Legal Compliance in Employment Law: Employer Obligations

Legal compliance in employment law represents one of the pillars of modern HR management. Between concluding employment contracts, managing employees' personal data, maintaining the personnel register and complying with mandatory disclosure obligations, the employer navigates a dense and constantly evolving regulatory environment. Failure to comply with these obligations exposes the company to significant civil, criminal and administrative penalties. This article details the main legal obligations incumbent on any employer in France, incorporating the contributions of digital law and in particular the use of electronic signature in the workplace to secure and accelerate HR documentary processes.

Fundamental contractual obligations of the employer

Drafting and delivery of the employment contract

Article L. 1221-1 of the French Labour Code recalls that employment contracts are subject to the rules of common law. For fixed-term contracts (CDD), article L. 1242-12 requires transmission of written notice to the employee no later than two working days following hiring, failing which the contract may be reclassified as a permanent contract (CDI). For part-time contracts (article L. 3123-6), written form is also mandatory.

Following the transposition of European Directive 2019/1152 on transparent and predictable working conditions, the Order of 2 November 2023 expanded the mandatory information to be included in the contract or in an information document provided at hiring. Among these: the duration of the probationary period, notice period rules, the identity of social protection bodies, and training entitlements.

The dematerialisation of these contracts is now fully legal: qualified or advanced electronic signature compliant with the eIDAS regulation gives the signed contract the same legal value as a paper original, in accordance with article 1367 of the French Civil Code.

The unique personnel register

Article L. 1221-13 of the Labour Code requires every employer to maintain a unique personnel register. This register must contain, in chronological order of hiring, the following information: employee identification, nationality, date of birth, gender, position, qualification, dates of entry and departure, type of contract. The register must be kept for five years after the employee's departure. Its absence or irregular maintenance is subject to a fine of €750 per employee concerned (4th class offence).

Probationary period and hiring formalities

The employer must make the preliminary employment declaration (DPAE) no later than eight days before the planned hiring date, to the URSSAF (article R. 1221-1 of the Labour Code). Failure to make a DPAE constitutes an offence of concealed employment (article L. 8221-5), exposing the company to a fine of up to €45,000 and two years' imprisonment for individuals.

Obligations relating to health, safety and working conditions

The general safety obligation

Article L. 4121-1 of the Labour Code establishes the employer's obligation of safety performance: it must take the measures necessary to ensure the safety and protect the physical and mental health of workers. This obligation is expressed through occupational risk prevention actions, employee information and training, and the establishment of appropriate organisation and resources.

The Unique Document for the Evaluation of Occupational Risks (DUERP), made mandatory by the Decree of 5 November 2001 (article R. 4121-1 of the Labour Code), must be drafted from the first employee, updated annually or whenever there is any significant change in working conditions. The Occupational Health Act of 2 August 2021 (Act n° 2021-1018) strengthened this obligation by requiring the DUERP to be retained for 40 years and made available to former employees.

Medical visit and health monitoring

The employer must arrange the information and prevention visit (VIP) within three months following the employee's start date (article R. 4624-10 of the Labour Code), except for posts with particular risks requiring a medical fitness examination prior to hiring. The occupational health doctor may issue an unfitness opinion, which the employer is required to take into account, failing which it may engage its liability.

Obligations relating to harassment and discrimination

Since the Professional Future Act of 5 September 2018 (Act n° 2018-771), companies with at least 250 employees must appoint a sexual harassment representative within the Works Council (CSE) and a dedicated HR representative. Any company, regardless of size, is subject to the obligation to display the contact details of competent services regarding harassment (article L. 1153-5 of the Labour Code). Non-compliance on this point exposes the employer to civil and criminal liability claims.

Obligations relating to employees' personal data

GDPR applied to human resources

The General Data Protection Regulation (GDPR, n° 2016/679) applies fully to the processing of employee data: payroll files, performance evaluations, biometric data, absence monitoring, etc. The employer acts as data controller within the meaning of article 4(7) of the GDPR.

Its main obligations are:

• Records of processing activities (article 30 of the GDPR): mandatory for any company with more than 250 employees or processing sensitive data;

• Informing employees (articles 13 and 14 of the GDPR): upon data collection, via a clear information notice;

• Limiting data retention periods: employee data cannot be kept indefinitely after contract termination;

• Data security (article 32 of the GDPR): the employer must implement appropriate technical and organisational measures.

In the event of a data breach, the employer has 72 hours to notify the CNIL (article 33 of the GDPR). Fines can reach €20 million or 4% of global annual turnover. The CNIL imposed more than €42 million in penalties in 2023, several of which directly concerned HR processing.

Data protection in electronic signature processes

When deploying an electronic signature solution for HR documents (contracts, amendments, company agreements), the employer must ensure that the service provider complies with the GDPR. Biometric data potentially collected during authentication constitutes sensitive data within the meaning of article 9 of the GDPR. Using a comprehensive electronic signature guide helps identify compliant solutions and avoid common errors in data processing.

Obligations relating to staff representation and collective negotiations

Establishment and operation of the Works Council

Since the Macron Orders of 2017 (Orders n° 2017-1386 and 2017-1388), the Works Council (CSE) is the single body for staff representation in companies with at least 11 employees. The employer is required to organise Works Council elections and provide it with the necessary means for its operation: premises, delegation hours, access to economic and social information via the Economic, Social and Environmental Data Portal (BDESE) for companies with at least 50 employees (article L. 2312-36 of the Labour Code).

Failure to organise professional elections constitutes an obstruction offence subject to one year's imprisonment and a €7,500 fine (article L. 2317-1 of the Labour Code).

Mandatory annual bargaining obligations

Article L. 2242-1 of the Labour Code requires companies with union representatives to engage in mandatory annual negotiations covering in particular: remuneration, working hours, value sharing, gender equality and quality of working life (QWL). Since the Value Sharing Act of 29 November 2023 (Act n° 2023-1107), companies with 11 to 49 employees making a net fiscal profit of at least 1% of their turnover for three consecutive years must implement a value-sharing scheme.

Dematerialisation of HR documents: compliance issues and best practices

Documents that can be dematerialised

The dematerialisation of HR processes is now an operational and legal reality. Electronic payslips have been authorised since the Work Act of 8 August 2016 (Act, article L. 3243-2 of the Labour Code), unless the employee objects. Employment contracts, amendments and end-of-contract documents (final statement of account, receipt for final settlement) can be signed electronically provided the solution used guarantees the identification of the signatory and document integrity.

HR solutions dedicated to electronic signature allow you to automate these documentary flows whilst ensuring their evidentiary value. For high-stakes documents (series of fixed-term contracts, company agreements), it is recommended to use an advanced or qualified electronic signature within the meaning of the eIDAS regulation. A comparison of electronic signature solutions will help you choose the tool suited to your volumes and sectoral constraints.

Conservation and archiving of HR documents

Legal retention periods vary depending on the type of document:

• Employment contract and amendments: 5 years after the end of the contract (statute of limitations for common law, article 2224 of the Civil Code);

• Payslips: 5 years (statute of limitations for wage claims, article L. 3245-1 of the Labour Code);

• Documents relating to social contributions: 3 years for URSSAF audits;

• DUERP: 40 years (Occupational Health Act 2021).

An electronic records management system (SAE) compliant with standard NF Z 42-020 guarantees the evidentiary value of dematerialised documents throughout the entire legal retention period. The ROI calculator available on Certyneo allows you to quickly assess the return on investment of complete digitalisation of your HR documentary processes.

Legal framework applicable to employer compliance

Employer legal compliance falls within a multi-layered regulatory framework, combining national law, European law and technical standards.

Civil Code:

• Article 1366 of the Civil Code recognises electronic writing as proof in the same way as paper writing, provided the identity of the person from whom it originates is duly assured and it is created and maintained in conditions designed to guarantee its integrity.

• Article 1367 of the Civil Code defines electronic signature and specifies that it consists in the use of a reliable identification procedure guaranteeing its connection to the act to which it attaches.

eIDAS Regulation (n° 910/2014): This European regulation establishes three levels of electronic signature (simple, advanced, qualified). Qualified electronic signature (QES) benefits from a presumption of reliability and cannot be refused as evidence in judicial proceedings within the EU. The eIDAS 2.0 revision (Regulation 2024/1183 which entered into force on 20 May 2024) introduces the European Digital Identity Wallet (EUDI Wallet), which will impact HR onboarding processes from 2026.

GDPR (n° 2016/679): The employer as data controller is subject to the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality (article 5 of the GDPR). Using an electronic signature provider requires the conclusion of a processor contract compliant with article 28 of the GDPR, specifying in particular security guarantees and procedures for data return or deletion.

NIS2 Directive (2022/2555): Transposed into French law by Act n° 2024-449 of 21 May 2024, the NIS2 Directive extends cybersecurity obligations to essential and important entities, among which are many employers in the health, energy and transport sectors. HR information systems processing sensitive data must integrate enhanced security measures (multi-factor authentication, business continuity plans, incident reporting).

ETSI Standards: The ETSI EN 319 132 standards (XAdES signature formats) and ETSI EN 319 122 (CAdES) define the technical formats of electronically recognised signatures in Europe. Qualified trust service providers (QTSP) listed on the national trust list (Trust List) published by ANSSI guarantee compliance with these standards.

Employment Law: The Labour Code (articles L. 1221-1, L. 1242-12, L. 3243-2, L. 4121-1, L. 2242-1, etc.) forms the foundation of the employer's contractual, organisational and social obligations. Any breach may result in civil sanctions (reclassification, damages), administrative penalties (CNIL fines, DIRECCTE action) and criminal penalties (obstruction offences, concealed employment).

Use cases: HR compliance in practice

Scenario 1 — An 80-person industrial SME digitalises its employment contracts

An industrial SME managing between 80 and 120 employees, with significant seasonal turnover (fixed-term contracts in production), was encountering recurring difficulties: delays in signing fixed-term contracts exceeding the two-day legal period, risk of reclassification, unsecured paper archiving. By deploying an advanced electronic signature solution compliant with eIDAS, the company integrated an automated workflow: contract generation from the HR information system, secure email delivery to the candidate, signature in less than 10 minutes on mobile, automatic archiving with qualified time-stamping.

Results observed after six months of deployment: 85% reduction in fixed-term contract signing time (from an average of 2.4 days to less than 4 hours), complete elimination of risks of non-delivery within legal timeframes, estimated savings of €3,200 per year in printing, mailing and filing costs.

Scenario 2 — A multi-site distribution group ensures compliance with its BDESE and mandatory bargaining obligations

A distribution group with around twenty establishments and approximately 1,200 employees needed to centralise its Economic, Social and Environmental Data Portal (BDESE) and dematerialise the signature of minutes from Works Council meetings and company agreements resulting from mandatory bargaining. The absence of formalised signatures on certain collective agreements exposed the group to disputes concerning their enforceability.

By adopting a qualified electronic signature solution for high-stakes legal documents (profit-sharing agreements, teleworking charter, profit-sharing agreement), the group secured the evidentiary value of all its social documentation. The time saving on signature processes involving multiple signatories (3 to 7 per agreement) was estimated at 60% compared to the paper process with registered mail.

Scenario 3 — An HR consulting firm assists its small business clients with GDPR compliance

An HR consulting firm specialising in human resources, supporting around fifty small to medium-sized businesses, identified that the majority of its clients did not have a GDPR information notice to provide to employees upon hiring, which has been mandatory since 2018. The firm integrated automatic generation of these notices into its support offering, leveraging an AI-powered contract generator and an electronic signature solution for delivery and formalised acknowledgement of receipt.

This system enabled the firm's clients to achieve GDPR compliance in less than two weeks, with an adoption rate of 94% among employees contacted electronically, compared to 67% via the traditional paper process. The risks of CNIL fines for failure to inform were completely eliminated across the supported client portfolio.

Conclusion

Legal compliance in employment law is not limited to formal compliance with the Labour Code: it now encompasses obligations arising from the GDPR, the NIS2 Directive, the eIDAS Regulation and recent legislative developments such as the Value Sharing Act. For the employer, every HR document — contract, amendment, company agreement, information notice — represents a legal act whose evidentiary value must be guaranteed.

eIDAS-compliant electronic signature has become the most effective compliance tool: it secures contracts, accelerates hiring processes, facilitates legal archiving and significantly reduces litigation risks. Certyneo assists you in the complete digitalisation of your HR documentary flows, with certified solutions that are simple to deploy and compliant with European legal requirements.

Discover Certyneo's offers and start for free to transform your HR compliance into a competitive advantage.