EU WHISTLEBLOWER PROTECTION DIRECTIVE

New law has been passed to establish EU-wide rules that will protect whistleblowers who report breaches of EU law.

The new law will establish safe channels for reporting both within an organisation and to public authorities. It will also protect whistleblowers against dismissal, demotion and other forms of retaliation and require national authorities to inform citizens and provide training for public authorities on how to deal with whistleblowers.

The EU Whistleblower Protection Directive will introduce sanctions on retaliation against whistleblowers. The new law protects whistleblowers from liability related to reporting breaches of law in accordance with the Directive.

The EU Whistleblower Protection Directive includes a wide array of European Union law that whistleblowers may report on including anti-money laundering and corporate taxation, data protection, protection of the Union’s financial interests, food and product safety and environmental protection and nuclear safety. Member States are free to extend these rules to other areas. The Commission encourages them to establish comprehensive frameworks for whistleblower protection based on the same principles.”

The new EU Whistleblower Protection Directive requires the following types of organisation to establish secure reporting channels:

• Private legal entities with 50 or more employees. However, provisions have been introduced to ease the burden on SMEs.
• Private legal entities operating in the area of financial services, products and markets.
• Private legal entities vulnerable to money laundering or terrorist financing.
• Entities governed by public law, with possible exceptions for municipalities with less than 10,000 residents or 50 employees.

Regarding internal whistleblowing and follow-up, the new EU Whistleblower Protection Directive states that the following elements should be included:

1. Channels for receiving the reports, which are designed, set up and operated in a secure manner that ensure the confidentiality of the identity of the whistleblower and any third party mentioned in the report, and prevent access to non-authorised staff members. Such channels must allow for reporting in writing and/or orally, through telephone lines or other voice messaging systems, and upon request of the whistleblower, by means of a physical meeting within a reasonable timeframe.
2. An acknowledgment of receipt of the report to the whistleblower within no more than seven days of receipt.
3. The designation of an impartial person or department for following up on the reports, and maintaining communication, asking for further information and providing feedback to the whistleblower.
4. Diligent follow-up of the report by the designated person or department.
5. Diligent follow-up of anonymous reporting where provided for in national law.
6. A reasonable timeframe for providing feedback to the whistleblower about the report follow-up, not exceeding three months from the acknowledgment of receipt.
7. Clear and easily accessible information regarding the conditions and procedures for reporting externally to competent authorities.

Regarding external whistleblowing the new EU Whistleblower Protection Directive states that public authorities must establish independent and autonomous external reporting channels for receiving and handling information provided by the whistleblower. This means that such channels need to be designed, set up and operated in a manner that ensures the completeness, integrity and confidentiality of the information and prevents access to non-authorised staff members of the competent authority. Channels must enable the storage of durable information to allow for further investigations.

Compliance: The deadline for complying is April 2021. Member States must be ready to comply with the new EU Whistleblower Protection Directive no later than two years after adoption. With regard to legal entities with more than 50 and less than 250 employees, Member States have another two years after transposition to comply.

Penalties: The EU Whistleblower Protection Directive requires that penalties be imposed against those who attempt to hinder reporting, retaliate against whistleblowers, attempt to bring proceedings or who reveal the identity of the whistleblower. Any threats or attempts to retaliate against whistleblowers are also prohibited. While the new EU Whistleblower Protection Directive states that Member States are to encourage whistleblowers to use internal reporting channels first, the Directive acknowledges the necessity to allow the whistleblower to be able to choose the most appropriate channel, depending on the individual circumstances of the case. This means that the whistleblower may report internally or externally to competent authorities, and as a last resort, whistleblowers may make a public disclosure including to the media.

Wide range of stakeholders protected : The new EU Whistleblower Protection Directive applies to those working in the private or public sector who acquire information on breaches in a work-related context.

Anonymous and confidential reporting: The new EU Whistleblower Protection Directive does not affect the power of Member States to decide whether private or public entities and competent authorities need to accept and follow up on anonymous reports of breaches.

Legal support to be made available to whistleblower: The new EU Whistleblower Protection Directive summarises various support measures for whistleblowers.