Electronic signature in the public sector: 2026 guide

The digital transformation of the French State has accelerated significantly in recent years, and electronic signature is one of its most structuring regulatory pillars. For public buyers, local authorities and public service operators, the question is no longer whether to adopt electronic signature, but how to remain compliant with a rapidly evolving legal framework. Between the obligations arising from the eIDAS regulation, the requirements of the Public Procurement Code and the new constraints of the NIS2 directive, administrations face a complex regulatory landscape. This article guides you step by step: required signature levels, scope of obligation, compliance risks and best practices for 2026.

Electronic signature in public procurement: a legal obligation since 2020

Since 1 October 2018, then reinforced by the Order of 12 April 2018 relating to electronic signature in public procurement, the dematerialisation of public procurement procedures has become the norm in France. For all contracts whose estimated value is equal to or above the European threshold for formal procedures — set at €221,000 net for supplies and services of public bodies and €5,538,000 net for works in 2026 — the use of electronic signature is mandatory for acts of engagement, service orders and subcontracting acts.

The three levels of eIDAS signature applicable

Regulation eIDAS No 910/2014 establishes three levels of electronic signatures, two of which are relevant in public procurement:

• Simple Electronic Signature (SES): sufficient for routine exchanges, receipts of receipt or certain internal notifications. It does not provide strong identity assurance.
• Advanced Electronic Signature (AES): required for most contractual acts in public procurement. It uniquely identifies the signatory, is linked to the signed data and detects any subsequent modification.
• Qualified Electronic Signature (QES): the highest level, legally equivalent to handwritten signature under Article 1367 of the Civil Code. Mandatory for complex work contracts, certain notarial acts and documents with high probative value.

The Order of 12 April 2018 specifies that acts of engagement must be signed with at least an advanced electronic signature based on a qualified certificate (hereinafter "AES-QC"), which in practice approaches the qualified level.

Dematerialisation platforms (buyer profiles)

Since 1 April 2017, every public buyer must have a dematerialised buyer profile — a platform for managing calls for tender such as ATEXO, e-Marchés, AWS Market, etc. — to publish its consultations above the threshold of €40,000 net. These profiles must natively integrate an electronic signature module compatible with qualified certificates issued by trust service providers (TSPs) referenced on the French trust list (LCR) published by ANSSI.

To learn more about how these mechanisms work in general, consult our comprehensive electronic signature guide.

eIDAS 2.0 compliance: what's changing for administrations in 2026

The revision of the eIDAS regulation, known as eIDAS 2.0 (EU Regulation 2024/1183, which entered into force in May 2024), introduces several major developments that directly impact French public administrations.

The European Digital Identity Wallet (EUDI Wallet)

Article 5a of the revised eIDAS regulation requires Member States to offer a European Digital Identity Wallet (EUDI Wallet) to all citizens and legal entities by October 2026. For administrations, this means that online services will have to accept this wallet as a means of authentication and signature. ANSSI coordinates the French deployment in liaison with DINUM (Inter-ministerial Directorate for Digital Affairs), which leads the programme via the National Agency for the Coherence of Territories.

New trust attributes and interoperability

EIDAS 2.0 strengthens cross-border interoperability: a qualified signature affixed by a Belgian or German operator must be recognised without restriction by French platforms. For public buyers entering into contracts with European operators, this development simplifies procedures but requires verification that the tools used support the new European trust lists (EU Trusted Lists). Our analysis of the eIDAS 2.0 regulation details all these developments.

Cybersecurity obligations linked to NIS2

The NIS2 directive (transposed into French law by ordinance in March 2025) classifies local authorities with more than 30,000 inhabitants and essential public entities among the important entities subject to enhanced security requirements. In practical terms, the electronic signature solution used must:

• Be hosted by a provider certified HDS (Health Data Hosting) for health entities, or SecNumCloud for sensitive State data;
• Have complete and tamper-proof audit logs;
• Be subject to a documented business continuity plan (BCP).

Public acts subject to the obligation to use electronic signature

Beyond public procurement strictly speaking, electronic signature is gradually extending to a very broad scope of administrative acts.

Contractual documents and resolutions

• Public procurement acts: purchase orders, amendments, service orders, receipt minutes;
• Resolutions of deliberative assemblies: since the law of 27 December 2019 (the "Engagement and Proximity Act"), municipalities can transmit their acts to the legality control in electronic form signed via the @ctes portal of the DGCL;
• Public service contracts: contracts of contracted agents of territorial public service benefit from the presumption of validity of qualified electronic signature.

Tax and budgetary acts

The Directorate General for Public Finance (DGFiP) has required since 2022 the dematerialised transmission of budgetary documents to communities of more than 3,500 inhabitants. Authorised representatives can electronically sign revenue titles and payment mandates integrated into accounting systems (Hélios, Chorus Pro).

Cerfa forms and civil status acts

The Public Services + programme (formerly Action Publique 2022) targets the complete digitisation of the 250 most used forms. Several Cerfa — particularly for planning authorisations (building permits, prior declarations) — now accept advanced electronic signature from applicants.

If you manage contractual flows in a public structure, our comparison of electronic signature solutions will help you identify the tool best suited to your regulatory constraints.

Choosing a compliant solution for the public sector: essential criteria

Faced with the proliferation of market offerings, public buyers must rely on objective criteria to select their electronic signature provider.

Certification and referencing

The solution must imperatively:

1. Be referenced on ANSSI's trust list (French TSL) or rely on a certificate issued by a TSP (Trust Service Provider) itself qualified eIDAS;
2. Be compliant with ETSI standards EN 319 132 (XAdES), EN 319 122 (CAdES) or EN 319 162 (PAdES) depending on the required document format;
3. Be compatible with buyer profiles referenced by the DAJ (Directorate of Legal Affairs of the Ministry of Economy).

Hosting and data sovereignty

For public procurement data, classified as "Restricted Distribution" in some cases, hosting must be located in France or within the European Union with contractual guarantees against access by extra-European jurisdictions (Cloud Act reform). The SecNumCloud label from ANSSI is the reference in terms of digital sovereignty.

Integration with administration's business tools

Authorities generally use specialised ERP systems (CIVITAS, Berger-Levrault, JVS-Mairistem, etc.). The signature solution must provide a documented REST API enabling integration into these workflows without disruption. An ROI calculator can help you quantify the expected productivity gains during your deployment project.

Traceability and archiving

The Heritage Code (Article L.213-1) requires specific retention periods for public documents. The solution must guarantee archiving with probative value (NF Z42-026 standard) with qualified timestamping (RFC 3161) and complete audit trail exportable in case of litigation before the administrative tribunal.

For structures considering migrating from an existing tool, our guide on migration from DocuSign or YouSign to Certyneo presents the key stages of a transition without service interruption.

Legal framework applicable to electronic signature in the public sector

Electronic signature in the public sector is part of a multi-level regulatory framework that must be mastered to guarantee the legal validity of dematerialised acts.

Civil Code — Articles 1366 and 1367

Article 1366 of the Civil Code provides that "electronic writing has the same probative force as writing on paper, provided that the person from whom it emanates can be duly identified and that it is established and preserved in conditions such as to guarantee its integrity". Article 1367 specifies that a qualified electronic signature within the meaning of eIDAS is presumed to be reliable — thus reversing the burden of proof in favour of the signatory.

Regulation eIDAS No 910/2014 and its 2024/1183 revision

The eIDAS European regulation establishes a unified framework for trust services within the EU. Its Article 25 provides that a qualified electronic signature has the same legal value as a handwritten signature in all Member States. Annex I sets out the technical requirements for qualified certificates. The 2024 revision (eIDAS 2.0) adds the regulatory framework for the European Digital Identity Wallet.

Order of 12 April 2018 relating to electronic signature in public procurement

This order is the operational reference text for French public procurement. It requires advanced electronic signature with qualified certificate (compliant with Annex I eIDAS) for acts of engagement, and specifies acceptable formats (PAdES, XAdES, CAdES).

Public Procurement Code — Articles R.2132-7 et seq.

Articles R.2132-7 to R.2132-14 of the Public Procurement Code govern the modalities of electronic transmission of applications and tenders, making electronic signature opposable once it complies with the levels defined by the 2018 order.

GDPR No 2016/679

Personal data collected during the signature process (signatory identity, IP address, timestamp) constitutes personal data within the meaning of the GDPR. The public buyer acts as a data controller and must ensure that the signature provider complies with Articles 28 (subprocessor contract) and 32 (data security). An information notice (Article 13) must be provided to signatories.

NIS2 directive transposed into French law (ordinance March 2025)

Essential and important public entities within the meaning of NIS2 must report significant security incidents to ANSSI within 24 hours. A failure of the electronic signature system affecting the continuity of public procurement can constitute such an incident.

Legal risks in case of non-compliance

An act of engagement signed with an insufficient level can be contested before the administrative judge of the pre-contractual reference proceedings (Article L.551-1 of the Code of Administrative Justice), leading to the suspension or even annulation of the award procedure. Contractual penalties for delays attributable to a technical failure of the signature can reach 1/1000th of the net amount per calendar day of delay according to the General Terms and Conditions in force.

Use cases: electronic signature in daily life in the public sector

Scenario 1 — A municipality union managing about a hundred contracts annually

A medium-sized inter-municipal organisation, bringing together about twenty municipalities and managing approximately 120 public contracts per year (works, supplies, services), faced paper signature delays reaching an average of 12 working days for an act of engagement. Physical shuttles between technical departments, the procurement department and the president of the inter-municipal organisation generated recurring delays in award procedures, exposing the authority to litigation risks.

By deploying a qualified electronic signature solution integrated into its buyer profile, the authority reduced this time to less than 48 hours. Automatic traceability of initials and timestamps also made it possible to reduce by 70% the time spent on constituting regulatory archiving files (retention period: 10 years for contracts above European thresholds).

Scenario 2 — A public hospital and its supplier contracts

A hospital group of approximately 1,200 beds, subject to public procurement rules as a public health institution (EPS), had to sign each year more than 400 amendments and purchase orders within the framework of markets following framework agreements. The multiplicity of authorised signatories (director of procurement, deputy director, administrative attachés) and the requirement for HDS hosting made the selection of a solution complex.

By opting for a France-hosted platform certified HDS, compatible with qualified certificates issued by a TSP referenced by ANSSI, the establishment was able to electronically delegate signature rights through granular user profiles. The volume of printed documents fell by 85%, and the direct cost of paper archiving decreased by approximately €15,000 per year according to an internal estimate made 18 months after deployment.

Scenario 3 — A technical services department of a large city and work service orders

A technical services department of a city of more than 80,000 inhabitants managing a multi-year road rehabilitation programme had to issue an average of 60 service orders per month to work companies. Before dematerialisation, each service order involved printing, handwritten signature, scanning and registered mail delivery — a cost of approximately €8 per document and an unavoidable delay of 3 to 5 days.

The integration of an advanced electronic signature workflow directly into their business software enabled near-instantaneous issuance of service orders, with acknowledgement of receipt electronically signed by the company's representative. The time gain in the effective start of work was estimated between 3 and 4 days per site, which, over 15 simultaneous sites on average, represents a significant operational impact on compliance with contractual schedules.

Conclusion

Electronic signature in the public sector is no longer a forward-looking issue: it is an operational obligation, governed by specific texts, with real legal risks in case of breach. Whether it is acts of engagement in public procurement, resolutions transmitted to legality control or work service orders, each dematerialised act engages the responsibility of the authority or public entity that produces it.

Faced with eIDAS 2.0, NIS2 and the acceleration of the State's digital transformation programme, administrations that have not yet structured their compliance approach must act now. Certyneo offers a qualified electronic signature solution, hosted in France, compliant with ANSSI requirements and integrable into your existing business tools.

Discover how Certyneo can support your administration towards full compliance: request a demonstration or consult our pricing and get ahead of the 2026 regulatory deadlines.