Legal Compliance in Labour Law: Employer Obligations

Introduction

In 2026, legal compliance in labour law remains one of the absolute priorities for any business leader or HR manager. Between the constant evolution of the Labour Code, GDPR requirements, dematerialisation of contracts and strengthened labour inspection controls, the obligations placed on employers have never been more numerous or more precise. Failure to master these exposes employers to administrative, criminal and civil sanctions that can threaten the viability of the business. This article provides a comprehensive overview of the main categories of obligations, associated risks and best practices to address them effectively.

---

The fundamental obligations of the employer when hiring

The prior notice of hiring (DPAE)

Before any recruitment, the employer is required to submit a Prior Notice of Hiring (DPAE) to URSSAF, no later than 8 days before the employee takes up their position (Article R. 1221-1 of the Labour Code). This formality triggers the employee's affiliation to the general Social Security scheme, the opening of unemployment insurance rights, and the organisation of the pre-employment medical examination. In 2024, URSSAF audited more than 180,000 employers and issued adjustments totalling several million euros for failure to comply with this obligation.

The drafting and delivery of the employment contract

The employment contract is the foundation of the legal employment relationship. For fixed-term contracts (CDD), a written document must be issued within 48 hours of hiring (Article L. 1242-12 of the Labour Code), failing which the contract may be reclassified as permanent (CDI). For permanent part-time contracts, a written document is also mandatory. Since law no. 2019-1428 of 24 December 2019 and its transposition of European Directive 2019/1152, the employer must provide a written statement specifying the essential conditions of the contract within the first seven days of work.

Electronic signature for HR today offers a secure solution, compliant with the eIDAS regulation, to formalise these contracts remotely, reduce signature lead times and archive documents with legal certainty. Solutions such as those described in our comprehensive guide to electronic signature allow HR practices to be aligned with the most recent legal requirements.

Mandatory employee information

Since the transposition of Directive 2019/1152 (the so-called "Transparent Working Conditions" Directive), the employer must inform every new employee, in writing, about: the identity of the parties, place of work, job title, remuneration, working hours, leave entitlements, applicable collective agreement, and procedures to follow in case of termination. This information must be provided no later than the seventh calendar day following the start of work. Failure to comply with this obligation exposes the employer to a civil fine of up to €750 per uninformed employee.

---

Continuing obligations in personnel management

The maintenance of mandatory registers

Every employer must maintain and update several statutory registers, accessible to labour inspectors and worker representatives:

• The single staff register (Article L. 1221-13 of the Labour Code): must list, in order of hiring, the names, forenames, nationality, date of birth, gender, job, qualification and entry/exit dates of each employee. Information must be recorded at the time of hiring and retained for 5 years after the employee's departure.

• The single document for the assessment of occupational risks (DUERP): mandatory from the first employee (Article R. 4121-1), it must be updated at least annually or whenever there is a significant change in working conditions. The law of 2 August 2021 to strengthen occupational health prevention has required since 31 March 2022 the storage and digital filing of the DUERP on a dedicated national portal.

• The safety register: records periodic checks of equipment, evacuation drills and incidents.

Payroll, pay slips and social declarations

The employer is required to issue a pay slip with each salary payment (Article L. 3243-2 of the Labour Code). From 1 January 2027, total dematerialisation of the personal social declaration (DSN) will be mandatory for all businesses, regardless of size. The pay slip must include specific items (gross salary, contributions, net salary before and after tax, net amount payable, etc.) failing which sanctions apply. The employer must retain these documents for a minimum of five years.

The use of electronic signature in business facilitates the dematerialised validation of employee amendments, individual pay rises or summary pay slips, in compliance with the probative requirements of the Civil Code.

Compliance with maximum working hours and leave

The Labour Code sets mandatory limits:

• Maximum daily duration: 10 hours (unless otherwise agreed)

• Maximum weekly absolute duration: 48 hours per week, 44 hours on average over 12 consecutive weeks

• Mandatory daily rest: 11 consecutive hours

• Paid leave: 2.5 working days per month worked, or 30 working days (5 weeks) per year

Failure to comply with these provisions engages the employer's criminal liability (Articles L. 3171-4 and following). Time management tools combined with digital signature systems allow agreements on modulation or fixed annual hours to be documented in a binding manner.

---

Obligations in health, safety and occupational hazard prevention

The general safety obligation

Article L. 4121-1 of the Labour Code imposes on the employer the obligation to take measures necessary to ensure the safety and protect the physical and mental health of workers. This obligation of result (case law of the Court of Cassation, "asbestos" rulings of 2002 and their evolution towards a reinforced best efforts obligation since 2015) covers: actions to prevent occupational risks, training and informing employees, and the implementation of an appropriate organisation and resources.

Medical surveillance and monitoring by the prevention service

Since the Occupational Health Law of 2 August 2021 (applicable since 31 March 2022), individual monitoring of health status has been strengthened. The information and prevention visit (VIP) must take place within 3 months of starting work (30 days for night workers or those in hazardous positions). The employer must organise and finance this monitoring through an inter-company or internal occupational health and safety service (SPSTI).

Prevention of psychosocial risks (PSR)

Moral harassment (Article L. 1152-1), sexual harassment (Article L. 1153-1) and sexist behaviour are active prevention obligations. The employer must designate a harassment officer in companies with 250 or more employees (Article L. 1153-5-1). The implementation of a confidential internal whistleblowing mechanism is recommended by the CNIL and may be required by the Sapin II law for large businesses.

---

Digital and GDPR obligations in the employment relationship

The protection of employee personal data

The employer is a data controller under the GDPR (Regulation EU 2016/679) for all personal data relating to its employees: HR files, pay slips, geolocation, business communications, biometric data. It must:

• Maintain a record of processing activities (Article 30 of the GDPR)

• Inform employees of the use of their data (Articles 13 and 14)

• Appoint a Data Protection Officer (DPO) if the activity involves large-scale processing of sensitive data

• Contractually oversee any subcontractor processing employee data

In 2025, the CNIL issued sanctions totalling €90.4 million, several of which concerned failures to protect employee data (abusive geolocation, disproportionate video surveillance, lack of information).

Dematerialisation of HR documents and electronic signature

The dematerialisation of HR processes is now essential. The comparison of electronic signature solutions available on the market shows that eIDAS-compliant tools allow employment contracts, amendments, confidentiality agreements, internal regulations or severance documents to be signed with legal value equivalent to handwritten signatures, in accordance with Article 1366 of the Civil Code.

It is advisable to choose a solution offering at least an advanced electronic signature (AES) for high-stakes documents, and to ensure that the service provider is eIDAS-qualified or certified to avoid any future dispute. The AI contract generator offered by Certyneo also makes it possible to automate the drafting of compliant HR documents, reducing the risk of error and processing times.

Cybersecurity and NIS 2 Directive

Since October 2024, the NIS 2 Directive (transposed into French law by the law of 17 October 2024) imposes enhanced cybersecurity obligations on essential and important entities, including the securing of HR information systems. Affected employers must adopt appropriate technical and organisational measures, report significant incidents to ANSSI within 72 hours, and regularly train their teams on cybersecurity.

---

Penalties incurred in case of non-compliance

Criminal penalties

The Labour Code provides for criminal penalties for numerous offences:

• Undeclared work (absence of DPAE or written contract): up to 3 years imprisonment and €45,000 fine for an individual, €225,000 for a legal entity (Article L. 8224-1)

• Failure to comply with health and safety rules resulting in an accident: offence of endangering others (Article 223-1 of the Criminal Code)

• Moral or sexual harassment: up to 2 years imprisonment and €30,000 fine

Civil and labour court penalties

Failure to comply with a contractual or legal obligation may result in labour court convictions: back wages, compensation for dismissal without just cause, damages. The reclassification of a fixed-term contract as permanent, for example, automatically results in the payment of a reclassification allowance of at least one month's salary (Article L. 1245-2).

Administrative penalties

Labour inspectors have enhanced powers under the 2016 "Labour" law and the law of 5 September 2018: formal notices, temporary closure of establishments, administrative fines of up to €10,000 per affected employee for certain violations. DREETS (Regional Directorate of Economy, Employment, Labour and Social Cohesion) may also impose compliance plans.

Legal framework applicable to employer compliance

Employer legal compliance is based on a dense regulatory framework, combining national and European law.

French Labour Code

The Labour Code constitutes the central reference. Hiring obligations are governed by Articles L. 1221-1 and following (employment contract), L. 1242-1 and following (fixed-term contracts), R. 1221-1 (DPAE). Working hours are regulated by Articles L. 3121-1 and following, and paid leave by Articles L. 3141-1 and following. Occupational health and safety fall under Articles L. 4121-1 to L. 4741-1, including the obligation to assess risks (DUERP, Article R. 4121-1). Harassment is penalised by Articles L. 1152-1 (moral) and L. 1153-1 (sexual).

Civil Code — Legal value of electronic signature

Article 1366 of the Civil Code recognises the probative value of electronic writing: "An electronic document has the same probative force as a document on paper, provided that the person from whom it emanates can be duly identified and that it is established and retained in conditions such as to guarantee its integrity." Article 1367 specifies that electronic signature consists in the use of a reliable identification process guaranteeing its link with the act to which it is attached.

eIDAS Regulation no. 910/2014

The eIDAS European regulation (Electronic IDentification, Authentication and trust Services) defines three levels of electronic signature: simple, advanced (AES) and qualified (QES). For employment contracts and HR documents with high probative value, advanced or qualified electronic signature is recommended. Regulation eIDAS 2.0 (EU Regulation 2024/1183), which entered into force on 20 May 2024, further strengthens these requirements, in particular for European digital identity wallets.

GDPR — Regulation EU no. 2016/679

The employer, as a data controller, is subject to Articles 5 (principles relating to processing), 6 (lawfulness of processing), 13-14 (information to persons), 30 (record of processing activities) and 32 (data security). The deadline for notifying the CNIL of data breaches is 72 hours (Article 33). Maximum penalties reach €20 million or 4% of annual worldwide turnover (Article 83).

NIS 2 Directive — French Law of 17 October 2024

Transposing Directive (EU) 2022/2555, this text imposes on essential and important entities obligations for managing cyber risks, reporting incidents, and internal governance. HR information systems and human resources management systems may be concerned if the entity meets the size and sector criteria defined in Article 3 of the Directive.

ETSI Standards EN 319 132 and 319 102

These European technical standards define the formats for advanced electronic signature (XAdES, CAdES, PAdES) and validation procedures. They apply to qualified trust service providers (QTSP) listed on European Trust Lists. For an employer, using a provider certified according to these standards guarantees the admissibility of signatures in case of labour court dispute.

Use cases: HR compliance in practice

Case 1 — An intermediate-sized industrial group (800 employees)

An industrial group employing around 800 employees across three sites in France faced a recurring problem: signing seasonal fixed-term contracts and work pattern variation amendments required postal back-and-forths of 3 to 7 working days. In case of urgent hiring, the legal deadlines for issuing the contract (48 hours for a fixed-term contract) were not met, exposing the company to systematic reclassification risk.

By deploying an advanced eIDAS-compliant electronic signature solution for all HR processes, the group reduced the average signature lead time to less than 4 hours, eliminated the risk of non-delivery within legal deadlines and achieved estimated savings of €35,000 per year on printing, mailing and physical archiving costs. The single staff register was fully digitalised, with certified time-stamping for each entry.

Case 2 — An accounting firm with 45 employees

An accounting firm employing 45 people internally managed payroll and HR formalities for several dozen SME/micro-business clients. Compliance obligations (DPAE, pay slips, contracts, DUERP) were processed manually, creating a high risk of omission. Following a labour inspection audit at a client, the absence of a written contract for three part-time employees resulted in reclassification to full-time, representing a cost of €18,000 in back contributions and allowances.

By adopting an integrated platform combining automated generation of compliant contracts and electronic signature, the firm structured its workflows to make it impossible to hire without a signed electronic contract. The documentary compliance rate reached 100% at the next audit, and the average time to process hiring formalities was cut by three.

Case 3 — A distribution chain with 2,500 employees across multiple sites

A retail chain employing 2,500 employees across 60 points of sale had to manage daily contracts for extra workers, amendments for additional hours and individual leave agreements. The geographical dispersion made collecting handwritten signatures within legal deadlines virtually impossible. Additionally, the CNIL had noted, during a verification, the absence of information to employees on the processing of their geolocation data (connected time clocks).

The company deployed a simple electronic signature solution for low-risk documents (invitations, collective information) and advanced for contracts and amendments. It simultaneously updated its GDPR information notices and integrated a traceable electronic consent. Results: zero documentary non-compliance at the next DREETS inspection, reduced lead time for signing extra contracts from 72 hours to less than 30 minutes, and full documented GDPR compliance.

Conclusion

Legal compliance in labour law is an ongoing project for every employer: obligations when hiring, maintenance of registers, compliance with working hours, data protection, hazard prevention… Each breach can result in heavy sanctions, labour court rulings, criminal penalties or administrative fines. In 2026, the dematerialisation of HR processes — and in particular the use of eIDAS-compliant electronic signature — has become one of the most effective levers to secure these obligations, reduce lead times and establish a traceable, binding record.

Certyneo supports employers in this approach with a certified electronic signature platform, a compliant HR contract generator and workflows adapted to the constraints of French labour law. Get ahead of your obligations: discover Certyneo's HR solutions or calculate your ROI in just a few clicks to measure the tangible impact of dematerialised and compliant HR management.