The EU Whistleblower Directive Local Law Adoption

The EU Whistleblower Directive, officially known as Directive (EU) 2019/1937, represents a significant step in protecting individuals who report breaches of Union law. Enacted on 23 October 2019, it sets a unified standard for whistleblower protection across EU Member States, aiming to encourage more individuals to report misconduct without fear of retaliation.

The Directive was required to be transposed into local law of member states. This is now almost complete with 25 out of 27 member states having adopted it – exceptions make Estonia and Poland, which are delayed.

Scope and Impact

The directive impacts a broad range of sectors and individuals, requiring both public and private organizations with 50 or more employees to establish secure reporting channels.

The directive requires organizations to follow up on reports and prohibits any form of retaliation against whistleblowers. Additionally, it requires Member States to designate competent authorities to receive and investigate reports of breaches.

Penalties for Non-compliance

Each country adopted a set of penalties for non-compliance with the Directive. Below are some examples:

• Spain:
  • Monetary sanctions:
    • Entities can face fines ranging from EUR 100000 to EUR 1 million for failing to implement internal reporting channels or for not complying with the requirements of the law.
  • Non-monetary sanctions: In addition to financial penalties, entities may also face non-monetary sanctions such as:
    • Public reprimand: A formal statement of disapproval which can damage the reputation of the entity.
    • Prohibition to obtain subsidies or tax benefits: This can last for a maximum of four months and can significantly impact the financial operations of the entity.
    • Temporary suspension of administrative authorization to operate: This can affect the entity’s ability to conduct business legally within Spain.
• Belgium
  • Monetary Sanctions
    • Failure to comply with the provisions of establishing an internal reporting channel is punishable by a Level 4 sanction in the Social Penal Code, which could be a prison sentence of six months to three years and a criminal fine of EUR 600 to EUR 6000, or either one of those penalties alone.
    • Alternatively, an administrative fine of EUR 300 to EUR 3000 may be imposed
  • Non-Monetary Sanctions:
    • Retaliation against protected persons is criminally sanctioned, which includes protection against actions such as suspension, dismissal, negative performance assessment, withholding of training, change of employment conditions, disciplinary sanctions, etc.
• Czech Republic
  • EUR 2100 for false reporting
  • EUR 4200 for persons responsible for handling reports, breaching their duties
  • EUR 42000 for obliged entities subject to the Whistleblowing Act for non-compliance with the law
• Ireland
  • EUR 5000 and/or imprisonment for up to 12 months on summary conviction
  • EUR 250000 and/or imprisonment for up to two years for conviction on indictment. 

What Does Compliance Look Like

To be compliant with the EU Whistleblower Directive, an organization should:

• Implement secure and confidential reporting channels, accessible in writing and orally.
• Acknowledge receipt of reports within seven days.
• Provide feedback to the whistleblower within three months.
• Designate an impartial person or department to follow up on reports.
• Keep records of all reports, ensuring confidentiality and data protection.
• Offer clear information on internal and external reporting procedures.
• Ensure protection against retaliation for whistleblowers.
• Regularly review and update whistleblowing policies and procedures.

Technology Solutions

Several software solutions exist to help organizations comply with the EU Whistleblower Directive, each offering various features tailored to the Directive’s requirements. Some of these tools include:

• Ethics and Compliance Management Platforms: Comprehensive platforms like NAVEX Global’s EthicsPoint and Convercent by OneTrust provide a suite of tools for ethics and compliance management, including whistleblower reporting channels, case management, and analytics.
• Dedicated Whistleblowing Systems: Tools such as WhistleB and Vault Platform specialize in whistleblowing systems that prioritize anonymity and security, offering features like encrypted messaging, anonymous dialogue with whistleblowers, and robust data protection.
• Internal Reporting Software: Solutions like SpeakUp by People Intouch and MySafeWorkplace offer internal reporting mechanisms that enable employees to report concerns securely and anonymously, with features for managing and investigating reports.
• Open-Source Solutions: Organizations looking for customizable or cost-effective options might consider open-source whistleblowing software like GlobaLeaks, which allows for the creation of secure and anonymous whistleblowing platforms.

Outsourcing The Technological Components

While the ultimate accountability for compliance, including the implementation and management of whistleblowing systems remains with the organization itself, the deployment of tools used within this process and their maintenance can be outsourced to an external vendor.

We help Small and Medium Size Enterprises deploy and maintain Whistleblower solutions and also partner with local legal experts to adapt the solution to your specific requirements depending on your location.