Electronic Signature in the Public Sector: 2026 Guide

The digital transformation of the French State has accelerated considerably in recent years, and electronic signature is one of its most structuring regulatory pillars. For public buyers, territorial authorities, and public service operators, the question is no longer whether to adopt electronic signature, but how to remain compliant with a rapidly evolving legal framework. Between obligations stemming from the eIDAS regulation, requirements of the Public Procurement Code, and new constraints from the NIS2 directive, administrations face a complex regulatory landscape. This article guides you step by step: required signature levels, scope of obligation, risks in case of non-compliance, and best practices for 2026.

Electronic signature in public procurement: a legal obligation since 2020

Since October 1, 2018, then reinforced by the Decree of April 12, 2018 relating to electronic signature in public procurement, the dematerialization of public procurement procedures has become the standard in France. For all contracts with an estimated value equal to or above the European threshold for formalized procedure — set at €221,000 HT for supplies and services of public entities and €5,538,000 HT for works in 2026 — the use of electronic signature is mandatory for commitment documents, service orders, and subcontracting acts.

The three eIDAS signature levels applicable

Regulation eIDAS No. 910/2014 establishes three levels of electronic signatures, two of which are relevant in public procurement:

• Simple Electronic Signature (SES): sufficient for routine exchanges, delivery confirmations, or certain internal notifications. It does not provide strong identity guarantee.
• Advanced Electronic Signature (AES): required for the majority of contractual acts in public procurement. It uniquely identifies the signatory, is linked to signed data, and detects any subsequent modification.
• Qualified Electronic Signature (QES): the highest level, legally equivalent to a handwritten signature under Article 1367 of the Civil Code. Mandatory for complex construction contracts, certain notarial acts, and documents with strong evidentiary value.

The Decree of April 12, 2018 specifies that commitment documents must be signed with at least an advanced electronic signature based on a qualified certificate (hereinafter "AES-QC"), which in practice approaches qualified level.

Dematerialization platforms (buyer profiles)

Since April 1, 2017, every public buyer must have a dematerialized buyer profile — procurement management platform such as ATEXO, e-Marchés, AWS Market, etc. — to publish consultations above the threshold of €40,000 HT. These profiles must natively integrate an electronic signature module compatible with qualified certificates issued by Trust Service Providers (TSPs) referenced on the French Trust List (LCR) published by ANSSI.

For more information on the general functioning of these mechanisms, consult our complete guide to electronic signature.

eIDAS 2.0 Compliance: What Changes for Administrations in 2026

The revision of the eIDAS regulation, known as eIDAS 2.0 (EU Regulation 2024/1183, which entered into force in May 2024), introduces several major developments that directly impact French public administrations.

The European Digital Identity Wallet (EUDI Wallet)

Article 5a of the revised eIDAS regulation requires Member States to offer a European Digital Identity Wallet (EUDI Wallet) to all citizens and legal entities by October 2026. For administrations, this means that online services must accept this wallet as a means of authentication and signature. ANSSI coordinates the French deployment in coordination with DINUM (Directorate of Digital Affairs), which leads the program via the National Agency for Territorial Coherence.

New trust attributes and interoperability

eIDAS 2.0 strengthens cross-border interoperability: a qualified signature affixed by a Belgian or German operator must be recognized without restriction by French platforms. For public buyers entering into contracts with European operators, this development simplifies procedures but requires verifying that the tools used support the new European Trust Lists. Our analysis of eIDAS 2.0 regulation details all these developments.

Cybersecurity obligations linked to NIS2

The NIS2 directive (transposed into French law by ordinance in March 2025) classifies territorial authorities with more than 30,000 inhabitants and essential public entities among important entities subject to enhanced security requirements. In practice, the electronic signature solution used must:

• Be hosted by a provider certified as HDS (Health Data Hosting) for health entities, or SecNumCloud for sensitive State data;
• Have complete and tamper-proof audit logs;
• Be subject to a documented business continuity plan (BCP).

Public Acts Subject to Electronic Signature Obligation

Beyond strict public procurement, electronic signature is progressively extending to a very broad scope of administrative acts.

Contractual documents and resolutions

• Public procurement acts: purchase orders, amendments, service orders, acceptance minutes;
• Resolutions of deliberative bodies: since Law No. 2019-1461 of December 27, 2019 (known as the "Commitment and Proximity Law"), municipalities may transmit their acts for legality review in electronic signed form via the @ctes portal of DGCL;
• Public service employment contracts: contracts for temporary civil service agents benefit from the presumption of validity of qualified electronic signature.

Tax and budgetary acts

The General Directorate of Public Finance (DGFiP) has required since 2022 the dematerialized transmission of budgetary documents to authorities with more than 3,500 inhabitants. Authorized officers may electronically sign revenue documents and payment orders integrated into accounting systems (Hélios, Chorus Pro).

Cerfa forms and civil status acts

The Public Services + program (formerly Action Publique 2022) targets complete digitization of the 250 most-used forms. Several Cerfa — particularly for urban planning permits (building permits, prior declarations) — now accept advanced electronic signature from applicants.

If you manage contractual flows in a public structure, our comparison of electronic signature solutions will help you identify the tool best suited to your regulatory constraints.

Choosing a compliant solution for the public sector: essential criteria

Faced with the multiplication of market offerings, public buyers must rely on objective criteria to select their electronic signature provider.

Certification and referencing

The solution must imperatively:

1. Be referenced on the ANSSI Trust List (French TSL) or rely on a certificate issued by a TSP (Trust Service Provider) itself qualified under eIDAS;
2. Comply with ETSI standards EN 319 132 (XAdES), EN 319 122 (CAdES), or EN 319 162 (PAdES) depending on the required document format;
3. Be compatible with buyer profiles referenced by DAJ (Directorate of Legal Affairs of the Ministry of Economy).

Hosting and data sovereignty

For public procurement data, classified as "Restricted Distribution" in some cases, hosting must be located in France or within the European Union with contractual guarantees against any access by non-European jurisdictions (Cloud Act reform). The SecNumCloud label of ANSSI constitutes the reference in terms of digital sovereignty.

Integration with administration's business tools

Authorities generally use specialized ERPs (CIVITAS, Berger-Levrault, JVS-Mairistem, etc.). The signature solution must offer a documented REST API allowing integration into these workflows without service interruption. An ROI calculator can help you quantify the expected productivity gains when deploying your project.

Traceability and archiving

The Heritage Code (Article L.213-1) imposes specific retention periods for public documents. The solution must guarantee archiving with evidentiary value (standard NF Z42-026) with qualified timestamping (RFC 3161) and complete audit trail exportable in case of litigation before the administrative court.

For structures considering migrating from an existing tool, our guide on migration from DocuSign or YouSign to Certyneo presents the key steps of a transition without service interruption.

Legal framework applicable to electronic signature in the public sector

Electronic signature in the public sector falls within a multi-level regulatory framework that must be mastered to ensure the legal validity of dematerialized acts.

Civil Code — Articles 1366 and 1367

Article 1366 of the Civil Code provides that "electronic writing has the same probative force as writing on paper medium, provided that the person from whom it emanates can be duly identified and that it is established and retained under conditions such as to guarantee its integrity." Article 1367 specifies that a qualified electronic signature within the meaning of eIDAS constitutes a presumption of reliability — thus reversing the burden of proof in favor of the signatory.

eIDAS Regulation No. 910/2014 and its 2024/1183 revision

The European eIDAS regulation establishes a uniform framework for trust services within the EU. Its Article 25 stipulates that a qualified electronic signature has the same legal value as a handwritten signature in all Member States. Annex I sets out the technical requirements for qualified certificates. The 2024 revision (eIDAS 2.0) adds the regulatory framework for the European Digital Identity Wallet.

Decree of April 12, 2018 relating to electronic signature in public procurement

This decree is the operational reference text for French public procurement. It requires advanced electronic signature with qualified certificate (complying with eIDAS Annex I) for commitment documents and specifies acceptable formats (PAdES, XAdES, CAdES).

Public Procurement Code — Articles R.2132-7 et seq.

Articles R.2132-7 to R.2132-14 of the Public Procurement Code govern the methods of electronic transmission of applications and bids, making electronic signature enforceable as long as it complies with the levels defined by the 2018 decree.

GDPR No. 2016/679

Personal data collected during the signature process (identity of signatory, IP address, timestamp) constitute personal data within the meaning of the GDPR. The public buyer acts as a data controller and must ensure that the signature provider complies with Articles 28 (data processor agreement) and 32 (data security). An information notice (Article 13) must be provided to signatories.

NIS2 Directive transposed into French law (March 2025 ordinance)

Essential and important public entities under NIS2 must report significant security incidents to ANSSI within 24 hours. A failure of the electronic signature system affecting the continuity of public procurement may constitute such an incident.

Legal risks in case of non-compliance

A commitment document signed with an insufficient level may be contested before the administrative judge for interim relief (Article L.551-1 of the Administrative Justice Code), resulting in suspension or even cancellation of the award procedure. Contractual penalties for delays attributable to a technical failure of the signature can reach 1/1000th of the HT amount per calendar day of delay under the applicable general conditions.

Use cases: electronic signature in daily practice in the public sector

Scenario 1 — A community of municipalities managing about a hundred contracts annually

A medium-sized intercommunality, grouping about twenty municipalities and managing approximately 120 public contracts per year (works, supplies, services), faced signature delays on paper reaching an average of 12 working days for a commitment document. Physical shuttling between technical departments, the procurement service, and the EPCI president generated recurring delays in procurement procedures, exposing the authority to litigation risks.

By deploying a qualified electronic signature solution integrated into its buyer profile, the authority reduced this timeline to less than 48 hours. The automatic traceability of initials and timestamps also made it possible to reduce by 70% the time devoted to building regulatory archival files (retention period: 10 years for contracts exceeding European thresholds).

Scenario 2 — A public hospital establishment and its supplier contracts

A hospital group of approximately 1,200 beds, subject to public procurement rules as a public health establishment (EPS), had to sign each year more than 400 amendments and purchase orders within the context of subsequent agreements to framework agreements. The multiplicity of authorized signers (head of purchasing, deputy director, administrative officers) and the obligation of HDS hosting made selecting a solution complex.

By opting for a platform hosted in France and certified HDS, compatible with qualified certificates issued by an ANSSI-referenced TSP, the establishment was able to electronically delegate signing rights via granular user profiles. The volume of printed documents fell by 85%, and the direct cost of paper archiving decreased by approximately €15,000 per year according to an internal estimate made 18 months after deployment.

Scenario 3 — A technical services directorate of a large city and work orders

A technical services directorate of a city of more than 80,000 inhabitants managing a multi-year road rehabilitation program had to issue on average 60 service orders per month to construction companies. Before dematerialization, each service order involved printing, handwritten signature, scanning, and registered mail delivery — an average cost of €8 per document and an incompressible delay of 3 to 5 days.

The integration of an advanced electronic signature workflow directly into their business software enabled near-instant issuance of service orders, with electronic delivery confirmation signed by the company representative. The gain in delay for actual project start was estimated between 3 and 4 days per site, which, over 15 concurrent sites on average, represents a significant operational impact on compliance with contractual schedules.

Conclusion

Electronic signature in the public sector is no longer a forward-looking issue: it is an operational obligation, governed by precise texts, with real legal risks in case of breach. Whether it's commitment documents in public procurement, resolutions transmitted for legality review, or work service orders, each dematerialized act engages the responsibility of the authority or public entity that produces it.

Faced with eIDAS 2.0, NIS2, and the acceleration of the State's digital transformation program, administrations that have not yet structured their compliance approach must act now. Certyneo offers a qualified electronic signature solution, hosted in France, compliant with ANSSI requirements, and integrable into your existing business tools.

Discover how Certyneo can support your administration toward complete compliance: request a demonstration or consult our pricing and get ahead of the 2026 regulatory deadlines.