The EU Whistleblowing Directive came into effect on 17th December 2021. It requires all EU member states to transpose the Directive into national law. So what does this new whistleblower law mean to you?
The purpose of the EU Whistleblower Directive is to create a more uniform protection for individuals who disclose information they receive in a work-related context regarding violations of EU law. These areas include: Public procurement, financial services, prevention of money laundering, product safety, transport safety, environmental protection, nuclear safety, public health, food safety, consumer protection and the protection of personal data.
Based on the Directive, the EU wants member states to adopt a law that provides protection for the whistleblower from retaliation.
It aims to do this by making organisations establish whistleblowing systems.
Companies, organisations and government authorities operating in the EU with 50+ employees and municipalities with over 10,000 inhabitants. It also applies to companies of any size who provide financial services or are at risk of money laundering.
When national whistleblower laws come into effect, they may go beyond the requirements set out in the Directive. For instance, the Czech Republic is suggesting the rules will apply to companies with as few as 25 employees and Sweden is including municipalities with less than 10,000 inhabitants.
The legislation goes beyond just covering existing employees. It also includes former employees, contractors, shareholders, volunteers, trainees, jobseekers, and persons belonging to a company’s administrative, management or supervisory body. Individuals who assist, or are connected to a whistleblower, are also covered by the protection.
Whistleblowers will be protected if they believe that, at the time of the report, there was reason to believe that the information about the misconduct was true, and it applies to violations of EU law.
A key requirement of the Directive is for organisations (who meet the criteria mentioned above) to set up secure internal reporting channels.
These reporting channels must
Organisations must also acknowledge receipt of a report within seven days and feedback to the reporting person within three months.
See how to Get Compliant with new whistleblower law.
The Directive doesn’t specify penalties, but it does require member states’ whistleblower laws to penalise against those who prevent disclosures, break confidentiality, or retaliate against whistleblowers.
Sweden’s new law for whistleblowing says “if the employer violates the prohibition against obstructive measures or retaliation, it may have to pay damages for losses incurred and for the violation that occurs.”
Also interesting to note is that some draft bills, such as in France and Poland, suggest proposing heavy sanctions, like imprisonment, if an organisation breaches the new law.
As mentioned earlier the EU whistleblowing Directive came into force on 17 December 2021. This was the deadline for member states to transpose the law.
Only Denmark and Sweden met this deadline and they do not require organisations to have reporting channels set-up yet. In Sweden, organisations with 250 or more employees have until 17 July 2022 to do this.
The EU Directive requires organisations with 50 to 249 employees to have a reporting channel in place by 17 December 2023.
It is unclear what deadline other member states will impose until the national whistleblower laws are transposed.
If you have any thoughts about this article or would like to know more about Whistlelink, we’d love to hear from you.
Philippa Johnsson, Whistlelink
Test our whistleblowing system free for a month
HAPPY TO MEET YOU!