After a delay of one and a half years, the Czech Republic recently passed a Whistleblower Protection Act to enhance the reporting of unlawful conduct and protect public interests within organisations. To gain insights into the key aspects of this new legislation, we spoke with Petr Kubíček, Territory Manager at Whistlelink. In this article, we will explore the legislative process, scope of the law, deadlines, sanctions, anonymous reporting, and other crucial details outlined in the Czech Whistleblowing Law.
After almost five months of deliberations, the Chamber of Deputies approved the Whistleblower Protection Act on 21 April 2023. The only amendment to the government’s proposal was an extension of the material scope of the bill to include misdemeanors with fines of at least CZK 100,000.
The bill was then sent to the Senate for review and potential amendments. On the last day of the 30-day period, the Senate technically approved the bill by not voting for or against it, thus passing it without amendments.
The new whistleblowing law was delivered to the President and signed on 7 June 2023. The legislative process was finished by publication in the official collection of laws. The law will come into effect on 1 August 2023.
The new law will apply to all employers with more than 50 employees, public institutions, and selected entities regulated by Anti-Money Laundering (AML) regulations. Municipalities with over 10,000 inhabitants, tax authorities, and companies registered with the Czech National Bank as financial institutions and insurers are also obligated to comply with the law.
It is worth noting that companies with up to 249 employees can share their internal reporting system with another company, while larger entities must establish their own system. The use of a group-wide reporting system is not justified under Czech law.
Obliged entities will be required to implement an internal reporting system and designate a qualified whistleblowing officer. The individual will be personally responsible for fulfilling the Czech whistleblowing law and security breaches by fines up to 100 000 CZK.
In the internal reporting system, it must be possible to submit reports both in writing and orally, as well as in person at the request of the reporting person.
To ensure compliance, organisations must publish information about their reporting system, including ways of reporting and contact details of dedicated people responsible for receiving and addressing reports. As companies may opt for excluding reports from any person who does not perform work or similar activities for them, they must also indicate whether or not external reports are accepted in the reporting channel.
Entities receiving whistleblower reports must consistently protect whistleblowers from retaliation and maintain the confidentiality of their identities.
Organisations with 250 or more employees must be compliant with the law from the first day of its entry into law, or 1 August 2023.
Smaller organisations (with 50 to 249 employees) have until 15.12.2023.
Organisations must confirm receipt of the whistleblower report in writing within 7 days. Reports are to be assessed within specified timelines – 30 days in most cases, but for complex cases this may be delayed to a maximum of 90 days.
The law introduces strict penalties for violations of whistleblowing obligations. Failure to comply may result in fines of up to CZK 1 million for obligated entities, while whistleblowing officers can be fined up to CZK 100,000. Obstructing the whistleblower from reporting or exposing him/her to retaliation is also punishable by a fine of up to CZK 1 million. Additionally, whistleblowers who suffer harm as a result of reporting may be entitled to claim compensation for non-pecuniary damages from the offending organisation.
Reports must contain info on the reporting person (including date of birth) and anonymous whistleblowers are only protected once their identity is revealed. While the law does not mandate the acceptance and investigation of anonymous reports, it allows each organisation to decide whether or not to address anonymous reports.
If necessary, organisations are also required to propose corrective action and inform the whistleblower of the outcome in writing. Any disclosure to public authorities must be accompanied by valid reasons (given in advance). Electronic records must be maintained, documenting the date of reporting, identity of the reporter, content of the report, and closure details. All data must be stored for 5 years after the report.
A public reporting channel established by the Ministry of Justice has already been implemented and can be used by any whistleblower who does not have access to any internal, corporate reporting channels or feel that his internal report was not processed correctly.
Would you like to discuss a safe and secure whistleblowing solution for your organisation? Please book a free demo!
Whistlelink values your privacy. We will only contact you about our solutions.
Tuesday | 10 AM EDT
HAPPY TO MEET YOU!
Whistlelink values your privacy. We will only contact you about our solutions.
HAPPY TO MEET YOU!
Whistlelink values your privacy. We will only contact you about our solutions.
You may unsubscribe at any time. For more info, please review our Privacy Policy
