Legal Compliance in Labour Law: Employer Obligations

Legal compliance in labour law represents one of the most complex challenges for French and European employers. In 2026, the regulatory framework continues to expand: the Labour Code accounts for more than 10,000 articles, to which are added provisions arising from European law, sectoral collective agreements and company agreements. A single omission — a poorly signed contract, an outdated register, a missing statutory notice — can expose the company to criminal penalties, URSSAF enforcement actions or costly employment tribunal disputes. This article reviews the main employer obligations, associated risks, and digital solutions that enable you to respond effectively, notably through electronic signature for HR.

Contractual obligations: the foundation of the employment relationship

The employment contract is the cornerstone of any employer-employee relationship. Its drafting, signing and retention must meet precise requirements.

Formalities of the employment contract

Whilst a full-time permanent contract (CDI) can theoretically be concluded verbally (article L.1221-1 of the Labour Code), the vast majority of contracts require a written form. This is the case for:

• The fixed-term contract (CDD): mandatory delivery no later than 2 working days after hiring (article L.1242-13).

• Part-time employment contracts: mandatory mention of work schedule distribution, modification cases, etc. (article L.3123-6).

• Apprenticeship contracts and professional development contracts: filing with the competence operator (OPCO) within 5 days.

• Temporary work contracts: assignment contract and contract for secondment must be concurrent.

Since the order transposing European Directive 2019/1152 of 20 June 2019 (on transparent and predictable working conditions), the employer must provide the employee, no later than the 7th calendar day following hiring, written information on the essential elements of the working relationship: workplace, nature of the position, holiday entitlements, dismissal procedure, etc.

Dematerialisation of contracts: validity and conditions

Since Act No. 2000-230 of 13 March 2000 adapting the law of evidence to information technologies, the employment contract may be signed electronically. This possibility is now widely used in companies wishing to accelerate their onboarding processes. Electronic signature in business must, however, comply with the standards defined by the eIDAS regulation to be legally enforceable. For standard employment contracts, an advanced electronic signature (eIDAS level 2) is generally recommended, whilst certain sensitive acts (dismissal, settlement agreement) require particular attention to the level of signature selected.

Registers and mandatory documents

The maintenance of registers is a pillar of social compliance. The labour administration may request them at any time during an inspection by the labour inspectorate.

The unique personnel register

Provided for in article L.1221-13 of the Labour Code, the unique personnel register (RUP) must mention, in the chronological order of hiring:

• The name, surname, nationality, date of birth, gender of each employee.

• The position held and qualifications.

• Dates of entry and departure.

• The nature of the contract (permanent, fixed-term, part-time, temporary, etc.).

• For foreign workers: the type and serial number of the authorisation for carrying out paid work.

The RUP must be kept for 5 years after the employee's departure. Failure to maintain it or irregularity in its maintenance constitutes an offence punishable by a fine of €750 per employee concerned (4th class misdemeanour).

The unique document for the assessment of occupational risks (DUERP)

Established by Decree No. 2001-1016, the DUERP is mandatory for any company as soon as it has one employee. It lists all occupational risks to which workers are exposed. Since the occupational health law of 2 August 2021 (Act No. 2021-1018):

• The DUERP must be updated at least annually in companies with at least 11 employees, and whenever any major restructuring decision is made or new information about a risk is received.

• Companies with 50 or more employees must establish an annual occupational risk prevention programme.

• The DUERP must now be retained for 40 years and filed on a digital portal managed by the OPCOs (gradual deployment since 2023).

Mandatory notices and communications

The employer must display or bring to the attention of employees numerous items of information:

• The titles of applicable collective agreements and accords and the arrangements for accessing the texts.

• The contact details of the competent labour inspectorate.

• Texts relating to occupational equality (article L.1142-6) and combating sexual harassment (articles L.1153-5, L.1142-6).

• The internal rules (mandatory from 50 employees, article L.1311-2).

• Collective working hours (article D.3171-1).

• The address and telephone number of the occupational health physician and emergency services.

The absence of such notices may result in fines up to €10,000 and compromise the employer's position in the event of dispute.

Protection of employee personal data

GDPR (Regulation EU 2016/679) fully applies in the context of the employment relationship. The employer, as controller, must meet a set of precise obligations.

HR processing subject to GDPR

Employee personal data is processed on multiple occasions: payroll management, absence tracking, performance evaluation, video surveillance, vehicle geolocation, access control via badges, etc. Each processing must:

• Be based on a legal basis (legal obligation, legitimate interest, contract performance or consent — the latter being discouraged in an employment context due to the imbalance of the relationship).

• Be subject to information to employees (information notice, mentions in the internal rules or IT policy).

• Be entered in the processing activities register (article 30 GDPR).

• Be covered by a defined and justified retention period.

CNIL has published several sectoral frameworks dedicated to HR management, notably on working time management (deliberation No. 2019-154) and geolocation (deliberation No. 2015-165). These frameworks provide practical compliance guides that every DPO or HR manager should be familiar with.

Electronic signature and data protection

When an employer deploys an electronic signature solution for its HR documents, it creates an additional personal data processing activity. The platform used must be GDPR-compliant: data hosting in the European Union, subcontracting governed by a DPA (Data Processing Agreement), retention periods in compliance. To learn more about the criteria for selecting a compliant solution, see our comprehensive guide to electronic signature.

Working time, leave and conditions of work

Compliance with the rules on working time and leave is a major compliance focus, regularly checked by the labour inspectorate.

Rules on working time

The statutory weekly working time is set at 35 hours (article L.3121-27). Overtime is subject to bonuses (25% for the first 8 hours beyond 35 hours, 50% beyond) and an annual overtime limit set by branch agreement or, failing that, 220 hours (article D.3121-24).

The maximum durations not to be exceeded are:

• 10 hours per day (derogation possible up to 12 hours).

• 48 hours per week (absolute maximum duration).

• 44 hours on average over 12 consecutive weeks.

Non-compliance with these limits exposes the employer to criminal penalties (5th class misdemeanour, i.e. €1,500 per employee concerned) and damages awarded to employees before the Employment Tribunal.

Paid leave and rest periods

Each employee accrues 2.5 working days of paid leave per month of actual work, i.e. 30 working days (5 weeks) per year (article L.3141-3). Act No. 2024-364 of 22 April 2024 furthermore aligned the rules for accruing paid leave during non-occupational sick leave with the requirements of European Directive 2003/88/CE, following judgments by the CJEU in September 2023: employees on non-occupational sick leave now accrue 2 working days of paid leave per month of absence.

Mandatory rest periods include:

• A minimum daily rest of 11 consecutive hours (article L.3131-1).

• A minimum weekly rest of 35 consecutive hours (24h + 11h), normally on Sundays.

Prevention of psychosocial risks

Since the "Asbestos" rulings of the Court of Cassation (Cass. soc., 28 February 2002), the employer is subject to a strict obligation to ensure protection of the physical and mental health of employees. In practice, this implies:

• The establishment of a mechanism for reporting moral and sexual harassment.

• Regular training for managers in the prevention of psychosocial risks.

• Rigorous processing of any alert, with traceability of steps taken.

To dematerialise all these documentary processes whilst maintaining the evidential value of signed documents, companies are increasingly turning to compared electronic signature solutions that offer both eIDAS compliance and HRIS integration.

Staff representation and collective negotiations

Obligations in respect of staff representation vary according to workforce thresholds. They constitute an important part of social compliance.

Workforce thresholds that trigger obligations

Crossing certain thresholds triggers new obligations:

• 11 employees: election of the Social and Economic Committee (CSE) is mandatory (article L.2311-2). At this level, the CSE has powers in matters of health, safety and working conditions.

• 50 employees: the CSE's remit is expanded (mandatory consultation on strategic direction, economic and financial position, social policy). Implementation of internal rules, enhanced occupational health service, appointment of a sexual harassment reference person.

• 300 employees: obligation to engage in annual negotiations on actual wages, actual working time, occupational equality, quality of working life.

Mandatory negotiations

In companies with union representatives, the employer is required to engage in periodic mandatory negotiations (NAO):

• Each year: remuneration, working time, profit-sharing, occupational equality and quality of working life (articles L.2242-1 et seq.).

• Every 3 years: management of employment and professional development (GEPP, formerly GPEC) in companies with 300 or more employees.

Failure to engage in these negotiations may result in criminal penalties (obstruction of justice offence) and deprive the employer of certain tax advantages. The digitalisation of convocations, meeting minutes and collective agreements — via electronic signature solutions compliant with the eIDAS regulation — helps secure proof of fulfilment of these obligations.

Applicable legal framework for employer compliance

Employer legal compliance rests on a complex layering of national and European standards that must be mastered with precision.

Labour Code: the fundamental foundation, it governs all contractual obligations (L.1221-1 et seq.), working time (L.3121-1 et seq.), paid leave (L.3141-1 et seq.), staff representation (L.2311-1 et seq.) and occupational health (L.4121-1 et seq.). Article L.4121-1 sets out the general safety obligation: "The employer shall take the measures necessary to ensure the safety of and protect the physical and mental health of workers."

Act No. 2000-230 of 13 March 2000: the first French law adapting the law of evidence to information technologies, it introduced articles 1366 and 1367 of the Civil Code, recognising the evidential value of electronic documents and electronic signatures. Article 1366 states: "An electronic document has the same probative force as a document on paper, provided that the person from whom it emanates can be properly identified and that it is drawn up and retained in such a way as to guarantee its integrity."

eIDAS Regulation No. 910/2014: this European regulation defines three levels of electronic signature (simple, advanced, qualified) and establishes their respective presumption of reliability. For work documents with high evidentiary stakes (settlement agreement, dismissal, severance agreement), advanced or even qualified electronic signature is recommended to guarantee enforceability in case of dispute.

GDPR No. 2016/679: applicable to all processing of employee personal data. Article 5 sets out the fundamental principles (lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality). Article 28 requires the conclusion of a processing contract (DPA) with any external service provider processing data for the employer.

EU Directive 2019/1152 (transposed into French law by Order No. 2022-1389 of 1 November 2022): it strengthens pre-contractual and contractual information obligations, requiring the provision of a summary document within 7 days of the start of the working relationship.

Act No. 2021-1018 of 2 August 2021 known as the "Occupational Health Act": it fundamentally reforms DUERP, expands the duties of occupational health and prevention services (SPST), and strengthens traceability of exposures to occupational risks, with DUERP retention extended to 40 years.

Act No. 2024-364 of 22 April 2024: it aligns French law with CJEU case law on the accrual of paid leave during periods of sick leave, creating a retroactive entitlement contestable before employment tribunals for absences prior to 1 December 2009.

Legal risks: in the event of non-compliance, the employer is exposed to criminal fines (from €750 to €45,000), employment tribunal damages, URSSAF enforcement actions (notably for concealment of employment), CNIL administrative penalties (up to 4% of global turnover for serious GDPR violations), and labour inspectorate sanctions that may extend to an enforcement notice or temporary closure of a facility.

Use cases: digitalising HR compliance with electronic signature

Scenario 1: an expanding services SME managing hundreds of seasonal fixed-term contracts

An SME of approximately 180 permanent employees in the collective catering sector hires between 400 and 600 fixed-term employees each year to cover peaks in demand. With a paper process, delivering the contract within the 2 working days required by article L.1242-13 represented a constant logistical challenge: printing, postal sending, follow-up, digitisation of signed copies returned. The average time to return a signed contract exceeded 8 days, exposing the company to systematic risk of reclassification as a permanent contract.

By deploying an advanced electronic signature solution compliant with eIDAS, the company reduced this deadline to less than 4 hours on average (sending the signature link by SMS and email). The rate of documentary compliance rose from 67% to 99% of contracts signed within legal deadlines. Operational gains are estimated at approximately 1,200 hours/year of administrative work, and automated secure archiving eliminates the risk of document loss during URSSAF inspections.

Scenario 2: a mid-sized industrial group digitalising its collective agreements

An industrial group of 1,200 employees spread across 4 production sites in France had to manage approximately a dozen mandatory negotiations annually (NAO, GEPP agreements, remote working agreements, profit-sharing schemes), each generating several cycles of amendments and multiple signatures with 3 to 5 representative unions.

The paper process involved inter-site visits to collect signatures from union representatives, signature delays ranging from 3 to 6 weeks, and uncertainty about the evidential value of archived copies. By adopting an electronic signature platform with multiparty validation workflow, collective agreements are now signed within an average of 5 working days. Traceability of exchanges (qualified timestamp, audit logs) strengthens the legal security of agreements in case of later challenge. The cost of managing collective negotiations fell by approximately 35% according to HR management estimates.

Scenario 3: a network of accounting firms managing payroll and contracts for multiple small client businesses

A network of 12 accounting firms manages HR functions (payroll, contracts, social declarations) for more than 800 small client businesses in outsourcing, i.e. a flow of several thousand employment contracts to process each month. The regulatory constraint is twofold: respecting legal deadlines for client company accounts, and ensuring GDPR compliance in the processing of personal data of employees of these small businesses.

By integrating an electronic signature solution via API into their existing HR management tool, the firms have automated the sending of contracts to employees of client companies as soon as they are created in the payroll software. The signature is collected in less than 2 hours in 85% of cases. Signed documents are automatically archived with evidentiary value, accessible in the secure client space of each small business. This model enabled the firms to offer a "turnkey" HR compliance service to their clients, generating estimated additional revenue of 15 to 20% on their HR services line.

Conclusion

Legal compliance in labour law is a multidimensional discipline that requires rigour, continuous regulatory monitoring and appropriate tools. From contract drafting to the maintenance of mandatory registers, through to protection of employees' personal data and compliance with working time rules, each dimension engages the civil, criminal and administrative liability of the employer. In 2026, the digitalisation of HR processes — and notably the adoption of eIDAS-compliant electronic signature — is no longer a luxury but a necessity to guarantee such compliance at scale, whilst reducing operational costs.

Certyneo supports employers in this transformation with a B2B electronic signature platform compliant with eIDAS, hosted in Europe and integrated with your HR tools. Start free on Certyneo or check our pricing to find the offer suited to your organisation's size.