The EU Whistleblowing Directive

Whistleblowing is when someone raises concerns about wrongdoing within a public, private or government organisation. This is usually illegal, unethical, or harmful activity such as fraud, corruption, misconduct, harassment, discrimination or health, safety or environmental violations.

Whistleblowers in the EU are protected against any form of retaliation if they report breaches of EU law on a range of issues.

These include violations relating to: 

• Financial services
• Money laundering and terrorist financing
• Public procurement
• Public health
• Public safety – products, food and transport
• Environmental protection, radiation protection and nuclear safety
• Animal health and welfare
• Consumer and data protection
• Network and informations systems security
  
  

A whistleblower must use designated reporting channels and believe the information was true at the time of reporting.

The EU Directive requires effective and secure reporting channels to be put in place to make internal whistleblowing possible.

Organisations must ensure that their internal reporting channels meet specific criteria. This includes ease of access, ownership and management, security, GDPR and how reports are made. 

The objective is to fight corruption and offer better protection to persons who report misconduct or breaches of Union law. 

You’ll need secure reporting channels in place. In other words, somewhere secure for your employees and other people closely connected to your business to raise concerns about unethical behaviour.

The channels must meet several requirements set out in the Directive, such as guaranteeing confidentiality, being easily accessible and meeting GDPR guidelines. 

The Directive only applies to private and public organisations in the EU with 50 or more employees.

Additionally, private companies operating in certain sectors, such as financial services or those vulnerable to money laundering or terrorist financing, need to comply.

The EU Directive on the protection of whistleblowers does not set minimum penalties, but it requires national versions of the law to penalise against those who prevent reporting, break confidentiality, or retaliate against whistleblowers.

No. It also applies to municipalities in the EU with over 10,000 inhabitants.

This is in addition to any organisation, no matter whether it is private or a public organisation with more than 50 employees in the EU.