The Italy Whistleblower Protection Act

Italy Whistleblower Protection Act overview

Italy amended its whistleblower laws in March 2023 to transpose the EU Whistleblower Protection Directive’s requirements into national law. Formally known as Legislative Decree No. 24, the amendments define new and expanded whistleblower protections for anyone reporting violations of EU law and violations of Italian law. 

The new legislation covers all public and private organizations with at least 50 employees, requiring them to establish mechanisms to allow for whistleblower reports and to protect whistleblowers. Employers must also appoint someone to investigate whistleblower claims, and give that person the autonomy to investigate as necessary; and then to follow-up with a report on whether the whistleblower claims are valid. 

The law protects whistleblowers and those assisting them from retaliation for submitting a report. It also allows them to report their concerns externally to the Italian Anticorruption Agency (known as ANAC), but only when the whistleblower has first made an internal report and the business receiving that report has taken no action.

What does the Italian whistleblower protection act cover?

The law adopts the minimum standards for whistleblower protection outlined in the EU Whistleblower Protection Directive. These requirements include: 

1. A secure and confidential channel for receiving whistleblower reports must be in place. 
2. Acknowledgment of the receipt of every whistleblowing report must be provided to the whistleblower within seven days. 
3. An impartial person or department must be appointed to follow up on the reports. 
4. Records must be kept of every report received in compliance with confidentiality requirements. 
5. There must be diligent follow-up of the report by the designated person or department. 
6. Feedback on the follow-up or investigation must be given to the whistleblower within three months of receiving the report. 
7. All processing of personal data must be done in accordance with GDPR. 
8. If requested by a whistleblower, the entity must inform of the result of “the analyses” within 15 days of report completion

What are the rules outlined in the Italian whistleblower protection act?

Known in Italian as Legge 179, Italy’s whistleblower protection law covers all organizations with at least 50 employees. Organizations with 250 or more employees must establish their whistleblower programs by July 15, 2023; smaller organizations must do so by the end of 2023. Organizations with fewer than 250 employees are also allowed to establish a joint whistleblower program in coordination with other small businesses. 

The law requires all covered businesses to (1) set up a whistleblowing system with comprehensive whistleblower protections; (2) adopt a policy on reporting legal violations and other misconduct; and (3) post all those materials on a dedicated part of the organization’s website, so that would-be whistleblowers can find the material easily. Businesses must also train employees on how to use the hotline and on the importance of non-retaliation. 

Whistleblowers are allowed to submit reports in writing, verbally, or in person. When submitting a report on a phone hotline, that conversation should be preserved as an audio recording or a written transcript. When someone makes an in-person report, that conversation should also be recorded (with the consent of the whistleblower). Whistleblowers are allowed to submit anonymous reports; but an organization’s foremost legal responsibility is to protect the confidentiality of whistleblowers when their identity is known. 

Companies that fail to implement the required whistleblower program can be subject to fines ranging from €10,000 to €50,000. Companies and individuals can both be subject to fines of €10,000 to €50,000 for retaliating against whistleblowers. If a court finds that a whistleblower made a report in bad faith, the whistleblower can be subject to fines of €500 to €2,500.