EU Whistleblower Protection Directive – Update Coming December 17, 2023

Following the introduction of the EU Whistleblowing Protection Directive on December 21, 2021, EU member states and institutions have been working diligently to incorporate the regulations into their existing national laws. The primary objective of the Directive is to enhance safeguarding measures throughout EU nations for individuals who wish to disclose violations of EU regulations or unethical workplace misconduct. Those opting to make reports must now have accessible reporting avenues and be shielded from reprisals, among other stipulations outlined in the Directive.

Starting December 17, 2023, the scope of compliance with the Directive will expand, encompassing a wider range of companies. This includes private sector companies with 50 to 249 employees, who will now be obligated to adhere to the regulations outlined in the EU Directive. However, it's important to note this new minimum requirement does not affect regulated entities within the financial services sector or entities susceptible to money laundering or terrorist financing. Such organizations are still mandated to establish reporting channels regardless of their size.

Starting December 17, 2023, the scope of compliance with the Directive will expand, encompassing a wider range of companies. This includes private sector companies with 50 to 249 employees, who will now be obligated to adhere to the regulations outlined in the EU Directive.

EU Whistleblower Protection Directive requirements

So, what regulations will the additional companies have to follow? The critical requirements of the Directive include:

  • Safe and accessible reporting channels.
  • Ensuring workers know how, when and where to report wrongdoing – a dedicated whistleblowing policy should also be published, and in the case of digital channels, information can be provided in the whistleblowing system itself when people log in. 
  • Protecting the confidentiality of whistleblowers and those involved – the Directive states the identity of the whistleblower must not be disclosed without explicit consent to anyone beyond those dealing with the report, unless this is necessary and proportionate in the context of the investigation.
  • The Directive prescribes a specified timeline that organizations must follow, including acknowledging receipt of the report within seven days and providing feedback to the whistleblower.
  • Providing an update on the investigation within three months of the initial report.
  • Protecting whistleblowers from dismissal, demotion or other forms of workplace retaliation,
  • Keeping a record of reports for no longer than necessary to comply with GDPR data-keeping .

For external reporting, the EU Whistleblower Protection Directive does not state which national authorities’ whistleblowers can or should refer to. Organizations should note they have the obligation to provide easily accessible information about external reporting, instead of forcing them to turn to official governmental websites for external reporting guidance and contact details of the relevant authorities.

In addition to the Directive outlining the minimum requirements, many member states created additional laws during transposition into national law, while others updated existing whistleblower protection policies.

In France, recent updates were made to the anti-corruption and whistleblowing law Sapin II to ensure it aligns with the EU Directive, and to prevent and detect bribery and corruption through increased corporate transparency, reinforced internal monitoring, and enhanced whistleblower protection. Other amended whistleblowing acts include the Netherlands Whistleblower Protection Act, House for Whistleblowers Act (Wet Huis voor klokkenluiders), and Ireland’s Protected Disclosures Act 2014.

The state of the Directive today

Today, it is imperative for both employees or those seeking employment to have access to a robust and clearly-defined whistleblowing process. Further anticipated changes in whistleblowing regulations in various countries, particularly within the European Union, are set to enhance safeguards and align with the increasing number of global policies and laws in 2023 and 2024.

“Greater awareness of on-coming changes to the regulatory landscape providing stronger protection for whistleblowers, with the EU Whistleblower Protection Directive and the amended Japanese Whistleblowing Protection Act, may be starting to affect the shape of whistleblowing programs…small upward trends in volumes seen across some regions perhaps indicate that people feel safer, and better understand the importance of reporting.” – NAVEX 2022 Regional Whistleblowing Benchmark Report.

To learn more about how NAVEX and WhistleB can help your company to remain compliant with the latest whistleblowing laws, EU Whistleblower Protection Directive and to overcome any compliance challenges:

Learn More

Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

State of R&C Report Key Finding – Post-COVID Work: Cultural Benefits Seen for Remote- and Hybrid-Work Models

NAVEX recently surveyed over 1,300 Risk and Compliance (R&C) leaders across the globe to delve into compliance program maturity, priorities, struggles, and more. This article discusses the positive cultural impacts of remote- and hybrid-work models on corporate culture.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Risk Management 101: Turning “Oh No” Into Opportunity

This NAVEX blog discusses how and why to embrace and address third-party risk as a business imperative.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.