronic signature formats XAdES, applicable to HR contractual documents

Legal Risks in Case of Non-Compliance

| Breach | Potential Sanction | |---|---| | Absence of written contract (fixed-term) | Reclassification as open-ended, damages | | Exceeding maximum working hours | Fine of €1,500 per employee (R. 3124-3) | | Absence of DUERP | Fine of €1,500 (R. 4741-1) | | Serious GDPR violation | Up to €20M or 4% of global turnover | | Failure to post mandatory documents | Fine of €750 per breach (R. 1227-1) | | Unaddressed harassment | Civil and criminal liability of employer |

The employer may validly use electronic signature for all HR documents provided that the level of signature chosen is appropriate to the sensitivity of the document and that the employee's consent is free and informed (recital 155 of the GDPR).

Use Cases: HR Compliance Enhanced by Electronic Signature

Scenario 1 — A 120-Employee Industrial SME Facing Fixed-Term Contract Reclassification

An SME in the manufacturing sector employing around 120 employees was making extensive use of fixed-term contracts to absorb its seasonal activity peaks. Contracts were sent by post or delivered in person, with no timestamped proof of delivery within the legal timeframe of 2 working days. Over two financial years, three Employment Tribunal disputes had resulted in reclassifications as open-ended contracts, representing a total cost estimated at €47,000 (back pay, allowances and legal costs).

Following deployment of an advanced electronic signature solution integrated into its HR information system, the SME reduced the time to deliver contracts to zero (instant transmission, certified timestamping). The signed return rate within legal timeframes increased from 64% to 99%, and no disputes related to late delivery were recorded during the following 18 months. The return on investment, calculated using a dedicated ROI calculator, proved positive from the 4th month of use.

Scenario 2 — A Multi-Store Distribution Group with 800 Outlets and Decentralised HR Management

A food distribution network managing several hundred points of sale as franchises faced critical documentary heterogeneity: internal regulations not updated, contract amendments not returned signed in 30% of cases, incomplete DUERPs in certain entities. During a site inspection, the labour authority issued several enforcement orders.

The group HR department standardised the entire documentary cycle via a centralised electronic signature platform, coupled with automatic reminders and compliance dashboards by entity. Within 6 months, documentary completion rate increased from 68% to 97%. HR teams recovered an average of 2.5 hours per week per manager previously spent on manual follow-ups — an estimated saving of 1.2 FTE across the group.

Scenario 3 — An Accounting Firm Managing HR Outsourcing for SME Clients

An accounting firm with around twenty employees offered social management services to approximately one hundred SME clients. The multiplicity of contacts, geographical dispersal and variety of applicable collective agreements made managing proof of contract delivery particularly complex.

By integrating a electronic signature solution for legal and accounting firms, the firm was able to create dedicated signature workflows by document type (contract, amendment, severance settlement, receipt), with automatic archiving for legal retention periods. The added value perceived by clients led to an 18% increase in the average HR services basket, according to the firm's internal estimate based on six-monthly satisfaction surveys.

Conclusion

Legal compliance in employment law is not an incidental administrative burden: it conditions the validity of contracts, protection of employees and the civil and criminal liability of the employer. From contractual obligations to posting rules, through working time management, maintenance of registers and protection of personal data, each stage of the HR cycle is governed by precise texts and sanctioned in case of breach.

The dematerialisation of documentary processes, supported by an electronic signature solution compliant with the eIDAS regulation, is now the most effective lever to secure all these obligations whilst reducing administrative burden. Certyneo offers you a turnkey platform, certified and compliant, tailored to the HR challenges of French and European companies.

Ready to secure your HR compliance? Discover our offers and start for free on Certyneo today.