What does the new whistleblower law mean to you?

The EU Whistleblowing Directive came into effect on 17th December 2021. It requires all EU member states to transpose the Directive into national law. So what does this new whistleblower law mean to you?

In this guide we’ll cover

• What the purpose of the Directive is
• Who the whistleblower law applies to
• Who is protected by the law
• What it means for organisations
• What happens if organisations don’t comply
• Implementation deadlines

What is the purpose of the EU Whistleblowing Directive?

The purpose of the EU Whistleblower Directive is to create a more uniform protection for individuals who disclose information they receive in a work-related context regarding violations of EU law. These areas include: Public procurement, financial services, prevention of money laundering, product safety, transport safety, environmental protection, nuclear safety, public health, food safety, consumer protection and the protection of personal data.

Based on the Directive, the EU wants member states to adopt a law that provides protection for the whistleblower from retaliation.

It aims to do this by making organisations establish whistleblowing systems.

Who does the whistleblower law apply to?

Companies, organisations and government authorities operating in the EU with 50+ employees and municipalities with over 10,000 inhabitants. It also applies to companies of any size who provide financial services or are at risk of money laundering.

When national whistleblower laws come into effect, they may go beyond the requirements set out in the Directive. For instance, the Czech Republic is suggesting  the rules will apply to companies with as few as 25 employees and Sweden is including municipalities with less than 10,000 inhabitants.

Who does the whistleblower law protect?

The legislation goes beyond just covering existing employees. It also includes former employees, contractors, shareholders, volunteers, trainees, jobseekers, and persons belonging to a company’s administrative, management or supervisory body. Individuals who assist, or are connected to a whistleblower, are also covered by the protection.

Whistleblowers will be protected if they believe that, at the time of the report, there was reason to believe that the information about the misconduct was true, and it applies to violations of EU law.

What does the new whistleblower law mean for organisations?

A key requirement of the Directive is for organisations (who meet the criteria mentioned above) to set up secure internal reporting channels.

These reporting channels must

• Be safe
• Guarantee confidentiality or anonymity for the whistleblower
• Have a designated, independent owner
• Be easily accessible with clear details about how the process works
• Allow both written and oral reporting
• Document all reports
• Meet safety standards and the requirements of the GDPR

Organisations must also acknowledge receipt of a report within seven days and feedback to the reporting person within three months.

See how to Get Compliant with new whistleblower law.

What if organisations don’t comply?

The Directive doesn’t specify penalties, but it does require member states’ whistleblower laws to penalise against those who prevent disclosures, break confidentiality, or retaliate against whistleblowers.

Sweden’s new law for whistleblowing says “if the employer violates the prohibition against obstructive measures or retaliation, it may have to pay damages for losses incurred and for the violation that occurs.”

Also interesting to note is that some draft bills, such as in France and Poland, suggest proposing heavy sanctions, like imprisonment, if an organisation breaches the new law.

Are there deadlines?

As mentioned earlier the EU whistleblowing Directive came into force on 17 December 2021. This was the deadline for member states to transpose the law.

Only Denmark and Sweden met this deadline and they do not require organisations to have reporting channels set-up yet. In Sweden, organisations with 250 or more employees have until 17 July 2022 to do this.

The EU Directive requires organisations with 50 to 249 employees to have a reporting channel in place by 17 December 2023.

It is unclear what deadline other member states will impose until the national whistleblower laws are transposed.

Get ready for the new law now! Take a look at Whistlelink’s whistleblowing system features or go right ahead and book a demo to learn more.