Compliance with Labour Law: Employer's Obligations

Introduction: why employer compliance is a strategic issue

In 2026, compliance with labour law represents far more than an administrative burden: it is a lever for legal protection, social trust and competitiveness. Employers face a dense regulatory framework — Labour Code, GDPR, NIS2 directive, collective agreements — whose mastery determines their ability to recruit, manage and retain their teams. An error in the formalisation of a contract, a delay in the delivery of a mandatory document or a failure in the management of personal data can expose the company to heavy sanctions. This article details the main obligations of the employer, the associated risks and digital tools, in particular the electronic signature for HR, which make it possible to meet them effectively.

---

Fundamental obligations concerning employment contracts

Drawing up and delivery of the contract

The most visible obligation of any employer remains the formalisation of the employment contract. The Labour Code imposes precise rules depending on the nature of the contract:

• Permanent contract (CDI): although no written document is legally required for a full-time CDI, the provision of a written contract is strongly recommended and imposed in practice by the vast majority of collective agreements. In case of dispute, the absence of a written document presumes the existence of a full-time permanent contract.

• Fixed-term contract (CDD): the fixed-term contract must imperatively be drawn up in writing and delivered to the employee within two working days following recruitment (article L.1242-13 of the Labour Code). Any breach results in automatic requalification as a permanent contract.

• Part-time contract: the written document is mandatory and must mention the weekly or monthly duration, hours and procedures for modification (articles L.3123-6 et seq.).

Since the entry into force of European Directive 2019/1152 on transparent and predictable working conditions, transposed into French law by ordinance, the employer must also provide employees with a summary document of essential information (duration of the probationary period, remuneration, leave, procedures in case of termination) within seven calendar days from the start of employment.

The probationary period and its formalities

The probationary period is not presumed: it must be expressly stipulated in the contract or offer letter. Its maximum duration is fixed by the Labour Code and may be reduced by collective agreement. In case of omission or excessive duration, the probationary period is deemed non-existent, exposing the employer to requalification of the termination as dismissal without real and serious cause.

Contract signature: issues and dematerialisation

Obtaining a valid signature on the employment contract is crucial. Electronic signature, regulated by the eIDAS regulation, offers a legal and traceable alternative to paper signing. It guarantees the integrity of the document and the identity of the parties, two fundamental requirements of labour law. For employers managing large volumes of contracts, consulting a comparison of electronic signature solutions makes it possible to choose the tool best suited to their HR context.

---

Obligations regarding notices, information and mandatory registers

Mandatory notices in the workplace

Every employer, regardless of the size of the company, is required to display a set of regulatory information in its premises. Article L.1221-13 of the Labour Code and numerous supplementary texts notably impose:

• The title of applicable collective agreements

• The contact details of the labour inspection authority and occupational health physician

• Texts relating to professional equality, combating moral and sexual harassment and discrimination

• The internal rules (mandatory from 50 employees)

• Safety instructions and emergency exits

• Collective working hours and compensatory rest

• Since 2020, URSSAF and DIRECCTE accept that certain notices may be dematerialised via the intranet, provided that all employees have effective access to it.

The keeping of mandatory registers

The employer must keep several registers up to date, including:

• The unique personnel register (article L.1221-13), which must contain the entries and exits of all employees

• The staff representatives' register (replaced by the CSE since 2020)

• The single document for the assessment of occupational risks (DUERP), updated at least once a year and whenever there is a significant change in working conditions (article R.4121-1 et seq.)

• The register of minor workplace accidents, subject to agreement with the labour inspection authority

Penalties for failure to comply can reach €750 per infraction (misdemeanour of the 3rd class), and several infringements can be cumulative.

Internal rules and IT charter

Mandatory in companies with at least 50 employees, the internal rules must be submitted to the CSE, sent to the labour inspection authority and displayed before coming into force. They set out the rules relating to discipline, hygiene and safety. The IT charter, although not mandatory, is strongly recommended in a context where GDPR requires formalising the use of personal data by employees.

---

Obligations regarding pay and working time

Dematerialised pay slip

Since the Labour Act of 8 August 2016, the employer may provide pay slips in electronic format, unless the employee objects. This right of objection must be respected and documented. The dematerialised pay slip must be stored in a digital safe accessible to the employee for at least fifty years or until the employee reaches 75 years of age.

The mandatory entries on the pay slip are listed in articles R.3243-1 et seq. of the Labour Code. In 2024, the simplification of the pay slip imposed by the Ministry of Labour reduced the number of mandatory lines while strengthening the readability of social contributions.

Working time and overtime

The employer must ensure compliance with maximum legal durations:

• 10 hours of actual work per day (unless otherwise provided)

• 48 hours per week (or 44 hours on average over 12 consecutive weeks)

• 11 hours of consecutive rest between two working days

• 35 hours of statutory weekly duration, beyond which the overtime rules apply with enhanced pay (25% for the first 8 hours, 50% beyond)

Non-compliance with these durations exposes the employer to criminal prosecution (obstruction offence) and to compensation for damage suffered by employees.

The right to disconnect and telework

Integrated into the Labour Code since the El Khomri Act (2016) and clarified by the Macron ordinances (2017), the right to disconnect requires companies with more than 50 employees to negotiate procedures for exercising it as part of the mandatory annual negotiation (NAO). With regard to telework, the telework agreement or charter must specify the times of availability, the coverage of expenses and the conditions for returning to the office. The electronic signature in the company facilitates the rapid and traceable formalisation of these amendments to the contract.

---

Obligations regarding the protection of data and security

GDPR and personal data of employees

The employer is responsible for the processing of personal data of its employees within the meaning of the GDPR (EU Regulation 2016/679). In this capacity, it must:

• Keep a processing register (article 30 of the GDPR) documenting each processing activity involving employee data

• Inform employees via an accessible and understandable privacy notice

• Limit collection to strictly necessary data (minimisation principle)

• Control transfers of data outside the EU by appropriate safeguards (standard contractual clauses or adequacy decision)

• Manage data breaches and notify the CNIL within 72 hours if there is an established risk to the individuals concerned

The CNIL may impose fines of up to €20 million or 4% of annual worldwide turnover, whichever is higher.

Cybersecurity and NIS2 directive

Since October 2024, the NIS2 directive (EU Directive 2022/2555) applies to an enlarged perimeter of companies called "essential entities" and "important entities". Employers concerned must implement risk management measures for cyber threats, train their employees and notify significant incidents to the ANSSI. In this context, the use of certified electronic signature solutions, hosted in Europe and compliant with ETSI standards, contributes to securing sensitive documentary processes. For further information, the complete guide to electronic signature details the compliance criteria to verify.

Occupational health and safety

The employer is subject to a strict safety obligation transformed into a reinforced duty of care by case law of the Court of Cassation (decisions from 2002 and evolution since 2015). Practically, it must:

• Assess occupational risks and record them in the DUERP

• Implement a prevention plan

• Organise safety training for new employees and exposed workers

• Ensure medical surveillance of employees via the inter-company occupational health service (SSTI)

Non-compliance with these obligations may engage the inexcusable fault of the employer, significantly increasing the compensation of victims of workplace accidents or occupational illnesses.

Legal framework applicable to employer's obligations

Labour Code: fundamental provisions

The regulatory framework applicable to the employer in France is primarily structured around the Labour Code, the following articles of which are central:

• Article L.1221-1: definition of the employment contract and the obligation of good faith in its performance

• Article L.1242-13: mandatory delivery of the CDD within two working days

• Article L.3123-6: formalism of the part-time contract

• Articles R.4121-1 et seq.: obligation to update the DUERP annually

• Article L.4121-1: general safety obligation on the employer

eIDAS Regulation and electronic signature

The European Regulation No. 910/2014 (eIDAS), directly applicable in all Member States, defines three levels of electronic signature: simple, advanced and qualified. In labour law, case law admits advanced or qualified electronic signature for employment contracts. Article 1366 of the Civil Code recognises the probative value of electronic writing equivalent to that of paper writing, provided that its author can be duly identified and the document is preserved in conditions guaranteeing its integrity (article 1367). The eIDAS 2.0 revision, currently being deployed, strengthens identity requirements and expands the scope of European Digital Identity Wallets (EUDI Wallet).

GDPR and protection of employee data

The EU Regulation 2016/679 (GDPR) imposes strict obligations on the employer in its capacity as data controller: lawfulness of processing (article 6), information of individuals (articles 13 and 14), rights of employees (articles 15 to 22), keeping a processing register (article 30) and notification of breaches (articles 33 and 34). The CNIL has enforcement powers that can reach €20 million. In 2023 and 2024, several French companies were penalised for transfers of HR data to third-country subcontractors without adequate safeguards.

NIS2 Directive and organisational cybersecurity

Transposed into French law via the ordinance of 17 October 2024, the NIS2 directive (2022/2555/EU) requires essential and important entities to establish formalised cyber governance, including risk management related to the supply chain. Employers concerned must train their directors and employees, audit their digital service providers and notify significant incidents to the ANSSI within 24 hours.

ETSI standards and quality of electronic signatures

The standards ETSI EN 319 132 (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES) define the technical formats of advanced and qualified electronic signatures. Compliance with these standards by trust service providers (TSP) registered on the European Trust List ensures interoperability and admissibility of electronic evidence before EU courts.

Usage scenarios: electronic signature in service of employer compliance

Scenario 1 — A distribution SME managing 150 contracts annually

A small business in the food distribution sector employs approximately 120 permanent employees and recruits about fifty seasonal workers on fixed-term contracts each year. Before dematerialisation, the HR department spent on average 45 minutes per contract on printing, postal sending, tracking returned signatures and physical archiving. Over 150 contracts annually, this represented more than 110 hours of administrative work, not to mention follow-ups for documents not returned within the statutory timeframe (2 working days for fixed-term contracts).

By deploying an advanced electronic signature solution compliant with eIDAS, the company reduced the average signing time from 4.2 days to less than 6 hours. Contracts are automatically archived in a digital safe, the unique personnel register is updated in real time and the labour inspection authority can be provided with supporting documents in a few clicks. The estimated time saving exceeds 80%, which represents a return on investment of less than six months according to sector benchmarks published by Syntec Numérique.

Scenario 2 — A home care health services group with dispersed teams

A provider of home care services employing approximately 300 nurses, care assistants and home care workers spread over several departments faced a recurring issue: the signature of amendments to modify schedules or places of assignment. These documents, often urgent, previously required a trip to the head office or sending by registered mail, creating delays incompatible with operational constraints and exposing the employer to the risk of unilateral modification of working conditions without formal employee agreement.

Thanks to electronic signature on mobile devices, each amendment is signed by the employee from their smartphone, with strong authentication by SMS OTP. The employer retains time-stamped and certified evidence of the employee's agreement, eliminating the risk of subsequent dispute. The rate of disputes over contract modifications has decreased by around 60% in eighteen months, according to comparable feedback from the medical-social sector.

Scenario 3 — A strategy consulting firm addressing GDPR compliance of its HR processes

A consulting firm with about fifteen consultants, subject to the dual requirement of GDPR and the Labour Code, needed to formalise its HR data processing: collection of bank account details, management of sick leave, training tracking and delivery of dematerialised pay slips. The absence of clear privacy notices provided at contract signature constituted a CNIL risk identified during an internal audit.

By integrating the GDPR privacy notice directly into the electronic signature flow of the employment contract, the firm ensures that each new employee is aware of their rights before signing. The date and time of reading are time-stamped, constituting evidence opposable in the event of CNIL supervision. This approach, combining labour law and GDPR compliance in a single digital process, is now recommended by several professional associations in the consulting sector.

Conclusion

Compliance with labour law by the employer is not limited to drawing up a compliant contract: it encompasses the management of mandatory notices, the keeping of registers, the protection of personal data, cybersecurity and occupational health and safety. Each of these obligations, if neglected, exposes the company to financial penalties, judicial requalifications or costly disputes with employees.

The digitalisation of HR processes, and in particular the adoption of an eIDAS-compliant electronic signature solution, is now one of the most effective levers for securing and accelerating employer compliance. Certyneo enables you to manage the entire lifecycle of your HR contractual documents from a single, sovereign and certified platform.

Discover Certyneo pricing and start digitalising your employer obligations today, or calculate your ROI in just a few minutes.