Signatory Customer Portal in the Public Sector: A Practical Guide

The dematerialization of administrative procedures is accelerating in French local authorities and administrations. Since the implementation of the "Action publique 2022" plan and obligations arising from the eIDAS regulation, public organizations must offer seamless, secure and enforceable digital pathways. At the heart of this system: the signatory customer portal, a dedicated portal allowing each user or partner to receive, consult, sign and archive official documents online. This article details the concrete steps to create such a portal in the public sector, the regulatory requirements to comply with, and best practices from the field.

Why the signatory customer portal has become strategic for the public sector

Regulatory context and user expectations

In France, Ordinance No. 2014-1330 of November 6, 2014, concerning users' right to contact the administration electronically, laid the groundwork for a dematerialization obligation. Since then, the ESSOC law (2018), the 3DS law (2022), and successive interministerial circulars have strengthened this momentum. According to the public dematerialization barometer published by DINUM in 2025, over 87% of first-level administrative procedures are now available online, but only 54% incorporate a legally valid electronic signature mechanism.

Users, for their part, no longer tolerate back-and-forth paper exchanges. An OpinionWay study from 2024 indicates that 72% of French citizens prefer to sign an administrative document online rather than travel, provided the system is simple and reassuring. The signatory customer portal responds exactly to this expectation by offering a single, secure and traceable access point for all dematerialized acts.

Differences from the private sector

Unlike the private sector, public organizations are subject to additional constraints: public procurement governed by the Public Procurement Code, deliberations subject to administrative review by the prefect, civil status acts governed by the Civil Code. The level of electronic signature required varies according to the nature of the document: a simple partnership agreement may be satisfied with an advanced electronic signature (AES), while a notarial deed or municipal council deliberation may in certain cases require a qualified signature (QES) as defined in Article 26 of the eIDAS regulation.

To choose the appropriate level for each type of act, consult our comprehensive electronic signature guide which details the three eIDAS levels and their conditions of use in the public sphere.

Steps to create a signatory customer portal in a local authority or administration

Step 1 — Map document flows and stakeholders

Before deploying any tool, it is imperative to conduct a flow mapping. This phase consists of identifying:

• Types of documents concerned (deliberations, public procurement, agreements, building permits, HR acts, etc.);
• Internal signatories (elected officials, managing directors, department heads) and external (service providers, associations, citizens, officials from other public entities);
• Annual volumes and contractual or regulatory deadlines associated with them;
• Existing information systems (business software like SEDIT, CIVIL NET, CIRIL, Berger-Levrault) with which the customer portal will need to interface.

This mapping makes it possible to define the functional scope of the platform and avoid duplicating tools already in place. It also determines the level of security and authentication to implement for each category of users.

Step 2 — Choose the technical solution adapted to public sector requirements

The choice of an electronic signature solution for the public sector responds to specific criteria that the private sector does not always impose with the same rigor:

1. Sovereign hosting: the organization's public data must be hosted in France or in the European Union, on infrastructures certified HDS (if health data) or SecNumCloud (if sensitive data). SecNumCloud qualification from ANSSI becomes a differentiating criterion since the Prime Minister's circular of July 5, 2021.
2. Interoperability: the solution must expose documented REST APIs compatible with RGI (General Interoperability Repository) and RGS (General Security Repository) frameworks.
3. RGAA accessibility: pursuant to Law No. 2005-102 of February 11, 2005 and its implementing decrees, public portals accessible to citizens must comply with the General Repository for Improving Accessibility (RGAA 4.1) at a minimum AA level.
4. eIDAS compliance: signature certificates must be issued by a qualified Trust Service Provider (TSP) listed on the European trust list (Trusted List) published by the European Commission.

To compare solutions available on the market according to these criteria, our comparative guide for electronic signature solutions provides an evaluation grid tailored to public purchasers.

Step 3 — Configure the signatory customer portal: authentication and user journey

The configuration of the signatory customer portal rests on three technical pillars:

Authentication of signatories: the public sector has a structural advantage with FranceConnect+, the national digital identity system managed by DINUM. FranceConnect+ allows substantial or high authentication under the eIDAS definition, making signed acts enforceable without ambiguity. For external service providers (companies, associations), reinforced email authentication (OTP) coupled with documentary identity verification may be sufficient for intermediate-level acts.

The signature journey must be designed to minimize friction: email or SMS notification, direct access to the document from the dedicated space, content visualization before signature, signature application in one or two clicks depending on the level required, and confirmation by timestamped certificate. Qualified timestamping (RFC 3161) guarantees document integrity and the certain date of signature, elements essential in case of dispute.

Management of delegations and validation circuits: in a local authority, an act often bears only a single final signature, but is preceded by an internal review circuit. The signatory customer portal must allow configuration of multi-step workflows (electronic workflow) with delegation rules compliant with the organization's signature delegation order.

Step 4 — Ensure conservation and evidentiary archiving

A signatory customer portal is not limited to signing: it must guarantee the evidentiary value of documents over time. The Heritage Code (Articles L. 211-1 et seq.) requires public organizations to observe specific conservation periods depending on the nature of acts (10 years for public procurement, unlimited for deliberations, etc.).

The NF Z 42-020 standard defines the requirements for an electronic archiving system with evidentiary value (SAE). The signatory customer portal must interface with the organization's SAE or natively offer a digital safe compliant with standards. Using a qualified third-party archiver allows externalization of this obligation while maintaining the traceability required by the CNIL and administrative courts.

Note that signed documents remain accessible to each signatory from their personal space, in accordance with access rights provided for by the GDPR and the FOIA.

Governance, training and change management in the public sector

Structure project governance

The deployment of a signatory customer portal is an organizational transformation project as much as a technical one. Governance must involve:

• The general management (DGS/DGA) for political sponsorship and validation of acts involved;
• The information systems department (DSI) for technical integration and security;
• The Data Protection Officer (DPO), mandatory in public organizations since Article 37 of the GDPR, to validate the impact assessment (DPIA);
• The legal department to map risks and validate the legal value of each category of dematerialized acts.

A quarterly steering committee, involving these stakeholders, allows adjustments to the deployment and prioritization of flows to be dematerialized based on observed operational gains.

Train agents and external signatories

The adoption of a signatory customer portal rests largely on the quality of change management. Public officials, accustomed to paper processes or heterogeneous tools, need short but targeted training: understanding the legal value of electronic signatures, knowing how to identify a forged document, mastering the signature circuit of their scope.

For external signatories (service provider companies, subsidized associations), a simple user guide accessible from the customer portal itself significantly reduces support requests. Modern platforms now integrate contextual tutorials and dynamic FAQs directly into the signature journey. The Certyneo Help Center offers, for example, educational resources adaptable to your internal communications.

Measure benefits and pilot by data

The return on investment of a signatory customer portal in the public sector is measured on several dimensions:

• Average signature time: dematerialization reduces the signature cycle on average from 7 to 14 days to less than 48 hours according to feedback from pioneering local authorities;
• Rate of lost or improperly archived documents: trend toward zero with an interfaced SAE;
• Direct costs: printing, postage, courier delays, reprocessing of non-compliant documents;
• Satisfaction of external signatories: measurable via an NPS integrated at the end of the signature journey.

These indicators feed the steering committee's dashboard and justify the gradual expansion of the dematerialized scope. To accurately estimate potential gains for your organization, our electronic signature ROI calculator allows a personalized projection in less than 5 minutes.

Legal framework applicable to the signatory customer portal in the public sector

The implementation of a signatory customer portal in a French local authority or administration falls within a dense legal corpus, structured at multiple levels.

The eIDAS Regulation No. 910/2014 of the European Parliament and the Council constitutes the European foundation. It distinguishes three levels of electronic signature (simple, advanced, qualified) and stipulates that only qualified signature benefits from a presumption of reliability equivalent to handwritten signature in all Member States. For sensitive public acts, resort to a qualified certificate issued by a Trust Service Provider (TSP) registered on the European Trusted List is imperative. The eIDAS Regulation 2.0 (EU Regulation 2024/1183), in force since May 2024, strengthens these requirements by introducing the European Digital Identity Wallet (EUDIW), whose integration into public portals must be operational by 2026-2027 according to the Commission's timeline.

The Civil Code, in Articles 1366 and 1367, sets the conditions for validity of electronic writing under French law: reliable identification of the author and guarantee of document integrity. These conditions are fulfilled by the cryptographic mechanisms of advanced and qualified signatures.

GDPR No. 2016/679 requires every organization processing personal data (name, email, FranceConnect identifier of signatories) to conduct a Data Protection Impact Assessment (DPIA) prior to the deployment of the customer portal, in accordance with Article 35 of the regulation. This obligation is reinforced for public organizations. The appointment of a DPO (Article 37) is mandatory for all public authorities.

The General Security Repository (RGS v2.0), published by ANSSI, sets the security levels required for State and local government teleservices. Signature platforms deployed in this context must be audited and, depending on the sensitivity level of the data, qualified or certified by ANSSI.

ETSI standards technically govern signature formats: ETSI EN 319 132 (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES for PDFs). The PAdES format is recommended for public documents due to its native readability in standard PDF viewers.

The NIS2 Directive (EU 2022/2555), transposed into French law by Law No. 2024-449 of May 21, 2024, extends cybersecurity obligations to essential and important entities, which include many public organizations (municipalities of over 30,000 inhabitants, departments, regions, health establishments). Signature platforms must be integrated into the organization's information systems security policy (PSSI) and be subject to incident reporting to ANSSI in case of breach.

Finally, the Public Procurement Code (Articles R. 2132-1 et seq.) makes dematerialization of public contracts mandatory above 40,000 € HT and requires electronic signature of commitment acts. Non-compliance with this obligation exposes the organization to a risk of nullification of acts and sanctions during prefectoral administrative review.

Use scenarios: the signatory customer portal in action in the public sector

Scenario 1 — An agglomeration community dematerializes its partnership agreements

An agglomeration community comprising about twenty municipalities manages over 350 partnership agreements annually with local associations, educational institutions and private service providers. Before the implementation of a signatory customer portal, each agreement required on average 18 days between internal validation and signature by both parties, with a document loss rate estimated at 4% (improperly archived documents or unsigned versions kept by mistake).

After deploying a signatory customer portal integrated with existing business information systems, the average signature time dropped to 3.5 days. Partner associations access their space via FranceConnect, receive an email notification as soon as a document is ready to sign, and find all their agreements archived in their personal space. The document loss rate has been zero since deployment. The estimated annual savings on printing, postage and administrative reprocessing costs exceed €15,000, not counting the time savings for staff.

Scenario 2 — A department dematerializes public procurement acts from its departments

A county council handling over 1,200 public contracts annually (all thresholds combined) faced signature delays incompatible with the operational constraints of its business departments. The paper circuit involved up to 7 internal participants (instruction, legal review, financial review, signature by the president or delegated vice-president) before transmission to the service provider.

The implementation of an electronic workflow integrated into the signatory customer portal made it possible to configure multi-step workflows with automatic delegations in case of absence. The average duration of the internal circuit fell from 11 days to 2.8 days. The department also observed a 60% reduction in phone follow-ups to departments to track signature progress. The customer portal offered to external service providers allows them to sign commitment acts directly from their interface, with a timestamp certificate automatically archived in the departmental SAE.

Scenario 3 — A public health facility secures HR acts of its practitioners

A hospital group of approximately 1,200 employees (including 180 practitioners) managed its engagement contracts, amendments and temporary recruitment acts by mail or required physical presence, creating delays incompatible with urgent recruitment needs (shift replacements, medical locum).

The signatory customer portal deployed for human resources now allows each practitioner or employee to receive, consult and sign their contract from a secure portal, accessible from any device. Authentication is based on FranceConnect+ for permanent employees and documentary identity verification for temporary staff. The average time to hire after oral agreement fell from 8 days (time for paper file processing) to less than 24 hours. The facility also reduced HR file completeness errors by 40% thanks to guided forms integrated into the signature journey, in accordance with recommendations from the public hospital service.

Conclusion

Creating a signatory customer portal in the public sector is no longer optional: it is a progressive regulatory obligation and a growing expectation of users and institutional partners alike. The approach rests on four inseparable pillars — flow mapping, choice of a sovereign and eIDAS-compliant solution, configuration of a seamless user journey, and evidentiary archiving — supported by solid governance and rigorous change management.

Local authorities and administrations that have taken this step observe measurable gains: signature times divided by five on average, reduced administrative costs and impeccable archiving quality. Certyneo supports public organizations at each step of this project, from initial audit to operational deployment.

Ready to take the step? Contact our Certyneo experts for a free audit of your document flows and a personalized demonstration tailored to the constraints of the public sector.