Electronic Signature in the Public Sector: 2026 Guide

Electronic Signature in the Public Sector: 2026 Guide

The digital transformation of the French State has accelerated considerably in recent years, and electronic signature is one of its most structuring regulatory pillars. For public buyers, local authorities, and public service operators, the question is no longer whether to adopt electronic signature, but how to remain compliant with a rapidly evolving legal framework. Between the obligations arising from the eIDAS regulation, the requirements of the Public Procurement Code and the new constraints of the NIS2 directive, administrations face a complex normative landscape. This article guides you step by step: required signature levels, scope of obligation, risks in case of non-compliance, and best practices for 2026.

Electronic Signature in Public Procurement: A Legal Obligation Since 2020

Since 1 October 2018, then reinforced by the order of 12 April 2018 relating to electronic signature in public procurement, the dematerialization of public procurement procedures has become the standard in France. For all contracts with an estimated value equal to or exceeding the European threshold for formalized procedures — set at 221,000 € ex-VAT for supplies and services from local authorities and 5,538,000 € ex-VAT for works in 2026 — the use of electronic signature is mandatory for engagement documents, service orders, and subcontracting acts.

The Three eIDAS Signature Levels Applicable

Regulation eIDAS No. 910/2014 establishes three levels of electronic signatures, two of which are relevant in public procurement:

• Simple Electronic Signature (SES): sufficient for routine exchanges, acknowledgments of receipt, or certain internal notifications. It does not offer strong identity guarantees.
• Advanced Electronic Signature (AES): required for most contractual acts in public procurement. It uniquely identifies the signatory, is linked to signed data, and detects any subsequent modification.
• Qualified Electronic Signature (QES): the highest level, legally equivalent to a handwritten signature under Article 1367 of the Civil Code. Mandatory for complex construction contracts, certain notarized acts, and documents with high probative value.

The order of 12 April 2018 specifies that engagement documents must be signed with at least an advanced electronic signature based on a qualified certificate (hereinafter "AES-QC"), which in practice approaches the qualified level.

Dematerialization Platforms (Buyer Profiles)

Since 1 April 2017, every public buyer must have a dematerialized buyer profile — a procurement management platform such as ATEXO, e-Marchés, AWS Market, etc. — to publish consultations above the threshold of 40,000 € ex-VAT. These profiles must natively integrate an electronic signature module compatible with qualified certificates issued by trusted service providers (TSP) listed on the French Trust List (LCR) published by ANSSI.

To learn more about the general functioning of these mechanisms, consult our complete guide to electronic signature.

eIDAS 2.0 Compliance: What Changes for Administrations in 2026

The revision of the eIDAS regulation, called eIDAS 2.0 (EU Regulation 2024/1183, which entered into force in May 2024), introduces several major developments that directly impact French public administrations.

The European Digital Identity Wallet (EUDI Wallet)

Article 5a of the revised eIDAS regulation requires Member States to offer a European Digital Identity Wallet (EUDI Wallet) to all citizens and legal entities by October 2026. For administrations, this means that online services must accept this wallet as a means of authentication and signature. ANSSI coordinates the French rollout in coordination with DINUM (Interministerial Digital Directorate), which drives the program through the National Agency for Territorial Coherence.

New Trust Attributes and Interoperability

EIDAS 2.0 strengthens cross-border interoperability: a qualified signature affixed by a Belgian or German operator must be recognized without restriction by French platforms. For public buyers entering into contracts with European operators, this development simplifies procedures but requires verification that the tools used support the new European trust lists (EU Trusted Lists). Our analysis of eIDAS 2.0 regulation details all these developments.

Cybersecurity Obligations Related to NIS2

The NIS2 directive (transposed into French law by ordinance in March 2025) classifies local authorities with more than 30,000 inhabitants and essential public entities among important entities subject to enhanced security requirements. Concretely, the electronic signature solution used must:

• Be hosted by a certified provider of HDS (Health Data Hosting) for health entities, or SecNumCloud for sensitive state data;
• Have complete and unfalsifiable audit logs;
• Be the subject of documented business continuity plan (BCP).

Public Acts Covered by the Electronic Signature Obligation

Beyond public procurement proper, electronic signature is progressively extending to a very broad scope of administrative acts.

Contractual Documents and Resolutions

• Public procurement acts: purchase orders, amendments, service orders, reception minutes;
• Resolutions of deliberative bodies: since Law No. 2019-1461 of 27 December 2019 (the "Commitment and Proximity Law"), municipalities can transmit their acts for legality review in signed electronic form via the @ctes portal of the DGCL;
• Public sector employment contracts: contracts for temporary civil service employees benefit from the presumption of validity of qualified electronic signature.

Tax and Budget Acts

The Directorate General of Public Finance (DGFiP) has required since 2022 the dematerialized transmission of budget documents to authorities with more than 3,500 inhabitants. Payable agents can electronically sign revenue receipts and payment mandates integrated into accounting systems (Hélios, Chorus Pro).

Cerfa Forms and Civil Status Acts

The Public Services + program (formerly Public Action 2022) targets the full digitization of the 250 most commonly used forms. Several Cerfa — notably for urban planning authorizations (building permits, preliminary declarations) — now accept advanced electronic signature from applicants.

If you manage contractual flows in a public structure, our comparison of electronic signature solutions will help you identify the tool best suited to your regulatory constraints.

Choosing a Compliant Solution for the Public Sector: Essential Criteria

Faced with the multiplication of market offerings, public buyers must rely on objective criteria to select their electronic signature provider.

Certification and Listing

The solution must imperatively:

1. Be listed on ANSSI's trust list (French TSL) or rely on a certificate issued by a TSP (Trust Service Provider) itself qualified eIDAS;
2. Be compliant with ETSI standards EN 319 132 (XAdES), EN 319 122 (CAdES), or EN 319 162 (PAdES) depending on the required document format;
3. Be compatible with buyer profiles referenced by the DAJ (Legal Affairs Directorate of the Ministry of Economy).

Hosting and Data Sovereignty

For procurement data, classified "Restricted Distribution" in some cases, hosting must be located in France or within the European Union with contractual guarantees against access by extra-European jurisdictions (Cloud Act reform). The SecNumCloud label from ANSSI constitutes the reference in terms of digital sovereignty.

Integration with Administration's Business Tools

Local authorities generally use specialized ERPs (CIVITAS, Berger-Levrault, JVS-Mairistem, etc.). The signature solution must offer a documented REST API allowing integration into these workflows without service disruption. An ROI calculator can help you quantify the productivity gains expected when deploying your project.

Traceability and Archiving

The Heritage Code (Article L.213-1) imposes specific retention periods for public documents. The solution must guarantee archiving with probative value (standard NF Z42-026) with qualified time-stamping (RFC 3161) and complete audit trail exportable in case of litigation before the administrative court.

For structures considering migrating from an existing tool, our guide on migration from DocuSign or YouSign to Certyneo presents the key steps for a seamless transition.

Legal Framework Applicable to Electronic Signature in the Public Sector

Electronic signature in the public sector is part of a multi-level normative framework that must be understood to guarantee the legal validity of dematerialized acts.

Civil Code — Articles 1366 and 1367

Article 1366 of the Civil Code provides that "electronic writing has the same probative force as writing on paper, provided that the person from whom it originates can be duly identified and that it is established and kept under conditions such as to guarantee its integrity". Article 1367 specifies that a qualified electronic signature within the meaning of eIDAS constitutes a presumption of reliability — thus reversing the burden of proof in favor of the signatory.

eIDAS Regulation No. 910/2014 and Its 2024/1183 Revision

The eIDAS European regulation establishes a uniform framework for trust services within the EU. Its Article 25 stipulates that a qualified electronic signature has the same legal value as a handwritten signature in all Member States. Annex I sets technical requirements for qualified certificates. The 2024 revision (eIDAS 2.0) adds the regulatory framework for the European Digital Identity Wallet.

Order of 12 April 2018 Relating to Electronic Signature in Public Procurement

This order is the reference operational text for French public markets. It requires advanced electronic signature with qualified certificate (compliant with eIDAS Annex I) for engagement documents, and specifies acceptable formats (PAdES, XAdES, CAdES).

Public Procurement Code — Articles R.2132-7 et seq.

Articles R.2132-7 to R.2132-14 of the Public Procurement Code regulate the methods of electronic transmission of candidacies and offers, making electronic signature enforceable as long as it respects the levels defined by the 2018 order.

GDPR No. 2016/679

Personal data collected during the signature process (signer's identity, IP address, time-stamping) constitute personal data within the meaning of the GDPR. The public buyer acts as a data controller and must ensure that the signature provider complies with Articles 28 (data processor contract) and 32 (data security). An information notice (Article 13) must be provided to signatories.

NIS2 Directive Transposed into French Law (March 2025 Ordinance)

Essential and important public entities within the meaning of NIS2 must report significant security incidents to ANSSI within 24 hours. A failure of the electronic signature system affecting the continuity of public procurement may constitute such an incident.

Legal Risks in Case of Non-Compliance

An engagement document signed with insufficient level can be contested before the administrative emergency judge (Article L.551-1 of the Code of Administrative Justice), resulting in the suspension or even cancellation of the award procedure. Contractual penalties for delays attributable to a technical failure of the signature can reach 1/1000th of the ex-VAT amount per calendar day of delay according to the CCAG in force.

Usage Scenarios: Electronic Signature in Daily Public Sector Operations

Scenario 1 — A Intermunicipal Authority Managing About One Hundred Annual Contracts

A mid-sized intermunicipal authority, bringing together about twenty municipalities and managing approximately 120 public contracts per year (works, supplies, services), faced paper signature delays averaging 12 working days for an engagement document. Physical transfers between technical services, procurement services, and the EPCI president generated recurring delays in award procedures, exposing the authority to litigation risks.

By deploying a qualified electronic signature solution integrated with its buyer profile, the authority reduced this deadline to less than 48 hours. Automatic traceability of initials and time-stamps also allowed a 70% reduction in time spent on constituting regulatory archiving files (retention period: 10 years for contracts exceeding European thresholds).

Scenario 2 — A Public Hospital Establishment and Its Supplier Contracts

A hospital group of approximately 1,200 beds, subject to public procurement rules as a public health establishment (EPS), had to sign more than 400 amendments and purchase orders each year under framework agreements. The multiplicity of authorized signatories (procurement director, deputy director, administrative officers) and the requirement for HDS hosting made the selection of a solution complex.

By opting for a France-hosted platform certified HDS, compatible with qualified certificates issued by an ANSSI-referenced TSP, the establishment was able to electronically delegate signature rights via granular user profiles. The volume of printed documents fell 85%, and the direct paper archiving cost decreased by approximately 15,000 € per year according to an internal estimate made 18 months after deployment.

Scenario 3 — A Technical Services Department of a Large City and Service Orders for Works

A technical services department of a city with more than 80,000 inhabitants managing a multi-year road rehabilitation program had to issue an average of 60 service orders per month to construction companies. Before dematerialization, each service order involved printing, handwritten signature, scanning, and registered mail delivery — representing an average estimated cost of 8 € per document and an unavoidable delay of 3 to 5 days.

Integrating an advanced electronic signature workflow directly into their business software enabled near-instantaneous issuance of service orders, with electronic acknowledgment of receipt signed by the company representative. The gain in delay for effective start of works was estimated at 3 to 4 days per site, which, over 15 simultaneous sites on average, represents significant operational impact on compliance with contractual schedules.

Conclusion

Electronic signature in the public sector is no longer a prospective topic: it is an operational obligation, governed by specific texts, with real legal risks in case of failure. Whether engagement documents in public procurement, resolutions transmitted for legality review, or work service orders, each dematerialized document engages the responsibility of the local authority or public entity that produces it.

Faced with eIDAS 2.0, NIS2, and the acceleration of the French State's digital transformation program, administrations that have not yet structured their compliance approach must act now. Certyneo offers a qualified electronic signature solution, hosted in France, compliant with ANSSI requirements, and integrable into your existing business tools.

Discover how Certyneo can support your administration toward full compliance: request a demonstration or consult our pricing and get ahead of the 2026 regulatory deadlines.