Labour Law Compliance: Employer Obligations

Labour law compliance represents a major challenge for all French enterprises, regardless of size. Between mandatory notice posting, contract drafting, personal data management and legal document archiving, the regulatory framework continues to expand. In 2026, digital transformation imposes additional new requirements: how can one digitise without losing compliance? This article guides you through the main employer obligations, associated legal risks, and concrete solutions to secure your HR practices on a daily basis.

Legal Foundations of Employer Compliance

The Labour Code: Pillar of Legal Obligation

The Labour Code is the central reference for every employer established in France. It sets rules relating to working hours, paid leave, minimum wage (minimum wage set at €11.88/hour gross as of 1 January 2026), conditions for contract termination, and union rights. The employer must not only know these provisions but be able to prove at any time their effective application in the company.

Several documentary obligations structure this compliance: maintaining a single personnel register (art. L.1221-13), providing each employee with a detailed payslip (art. L.3243-1), and concluding a written contract for fixed-term contracts (art. L.1242-12) and part-time contracts (art. L.3123-6). For permanent contracts, the law has required since the transposition of European Directive 2019/1152 (known as "Transparent Working Conditions") written information on the essential elements of the employment relationship within seven days of hiring.

Collective Agreements and Company Agreements

Beyond the Labour Code, the employer must comply with the provisions of the collective agreement applicable to its sector of activity. These texts may provide conditions more favourable than the law regarding minimum wages, notice periods, bonuses or working hours. In case of dispute, labour court judges systematically verify the company's compliance with these agreements. Failure to comply with a collective agreement constitutes a fault that may engage the employer's civil liability.

Company agreements negotiated with employee representatives (CSE) supplement this framework. Since the Macron Ordinances of 2017, their scope of application has been considerably expanded, notably on working time, variable compensation and teleworking issues.

Documentary Obligations and Mandatory Posting

Documents to Display in the Company

The employer is required to display a set of mandatory information in its premises, under penalty of administrative fines. Among the main required postings are:

• Address and contact details of the territorially competent labour inspection office

• Collective working hours and rest schedules

• Legal and regulatory texts relating to gender equality in the workplace

• Contact details of the occupational health physician and occupational health service

• Prohibition on smoking and vaping in premises

• Applicable collective agreement (or its title with indication of where it can be consulted)

Since 2023, certain postings may be carried out electronically, provided that all employees have access to them from their workstation. This development opens the way to progressive digitisation of information obligations.

Management and Retention of HR Documents

The retention of social documents is subject to specific time limits. Employment contracts must be retained for five years after the end of the contractual relationship (statute of limitations for wage payment claims). Payslips, since the El Khomri law of 2016, must be retained indefinitely when digitised in a digital safe deposit box compliant with electronic signature standards. Documents relating to social contributions are retained for three years.

The stakes are considerable: according to a Deloitte study published in 2024, nearly 38% of labour disputes are aggravated by the employer's inability to produce the original contractual documents within the prescribed time limits.

Digitisation of Employment Contracts: Issues and Compliance

The Legal Framework for Electronic Signatures in Labour Law

Since Ordinance no. 2016-131 of 10 February 2016 reforming contract law, electronic signatures are legally equivalent to handwritten signatures provided they meet the requirements of Article 1367 of the Civil Code. In the field of employment contracts, the General Labour Directorate (DGT) confirmed in its 2017 circular that permanent contracts, fixed-term contracts and amendments can be signed electronically, provided the signatory is reliably identified and the integrity of the document is assured.

Regulation eIDAS no. 910/2014 defines three levels of signature: simple, advanced and qualified. For the vast majority of HR documents (employment contracts, amendments, contract termination documents), advanced electronic signature offers a sufficient level of security and is recognised by courts. For certain specific acts such as approved consensual termination or collective agreements, special attention must be paid to the level of signature required. Companies wishing to digitalise their HR processes can rely on the Certyneo HR solution, compliant with eIDAS regulation and CNIL requirements.

Operational Benefits of HR Digitisation

Electronic signature of HR documents generates substantial gains. According to the 2025 IDC report on digital transformation of support functions, companies that have digitised their contract signature process reduce the average return time for signed contracts by 75% (from 8 to 2 days), and reduce printing, mailing and archiving costs by approximately €60 per contract. For a SME of 50 employees averaging 25 hires per year, annual savings exceed €1,500, not counting gains in employee time.

The enhanced traceability offered by a qualified electronic signature solution also represents a strong argument in case of dispute: each step of the signature process is timestamped and logged, creating an irrefutable audit trail. To precisely evaluate the return on investment of your digitisation project, the Certyneo ROI calculator allows you to obtain a personalised estimate in just a few minutes.

Protection of Employee Personal Data (GDPR)

Employer Obligations as a Data Controller

The employer is a data controller within the meaning of GDPR (General Data Protection Regulation, no. 2016/679) for all personal data collected on its employees. As such, it must:

• Maintain a record of processing activities (art. 30 GDPR)

• Inform employees of data collection and use (art. 13-14 GDPR)

• Implement technical and organisational measures guaranteeing data security

• Designate a data protection officer (DPO) where processing requires it

• Conduct an impact assessment (DPIA) for high-risk processing

The CNIL recalled in its 2024 guidelines that employee monitoring (geolocation, professional email control, biometric badging) is subject to strict conditions of proportionality and must be the subject of prior information to staff representatives.

Sensitive Data and Enhanced Vigilance

Certain categories of data collected in the context of the employment relationship are considered "sensitive" within the meaning of Article 9 of the GDPR: health data (sick leave, medical restrictions from the occupational health physician), data relating to trade union or political affiliation, biometric data. Their processing is prohibited except for strictly defined exceptions and requires, in all cases, enhanced safeguards.

Breach of these obligations exposes the employer to administrative sanctions that can reach 4% of annual global turnover or €20 million. In 2025, the CNIL imposed 135 penalties, several of which targeted employers for failures in HR data management.

Prevention of Occupational Risks and Single Document

The DUERP: A Central Obligation

The Single Document for the Evaluation of Occupational Risks (DUERP) is mandatory for any employer, from the first employee (art. L.4121-3 of the Labour Code). It must list all risks to the health and safety to which employees are exposed, and be updated at least annually, as well as whenever there is a significant change in working conditions or following any occupational accident.

Since Act no. 2021-1018 of 2 August 2021 (called the "Occupational Health Act"), the DUERP must be filed on a dedicated digital portal managed by employer organisations. The employer must retain successive versions of the document for at least 40 years. Non-compliance with this obligation is sanctioned by a fifth-class fine (penalty up to €1,500 per employee).

Training and Information of Employees

The employer has a general obligation of safety towards its employees, established by case law under the term "contractual obligation of safety of result" (Cass. soc., 28 February 2002, Asbestos). This obligation notably implies providing safety training when hiring, when changing position or following an accident. Records of these trainings must be retained and may be requested during a labour inspection.

Digitised management of these training documents — invitations, certificates, attendance records — naturally fits into a comprehensive HR digitalisation approach. The contract templates and HR documents available on Certyneo allow you to automate the production and signature of these documents in full regulatory compliance.

Legal Framework Applicable to Employer Compliance

Compliance with labour law is based on a dense body of law, articulating national law and European regulation.

French Labour Code: It constitutes the primary source of employer obligations. Its provisions relating to the conclusion and performance of the employment contract (Book II, first part), working hours (Book I, third part), health and safety (fourth part) and staff representative bodies (second part, Book III) are binding on every private employer.

Civil Code — Articles 1366 and 1367: These provisions, resulting from Ordinance no. 2016-131, establish the principle of equivalence between handwritten and electronic signature. Article 1366 states that "electronic writing has the same probative force as writing on paper support". Article 1367 conditions the validity of electronic signature on reliable identification of the signatory and the integrity of the signed document.

eIDAS Regulation no. 910/2014: This European regulation, directly applicable in France, defines the three levels of electronic signature (simple, advanced, qualified) and establishes the conditions for their mutual recognition between Member States. The revised version eIDAS 2.0 (EU Regulation 2024/1183, which entered into force in May 2024) strengthens requirements for trust service providers and introduces the European digital identity wallet (EUDIW). ETSI standards EN 319 132 and EN 319 122 define the technical formats of compliant signatures (XAdES, CAdES, PAdES).

GDPR no. 2016/679: The processing of employee personal data is subject to GDPR. The employer must notably respect the principles of data minimisation, limitation of retention periods and integrity/confidentiality (art. 5). In case of personal data breach, it has 72 hours to notify the CNIL (art. 33).

NIS2 Directive (2022/2555), transposed into French law by the Act of 26 September 2025: it extends cybersecurity obligations to a broad spectrum of entities, including digital service providers used by employers for document management and electronic signature. Employers using SaaS tools must ensure their providers comply with NIS2 requirements.

Legal Risks and Sanctions: Non-compliance with Labour Code obligations exposes the employer to labour court judgements (wage reimbursement, damages), administrative fines imposed by the labour inspection, and in the most serious cases, criminal prosecution (concealed work, moral or sexual harassment). Use of an electronic signature solution that does not comply with eIDAS may result in the nullity of signed acts and deprive the employer of any valid evidence in case of dispute.

Usage Scenarios: Digitised HR Compliance in Practice

A 80-Employee Industrial SME Facing Contract Return Delays

An SME in the metalworking sector, employing 80 employees and frequently using seasonal fixed-term contracts, faced a recurring problem: contracts sent by postal mail to candidates returned signed with an average delay of 9 days, sometimes after the start of the assignment. This situation exposed the company to a risk of reclassification of fixed-term contracts as permanent contracts due to lack of a signed contract before taking up duties (art. L.1242-13 of the Labour Code).

By deploying an advanced electronic signature solution integrated into its HRIS, the company reduced this delay to less than 4 hours on average. The rate of contract return before the first working day rose from 62% to 99%, virtually eliminating the risk of reclassification. The HR time saving was estimated at 3.5 hours per week, equivalent to approximately €18,000 of annual salary cost reallocated to higher value-added tasks.

A Multi-Site Retail Group Managing Hundreds of Annual Amendments

A retail group operating twenty retail outlets in France had to manage more than 400 amendments to employment contracts each year (changes in schedules, moves to part-time, individual salary increases). The manual process involved back-and-forth between site managers, head office and employees, generating average validation delays of 12 days and an error rate (unsigned or poorly archived amendments) exceeding 15%.

After migration to a SaaS electronic signature platform compliant with eIDAS with automated workflows, the average amendment signature time fell to 48 hours. The archiving error rate was reduced to less than 1%, and the company now has a complete timestamped audit trail for each document, which allowed it to win a labour dispute by instantly producing proof of signature during a hearing.

A Consulting Firm in Full Growth Adapting its Practices to GDPR

A strategy consulting firm with around fifty employees, in rapid growth, collected and stored sensitive HR data (personal information sheets, identity documents, bank details, medical information related to sick leave) in unsecured shared folders. Following a GDPR audit ordered by its external DPO, several critical non-conformities were identified: lack of formalised legal basis for certain processing, non-compliant retention periods, lack of data encryption at rest.

The firm restructured its document architecture around an electronic document management platform (EDM) coupled with a certified electronic signature solution, allowing end-to-end encryption and fine-grained access rights management. A processing record was updated and retention policies automated. This compliance effort helped avoid a CNIL procedure and reassured institutional clients requiring contractual guarantees on data security.

Conclusion

Compliance with labour law is a permanent exercise that engages the civil, criminal and administrative liability of any employer. From properly formalised employment contracts to the protection of employee personal data, through occupational risk prevention and mandatory posting, each obligation requires rigorous organisation and appropriate tools.

Digitisation of HR processes — provided it is carried out in compliance with eIDAS regulation and GDPR — is today the most effective lever to reconcile legal compliance with operational efficiency. It reduces delays, strengthens traceability and secures evidence in case of dispute.

Certyneo supports employers in this transition with a 100% compliant electronic signature solution, integrable with your existing HR tools. Create your free account on Certyneo and digitise your first employment contracts in full compliance from today.