Legal Compliance in Employment Law: Employer Obligations

Legal compliance in employment law represents one of the pillars of modern HR management. Between concluding employment contracts, managing employees' personal data, maintaining the personnel register and respecting mandatory disclosure obligations, the employer navigates a dense and constantly evolving regulatory environment. Non-compliance with these obligations exposes the company to significant civil, criminal and administrative sanctions. This article details the main legal obligations incumbent upon every employer in France, integrating the contributions of digital law and in particular the use of electronic signature in business to secure and accelerate HR documentary processes.

The employer's fundamental contractual obligations

Drafting and delivery of the employment contract

Article L. 1221-1 of the Labour Code recalls that the employment contract is subject to the rules of common law. For fixed-term contracts (CDD), Article L. 1242-12 requires transmission of a written document to the employee no later than two working days following hiring, on pain of reclassification as an indefinite contract. For part-time contracts (Article L. 3123-6), written form is also mandatory.

Since the transposition of European Directive 2019/1152 on transparent and predictable working conditions, the Ordinance of 2 November 2023 has expanded the mandatory provisions that must appear in the contract or in an information document provided on hiring. Among these: the duration of the probationary period, notice rules, the identity of social protection organisations, as well as training rights.

The dematerialisation of these contracts is now fully legal: qualified or advanced electronic signature compliant with the eIDAS regulation gives the signed contract the same legal value as a paper original, in application of Article 1367 of the Civil Code.

The unique personnel register

Article L. 1221-13 of the Labour Code requires every employer to maintain a unique personnel register. This register must contain, in chronological order of hiring, the following information: employee identification, nationality, date of birth, gender, employment, qualification, dates of entry and exit, type of contract. The register must be retained for five years after the employee's departure. Its absence or irregular maintenance is punishable by a fine of €750 per employee concerned (Class 4 misdemeanour).

Probationary period and hiring formalities

The employer must submit the prior notification of hiring (DPAE) no later than eight days before the planned hiring date, with URSSAF (Article R. 1221-1 of the Labour Code). The absence of DPAE constitutes an offence of concealed work (Article L. 8221-5), exposing the company to a fine of up to €45,000 and two years' imprisonment for individuals.

Obligations relating to health, safety and working conditions

The general safety obligation

Article L. 4121-1 of the Labour Code establishes the employer's obligation of safety of result: it must take the necessary measures to ensure the safety and protect the physical and mental health of workers. This obligation is broken down into actions to prevent occupational hazards, information and training of employees, and the establishment of an appropriate organisation and resources.

The Unique Document for the Assessment of Occupational Risks (DUERP), made mandatory by the Decree of 5 November 2001 (Article R. 4121-1 of the Labour Code), must be drafted from the first employee, updated annually or whenever there is a significant change in working conditions. The Occupational Health Law of 2 August 2021 (Law no. 2021-1018) strengthened this obligation by requiring the DUERP to be retained for 40 years and made available to former employees.

Medical examination and health monitoring

The employer must organise the information and prevention visit (VIP) within three months of the employee taking up post (Article R. 4624-10 of the Labour Code), except for positions with particular risks for which a medical examination of fitness prior to hiring is required. The occupational health physician may issue an opinion of unfitness, which the employer is required to take into account on pain of engaging its liability.

Obligations relating to harassment and discrimination

Since the Law on Professional Futures of 5 September 2018 (Law no. 2018-771), companies with at least 250 employees must appoint a harassment contact within the CSE and a dedicated HR contact. Every company, regardless of its size, is subject to the obligation to display the contact details of competent services on matters of harassment (Article L. 1153-5 of the Labour Code). Non-compliance on this point exposes the employer to actions for civil and criminal liability.

Obligations relating to employees' personal data

GDPR applied to human resources

The General Regulation on Data Protection (GDPR, no. 2016/679) applies fully to the processing of employees' data: payroll files, performance evaluations, biometric data, absence monitoring, etc. The employer acts as a data controller within the meaning of Article 4(7) of the GDPR.

Its main obligations are:

• The record of processing activities (Article 30 of the GDPR): mandatory for any company with more than 250 employees or processing sensitive data;

• Informing employees (Articles 13 and 14 of the GDPR): upon data collection, via a clear information notice;

• Limiting data retention: an employee's data cannot be retained indefinitely after the end of the contract;

• Data security (Article 32 of the GDPR): the employer must implement appropriate technical and organisational measures.

In the event of a data breach, the employer has 72 hours to notify the CNIL (Article 33 of the GDPR). The amount of fines can reach 20 million euros or 4% of annual global turnover. The CNIL imposed more than 42 million euros in sanctions in 2023, several of which directly concerned HR processing.

Data protection in electronic signature processes

When deploying an electronic signature solution for HR documents (contracts, amendments, company agreements), the employer must ensure that the service provider complies with the GDPR. Biometric data possibly collected during authentication constitutes sensitive data within the meaning of Article 9 of the GDPR. Recourse to a comprehensive guide to electronic signature makes it possible to identify compliant solutions and avoid common errors in data processing.

Obligations relating to staff representation and collective negotiations

The establishment and operation of the CSE

Since the Macron Ordinances of 2017 (Ordinances no. 2017-1386 and 2017-1388), the Social and Economic Committee (CSE) is the sole instance of staff representation for companies with at least 11 employees. The employer is required to organise CSE elections and provide it with the necessary resources for its operation: premises, delegation hours, access to economic and social information via the Economic, Social and Environmental Database (BDESE) for companies with at least 50 employees (Article L. 2312-36 of the Labour Code).

The failure to organise professional elections constitutes an offence of obstruction punishable by one year's imprisonment and a fine of €7,500 (Article L. 2317-1 of the Labour Code).

Mandatory annual negotiation (NAO) obligations

Article L. 2242-1 of the Labour Code requires companies with union representatives to conduct mandatory annual negotiations covering in particular: remuneration, working time, sharing of added value, gender equality and quality of working life (QVT). Since the Law on Sharing Value of 29 November 2023 (Law no. 2023-1107), companies with 11 to 49 employees making a net fiscal profit equal to at least 1% of their turnover for three consecutive years must implement a value sharing scheme.

Dematerialisation of HR documents: compliance issues and best practices

Documents that can be dematerialised

The dematerialisation of HR processes is now an operational and legal reality. The electronic payslip has been authorised since the Law of 8 August 2016 (Labour Law, Article L. 3243-2 of the Labour Code), unless the employee objects. Employment contracts, amendments, documents at the end of contract (final settlement, receipt for settlement) can be signed electronically provided that the solution used guarantees the identification of the signatory and the integrity of the document.

The HR solutions dedicated to electronic signature make it possible to automate these documentary flows while ensuring their evidentiary value. For high-stakes documents (series of fixed-term contracts, company agreements), it is recommended to use an advanced or qualified electronic signature within the meaning of the eIDAS regulation. A comparison of electronic signature solutions will help you choose the tool adapted to your volumes and sectoral constraints.

Conservation and archiving of HR documents

Legal retention periods vary depending on the nature of the document:

• Employment contract and amendments: 5 years after the end of the contract (prescription of common law, Article 2224 of the Civil Code);

• Pay slips: 5 years (prescription of employee claims, Article L. 3245-1 of the Labour Code);

• Documents relating to social contributions: 3 years for URSSAF inspections;

• DUERP: 40 years (Occupational Health Law 2021).

An electronic archiving system (SAE) compliant with standard NF Z 42-020 guarantees the evidentiary value of dematerialised documents throughout the entire legal retention period. The ROI calculator available on Certyneo allows you to quickly assess the return on investment of complete digitalisation of your HR documentary processes.

Legal framework applicable to employer compliance

Employer compliance is part of a multi-layered regulatory corpus, combining national law, European law and technical standards.

Civil Code:

• Article 1366 of the Civil Code recognises electronic writing as evidence in the same way as paper writing, provided that the identity of the person from whom it emanates is duly assured and that it is established and preserved in conditions capable of guaranteeing its integrity.

• Article 1367 of the Civil Code defines electronic signature and specifies that it consists of the use of a reliable identification process guaranteeing its link with the act to which it is attached.

eIDAS Regulation (no. 910/2014): This European regulation establishes three levels of electronic signature (simple, advanced, qualified). Qualified electronic signature (SEQ) benefits from a presumption of reliability and cannot be refused as evidence in litigation within the EU. The eIDAS 2.0 revision (Regulation 2024/1183 entered into force on 20 May 2024) introduces the European Digital Identity Wallet (EUDI Wallet), which will impact HR onboarding processes from 2026 onwards.

GDPR (no. 2016/679): The employer as a data controller is subject to the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality (Article 5 of the GDPR). Recourse to an electronic signature service provider requires the conclusion of a data processing contract compliant with Article 28 of the GDPR, specifying in particular security guarantees and the terms of data return or deletion.

NIS2 Directive (2022/2555): Transposed into French law by Law no. 2024-449 of 21 May 2024, the NIS2 Directive extends cybersecurity obligations to essential and important entities, which include many employers in the health, energy and transport sectors. HR information systems processing sensitive data must incorporate strengthened security measures (multi-factor authentication, business continuity plans, incident reporting).

ETSI Standards: ETSI EN 319 132 standards (XAdES signature formats) and ETSI EN 319 122 (CAdES) define the technical formats of electronic signatures recognised in Europe. Qualified trust service providers (QTSP) listed on the national trust list (Trust List) published by ANSSI guarantee compliance with these standards.

Labour Law: The Labour Code (Articles L. 1221-1, L. 1242-12, L. 3243-2, L. 4121-1, L. 2242-1, etc.) constitutes the foundation of the employer's contractual, organisational and social obligations. Any breach may result in civil sanctions (reclassification, damages), administrative (CNIL fines, DIRECCTE) and criminal (obstruction offence, concealed work).

Usage scenarios: HR compliance in practice

Scenario 1 — An industrial SME with 80 employees digitalises its employment contracts

An industrial SME managing between 80 and 120 employees, with significant seasonal turnover (fixed-term contracts in production), encountered recurring difficulties: delays in signing fixed-term contracts exceeding the two working days legal requirement, risk of reclassification, unsecured paper archiving. By deploying an eIDAS-compliant advanced electronic signature solution, the company integrated an automated flow: contract generation from the HRIS, secure email delivery to the candidate, signature in less than 10 minutes on mobile, automatic archiving with qualified time-stamping.

Results observed after six months of deployment: 85% reduction in fixed-term contract signature time (from 2.4 days on average to less than 4 hours), complete elimination of risks of non-delivery within legal timeframes, estimated saving of €3,200 per year in printing, shipping and filing costs.

Scenario 2 — A multi-site retail group brings its BDESE and NAOs into compliance

A retail group with around twenty establishments and approximately 1,200 employees needed to centralise its Economic, Social and Environmental Database (BDESE) and dematerialise the signing of minutes from CSE meetings and company agreements resulting from NAOs. The lack of formalised signatures on certain collective agreements exposed the group to disputes over their binding nature.

By adopting a qualified electronic signature solution for high-stakes legal documents (participation agreements, teleworking charter, profit-sharing agreement), the group secured the evidentiary value of all its social documentation. The time saving on signature processes for collective agreements (involving 3 to 7 signatories per agreement) was estimated at 60% compared to the paper circuit with registered postal shipments.

Scenario 3 — An HR consulting firm supports its small business clients on employee GDPR

An HR consulting firm specialising in supporting fifty small and medium-sized businesses identified that most of its clients did not have a GDPR information notice to give to employees on hiring, yet mandatory since 2018. The firm integrated the automatic generation of these notices into its support offering, relying on an AI-powered contract generator and an electronic signature solution for delivery and formalised proof of receipt.

This arrangement enabled the firm's clients to comply with GDPR in less than two weeks, with a 94% adoption rate among employees contacted electronically, compared to 67% via the traditional paper circuit. The risks of CNIL fines for failure to provide information were completely eliminated across the supported client portfolio.

Conclusion

Legal compliance in employment law is not limited to formal compliance with the Labour Code: it now encompasses obligations arising from the GDPR, the NIS2 Directive, the eIDAS Regulation and recent legislative changes such as the Law on Sharing Value. For the employer, every HR document — contract, amendment, company agreement, information notice — represents a legal act whose evidentiary value must be guaranteed.

Compliant eIDAS electronic signature is establishing itself as the most effective compliance tool: it secures contracts, accelerates hiring processes, facilitates legal archiving and significantly reduces the risk of litigation. Certyneo supports you in the complete digitalisation of your HR documentary flows, with certified solutions, simple to deploy and compliant with European legal requirements.

Discover Certyneo offerings and start for free to transform your HR compliance into a competitive advantage.