In February 2023, the Austrian Parliament approved the legislation known as “HinsweisgerberInnenschutzgesetz” to transpose the EU Whistleblowing Directive into national law. This made Austria the 17th country to implement the EU Directive.
Like most other Member States, Austria was delayed in transposing the EU Directive. An initial draft bill was introduced to the National Council in December 2022 and then assigned to the Committee for Labour and Social Affairs.
After deliberations, the National Council finally passed the Whistleblower protection act on 1 February 2023 and referred it to the Federal Council for approval. The law entered into force at the end of March 2023.
In this article, Carsten Schönwald, Territory manager of DACH at Whistlelink, will explain the key details and aspects of the Whistleblower Protection Act (HSchG) in Austria.
The main purpose of the Whistleblower Act is to enable whistleblowers to report violations of law in a work-related context, and to protect them from retaliation.
The scope of the HSchG covers reports of violations in specific sectors (e.g., data protection, product safety, public procurement) and certain criminal offences (e.g., abuse of official authority or bribery). Despite suggestions, it was not further extended and suspicions of fraud or embezzlement as well as systematic violations of rights are not covered even though they are highly relevant.
There is, however, the option of including further subject areas in the law after the evaluation planned for 2026.
All companies (legal entities under private law) with 50 or more employees must set up internal reporting channels. Receipt and handling of information in whistleblower reports must be impartial and independent of instructions. The law in Austria outlines that companies must also inform their employees about the whistleblower protection system and the reporting procedure. Therefore, a policy for the whistleblower system must be created and fulfill legal requirements.
It must be possible to report in written and/or oral form as well as in person, at the whistleblower’s request. Receipt of the reports shall be documented and acknowledged within seven days. The report must be verified, and false information should obviously be rejected. The whistleblower shall be informed of follow-up measures.
In addition, the confidentiality of whistleblowers and the persons affected must be protected and compliance with the GDPR must be guaranteed. Whistleblowing systems must technically and organizationally be in accordance with article 25 of the GDPR.
Obliged companies and legal entities in the public sector were granted a period of 6 months (i.e., 25 August 2023) after the whistleblowing law entered into force in Austria, to implement internal reporting systems.
Organisations with 50 to 249 employees are granted an extended implementation period until 17 December 2023.
Preventing individuals from reporting, taking retaliatory measures against the whistleblower, or violating confidentiality may result in an administrative fine of up to EUR 20,000 per violation, or 40,000 for a repeated offense. Whistleblowers who knowingly make a false report may also be liable to a fine.
The Whistleblower Protection Act does not provide sanctions for not setting up an internal reporting channel. However, not having an internal report channel will put companies at a disadvantage, as employees may turn directly to external reporting offices run by public authorities.
The legislation sets forth that it is possible to submit an anonymous whistleblower report.
Although the EU Commission discourages the use of group-wide whistleblowing systems, the Austrian Whistleblower Act explicitly provides for the possibility of a central whistleblowing system for corporate groups. Third parties may also be entrusted with maintaining an internal reporting channel.
External reporting will be available for whistleblowers, for example at the Federal Office for Preventing and Combating Corruption or at the Financial Market Authority.
An external reporting office was set up in Vienna at the beginning of 2023. The external office is independent and open to all persons who have obtained information about violations in a work-related context.
The Federal Competition Authority (FCA) is also authorized as an external reporting office to receive and process information from whistleblowers that falls within its area of responsibility and, if necessary, to forward it to other competent authorities.
Whistlelink has delivered whistleblowing solutions to satisfied customers for more than 10 years. Our whistleblower service is available on your own website 24/7.
We offer 35+ languages in a customized, user-friendly digital whistleblower solution and store all data on servers within Europe, in accordance with GDPR. Start your free trial today!
Whistlelink values your privacy. We will only contact you about our solutions.
Tuesday | 10 AM EDT
HAPPY TO MEET YOU!
Whistlelink values your privacy. We will only contact you about our solutions.
HAPPY TO MEET YOU!
Whistlelink values your privacy. We will only contact you about our solutions.
You may unsubscribe at any time. For more info, please review our Privacy Policy
