Legal Compliance in Employment Law: Employer Obligations

Introduction

In 2026, legal compliance in employment law remains one of the absolute priorities for every business manager or HR director. Between the constant evolution of the French Labour Code, GDPR requirements, contract digitalisation and the strengthening of labour inspection controls, the obligations weighing on employers are more numerous and precise than ever. Failing to master them exposes the company to administrative, criminal and civil sanctions that could threaten its viability. This article provides an exhaustive review of the main categories of obligations, associated risks and best practices to meet them effectively.

---

The Employer's Fundamental Obligations When Hiring

Prior Declaration of Hiring (DPAE)

Before any recruitment, the employer is required to submit a Prior Declaration of Hiring (DPAE) to URSSAF, no later than 8 days before the employee takes up their position (article R. 1221-1 of the Labour Code). This formality triggers employee affiliation with the general Social Security scheme, opens entitlement to unemployment insurance, and organises the pre-employment medical examination. In 2024, URSSAF inspected over 180,000 employers and issued corrections totalling several million euros for failure to comply with this obligation.

Drawing Up and Handing Over the Employment Contract

The employment contract is the foundation of the legal relationship of subordination. For fixed-term contracts (CDD), provision of a written document is mandatory within 48 hours of hiring (article L. 1242-12 of the Labour Code), on pain of reclassification as a permanent contract (CDI). For part-time CDIs, written form is also mandatory. Since law no. 2019-1428 of 24 December 2019 and its implementation of European directive 2019/1152, the employer must provide a written statement setting out the essential conditions of the contract within the first seven working days.

The electronic signature for HR today offers a secure solution, compliant with the eIDAS regulation, to formalise these contracts remotely, reduce signing delays and archive documents in a probative manner. Solutions such as those described in our comprehensive guide to electronic signature enable HR practices to align with the most recent legal requirements.

Mandatory Information to the Employee

Since the implementation of directive 2019/1152 (the "Transparent Working Conditions" directive), the employer must inform every new employee in writing about: the identity of the parties, the place of work, job title, remuneration, working hours, holiday entitlements, applicable collective agreement, and procedures to follow in case of termination. This information must be provided no later than the seventh calendar day following the start of work. Failure to comply with this obligation exposes the employer to a civil penalty of up to €750 per uninformed employee.

---

Ongoing Obligations in Personnel Management

Maintaining Mandatory Registers

Every employer must keep up-to-date several statutory registers, which are accessible to the labour inspectorate and staff representatives:

• The unique personnel register (article L. 1221-13 of the Labour Code): must record, in chronological order of hiring, the names, forenames, nationality, date of birth, gender, position, qualification and dates of entry/departure of each employee. Entries must be made at the time of hiring and kept for 5 years after the employee leaves.

• The single occupational risk assessment document (DUERP): mandatory from the first employee (article R. 4121-1), it must be updated at least annually or whenever there are significant changes to working conditions. The law of 2 August 2021 to strengthen occupational health prevention has, since 31 March 2022, required DUERP to be stored and filed digitally on a dedicated national portal.

• The safety register: records periodic verification of equipment, evacuation drills and incidents.

Payroll, Pay Slips and Social Declarations

The employer is required to provide a pay slip with each salary payment (article L. 3243-2 of the Labour Code). From 1 January 2027, full digitalisation of the Nominative Social Declaration (DSN) will be mandatory for all companies, regardless of size. The pay slip must include specific items (gross salary, contributions, net salary before and after tax, net to be paid, etc.) or face penalties. The employer must keep these documents for at least five years.

The use of electronic signature in business facilitates digitalised validation of employee amendments, individual pay rises or pay slip summaries, in compliance with the probative requirements of the Civil Code.

Compliance with Maximum Working Hours and Leave

The Labour Code sets absolute limits:

• Maximum daily working hours: 10 hours (unless derogated)

• Absolute maximum weekly hours: 48 hours per week, 44 hours on average over 12 consecutive weeks

• Mandatory daily rest period: 11 consecutive hours

• Paid leave: 2.5 working days per month of actual work, i.e. 30 working days (5 weeks) per year

Failure to comply with these provisions engages the employer's criminal liability (article L. 3171-4 et seq.). Time management tools combined with digital signature systems make it possible to record agreements for working time flexibility or forfeited days in a binding manner.

---

Obligations Concerning Health, Safety and Risk Prevention

The General Safety Obligation

Article L. 4121-1 of the Labour Code requires the employer to take the necessary measures to ensure safety and protect the physical and mental health of workers. This strict liability obligation (case law of the Court of Cassation, "asbestos" rulings from 2002 and their evolution towards a strengthened obligation of means since 2015) covers: occupational risk prevention measures, training and information for employees, implementation of appropriate organisation and resources.

Medical Supervision and Monitoring by the Prevention Service

Since the Occupational Health Law of 2 August 2021 (applicable since 31 March 2022), individual health monitoring has been strengthened. The information and prevention visit (VIP) must take place within 3 months of starting work (30 days for night workers or those assigned to high-risk positions). The employer must arrange and finance this monitoring through an inter-company occupational prevention and health service (SPSTI) or internal service.

Prevention of Psychosocial Risks (PSR)

Moral harassment (article L. 1152-1), sexual harassment (article L. 1153-1) and sexual misconduct are active prevention obligations. The employer must designate a harassment representative in companies with 250 or more employees (article L. 1153-5-1). Implementation of a confidential internal whistleblowing procedure is recommended by the CNIL and may be required by the Sapin II law for large companies.

---

Digital and GDPR Obligations in the Employment Relationship

Protection of Employee Personal Data

The employer is a data controller under the GDPR (Regulation EU 2016/679) for all personal data of its employees: HR files, pay slips, geolocation, business messaging, biometric data. It must:

• Maintain a record of processing activities (article 30 of the GDPR)

• Inform employees of the use of their data (articles 13 and 14)

• Designate a Data Protection Officer (DPO) if the activity involves large-scale processing of sensitive data

• Contractually oversee any subprocessor handling employee data

In 2025, the CNIL imposed penalties totalling €90.4 million, several of which concerned failures to protect employee data (excessive geolocation, disproportionate video surveillance, lack of information).

Digitalisation of HR Documents and Electronic Signature

Digitalisation of HR processes is now essential. The comparison of available electronic signature solutions on the market shows that eIDAS-compliant tools allow signing employment contracts, amendments, confidentiality agreements, internal regulations or severance agreements with legal value equivalent to manuscript signatures, in accordance with article 1366 of the Civil Code.

It is advisable to choose a solution offering at minimum an advanced electronic signature (SEA) for high-stakes documents, and to ensure that the service provider is eIDAS-qualified or certified to avoid any future challenge. The AI contract generator offered by Certyneo also makes it possible to automate the drafting of compliant HR documents, reducing the risk of error and processing times.

Cybersecurity and NIS 2 Directive

Since October 2024, the NIS 2 directive (implemented into French law by the law of 17 October 2024) imposes strengthened cybersecurity obligations on essential and important entities, including the securing of HR information systems. Affected employers must adopt appropriate technical and organisational measures, report significant incidents to ANSSI within 72 hours, and regularly train their teams on cybersecurity.

---

Sanctions Incurred in Case of Non-Compliance

Criminal Penalties

The Labour Code provides for criminal penalties for many offences:

• Undeclared work (absence of DPAE or written contract): up to 3 years' imprisonment and €45,000 fine for an individual, €225,000 for a legal entity (article L. 8224-1)

• Non-compliance with hygiene and safety rules that resulted in an accident: criminal endangerment (article 223-1 of the Criminal Code)

• Moral or sexual harassment: up to 2 years' imprisonment and €30,000 fine

Civil and Labour Court Penalties

Failure to comply with a contractual or legal obligation may result in labour court convictions: salary arrears, compensation for dismissal without real and serious cause, damages. Reclassification of a CDD to CDI, for example, automatically triggers payment of a reclassification indemnity of at least one month's salary (article L. 1245-2).

Administrative Penalties

The labour inspectorate has expanded powers since the 2016 "Labour" law and the law of 5 September 2018: formal notice, temporary closure of premises, administrative penalty of up to €10,000 per affected employee for certain breaches. The DREETS (Regional Directorate for Economics, Employment, Work and Solidarity) may also impose compliance plans.

Legal Framework Applicable to Employer Compliance

Employer legal compliance is based on a comprehensive regulatory framework, combining national and European law.

French Labour Code

The Labour Code is the central point of reference. Hiring obligations are governed by articles L. 1221-1 et seq. (employment contract), L. 1242-1 et seq. (CDD), R. 1221-1 (DPAE). Working hours are governed by articles L. 3121-1 et seq., and paid leave by articles L. 3141-1 et seq. Health and safety at work are covered by articles L. 4121-1 to L. 4741-1, including the obligation to assess risks (DUERP, article R. 4121-1). Harassment is penalised by articles L. 1152-1 (moral) and L. 1153-1 (sexual).

Civil Code — Legal Value of Electronic Signature

Article 1366 of the Civil Code establishes the probative value of electronic documents: "An electronic document has the same probative force as a document on paper, provided that the person from whom it originates can be duly identified and that it is established and kept in conditions such as to guarantee its integrity." Article 1367 clarifies that electronic signature consists in the use of a reliable identification process guaranteeing its link with the act to which it is attached.

eIDAS Regulation no. 910/2014

The eIDAS European regulation (Electronic IDentification, Authentication and trust Services) defines three levels of electronic signature: simple, advanced (SEA) and qualified (SEQ). For employment contracts and HR documents with high probative value, advanced or qualified electronic signature is recommended. The eIDAS 2.0 regulation (Regulation EU 2024/1183), which came into force on 20 May 2024, further strengthens these requirements, particularly for European digital identity wallets.

GDPR — Regulation EU no. 2016/679

The employer, as a data controller, is subject to articles 5 (principles of processing), 6 (lawfulness of processing), 13-14 (information of data subjects), 30 (processing activities record) and 32 (data security). The deadline for notifying the CNIL of data breaches is 72 hours (article 33). Maximum penalties reach €20 million or 4% of worldwide turnover (article 83).

NIS 2 Directive — French Law of 17 October 2024

Implementing Directive (EU) 2022/2555, this text imposes on essential and important entities obligations for cyber risk management, incident reporting, and internal governance. HR and human resource management information systems may be subject to these obligations if the entity meets the size and sector criteria defined in article 3 of the directive.

ETSI EN 319 132 and 319 102 Standards

These European technical standards define the formats for advanced electronic signature (XAdES, CAdES, PAdES) and validation procedures. They apply to qualified trust service providers (QTSP) listed on European Trusted Lists. For an employer, using a provider certified to these standards guarantees the admissibility of signatures in case of labour court proceedings.

Usage Scenarios: HR Compliance in Practice

Scenario 1 — A Mid-Sized Industrial Group (800 Employees)

An industrial group employing approximately 800 employees across three sites in France faced a recurring problem: signing seasonal fixed-term contracts and working hours variation amendments required postal back-and-forth of 3 to 7 working days. In case of urgent starts, the legal deadline for providing the contract (48 hours for a CDD) was often missed, systematically exposing the company to reclassification risk.

By deploying an advanced electronic signature solution compliant with eIDAS for all its HR processes, the group reduced the average signing delay to less than 4 hours, eliminated the risk of non-delivery within legal deadlines and achieved estimated savings of €35,000 per year on printing, mailing and physical archiving costs. The unique personnel register was fully digitalised, with certified time-stamping for each entry.

Scenario 2 — An Accountancy Firm of 45 Employees

An accountancy firm employing 45 people managed payroll and HR formalities in-house for dozens of small and medium-sized client businesses. Compliance obligations (DPAE, pay slips, contracts, DUERP) were handled manually, creating a high risk of omission. Following a labour inspectorate inspection at a client, the absence of a written contract for three part-time employees had resulted in reclassification to full-time, representing a cost of €18,000 in contribution arrears and compensation.

By adopting an integrated platform combining automatic generation of compliant contracts and electronic signature, the firm structured its workflows to make hiring without a signed electronic contract impossible. The documentary compliance rate reached 100% at the next audit, and the average time for processing hiring formalities was cut by three.

Scenario 3 — A Retail Chain of 2,500 Employees Across Multiple Sites

A retail chain employing 2,500 employees across 60 stores needed to manage daily contracts for temporary staff, amendments for supplementary hours and individual leave agreements. Geographic dispersal made collecting manuscript signatures almost impossible within legal deadlines. Moreover, the CNIL found during an inspection that employees had not been informed about processing of their geolocation data (connected time clocks).

The company deployed a simple electronic signature solution for low-risk documents (convocations, collective information) and advanced signature for contracts and amendments. It simultaneously updated its GDPR information notices and integrated traceable electronic consent. Results: zero documentary non-compliance at the next DREETS inspection, reduction in temporary staff contract signing time from 72 hours to less than 30 minutes, and complete documented GDPR compliance.

Conclusion

Legal compliance in employment law is an ongoing undertaking for every employer: hiring obligations, register management, compliance with working hours, data protection, risk prevention… Each breach can result in heavy penalties, labour court decisions, criminal charges or administrative sanctions. In 2026, digitalisation of HR processes — and in particular the use of eIDAS-compliant electronic signature — has become one of the most effective levers to secure these obligations, reduce delays and provide probative evidence that is enforceable.

Certyneo supports employers in this approach with a certified electronic signature platform, a compliant HR contract generator and workflows adapted to the constraints of French employment law. Get ahead of your obligations: discover Certyneo's HR solutions or calculate your ROI in a few clicks to measure the concrete impact of digitalised and compliant HR management.