Signatory Client Portal in the Public Sector: Practical Guide

The dematerialisation of administrative procedures is accelerating in French local authorities and administrations. Since the entry into force of the "Action publique 2022" plan and the obligations arising from the eIDAS regulation, public bodies must offer seamless, secure and enforceable digital pathways. At the heart of this system: the signatory client portal, a dedicated portal allowing each user or partner to receive, consult, sign and archive official documents online. This article details the concrete steps to create such a portal in the public sector, the regulatory requirements to respect and best practices from the field.

Why the signatory client portal has become strategic for the public sector

The regulatory context and user expectations

In France, Ordinance No. 2014-1330 of 6 November 2014 on the rights of users to contact the administration by electronic means laid the first foundations of a dematerialisation obligation. Since then, the ESSOC Act (2018), the 3DS Act (2022) and successive inter-ministerial circulars have strengthened this dynamic. According to the public dematerialisation barometer published by DINUM in 2025, more than 87% of first-level administrative procedures are now available online, but only 54% incorporate a legally valid electronic signature mechanism.

Users, for their part, no longer tolerate paper back-and-forth. An OpinionWay study from 2024 indicates that 72% of French citizens prefer to sign an administrative document online rather than travel, provided that the device is simple and reassuring. The signatory client portal responds exactly to this expectation by offering a single, secure and traceable point of access for all dematerialised acts.

Differences with the private sector

Unlike the private sector, public bodies are subject to additional constraints: public procurement governed by the Public Procurement Code, deliberations subject to the legality control of the prefecture, civil status acts governed by the Civil Code. The level of electronic signature required varies depending on the nature of the document: a simple partnership agreement may be content with an advanced electronic signature (AES), whilst a notarial deed or a municipal council deliberation may in some cases require a qualified signature (QES) as defined in Article 26 of the eIDAS regulation.

To choose the right level for each type of act, consult our complete electronic signature guide which details the three eIDAS levels and their conditions of use in the public sphere.

Steps to create a signatory client portal in a local authority or administration

Step 1 — Map documentary flows and stakeholders

Before deploying any tool, it is imperative to carry out a flow mapping. This phase involves identifying:

• The types of documents concerned (deliberations, public contracts, conventions, urban planning authorisations, HR acts, etc.);
• Internal signatories (elected officials, general managers, heads of department) and external (service providers, associations, citizens, agents from other public entities);
• Annual volumes and contractual or regulatory deadlines associated;
• Existing information systems (business software such as SEDIT, CIVIL NET, CIRIL, Berger-Levrault) with which the client portal will need to interface.

This mapping makes it possible to define the functional scope of the platform and avoid duplications with tools already in place. It also determines the level of security and authentication to be implemented for each category of users.

Step 2 — Choose the technical solution adapted to public sector requirements

The choice of an electronic signature solution for the public sector responds to specific criteria that the private sector does not always impose with the same rigour:

1. Sovereign hosting: the data of the public body must be hosted in France or in the European Union, on HDS-certified (if health data) or SecNumCloud-certified infrastructure (if sensitive data). The SecNumCloud qualification of ANSSI becomes a differentiating criterion following the circular of the Prime Minister of 5 July 2021.
2. Interoperability: the solution must expose documented REST APIs compatible with RGI (General Interoperability Repository) and RGS (General Security Repository) benchmarks.
3. RGAA accessibility: pursuant to Act No. 2005-102 of 11 February 2005 and implementing decrees, public portals accessible to citizens must comply with the General Accessibility Improvement Repository (RGAA 4.1) at a minimum AA level.
4. eIDAS compliance: signature certificates must be issued by a qualified Trust Service Provider (TSP) appearing on the European trust list (Trusted List) published by the European Commission.

To compare solutions available on the market according to these criteria, our comparative of electronic signature solutions offers an evaluation grid adapted to public buyers.

Step 3 — Configure the signatory client portal: authentication and user journey

The configuration of the signatory client portal rests on three technical pillars:

Authentication of signatories: the public sector has a structural advantage with FranceConnect+, the national digital identity system managed by DINUM. FranceConnect+ allows substantial or high authentication within the meaning of eIDAS, which makes signed acts enforceable without ambiguity. For external service providers (companies, associations), authentication by reinforced email (OTP) coupled with documentary identity verification may be sufficient for intermediate-level acts.

The signature journey must be designed to minimise friction: email or SMS notification, direct access to the document from the dedicated portal, document content visualisation before signature, signature application in one or two clicks depending on the level required, and confirmation by timestamped certificate. Qualified timestamping (RFC 3161) guarantees document integrity and the certain date of signature, essential elements in the event of litigation.

Managing delegations and validation circuits: in a local authority, an act often carries only a single final signature, but it is preceded by an internal visa circuit. The signatory client portal must allow you to configure multi-step workflows (electronic parapheur) with delegation rules compliant with the organisation's delegation of signature order.

Step 4 — Ensure archiving and probative conservation

A signatory client portal is not limited to signature: it must guarantee the probative value of documents over time. The Heritage Code (articles L. 211-1 et seq.) imposes on public bodies specific retention periods depending on the nature of acts (10 years for public contracts, unlimited duration for deliberations, etc.).

The NF Z 42-020 standard defines the requirements for an electronic archiving system with probative value (SAE). The signatory client portal must interface with the organisation's SAE or natively offer a compliant digital safe. Recourse to a qualified third-party archiver makes it possible to externalise this obligation while maintaining the traceability required by the CNIL and administrative courts.

Note that signed documents remain accessible to each signatory from their personal space, in accordance with the access rights provided for by the GDPR and the Freedom of Information Act.

Governance, training and change management in the public sector

Structuring project governance

The deployment of a signatory client portal is a project of organisational transformation as much as technical. Governance should involve:

• General management (DGS/DGA) for political ownership and validation of acts concerned;
• Information Systems Department (DSI) for technical integration and security;
• Data Protection Officer (DPO), mandatory in public bodies since Article 37 of the GDPR, to validate the impact analysis (DPIA);
• Legal department to map risks and validate the legal value of each category of dematerialised acts.

A quarterly steering committee, involving these stakeholders, makes it possible to adjust the deployment and prioritise flows to be dematerialised according to the operational gains observed.

Train agents and external signatories

The adoption of a signatory client portal depends largely on the quality of change management. Public agents, accustomed to paper processes or heterogeneous tools, need short but targeted training: understanding the legal value of electronic signature, knowing how to identify a forged document, mastering the signature circuit for their area.

For external signatories (companies, subsidised associations), a simple guide to use, accessible from the client portal itself, significantly reduces support requests. Modern platforms now integrate contextual tutorials and a dynamic FAQ directly in the signature journey. The Certyneo Help Centre offers, for example, educational resources that can be adapted to your internal communications.

Measure benefits and drive by data

The return on investment of a signatory client portal in the public sector is measured across several dimensions:

• Average signing time: dematerialisation reduces the signature cycle from 7 to 14 days to less than 48 hours on average according to feedback from pioneering local authorities;
• Rate of lost or poorly archived documents: trend to zero with an interfaced SAE;
• Direct costs: printing, postage, courier fees, reprocessing of non-compliant documents;
• Satisfaction of external signatories: measurable via an NPS integrated at the end of the signature journey.

These indicators feed the steering committee dashboard and justify the progressive expansion of the dematerialised scope. To precisely estimate the potential gains for your organisation, our electronic signature ROI calculator allows a personalised projection in less than 5 minutes.

Legal framework applicable to the signatory client portal in the public sector

The implementation of a signatory client portal in a French local authority or administration is part of a dense legal corpus, structured at several levels.

Regulation eIDAS No. 910/2014 of the European Parliament and Council constitutes the European foundation. It distinguishes three levels of electronic signature (simple, advanced, qualified) and imposes that only the qualified signature benefits from a presumption of reliability equivalent to a handwritten signature in all Member States. For sensitive public acts, recourse to a qualified certificate issued by a Trust Service Provider (TSP) registered on the European Trusted List is imperative. eIDAS Regulation 2.0 (EU Regulation 2024/1183), in force since May 2024, strengthens these requirements by introducing the European Digital Identity Wallet (EUDIW), whose integration into public portals must be operational by 2026-2027 according to the timeline set by the Commission.

The Civil Code, in Articles 1366 and 1367, sets the conditions for the validity of electronic written documents in French law: reliable identification of the author and guarantee of document integrity. These conditions are met by the cryptographic mechanisms of advanced and qualified signatures.

GDPR No. 2016/679 requires any organisation processing personal data (name, email, FranceConnect identifier of signatories) to carry out a Data Protection Impact Analysis (DPIA) prior to the deployment of the client portal, in accordance with Article 35 of the regulation. This obligation is reinforced for public bodies. The designation of a DPO (Article 37) is mandatory for all public authorities.

The General Security Repository (RGS v2.0), published by ANSSI, sets the security levels required for the State and local authority's online services. Signature platforms deployed in this context must be audited and, depending on the level of data sensitivity, qualified or certified by ANSSI.

ETSI standards technically govern signature formats: ETSI EN 319 132 (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES for PDFs). The PAdES format is recommended for public documents due to its native readability in standard PDF viewers.

NIS2 Directive (EU 2022/2555), transposed into French law by Act No. 2024-449 of 21 May 2024, extends cybersecurity obligations to essential and important entities, of which many public bodies are a part (municipalities of more than 30,000 inhabitants, departments, regions, health establishments). Signature platforms must be included in the organisation's information systems security policy (PSSI) and must be subject to incident reporting to ANSSI in case of breach.

Finally, the Public Procurement Code (Articles R. 2132-1 et seq.) requires the dematerialisation of public contracts above € 40,000 exc. VAT and requires electronic signature of commitment acts. Non-compliance with this obligation exposes the organisation to a risk of nullity of acts and sanctions during prefectural legality control.

Use scenarios: the signatory client portal in action in the public sector

Scenario 1 — An urban agglomeration community dematerialises its partnership conventions

An urban agglomeration community grouping about twenty municipalities manages over 350 partnership conventions annually with local associations, educational establishments and private service providers. Before the implementation of a signatory client portal, each convention required on average 18 days between internal validation and signature of both parties, with an estimated documentary loss rate of 4% (poorly archived documents or unsigned versions mistakenly retained).

After deployment of a signatory client portal integrated with the existing business information system, the average signature delay fell to 3.5 days. Partner associations access their portal via FranceConnect, receive an email notification as soon as a document is ready to sign and find all their conventions archived in their personal space. The documentary loss rate has been zero since deployment. The estimated annual saving on printing costs, postage and administrative reprocessing exceeds € 15,000, not to mention the time savings for agents.

Scenario 2 — A department dematerialises public procurement acts from its departments

A departmental council handling over 1,200 public contracts annually (across all thresholds) faced signature delays incompatible with the operational constraints of its business departments. The paper circuit involved up to 7 internal stakeholders (instruction, legal review, financial review, signature by president or delegated vice-president) before transmission to the service provider.

The implementation of an electronic parapheur integrated into the signatory client portal made it possible to configure multi-step workflows with automatic delegations in case of absence. The average internal circuit delay fell from 11 days to 2.8 days. The department also noted a 60% reduction in telephone follow-ups made to departments to find out the progress of signatures. The client portal offered to external service providers allows them to sign commitment acts directly from their interface, with a timestamped signature certificate automatically archived in the departmental SAE.

Scenario 3 — A public health establishment secures HR acts for its practitioners

A hospital group of approximately 1,200 employees (including 180 practitioners) managed its engagement contracts, amendments and temporary recruitment acts by post or mandatory physical presence, generating delays incompatible with recruitment needs (guard replacements, medical interim).

The signatory client portal deployed for human resources now allows each practitioner or employee to receive, consult and sign their contract from a secure portal, accessible from any terminal. Authentication is based on FranceConnect+ for permanent employees and on documentary identity verification for temporary workers. The average time from oral agreement to taking up position fell from 8 days (paper file processing time) to less than 24 hours. The establishment also reduced by 40% errors in the completeness of HR files thanks to guided forms integrated into the signature journey, in accordance with public hospital function recommendations.

Conclusion

Creating a signatory client portal in the public sector is no longer an option: it is a progressive regulatory obligation and a growing expectation of users as well as institutional partners. The approach rests on four inseparable pillars — mapping flows, choosing a sovereign and eIDAS-compliant solution, configuring a seamless user journey, and probative archiving — supported by solid governance and rigorous change management.

Local authorities and administrations that have taken this step observe measurable gains: signature delays divided by five on average, reduced administrative costs and impeccable archiving quality. Certyneo supports public bodies in each step of this project, from initial audit to operational deployment.

Ready to take the plunge? Contact our Certyneo experts for a free audit of your documentary flows and a personalised demonstration adapted to the constraints of the public sector.