
France
Legal with restrictions
Overview
Intro & Key Facts
Quick Summary
Practical Usage
Permitted Document Types
Restricted Document Types
Common Exclusions
Authentication Required
Restrictions
Restrictions in France
Generally Permitted
Time-limited signature windows.
Sequential signing order.
Mandatory field completion.
Document expiration dates.
IP-based access restrictions.
Password-protected envelope access.
SMS verification codes.
Attachment requirements.
May Require Special Handling or Exclusions
Restrictions that prevent signers from reviewing the complete document before signing.
Restrictions that obscure material terms.
Blanket prohibitions on retaining personal copies.
Requirements for specific hardware or paid software to complete signing.
Legal Requirements
France E-Signature Law Explained
Legal Frameworks
Regulatory Bodies
E-Sign Retention Min.
Retention Notes
Data, Privacy & Cross-Border
Data Privacy and Compliance France
Privacy Frameworks
GDPR (direct application as EU member state) + Loi Informatique et Libertés (French Data Protection Act, updated 2018)
Privacy Compliance Status
Firma.dev processes data as a processor under GDPR. Data Processing Agreement available. EU-only hosting (AWS Paris) ensures no international transfers for standard operations. CNIL registration not required for standard e-signature processing.
Privacy Notes
Collect only data necessary for signature validity (name, email, signature image, IP, timestamps). Inform signers of data processing via privacy notice. Define retention periods in your DPA. Respond to data subject requests within 30 days. Consider DPIA for high-volume or sensitive document processing.
Data Residency Required
Adequacy Decision
France is an EU member state, so GDPR adequacy decisions apply for outbound transfers. Current adequacy: Andorra, Argentina, Canada (commercial), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, South Korea, Switzerland, UK, Uruguay, and US (Data Privacy Framework participants only).
Cross-Border Transfer Allowed
Unrestricted within EU/EEA. For non-EU transfers: Standard Contractual Clauses, Binding Corporate Rules, or adequacy decisions required per GDPR Chapter V. EU-US Data Privacy Framework provides adequacy for US transfers.
Residency Notes
Standard commercial data: EU hosting sufficient. Health data (données de santé): requires HDS-certified hosting. Banking data: may require specific certifications. Public sector: may have France-only requirements. Firma.dev's AWS Paris (eu-west-3) region satisfies all standard commercial requirements.
Privacy Retention Maximum
GDPR storage limitation principle: retain personal data only as long as necessary for the purpose. For e-signatures, this typically means the contract validity period plus statutory retention requirements plus limitation period for potential disputes. Delete or anonymize after.
Industry Compatibilty
E-Signatures by Industry in France
Fully Supported Industries
General Commercial
SaaS Software
HR Tech Employment
Education/Edtech
Construction
Supported with Agreement
Healthcare
Life Sciences/Pharma
Insurance
Financial Services/Fintech
Legal Tech
Real Estate Tech
Should Consult Counsel
Government
Industry Matrix Notes
Most B2B commercial use cases work with SES/AES. Healthcare and financial services may need additional compliance measures (HDS certification, PVID identity verification). Government contracts require QES, which is outside Firma.dev's current scope. Real estate transactions involving notarization also require QES.
General Commercial
Standard B2B contracts, vendor agreements, NDAs, purchase orders, invoices, and service agreements all work with SES/AES under French commercial law. Article L.110-3 of the Commercial Code allows proof by any means in commercial matters, making electronic signatures fully valid between businesses. No special requirements beyond reliable signer identification.
SaaS Software
SaaS companies can use SES/AES for all B2B contracts in France: software licenses, subscription agreements, API terms of service, MSAs, and DPAs. Freedom of form under French commercial law means electronic signatures are fully valid. Firma.dev's API-first approach fits naturally into software onboarding flows.
Healthcare
Healthcare organizations can use SES/AES for most administrative documents, but HDS (Hébergeur de Données de Santé) certification is required for hosting health data. AES or QES recommended for patient consent forms. Firma.dev's EU hosting (AWS Paris) supports HDS-compliant workflows when paired with certified infrastructure.
Life Sciences/Pharma
Clinical trial agreements, CRO contracts, and research collaborations work with SES/AES. Documents requiring GxP compliance may need enhanced audit trails. ANSM (Agence nationale de sécurité du médicament) regulated submissions may have specific electronic signature requirements. Quality agreements between manufacturers should specify signature standards.
Insurance
Standard policies work with SES/AES, certain regulated products may need enhanced verification.
Financial Services/Fintech
Financial services contracts generally work with SES/AES under French commercial law. High security standards apply for customer-facing documents, and AML/CFT compliance may require PVID-certified identity verification for certain transactions. Most B2B fintech agreements work seamlessly with Firma.dev.
HR Tech Employment
Employment contracts, offer letters, NDAs, and HR policy acknowledgments all work with SES/AES under French labor law. No special signature requirements for standard employment documentation. Retention: keep employment contracts for 5 years after termination.
Legal Tech
Law firms may need QES for specific filings.
Real Estate Tech
Residential and commercial lease agreements can be signed with SES/AES. Property conveyances requiring notarization must use QES. Firma.dev works well for lease agreements, property management contracts, and related B2B documents.
Education Tech
Administrative documents and enrollment agreements work with SES/AES.
Construction Tech
Construction contracts, subcontractor agreements, change orders, and project documentation work with SES/AES. Public works contracts (marchés publics) require QES. Retain signed documents for 10 years per construction liability periods (garantie décennale). Consider timestamping for dispute resolution.
Government
Public procurement contracts require QES or AES with qualified certificate per the March 2019 Decree. This is outside Firma.dev's current scope (SES/AES only). Government contractors should use ANSSI-certified QTSPs for public sector work.
How we works
How We Works on France
Firma.dev Supports
Firma.dev supports SES and AES workflows, covering the vast majority of B2B commercial use cases in France.
Firma.dev supports SES and AES workflows, covering the vast majority of B2B commercial use cases in France. The platform provides:
Signer identification: Email-based authentication with optional SMS verification
Tamper-evident documents: Cryptographic sealing ensures any modification after signing is detectable
Complete audit trails: Every action is timestamped and logged
EU data residency: All data hosted in AWS Paris
For B2B software agreements, SaaS subscriptions, employment contracts, NDAs, and vendor agreements, Firma.dev's signature level meets French legal requirements.
Firma.dev's API-first design means you can embed signing directly into your application. French companies using Customer Workspaces get isolated environments for each customer, with templates and envelope usage tracked separately.
Legal Details
France's e-signature framework combines EU regulation with national civil code provisions. The eIDAS Regulation (No. 910/2014) provides the overarching structure, establishing three signature levels and ensuring cross-border recognition throughout the EU.
The French Civil Code, specifically Articles 1366-1367, defines electronic signatures domestically. Article 1367 is particularly important: it grants only Qualified Electronic Signatures the presumption of reliability. QES is automatically assumed valid unless the challenging party proves otherwise. SES and AES don't get this presumption, but they remain fully admissible in court if the relying party can demonstrate the signature process was reliable.
Decree No. 2017-1416 specifies technical requirements for a signature to be considered reliable, linking back to eIDAS definitions. For commercial contracts between businesses, Article L.110-3 of the Commercial Code allows proof "by any means," which strengthens the position of SES/AES in B2B disputes.
Signature Types Recognized
Simple Electronic Signature (SES): Any data in electronic form attached to or logically associated with other data, used by a signatory to sign. Valid for most commercial contracts.
Advanced Electronic Signature (AES): Must be uniquely linked to the signatory, capable of identifying them, created using data under their sole control, and linked to the signed data so any change is detectable. Firma.dev's standard signing flow meets AES requirements.
Qualified Electronic Signature (QES): An AES created by a Qualified Signature Creation Device using a qualified certificate from an ANSSI-certified QTSP. Required for public procurement, notarial deeds, and certain regulated filings.
Recent developments
E-Signature Landscape in France: 2026
March 2024 Court of Cassation Ruling: The Court ruled (n° 22-16.487) that scanned signatures do not constitute reliable electronic signatures. This decision clarified that digitizing a handwritten signature doesn't meet Article 1367 requirements. Businesses should use proper e-signature solutions with authentication and audit trails.
eIDAS 2.0 Implementation: Regulation 2024/1183 entered into force in May 2024, introducing the EU Digital Identity Wallet. By 2026, French citizens will be able to create QES directly from government-issued digital wallets. Existing SES/AES methods remain fully valid.
Sources
1. eIDAS Regulation (EU) No 910/2014: https://eur-lex.europa.eu/eli/reg/2014/910/oj/eng
eIDAS 2.0 (Regulation 2024/1183): https://ec.europa.eu/digital-building-blocks/sites/spaces/EUDIGITALIDENTITYWALLET/pages/915931811/The+European+Digital+Identity+Regulation
French Civil Code Art. 1366-1367 (Legifrance): https://www.legifrance.gouv.fr/codes/article_lc/LEGIARTI000032042176
Decree No. 2017-1416 on electronic signatures: https://www.legifrance.gouv.fr/jorf/id/JORFTEXT000035720269
Court of Cassation, March 13, 2024 (n° 22-16.487): https://en.irenard-avocat.com/articles/scanned-signature-is-a-dubious-practice
Art. L.110-3 Commercial Code (proof by any means): https://www.legifrance.gouv.fr/codes/article_lc/LEGIARTI000006219131
OneSpan France legality guide: https://www.onespan.com/resources/esignature-legality/france
DocuSign France legality guide: https://www.docusign.com/products/electronic-signature/legality/france
CMS Expert Guide (France): https://cms.law/en/int/expert-guides/cms-expert-guide-to-e-signatures-in-commercial-contracts/france
ANSSI Trusted List: https://www.ssi.gouv.fr/
CNIL: https://www.cnil.fr/en


