Electronic Signature in the Public Sector: 2026 Guide

The digital transformation of the French State has accelerated considerably in recent years, and electronic signature is one of its most structuring regulatory pillars. For public buyers, local authorities, and public service operators, the question is no longer whether to adopt electronic signature, but how to remain compliant with a rapidly evolving legal framework. Between obligations arising from the eIDAS regulation, requirements of the Public Procurement Code, and new constraints from the NIS2 directive, administrations face a complex regulatory landscape. This article guides you step by step: required signature levels, scope of obligation, risks in case of non-compliance, and best practices for 2026.

Electronic Signature in Public Procurement: A Legal Obligation Since 2020

Since 1 October 2018, reinforced by the Order of 12 April 2018 relating to electronic signature in public procurement, the dematerialisation of public procurement procedures has become the norm in France. For all contracts with an estimated value equal to or exceeding the European formalised procedure threshold — set at €221,000 HT for supplies and services of local authorities and €5,538,000 HT for works in 2026 — the use of electronic signature is mandatory for commitment acts, service orders, and subcontracting acts.

The three eIDAS signature levels applicable

Regulation eIDAS No 910/2014 establishes three levels of electronic signatures, two of which are relevant in public procurement:

• Simple Electronic Signature (SES): sufficient for routine communications, delivery confirmations or certain internal notifications. It does not provide strong identity assurance.
• Advanced Electronic Signature (AES): required for most contractual acts in public procurement. It uniquely identifies the signatory, is linked to the signed data, and detects any subsequent modification.
• Qualified Electronic Signature (QES): the highest level, legally equivalent to handwritten signature under article 1367 of the Civil Code. Mandatory for complex works contracts, certain notarial acts, and documents with high probative value.

The Order of 12 April 2018 specifies that commitment acts must be signed with at least an advanced electronic signature based on a qualified certificate (hereinafter "AES-QC"), which in practice approaches the qualified level.

Dematerialisation Platforms (Buyer Profiles)

Since 1 April 2017, every public buyer must have a dematerialised buyer profile — a call for tenders management platform such as ATEXO, e-Marchés, AWS Market, etc. — to publish consultations above the €40,000 HT threshold. These profiles must natively integrate an electronic signature module compatible with qualified certificates issued by Trust Service Providers (TSP) listed on the French Trusted List (LCR) published by ANSSI.

For more information on how these mechanisms generally work, consult our comprehensive guide to electronic signature.

eIDAS 2.0 Compliance: What Changes for Administrations in 2026

The revision of the eIDAS regulation, known as eIDAS 2.0 (EU Regulation 2024/1183, which came into force in May 2024), introduces several major changes that directly impact French public administrations.

The European Digital Identity Wallet (EUDI Wallet)

Article 5a of the revised eIDAS regulation requires Member States to provide a European Digital Identity Wallet (EUDI Wallet) to all citizens and legal entities by October 2026. For administrations, this means that online services must accept this wallet as a means of authentication and signature. ANSSI coordinates the French deployment in liaison with DINUM (Interministerial Directorate of Digital), which drives the programme via the National Agency for Territorial Coherence.

New Trust Attributes and Interoperability

EIDAS 2.0 strengthens cross-border interoperability: a qualified signature applied by a Belgian or German operator must be recognised without restriction by French platforms. For public buyers conducting contracts with European operators, this development simplifies procedures but requires verifying that tools used support the new European Trusted Lists. Our analysis of eIDAS 2.0 Regulation details all these changes.

Cybersecurity Obligations Related to NIS2

The NIS2 directive (transposed into French law by ordinance in March 2025) classifies local authorities with more than 30,000 inhabitants and essential public entities among important entities subject to enhanced security requirements. Concretely, the electronic signature solution used must:

• Be hosted by a provider certified HDS (Healthcare Data Host) for healthcare entities, or SecNumCloud for sensitive State data;
• Have complete and tamper-proof audit logs;
• Be subject to a documented Business Continuity Plan (BCP).

Public Acts Concerned by the Electronic Signature Obligation

Beyond public procurement strictly speaking, electronic signature gradually extends to a very broad range of administrative acts.

Contractual Documents and Deliberations

• Public procurement acts: purchase orders, amendments, service orders, reception minutes;
• Deliberations of deliberative assemblies: since the law no. 2019-1461 of 27 December 2019 (the "Engagement and Proximity Act"), municipalities can transmit their acts for legality review in electronic signed form via the DGCL's @ctes portal;
• Civil Service Contracts: contracts of contractual agents in local public service benefit from the presumption of validity of qualified electronic signature.

Tax and Budget Acts

The Directorate General of Public Finance (DGFiP) has required since 2022 the dematerialised transmission of budget documents to local authorities with more than 3,500 inhabitants. Signatories can electronically sign receipts and payment orders integrated in accounting systems (Hélios, Chorus Pro).

Cerfa Forms and Civil Status Acts

The Public Services + programme (formerly Public Action 2022) targets complete digitalisation of the 250 most-used forms. Several Cerfa forms — notably for planning permits (building permits, prior notifications) — now accept advanced electronic signature from applicants.

If you manage contractual flows in a public structure, our comparison of electronic signature solutions will help you identify the tool best suited to your regulatory constraints.

Choosing a Compliant Solution for the Public Sector: Essential Criteria

Facing the multiplication of market offers, public buyers must rely on objective criteria to select their electronic signature provider.

Certification and Referencing

The solution must imperatively:

1. Be listed on ANSSI's Trusted List (French TSL) or rely on a certificate issued by a TSP (Trust Service Provider) itself qualified under eIDAS;
2. Comply with ETSI standards EN 319 132 (XAdES), EN 319 122 (CAdES) or EN 319 162 (PAdES) depending on the required document format;
3. Be compatible with buyer profiles referenced by the DAJ (Legal Affairs Directorate of the Ministry of the Economy).

Hosting and Data Sovereignty

For public procurement data, classified as "Restricted Distribution" in some cases, hosting must be located in France or within the European Union with contractual guarantees against any access by extra-European jurisdictions (Cloud Act reform). The SecNumCloud label from ANSSI is a key reference for digital sovereignty.

Integration with Administration's Business Tools

Local authorities generally use specialised ERPs (CIVITAS, Berger-Levrault, JVS-Mairistem, etc.). The signature solution must offer a documented REST API allowing integration into these workflows without disruption. An ROI calculator can help you quantify expected productivity gains when launching your deployment project.

Traceability and Archiving

The Heritage Code (article L.213-1) imposes specific retention periods for public documents. The solution must guarantee archiving with probative value (NF Z42-026 standard) with qualified timestamping (RFC 3161) and complete audit trail exportable in case of litigation before the administrative court.

For structures considering migrating from an existing tool, our guide on migration from DocuSign or YouSign to Certyneo presents the key steps of a seamless transition.

Applicable Legal Framework for Electronic Signature in the Public Sector

Electronic signature in the public sector is part of a multi-level regulatory framework that must be mastered to guarantee the legal validity of dematerialised acts.

Civil Code — articles 1366 and 1367

Article 1366 of the Civil Code provides that "electronic writing has the same probative force as writing on paper, provided that the person from whom it originates can be duly identified and that it is established and kept in such conditions as to guarantee its integrity". Article 1367 specifies that an electronic signature qualified under eIDAS is presumed reliable — thus reversing the burden of proof in favour of the signatory.

Regulation eIDAS No 910/2014 and its 2024/1183 revision

The EU eIDAS regulation establishes a uniform framework for trust services within the EU. Its article 25 stipulates that a qualified electronic signature has the same legal value as a handwritten signature in all Member States. Annex I sets out the technical requirements for qualified certificates. The 2024 revision (eIDAS 2.0) adds the regulatory framework for the European Digital Identity Wallet.

Order of 12 April 2018 Relating to Electronic Signature in Public Procurement

This order is the operational reference text for French public procurement. It requires advanced electronic signature with qualified certificate (compliant with eIDAS Annex I) for commitment acts, and specifies acceptable formats (PAdES, XAdES, CAdES).

Public Procurement Code — articles R.2132-7 and following

Articles R.2132-7 to R.2132-14 of the Public Procurement Code govern the modalities of electronic submission of applications and offers, making electronic signature binding as long as it respects the levels defined by the 2018 order.

GDPR No 2016/679

Personal data collected during the signature process (signatory identity, IP address, timestamp) constitutes personal data within the meaning of the GDPR. The public buyer acts as a data controller and must ensure that the signature provider complies with articles 28 (subprocessing contract) and 32 (data security). An information notice (article 13) must be provided to signatories.

NIS2 Directive Transposed into French Law (Ordinance March 2025)

Essential and important public entities within the meaning of NIS2 must report significant security incidents to ANSSI within 24 hours. A failure of the electronic signature system affecting the continuity of public procurement may constitute such an incident.

Legal Risks in Case of Non-Compliance

A commitment act signed with an insufficient level can be contested before the administrative judge in interlocutory proceedings (article L.551-1 of the Code of Administrative Justice), resulting in suspension or even cancellation of the award procedure. Contractual penalties for delay attributable to a technical failure of the signature can reach 1/1000th of the HT amount per calendar day of delay according to the applicable standard terms and conditions.

Use Scenarios: Electronic Signature in Daily Public Sector Operations

Scenario 1 — A Grouping of Municipalities Managing Around One Hundred Contracts Annually

A mid-sized inter-community body, grouping together twenty municipalities and managing approximately 120 public contracts per year (works, supplies, services), faced paper signature delays averaging 12 working days for a commitment act. Physical transfers between technical departments, the procurement service, and the EPCI president generated recurrent delays in the award procedures, exposing the local authority to litigation risks.

By deploying a qualified electronic signature solution integrated into its buyer profile, the local authority reduced this delay to less than 48 hours. The automatic traceability of initials and timestamps also made it possible to reduce by 70% the time spent on constituting regulatory archiving files (retention period: 10 years for contracts exceeding European thresholds).

Scenario 2 — A Public Hospital Establishment and Its Supplier Contracts

A hospital group of approximately 1,200 beds, subject to public procurement rules as a public health establishment (EPS), had to sign each year more than 400 amendments and purchase orders under framework agreements. The multiplicity of authorised signatories (Director of Procurement, Deputy Director, Administrative Attachés) and the obligation of HDS hosting made the selection of a solution complex.

By opting for a France-hosted and HDS-certified platform, compatible with qualified certificates issued by a TSP referenced by ANSSI, the establishment was able to electronically delegate signature rights via granular user profiles. The volume of printed documents fell by 85%, and the direct cost of paper archiving decreased by approximately €15,000 per year according to an internal estimate carried out 18 months after deployment.

Scenario 3 — A Technical Services Department of a Large City and Works Service Orders

A technical services department of a city with over 80,000 inhabitants managing a multi-year road rehabilitation programme had to issue on average 60 service orders per month to construction companies. Before dematerialisation, each service order involved printing, handwritten signature, scanning, and registered mail — amounting to an average cost of €8 per document and an unavoidable delay of 3 to 5 days.

The integration of an advanced electronic signature workflow directly into their business software enabled quasi-instantaneous issuance of service orders, with electronic acknowledgement of receipt signed by the company representative. The gain in actual work start-up time was estimated at 3 to 4 days per project, which, over 15 simultaneous projects on average, represents a significant operational impact on compliance with contractual schedules.

Conclusion

Electronic signature in the public sector is no longer a prospective topic: it is an operational obligation, governed by precise texts, subject to real legal risks in case of breach. Whether it concerns commitment acts in public procurement, deliberations transmitted for legality review, or work service orders, every dematerialised act engages the responsibility of the local authority or public entity that produces it.

Faced with eIDAS 2.0, NIS2, and the acceleration of the State's digital transformation programme, administrations that have not yet structured their compliance approach must act now. Certyneo offers a qualified electronic signature solution, hosted in France, compliant with ANSSI requirements, and integrable into your existing business tools.

Discover how Certyneo can support your administration towards full compliance: request a demonstration or consult our pricing and get ahead of the 2026 regulatory deadlines.