Legal Compliance in Labour Law: Employer Obligations

Introduction

In 2026, legal compliance in labour law represents a major strategic issue for any employer, whether directing a micro-enterprise with five employees or a group with several thousand collaborators. The regulatory framework has become considerably denser: the El Khomri law, Macron ordinances of 2017, Labour law of 8 August 2016 (n°2016-1088), not to mention the generalisation of GDPR and the growing prominence of electronic signature in HR processes. A compliance error can be costly: contract requalification, clause nullity, URSSAF adjustment or condemnation by labour courts. This article reviews the fundamental employer obligations, associated risks and tools to durably secure your practices.

---

Fundamental Employer Obligations in Labour Law

Formalising the Employment Contract

The employment contract is the foundation of any professional relationship. While the permanent employment contract (CDI) can theoretically be verbal for simple jobs, European directive 2019/1152 of 20 June 2019 — transposed into French law by ordinance n°2022-1272 of 29 September 2022 — now requires the provision of a written or electronic document to the employee within seven days following hiring. This document must mention at a minimum: the identity of the parties, the start date, the duration and conditions of notice, remuneration, the daily or weekly working hours, paid leave, and the applicable collective agreement.

For the fixed-term employment contract (CDD), article L.1242-12 of the Labour Code makes written form mandatory under penalty of automatic requalification as CDI. Similarly, temporary work contracts (agency work), apprenticeship and vocational training contracts each require specific formalities. Electronic signature for HR constitutes today a robust solution for formalising these acts in compliance with the eIDAS regulation.

Respecting Information and Training Obligations

The employer is required to inform each employee of their rights from the time of hiring: personal training account (CPF), training rights, access to the single document for professional risk assessment (DUERP). The DUERP — made mandatory by decree n°2001-1016 and strengthened by the occupational health law of 2 August 2021 (n°2021-1018) — must be updated at least annually and whenever there is any significant change in working conditions. Its dematerialisation and electronic preservation are now possible, provided that the integrity and traceability of the document are guaranteed.

Moreover, since 1 October 2022, any employer with at least 50 employees must file the DUERP on a national dematerialised portal, managed by branch prevention organisations. This obligation is progressively extending to enterprises with fewer than 50 employees.

Ensuring Compliance Regarding Working Time and Leave

Regulations on working time (articles L.3121-1 et seq. of the Labour Code) impose strict maxima: 10 hours per day, 48 hours per week (44 hours on average over 12 consecutive weeks). Overtime must be remunerated or compensated according to the conditions of the applicable collective agreement. Non-compliance with these rules exposes the employer to criminal sanctions (article L.3171-4) and wage recovery claims.

Regarding paid leave, the Court of Cassation ruling of 13 September 2023 (n°22-17.340) — in line with CJEU case law — has broadened the accrual of paid leave during non-occupational sick leave. Employers have since had to revise their counting and inform their employees in writing within a ten-month period from the publication of the adaptation law of 22 April 2024 (n°2024-364).

---

Obligations Regarding Protection of Employee Personal Data

GDPR and HR Data Processing

The employer is a controller within the meaning of GDPR (Regulation n°2016/679). As such, it must maintain a record of processing activities, appoint a Data Protection Officer (DPO) if its activities require it (article 37 of GDPR), and guarantee the lawfulness of each processing of employee personal data. The legal bases that can be used are primarily contract performance (art. 6.1.b), legal obligation (art. 6.1.c) and legitimate interest (art. 6.1.f).

The CNIL has published specific recommendations for human resources: limited retention periods (for example, three years for non-selected candidates' data), securing electronic payslips, regulating workplace video surveillance. In the event of a data breach, the employer has 72 hours to notify the CNIL (article 33 of GDPR), failing which fines of up to 4% of worldwide turnover may be imposed.

Security of HR Information Systems

The NIS2 directive (EU directive 2022/2555), transposed in France by law n°2023-703 of 1 August 2023 and implementing decrees of 2024, imposes enhanced cybersecurity measures on operators of vital importance and essential/important entities. Even employers not directly subject to it have every interest in auditing the security of their HR tools (HRIS, digital safe, signature platform), as liability for employee data leaks can be incurred.

To learn more about technical standards, Certyneo's comprehensive guide to electronic signature details the security levels required according to document types.

---

Dematerialisation of HR Documents: Framework and Best Practices

Legal Value of Electronic Employment Contract

Since ordinance n°2005-674 of 16 June 2005, an employment contract may be concluded, modified and signed electronically. Article 1366 of the Civil Code provides that "electronic writing has the same probative force as writing on paper", provided that the identity of the person from which it originates is guaranteed and that the document is preserved under conditions designed to ensure its integrity.

The level of signature required depends on the stakes of the document. Advanced or qualified electronic signature (in accordance with eIDAS regulation n°910/2014) is recommended for acts significantly engaging the parties — mutual termination agreement, settlement, contract amendment. The electronic signature solution for business must therefore be chosen carefully, verifying the eIDAS compliance of the service provider.

Retention and Archiving of Work Documents

Retention obligations vary according to documents: five years for payslips (article L.3243-4 of the Labour Code), five years for employment contracts after the end of the contractual relationship, thirty years for documents relating to exposure to occupational risks. The employer must guarantee the integrity, readability and accessibility of digital archives throughout their legal retention period.

The employee digital safe, provided for by the El Khomri law and operated by approved third parties of trust, enables payslips to be made directly available to the employee in a secure personal space. Dematerialised delivery is valid once the employee has not objected to it (article L.3243-2 of the Labour Code).

Management of Terminations and Disciplinary Procedures

The homologated mutual termination agreement (article L.1237-11 of the Labour Code) requires the signature of CERFA form n°14598*01. Since 2022, the TéléRC online procedure enables fully dematerialising this process. However, the use of electronic signature for these forms requires particular vigilance: DREETS (Regional Directorate for Economy, Employment, Work and Solidarity) has clarified that qualified electronic signature is required to guarantee the authenticity of the consent of both parties.

For disciplinary procedures (warning, suspension, dismissal), notification by registered mail with acknowledgement of receipt remains the norm, but electronic registered mail (LRE), recognised by article L.100 of the Code for Posts and Electronic Communications, offers a fully valid alternative. These developments are detailed in the comparison of electronic signature solutions available on Certyneo.

---

Social Dialogue and Collective Bargaining Obligations

Mandatory Annual Negotiation

In enterprises with a union representative, the employer must engage each year in negotiations on themes fixed by law (articles L.2242-1 et seq. of the Labour Code): actual remuneration, duration and organisation of working time, gender equality in the workplace, quality of working life. Failure to negotiate results in an increase in the employer's contribution to vocational training.

Consultations of the Social and Economic Committee and Dematerialisation of Minutes

The Social and Economic Committee (CSE), established by the Macron ordinances of 2017 for enterprises with at least 11 employees, must be consulted on major decisions affecting the enterprise (working conditions, restructuring, introduction of new technologies). Minutes of CSE meetings may be electronically signed, which accelerates their distribution and archiving. Electronic signature for law firms and HR services precisely meets these needs for documentary traceability and authenticity.

Regarding collective agreements, the law of 29 March 2018 (n°2018-217) established the possibility of signing company agreements electronically, provided that each signatory has a valid electronic signature certificate. This advance considerably simplifies multi-site management and remote work situations.

Legal Framework Applicable to Employer HR Compliance

Legal compliance in labour law rests on a superimposition of national and European texts that every employer must master.

French Labour Code: Articles L.1221-1 to L.1221-26 govern the formation of employment contracts. Article L.1242-12 imposes writing for CDDs under penalty of requalification. Articles L.3121-1 to L.3121-67 regulate working time. Article L.3243-2 authorises dematerialised delivery of payslips. Article L.1237-11 governs mutual termination agreements.

Civil Code: Article 1366 establishes the principle of equivalence between electronic and paper writing. Article 1367 defines the conditions for validity of electronic signature (reliability of the identification process, link with the act). These provisions are directly applicable to dematerialised employment contracts.

eIDAS Regulation n°910/2014: It establishes three levels of electronic signature — simple, advanced, qualified — and their mutual recognition within the European Union. For sensitive HR acts (mutual termination agreement, settlement, collective agreement), advanced or qualified signature is recommended. eIDAS 2.0 revision (EU regulation 2024/1183) strengthens interoperability and introduces the European digital identity wallet (EUDIW).

GDPR n°2016/679: Articles 6, 13, 14, 33 and 37 are particularly relevant for processing employee personal data. The employer must notably inform employees of the processing of their data (articles 13-14), notify the CNIL in case of breach (article 33) and, where applicable, appoint a DPO (article 37).

NIS2 Directive (2022/2555) and French law n°2023-703: Impose cybersecurity measures on essential and important entities, with progressive extension to sub-contractors and suppliers. HR systems processing sensitive data are concerned.

ETSI Standards: Standard ETSI EN 319 132 governs advanced electronic signature formats (XAdES, PAdES, CAdES). Qualified trust service providers must comply with standard ETSI EN 319 411.

Directive 2019/1152 transposed by ordinance n°2022-1272: Requires the provision of a written or electronic document within seven days following hiring.

Occupational Health Law n°2021-1018: Strengthens obligations relating to DUERP and occupational risk prevention.

Risks in Case of Non-Compliance: CDD requalification as CDI, nullity of contractual clauses, labour court convictions (damages potentially reaching 20 months' salary for dismissal without real and serious cause in enterprises with more than 10 employees), CNIL fines up to 20 million euros or 4% of worldwide turnover, URSSAF adjustments, and DREETS penalties. The director's criminal liability can also be engaged in case of serious failure to comply with workplace safety rules (articles L.4741-1 et seq. of the Labour Code).

Usage Scenarios: HR Compliance in Practice

Scenario 1 — A Manufacturing SME Managing 150 Hires per Year

A manufacturing SME of approximately 250 employees, specialising in mechanical subcontracting, faced a high volume of seasonal hiring: nearly 150 CDDs and agency contracts per year. Contracts were printed, manually signed, scanned and then archived in physical files. The average time between the hiring decision and actual contract signature reached 4.8 business days, regularly generating delays in employee start dates and a requalification risk when the employee began before signature.

By deploying an advanced electronic signature solution compliant with eIDAS for all its HR contracts, this SME reduced the signing delay to less than 4 hours on average. The rate of contracts signed before the first working day increased from 61% to 98%. Savings on printing, postage and physical archiving costs were estimated at approximately 18,000 euros per year, representing a positive ROI within the third month of use. Electronic traceability moreover enabled producing without delay the evidence required during an URSSAF inspection.

Scenario 2 — A Multi-Site Distribution Group with Generalised Remote Working

A distribution group comprising around twenty establishments distributed across the entire national territory had to manage the signature of remote working amendments for nearly 800 collaborators following a reorganisation. The paper process required postal sending of amendments, an average return delay of 12 days, and laborious manual follow-up. Approximately 15% of amendments were returned incomplete or unsigned.

By migrating to an electronic signature platform integrated with their HRIS, the group was able to issue the 800 amendments simultaneously via automated workflows. The signature rate within 48 hours reached 94%. The HR service estimated a 70% reduction in administrative time devoted to follow-up. Electronic preservation of amendments, timestamped and automatically archived, simplified responses to several individual labour court claims, instantly providing proof of party agreement.

Scenario 3 — A Recruitment Firm Managing Sensitive Candidate Data

A recruitment firm specialising in executive profiles, processing approximately 3,000 applications per year, received a formal notice from the CNIL for excessive retention of non-selected candidate personal data (retention period exceeding three years without legal basis). The firm did not have a formalised record of processing activities, nor a procedure for automatic data deletion.

After a GDPR compliance audit, the firm implemented a dematerialised document management process including electronic signatures on candidate consent forms, parameterised retention periods and automatic deletion workflows. Candidates now receive a link signed electronically specifying the conditions for processing their data. This system enabled closing the CNIL procedure and demonstrating proactive compliance, strengthening the trust of the firm's enterprise clients.

Conclusion

Legal compliance in labour law is not a one-off constraint: it is a continuous process that engages the employer's responsibility at each stage of the employment relationship — from hiring to termination, including daily management of personal data and social dialogue. Texts are multiplying, inspections are intensifying, and sanctions reach significant levels. In this context, secure dematerialisation of HR documents, supported by eIDAS-compliant electronic signature solutions, becomes both a compliance lever and an operational performance tool.

Certyneo supports employers in this transition with a certified platform, adapted to the most demanding HR challenges. Calculate right now the return on investment of your HR dematerialisation with our ROI calculator, or contact our experts for a personalised audit of your document processes.