Compliance with Labour Law: Employer's Obligations

Introduction: why employer compliance is a strategic issue

In 2026, compliance with labour law represents far more than an administrative constraint: it is a lever for legal protection, social trust and competitiveness. Employers face a dense body of regulations — the Labour Code, GDPR, NIS2 Directive, collective agreements — whose mastery conditions their ability to recruit, manage and retain their teams. An error in the formalisation of a contract, a delay in delivering a mandatory document or a failure in managing personal data can expose the company to heavy sanctions. This article details the main employer obligations, associated risks and digital tools, notably electronic signature for HR, which enable employers to meet these requirements effectively.

---

Fundamental obligations regarding employment contracts

Drawing up and delivering the contract

The most visible obligation of any employer remains the formalisation of the employment contract. The Labour Code imposes specific rules depending on the nature of the contract:

• Permanent contract (CDI): although no written document is legally compulsory for a full-time CDI, the provision of a written contract is strongly recommended and imposed in practice by virtually all collective agreements. In case of dispute, the absence of a written record presumes the existence of a full-time permanent contract.

• Fixed-term contract (CDD): the fixed-term contract must imperatively be drawn up in writing and delivered to the employee within two working days following employment (article L.1242-13 of the Labour Code). Any breach results in automatic reclassification as a CDI.

• Part-time contract: writing is mandatory and must mention the weekly or monthly duration, schedules and terms for modification (articles L.3123-6 et seq.).

Since the entry into force of European Directive 2019/1152 on transparent and predictable working conditions, transposed into French law by ordinance, the employer must also provide employees with a summary document of essential information (duration of probationary period, remuneration, leave, termination procedures) within seven calendar days from the start of employment.

Probationary period and its formalities

The probationary period is not presumed: it must be expressly stipulated in the contract or engagement letter. Its maximum duration is fixed by the Labour Code and may be reduced by sectoral agreement. In case of omission or excessive duration, the probationary period is deemed non-existent, exposing the employer to reclassification of the termination as dismissal without valid and genuine grounds.

Contract signature: issues and dematerialisation

Obtaining a valid signature on the employment contract is crucial. Electronic signature, governed by the eIDAS regulation, offers a legal and traceable alternative to paper signing. It guarantees document integrity and the identity of the parties, two fundamental requirements of labour law. For employers managing large volumes of contracts, consulting a comparison of electronic signature solutions allows them to choose the tool best suited to their HR context.

---

Obligations regarding notice, information and mandatory registers

Mandatory notices in the workplace

Every employer, regardless of company size, is required to display a set of regulatory information in its premises. Article L.1221-13 of the Labour Code and many supplementary texts impose in particular:

• The name of applicable collective agreements and accords

• Contact details of the labour inspectorate and occupational health physician

• Texts relating to professional equality, combating moral and sexual harassment, and discrimination

• Internal regulations (mandatory from 50 employees)

• Health and safety instructions and emergency exits

• Collective working hours and compensatory rest periods

Since 2020, URSSAF and DIRECCTE acknowledge that certain notices may be dematerialised via the intranet, provided that all employees have effective access.

Keeping mandatory registers

The employer must keep several registers up to date, including:

• The single personnel register (article L.1221-13), which must contain entries and exits of all employees

• The staff representative register (replaced by the Works Council since 2020)

• The single document for assessing occupational risks (DUERP), updated at least once per year and each time there is a significant change in working conditions (article R.4121-1 et seq.)

• The register of minor workplace accidents, subject to agreement with the labour inspectorate

Sanctions for non-compliance can reach €750 per infringement (class 3 contravention), and multiple breaches can be cumulative.

Internal regulations and IT charter

Mandatory in companies with at least 50 employees, internal regulations must be submitted to the Works Council, sent to the labour inspectorate and posted before coming into force. They establish rules relating to discipline, hygiene and safety. The IT charter, although not mandatory, is strongly recommended in a context where the GDPR requires formalisation of personal data use by collaborators.

---

Obligations regarding payroll and working time

Dematerialised payslip

Since the Labour Law of 8 August 2016, the employer may provide payslips in electronic format, unless the employee objects. This right of objection must be respected and documented. The dematerialised payslip must be stored in a digital safe accessible to the employee for at least fifty years or until the age of 75.

The mandatory information on the payslip is listed in articles R.3243-1 et seq. of the Labour Code. In 2024, the simplification of the payslip imposed by the Ministry of Labour reduced the number of mandatory items whilst strengthening the clarity of social deductions.

Working time and overtime

The employer must ensure compliance with maximum legal durations:

• 10 hours of actual work per day (except derogation)

• 48 hours per week (or 44 hours on average over 12 consecutive weeks)

• 11 hours of consecutive rest between two working days

• 35 hours of legal weekly duration, beyond which the enhanced overtime regime applies (25% for the first 8 hours, 50% beyond)

Non-compliance with these durations exposes the employer to criminal prosecution (offence of obstruction) and compensation for loss suffered by employees.

Right to disconnect and teleworking

Incorporated into the Labour Code since the El Khomri Law (2016) and clarified by the Macron Ordinances (2017), the right to disconnect obliges companies with more than 50 employees to negotiate terms of exercise within the framework of mandatory annual negotiation (NAO). Regarding teleworking, the teleworking agreement or charter must specify periods of availability, coverage of costs and conditions for returning to the office. Electronic signature in business facilitates rapid and traceable formalisation of these amendments to the contract.

---

Obligations regarding data protection and security

GDPR and employee personal data

The employer is responsible for processing personal data of collaborators under the GDPR (EU Regulation 2016/679). As such, it must:

• Keep a register of processing (article 30 of the GDPR) documenting each processing activity involving employee data

• Inform employees via an accessible and understandable privacy notice

• Limit collection to strictly necessary data (minimisation principle)

• Govern transfers of data outside the EU through appropriate safeguards (standard contractual clauses or adequacy decision)

• Manage data breaches and notify CNIL within 72 hours if the risk to persons concerned is established

CNIL may impose fines up to €20 million or 4% of annual global turnover, whichever is higher.

Cybersecurity and NIS2 Directive

Since October 2024, the NIS2 Directive (EU Directive 2022/2555) applies to a broader scope of companies classed as "essential entities" and "important entities". Employers concerned must implement cyber risk management measures, train collaborators and notify significant incidents to ANSSI. In this context, using certified electronic signature solutions, hosted in Europe and compliant with ETSI standards, contributes to securing sensitive documentary processes. For further information, the complete guide to electronic signature details compliance criteria to verify.

Health and safety at work

The employer is subject to a results-based safety obligation transformed into a reinforced duty of care by case law from the Court of Cassation (rulings from 2002 and developments since 2015). Concretely, it must:

• Assess occupational risks and record them in the DUERP

• Implement a prevention plan

• Arrange safety training for new employees and exposed workers

• Ensure medical surveillance of employees via the inter-company occupational health service (SSTI)

Non-compliance with these obligations may incur the inexcusable fault of the employer, significantly increasing compensation to the victim of a workplace accident or occupational disease.

Legal framework applicable to employer obligations

Labour Code: fundamental provisions

The regulatory framework applicable to the employer in France is principally structured around the Labour Code, of which the following articles are central:

• Article L.1221-1: definition of the employment contract and obligation of good faith in its performance

• Article L.1242-13: mandatory delivery of CDD within two working days

• Article L.3123-6: formalities of part-time contract

• Articles R.4121-1 et seq.: obligation to update DUERP annually

• Article L.4121-1: general safety obligation on the employer

eIDAS Regulation and electronic signature

The European Regulation No. 910/2014 (eIDAS), directly applicable in all Member States, defines three levels of electronic signature: simple, advanced and qualified. In labour law, case law accepts advanced or qualified electronic signature for employment contracts. Article 1366 of the Civil Code recognises the probative value of electronic writing equivalent to that of paper writing, provided that its author can be duly identified and the document is kept under conditions guaranteeing its integrity (article 1367). The eIDAS 2.0 revision, currently being deployed, strengthens identity requirements and expands the scope of European digital identity wallets (EUDI Wallet).

GDPR and protection of employee data

The EU Regulation 2016/679 (GDPR) imposes on the employer, in its capacity as data controller, strict obligations: lawfulness of processing (article 6), information of persons (articles 13 and 14), rights of employees (articles 15 to 22), keeping a register of processing (article 30) and notification of breaches (articles 33 and 34). The CNIL has the power to sanction up to €20 million. In 2023 and 2024, several French companies were sanctioned for transferring HR data to extra-European subcontractors without sufficient safeguards.

NIS2 Directive and organisational cybersecurity

Transposed into French law via the ordinance of 17 October 2024, the NIS2 Directive (2022/2555/EU) requires essential and important entities to implement formalised cyber governance, including managing risks related to the supply chain. Employers concerned must train managers and employees, audit their digital service providers and notify significant incidents to ANSSI within 24 hours.

ETSI standards and quality of electronic signatures

The standards ETSI EN 319 132 (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES) define the technical formats of advanced and qualified electronic signatures. Compliance with these standards by trusted service providers (TSP) registered on the European Trust List guarantees interoperability and admissibility of electronic evidence before EU courts.

Use cases: electronic signature in service of employer compliance

Scenario 1 — A distribution SME managing 150 contracts annually

An SME in the food distribution sector employs approximately 120 permanent employees and recruits about fifty seasonal workers in CDDs each year. Before dematerialisation, the HR department devoted on average 45 minutes per contract to printing, postal dispatch, tracking signed returns and physical filing. Over 150 contracts annually, this represented more than 110 hours of administrative work, not counting reminders for documents not returned within the legal timeframe (2 working days for CDDs).

By deploying an advanced electronic signature solution compliant with eIDAS, the company reduced the average signature timeframe from 4.2 days to less than 6 hours. Contracts are automatically archived in a digital safe, the single personnel register is updated in real time and the labour inspectorate can be supplied with supporting documents in a few clicks. The estimated time saving exceeds 80%, representing a return on investment of less than six months according to industry benchmarks published by Syntec Digital.

Scenario 2 — A healthcare at-home services group with dispersed teams

A provider of home care services employing approximately 300 nurses, care assistants and healthcare auxiliaries spread across several departments faced a recurring problem: the signature of amendments modifying schedules or place of assignment. These documents, often urgent, previously required a trip to headquarters or sending by registered mail, generating delays incompatible with operational constraints and exposing the employer to the risk of unilateral modification of working conditions without formal employee agreement.

Thanks to mobile electronic signature, each amendment is signed by the employee from their smartphone, with strong authentication by SMS OTP. The employer retains timestamped and certified proof of employee agreement, eliminating the risk of subsequent challenge. The rate of disputes over contractual modifications decreased by around 60% within eighteen months, according to comparable feedback from similar sectors in healthcare.

Scenario 3 — A strategy consultancy firm addressing GDPR compliance of its HR processes

A consultancy of around fifteen consultants, subject to the dual requirement of GDPR and the Labour Code, needed to formalise its HR data processing: collection of bank details, management of sick leave, training follow-up and delivery of dematerialised payslips. The absence of clear privacy notices delivered for signature of the contract constituted an identified CNIL risk during an internal audit.

By integrating the GDPR privacy notice directly into the electronic signature flow of the employment contract, the consultancy ensures that each new collaborator has been informed of their rights before signing. The date and time of reading are timestamped, constituting proof that can be relied upon in case of CNIL inspection. This approach, combining labour law compliance and GDPR in a single digital process, is now recommended by several professional associations in the consultancy sector.

Conclusion

Employer compliance with labour law is not limited to drafting a compliant contract: it encompasses management of mandatory notices, keeping registers, protecting personal data, cybersecurity and health and safety at work. Each of these obligations, if neglected, exposes the company to financial sanctions, judicial reclassifications or costly disputes with employees.

Digitalisation of HR processes, and in particular the adoption of an eIDAS-compliant electronic signature solution, is today one of the most effective levers for securing and accelerating employer compliance. Certyneo allows you to manage the entire lifecycle of your HR contractual documents from a single, sovereign and certified platform.

Discover Certyneo's pricing and start digitalising your employer obligations today, or calculate your ROI in just a few minutes.