Skip to content.

Secondary navigation

Get Your Demo
Two colleagues sit at a desk in a modern office, looking at a tablet together. The man wears glasses and a black shirt; the woman, in a white blouse with black polka dots, listens attentively. A plant is visible in the foreground.

The German Whistleblower Protection Act

Explore the Whistleblower Protection Act (Hinweisgeberschutzgesetz / HinSchG) including compliance requirements, scope and how to support and protect reporting in your organization.

See our Germany Compliance Guide
Close-up of evenly spaced, diagonal blue paper sheets or slats creating a geometric, abstract pattern with varying shades of blue and teal, fading from light to dark.

German Whistleblower Protection Act overview

Germany enacted amendments to the country’s existing whistleblower protection laws in May 2023. The amendments transposed the EU Whistleblower Protection Directive’s requirements into German law, and expanded the scope of the directive as well. The new law protects not just reports of breaches of Union law, but also breaches of German national law and other “administrative” offenses of German regulations. Breaches of a company’s own policies and procedures are not protected under the law.

The Whistleblower Protection Act covers all organizations with at least 50 employees (including both full- and part-time employees), as well as government agencies and private organizations that receive public funding, such as those operating in healthcare, education or transportation. However, there are exceptions for entities with fewer than 50 employees; for detailed information on these exceptions, visit this webpage.

The law requires employers to establish internal reporting channels and to provide training to employees on the protection of whistleblowers. Employers must also appoint a person or department responsible for receiving and processing reports of wrongdoing. The law protects whistleblowers and those assisting them from retaliation for submitting a report, and allows them to report their concerns to external state authorities as well.

A man sits on a gray sofa holding papers in one hand and a laptop on his lap. He wears a green shirt and jeans. Theres a yellow pillow beside him and a plant in the background, creating a cozy living room ambiance.

What does the German Whistleblower Protection Act cover?

The Act adopts the minimum standards for whistleblower protection outlined in the EU Whistleblower Protection Directive. These requirements include: 

  • A secure and confidential channel for receiving whistleblower reports must be in place.
  • Acknowledgment of the receipt of every whistleblowing report must be provided to the whistleblower within seven days.
  • An impartial person or department must be appointed to follow up on the reports.
  • Records must be kept of every report received in compliance with confidentiality requirements.
  • There must be diligent follow-up of the report by the designated person or department.
  • Feedback on the follow-up or investigation must be given to the whistleblower within three months of receiving the report.
  • All processing of personal data must be done in accordance with GDPR.

What are the rules outlined in the German Whistleblower Protection Act?

The Whistleblower Protection Act (known in German as Hinweisgeberschutzgesetz, or abbreviated as “HinSchG,”) covers all German organizations with at least 50 employees; or any financial services business at all, regardless of the number of employees. Multinational companies can operate one enterprise-wide reporting system, so long as that system complies with the EU Whistleblower Directive.

Two women in business attire smiling and looking at a laptop screen in a modern office setting, appearing to collaborate on a project.

All covered business must meet the following basic requirements

The Act requires all covered businesses to:

  1. Set up a whistleblowing channel with comprehensive whistleblower protection. 
  2. Adopt a policy on reporting legal violations and other misconduct. 
  3. Designate a person who can receive and investigate internal reports.

Large companies (those with 250 or more employees) must have implemented their whistleblower systems by 30 June 2023. Smaller companies must have complied by 17 Dec. 2023.

A woman in a tan coat stands beside a modern escalator with metallic sides and a green wall background, looking slightly upward with a thoughtful expression.

Confidentiality, retaliation and disclosures

The whistleblower protections include confidentiality, a prohibition against retaliation and no liability for disclosing necessary information to the report. The person who receives internal reports can be either a direct employee of the company, such as an HR or compliance officer; or an outside third party such as a service provider. In all cases, the person must protect the whistleblower’s identity and other personal information at all times.

Anonymous report intake and management

On January 1, 2025, Germany made it a mandatory requirement for both internal and external reporting channels to support anonymous reporting and secure two-way communication. 

Key operational requirements include:

  • Anonymous Reporting: Companies must have mechanisms in place that allow whistleblowers to submit and follow up on anonymous tips.
  • Headcount Thresholds: Businesses with 50 or more employees, as well as all financial services entities regardless of size, are legally required to maintain secure internal reporting systems
  • Fines for Non-Compliance: Failure to establish and properly operate an internal reporting channel or obstructing a report can result in fines.
A woman with long brown hair and glasses sits at a desk, looking thoughtfully at a computer monitor in a modern office with large windows.

What are the risks of non-compliance?

In the event of a violation as the result of retaliation the perpetrator is obliged to compensate the Whistleblower. Companies or people found to be in violation of the whistleblower protection law can be subject to fines as high as €50,000.

Explore more resources on whistleblowing and regulatory compliance in the EU

Stay ahead of Germany’s evolving compliance landscape

Germany’s regulatory environment is complex and constantly evolving. Get the insights you need to strengthen your compliance program, reduce risk, and build a culture of transparency.

See our Germany Compliance Guide