France
Legal with restrictions
Last updated on Feb 18, 2026
Overview
Intro & Key Facts
Quick Summary
Practical Usage
Permitted Document Types
Restricted Document Types
Common Exclusions
Authentication Required
Restrictions
Restrictions in France
Generally Permitted
Commercial contracts and MSAs
Employment contracts and offer letters
NDAs and confidentiality agreements
Software licenses and SaaS subscriptions
Lease agreements (residential and commercial)
Insurance and banking documents
May Require Special Handling or Exclusions
Wills and codicils
Notarial deeds (actes notariés)
Family law documents
Personal suretyships by non-professionals
Commercial instruments (promissory notes)
Public procurement (requires QES)
Legal Requirements
France E-Signature Law Explained
Legal Frameworks
Regulatory Bodies
E-Sign Retention Min.
Retention Notes
Data, Privacy & Cross-Border
Data Privacy and Compliance France
Privacy Frameworks
GDPR (direct application as EU member state) + Loi Informatique et Libertés (French Data Protection Act, updated 2018)
Privacy Compliance Status
Compliant via EU Hosting
Privacy Notes
GDPR applies directly. CNIL oversees enforcement. For e-signature purposes: obtain consent, minimize data collection, define retention periods, ensure appropriate security measures.
Data Residency Required
Adequacy Decision
Cross-Border Transfer Allowed
Yes
Residency Notes
No general data residency requirement for commercial data. Health data requires HDS certification. Public archives must be retained in France. EU hosting satisfies all standard commercial requirements.
Privacy Retention Maximum
Minimization principle applies - delete when no longer necessary
Industry Compatibilty
E-Signatures by Industry in France
Fully Supported Industries
General Commercial
SaaS Software
HR Tech Employment
Education/Edtech
Construction
Supported with Agreement
Healthcare
Life Sciences/Pharma
Insurance
Financial Services/Fintech
Legal Tech
Real Estate Tech
Should Consult Counsel
Government
Industry Matrix Notes
Most B2B commercial use cases work with SES/AES. Healthcare and financial services may need additional compliance measures (HDS certification, PVID identity verification). Government contracts require QES, which is outside [Firma.dev](http://Firma.dev)'s current scope. Real estate transactions involving notarization also require QES.
General Commercial
Healthcare organizations can use SES/AES for most administrative documents, but HDS (Hébergeur de Données de Santé) certification is required for hosting health data. AES or QES recommended for patient consent forms. Firma.dev's EU hosting (AWS Paris) supports HDS-compliant workflows when paired with certified infrastructure.
SaaS Software
Financial services contracts generally work with SES/AES under French commercial law. High security standards apply for customer-facing documents, and AML/CFT compliance may require PVID-certified identity verification for certain transactions. Most B2B fintech agreements work seamlessly with Firma.dev.
Healthcare
Residential and commercial lease agreements can be signed with SES/AES. Property conveyances requiring notarization must use QES. Firma.dev works well for lease agreements, property management contracts, and related B2B documents.
Life Sciences/Pharma
Employment contracts, offer letters, NDAs, and HR policy acknowledgments all work with SES/AES under French labor law. No special signature requirements for standard employment documentation. Retention: keep employment contracts for 5 years after termination.
Insurance
Public procurement contracts require QES or AES with qualified certificate per the March 2019 Decree. This is outside Firma.dev's current scope (SES/AES only). Government contractors should use ANSSI-certified QTSPs for public sector work.
Financial Services/Fintech
SaaS companies can use SES/AES for all B2B contracts in France: software licenses, subscription agreements, API terms of service, MSAs, and DPAs. Freedom of form under French commercial law means electronic signatures are fully valid. Firma.dev's API-first approach fits naturally into software onboarding flows.
HR Tech Employment
Insurance: Standard policies work with SES/AES, certain regulated products may need enhanced verification. Legal services: Law firms may need QES for specific filings. Education: Administrative documents and enrollment agreements work with SES/AES.
How we works
How We Works on France
Firma.dev Supports
Firma.dev supports SES and AES workflows with EU data residency (AWS Paris), complete audit trails, and tamper-evident documents. Covers virtually all B2B commercial use cases in France.
Firma.dev supports SES and AES workflows, covering the vast majority of B2B commercial use cases in France. The platform provides:
Signer identification: Email-based authentication with optional SMS verification
Tamper-evident documents: Cryptographic sealing ensures any modification after signing is detectable
Complete audit trails: Every action is timestamped and logged
EU data residency: All data hosted in AWS Paris
For B2B software agreements, SaaS subscriptions, employment contracts, NDAs, and vendor agreements, Firma.dev's signature level meets French legal requirements.
Firma.dev's API-first design means you can embed signing directly into your application. French companies using Customer Workspaces get isolated environments for each customer, with templates and envelope usage tracked separately.
Legal Details
France's e-signature framework combines EU regulation with national civil code provisions. The eIDAS Regulation (No. 910/2014) provides the overarching structure, establishing three signature levels and ensuring cross-border recognition throughout the EU.
The French Civil Code, specifically Articles 1366-1367, defines electronic signatures domestically. Article 1367 is particularly important: it grants only Qualified Electronic Signatures the presumption of reliability. QES is automatically assumed valid unless the challenging party proves otherwise. SES and AES don't get this presumption, but they remain fully admissible in court if the relying party can demonstrate the signature process was reliable.
Decree No. 2017-1416 specifies technical requirements for a signature to be considered reliable, linking back to eIDAS definitions. For commercial contracts between businesses, Article L.110-3 of the Commercial Code allows proof "by any means," which strengthens the position of SES/AES in B2B disputes.
Signature Types Recognized
Simple Electronic Signature (SES): Any data in electronic form attached to or logically associated with other data, used by a signatory to sign. Valid for most commercial contracts.
Advanced Electronic Signature (AES): Must be uniquely linked to the signatory, capable of identifying them, created using data under their sole control, and linked to the signed data so any change is detectable. Firma.dev's standard signing flow meets AES requirements.
Qualified Electronic Signature (QES): An AES created by a Qualified Signature Creation Device using a qualified certificate from an ANSSI-certified QTSP. Required for public procurement, notarial deeds, and certain regulated filings.
Recent developments
E-Signature Landscape in France: 2026
March 2024 Court of Cassation Ruling: The Court ruled (n° 22-16.487) that scanned signatures do not constitute reliable electronic signatures. This decision clarified that digitizing a handwritten signature doesn't meet Article 1367 requirements. Businesses should use proper e-signature solutions with authentication and audit trails.
eIDAS 2.0 Implementation: Regulation 2024/1183 entered into force in May 2024, introducing the EU Digital Identity Wallet. By 2026, French citizens will be able to create QES directly from government-issued digital wallets. Existing SES/AES methods remain fully valid.
