Legal Compliance in Employment Law: Employer Obligations

Legal compliance in employment law represents one of the most complex challenges for French and European employers. In 2026, the regulatory framework continues to expand: the Labour Code comprises more than 10,000 articles, to which are added provisions from European law, sector-specific collective agreements and company agreements. A single omission — a poorly signed contract, an out-of-date register, a missing statutory notice — can expose the company to criminal penalties, URSSAF adjustments or costly labour disputes. This article reviews the main employer obligations, associated risks, and digital solutions that make it possible to meet them effectively, in particular through electronic signature for HR.

Contractual obligations: the foundation of the employment relationship

The employment contract is the cornerstone of any employer-employee relationship. Its drafting, signature and retention must meet precise requirements.

Formalism of the employment contract

Whilst a permanent employment contract (CDI) on a full-time basis can theoretically be concluded verbally (article L.1221-1 of the Labour Code), the vast majority of contracts require a written document. This is the case for:

• The fixed-term contract (CDD): mandatory delivery no later than 2 working days after hiring (article L.1242-13).

• Part-time employment contract: mandatory mention of working hours distribution, conditions for modification, etc. (article L.3123-6).

• Apprenticeship contract and professional development contract: deposit with the skills operator (OPCO) within 5 days.

• Temporary employment contracts: assignment contract and secondment contract simultaneously.

Since the transposition order of European Directive 2019/1152 of 20 June 2019 (on transparent and predictable working conditions), the employer must provide the employee with, no later than the 7th calendar day following hiring, written information on the essential elements of the employment relationship: workplace, nature of the position, leave entitlements, dismissal procedure, etc.

Dematerialisation of contracts: validity and conditions

Since the Act n°2000-230 of 13 March 2000 adapting the rules of evidence to information technologies, the employment contract may be electronically signed. This possibility is now widely used by companies wishing to accelerate their onboarding processes. Electronic signature in business must, however, comply with the standards defined by the eIDAS regulation to be legally binding. For standard employment contracts, an advanced electronic signature (eIDAS level 2) is generally recommended, whilst certain sensitive acts (dismissal, mutual termination agreement) require particular attention as to the level of signature used.

Mandatory registers and documents

The maintenance of registers is a pillar of social compliance. The labour administration may request them at any time during a labour inspection.

The unique personnel register

Provided for in article L.1221-13 of the Labour Code, the unique personnel register (RUP) must mention, in chronological order of hiring:

• The surname, first name, nationality, date of birth, gender of each employee.

• The position held and qualification.

• Dates of entry and departure.

• The nature of the contract (permanent, fixed-term, part-time, temporary, etc.).

• For foreign workers: the type and serial number of the title authorising the exercise of a salaried activity.

The RUP must be retained for 5 years after the employee's departure. Its failure to maintain or irregularity constitutes an offence subject to a fine of €750 per employee concerned (class 4 offence).

The unique document for assessing occupational risks (DUERP)

Established by Decree No. 2001-1016, the DUERP is mandatory for any company from the first employee onwards. It lists all occupational risks to which workers are exposed. Since the health and safety at work act of 2 August 2021 (Act No. 2021-1018):

• The DUERP must be updated at least annually in companies with at least 11 employees, and whenever any significant reorganisation decision is made or new information about a risk emerges.

• Companies with 50 or more employees must establish an annual programme for the prevention of occupational risks.

• The DUERP must now be kept for 40 years and filed on a digital portal managed by the OPCOs (gradual deployment since 2023).

Mandatory notices and communications

The employer must display or bring to the attention of employees numerous pieces of information:

• The title of applicable collective agreements and agreements and the methods for accessing the texts.

• The contact details of the competent labour inspection authority.

• Texts relating to professional equality (article L.1142-6) and combating sexual harassment (articles L.1153-5, L.1142-6).

• The internal regulations (mandatory from 50 employees, article L.1311-2).

• Collective working hours (article D.3171-1).

• The address and telephone number of the occupational health doctor and emergency services.

The absence of such notices can result in fines of up to €10,000 and undermine the employer's position in the event of dispute.

Protection of employee personal data

The GDPR (Regulation EU 2016/679) applies fully in the context of the employment relationship. The employer, as a data controller, must comply with a precise set of obligations.

HR processing subject to GDPR

Employee personal data is processed on multiple occasions: payroll management, absence tracking, performance evaluation, video surveillance, vehicle geolocation, access to premises by badges, etc. Each processing activity must:

• Be based on a legal basis (legal obligation, legitimate interest, contract performance or consent — the latter being inadvisable in an employment context due to the imbalance in the relationship).

• Be subject to employee notification (privacy notice, mentions in internal regulations or IT charter).

• Be registered in the processing activities register (article 30 GDPR).

• Be covered by a defined and justified retention period.

The CNIL has published several sector-specific reference materials dedicated to HR management, notably on working time management (deliberation n°2019-154) and geolocation (deliberation n°2015-165). These reference materials constitute practical compliance guides that any DPO or HR manager should be aware of.

Electronic signature and data protection

When an employer deploys an electronic signature solution for its HR documents, it creates an additional personal data processing activity. The platform used must be GDPR-compliant: data hosting in the European Union, sub-contracting governed by a DPA (Data Processing Agreement), compliant retention periods. To learn more about the selection criteria for a compliant solution, see our complete guide to electronic signature.

Working time, leave and working conditions

Compliance with rules on working time and leave constitutes a major focus for social compliance, regularly monitored by labour inspection.

Rules on working time

The legal weekly duration is set at 35 hours (article L.3121-27). Overtime is subject to premiums (25% for the first 8 hours beyond 35 hours, 50% thereafter) and an annual contingent of overtime hours set by collective agreement or, failing that, 220 hours (article D.3121-24).

The maximum durations not to be exceeded are:

• 10 hours per day (derogation possible up to 12 hours).

• 48 hours per week (absolute maximum duration).

• 44 hours on average over 12 consecutive weeks.

Failure to comply with these limits exposes the employer to criminal penalties (class 5 offence, i.e. €1,500 per employee concerned) and damages in favour of employees before the Labour Court.

Paid leave and rest

Each employee acquires 2.5 working days of paid leave per month of actual work, or 30 working days (5 weeks) per year (article L.3141-3). Act No. 2024-364 of 22 April 2024 further aligned the rules for acquiring paid leave during periods of sickness leave with the requirements of European Directive 2003/88/CE, following judgements of the CJEU in September 2023: employees on non-occupational sickness leave now acquire 2 working days of paid leave per month of absence.

Mandatory rest periods include:

• A minimum daily rest of 11 consecutive hours (article L.3131-1).

• A minimum weekly rest of 35 consecutive hours (24 hours + 11 hours), in principle on Sundays.

Prevention of psychosocial risks

Since the "Asbestos" judgements of the Court of Cassation (Cass. soc., 28 February 2002), the employer has been subject to a result-based safety obligation regarding the protection of the physical and mental health of employees. In practice, this involves:

• The establishment of a mechanism for reporting moral and sexual harassment.

• Regular training of managers in the prevention of psychosocial risks.

• Rigorous handling of any alert, with traceability of steps taken.

To digitalise all of these documentary processes whilst maintaining the probative value of signed documents, companies are increasingly turning to compared electronic signature solutions that provide both eIDAS compliance and HRIS integration.

Staff representation and collective bargaining

Obligations regarding staff representation vary depending on workforce thresholds. They constitute an important part of social compliance.

Workforce thresholds that trigger obligations

The crossing of certain thresholds triggers new obligations:

• 11 employees: election of the Social and Economic Committee (CSE) is mandatory (article L.2311-2). At this level, the CSE has prerogatives in terms of health, safety and working conditions.

• 50 employees: the CSE's role is expanded (mandatory consultation on strategic direction, economic and financial situation, social policy). Implementation of internal regulations, enhanced occupational health service, appointment of a sexual harassment officer.

• 300 employees: obligation to negotiate annually on actual wages, actual working time, professional equality, quality of working life.

Mandatory negotiations

In companies with union representatives, the employer is required to engage in periodic mandatory negotiations (NAO):

• Each year: remuneration, working time, profit-sharing, professional equality and quality of working life (articles L.2242-1 et seq.).

• Every 3 years: management of employment and career development (GEPP, formerly GPEC) in companies with 300 or more employees.

Failure to engage in these negotiations can result in criminal penalties (obstruction) and deprive the employer of certain tax benefits. The digitalisation of notices, meeting minutes and collective agreements — via electronic signature solutions compliant with the eIDAS regulation — makes it possible to secure proof of compliance with these obligations.

Applicable legal framework for employer compliance

Employer legal compliance rests on an accumulation of national and European standards that must be understood with precision.

Labour Code: the fundamental basis, it governs all contractual obligations (L.1221-1 et seq.), working time (L.3121-1 et seq.), paid leave (L.3141-1 et seq.), staff representation (L.2311-1 et seq.) and occupational health (L.4121-1 et seq.). Article L.4121-1 establishes the general safety obligation: "The employer shall take the necessary measures to ensure the safety and protect the physical and mental health of workers."

Act No. 2000-230 of 13 March 2000: the first French act adapting the rules of evidence to information technologies, it introduced articles 1366 and 1367 of the Civil Code, recognising the probative value of electronic writing and electronic signature. Article 1366 provides: "An electronic document has the same probative force as a document on paper, provided that the person from whom it emanates can be duly identified and that it was created and maintained under conditions such as to ensure its integrity."

eIDAS Regulation No. 910/2014: this European regulation defines three levels of electronic signature (simple, advanced, qualified) and establishes their respective presumption of reliability. For work documents with high probative value at stake (mutual termination agreement, dismissal, settlement agreement), advanced or even qualified electronic signature is recommended to guarantee enforceability in the event of dispute.

GDPR No. 2016/679: applicable to all processing of employee personal data. Article 5 sets out the fundamental principles (lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality). Article 28 requires conclusion of a sub-processing contract (DPA) with any external service provider processing data on behalf of the employer.

EU Directive 2019/1152 (transposed into French law by Order n°2022-1389 of 1 November 2022): it strengthens pre-contractual and contractual information obligations, requiring the provision of a summary document within 7 days of the start of the employment relationship.

Act No. 2021-1018 of 2 August 2021 known as the "occupational health act": it fundamentally reforms the DUERP, expands the missions of occupational health and safety services (SPST), and strengthens traceability of exposure to occupational risks, with DUERP retention extended to 40 years.

Act No. 2024-364 of 22 April 2024: it aligns French law with CJEU case law on the acquisition of paid leave during periods of sickness leave, creating a retroactive right contestable before labour courts for periods prior to 1 December 2009.

Legal risks: in the event of non-compliance, the employer is exposed to criminal fines (from €750 to €45,000), labour court damages, URSSAF adjustments (in particular for undeclared work), CNIL administrative penalties (up to 4% of global turnover for serious GDPR violations), and labour inspection penalties that may extend to a formal notice or temporary closure of the establishment.

Use cases: digitalising HR compliance with electronic signature

Case study 1: a growing SME in services managing hundreds of seasonal fixed-term contracts

An SME of approximately 180 permanent employees in the collective catering sector hires between 400 and 600 employees on fixed-term contracts each year to cover peaks in activity. With a paper-based process, delivery of the contract within the 2 working days required by article L.1242-13 represented a constant logistical challenge: printing, postal sending, follow-up, digitisation of signed copies returned. The average time for return of a signed contract exceeded 8 days, exposing the company to a systematic risk of reclassification as a permanent employee.

By deploying an advanced electronic signature solution compliant with eIDAS, the company reduced this timeframe to less than 4 hours on average (sending the signature link by SMS and email). The rate of documentary compliance increased from 67% to 99% of contracts signed within legal timeframes. Operating gains are estimated at approximately 1,200 hours/year of administrative work, and secure automatic archiving eliminates the risk of document loss during URSSAF inspections.

Case study 2: a mid-sized industrial group digitalising its collective agreements

An industrial group of 1,200 employees spread across 4 production sites in France had to manage about a dozen mandatory negotiations each year (NAO, GEPP agreements, teleworking agreements, profit-sharing agreements), each generating several cycles of amendments and multiple signatures with 3 to 5 representative union organisations.

The paper-based process involved inter-site travel to collect the signatures of union representatives, signature delays ranging from 3 to 6 weeks, and uncertainty as to the probative value of archived copies. By adopting an electronic signature platform with multiparty validation workflows, collective agreements are now signed in an average of 5 working days. Traceability of exchanges (qualified timestamping, audit logs) strengthens the legal security of agreements in the event of subsequent challenges. The cost of managing collective bargaining has decreased by approximately 35% according to HR management estimates.

Case study 3: a network of accounting firms managing payroll and contracts for multiple SME clients

A network of 12 accounting firms manages, on an outsourced basis, HR functions (payroll, contracts, social reporting) for over 800 SME clients, representing a flow of several thousand employment contracts to process each month. The regulatory constraint is twofold: respecting legal timeframes on behalf of client companies, and ensuring GDPR compliance in the processing of personal data of employees of those SMEs.

By integrating an electronic signature solution via API into their existing HR management tool, the firms have automated the sending of contracts to SME client employees as soon as they are created in the payroll software. Signature is obtained in less than 2 hours in 85% of cases. Signed documents are automatically archived with probative value, accessible in each SME's secure client area. This model has enabled firms to offer a "turnkey" HR compliance offering to their clients, generating additional revenue estimated at 15 to 20% on their HR service line.

Conclusion

Legal compliance in employment law is a multidimensional discipline that requires rigour, continuous regulatory monitoring and appropriate tools. From contract drafting to maintaining mandatory registers, through protecting employees' personal data and complying with working time rules, each dimension engages the employer's civil, criminal and administrative liability. In 2026, the digitalisation of HR processes — and in particular the adoption of eIDAS-compliant electronic signature — is no longer a luxury but a necessity to ensure compliance on a large scale, whilst reducing operating costs.

Certyneo supports employers in this transformation with a B2B electronic signature platform compliant with eIDAS, hosted in Europe and integrable with your HR tools. Start free on Certyneo or check our pricing to find the offer suited to your organisation's size.