The Swedish Whistleblower Protection Law

Swedish Whistleblower Protection Law overview

The Swedish Parliament adopted a new Swedish whistleblowing law (lagen om skydd för personer som rapporterar om missförhållanden) on 29 September 2021. Sweden thus became one of the first countries to implement the EU Whistleblower Directive, along with Denmark.

What does the Swedish whistleblowing law cover?

The Swedish whistleblowing law is based on the minimum standards of the EU directive, which means companies are to comply with the following requirements: 

1. Secure channels for receiving oral and written whistleblower reports must be put in place 
2. Acknowledgment of the receipt of the report must be provided to the whistleblower within seven days 
3. An impartial person or department must be appointed to follow up on the reports 
4. Records must be kept of every report received 
5. There must be diligent follow-up of the report by the designated person or department 
6. Feedback about the follow-up/investigation must be given to the whistleblower within three months 
7. All processing of personal data must be done in accordance with the GDPR 

One area where the Swedish whistleblowing law differs from the EU directive is that it will be possible to negotiate certain aspects of the law within the scope of collective union agreements.

How can organizations prepare to comply with the Swedish whistleblowing law?

The obligation to implement whistleblowing functions for employees, consultants, interns and other persons in workrelated situations will be established gradually in accordance with the following: 

• July 17, 2022, all public employers with 50–249 employees, and all employers (both private and public) with at least 250 employees will be required to have a whistleblowing function in place. 
• December 17, 2023, all private employers with 50–249 employees will be required to have a whistleblowing function in place. 

Legal entities that already have a whistleblowing function in place should review how they handle whistleblowing matters to ensure that they comply with the new Swedish whistleblower law, for example deadlines for responding to reporting persons and providing feedback to them. Furthermore, existing policies for whistleblowing need to be reviewed and updated. 

Companies with at least 50 employees that do not have a whistleblower function in place should not wait until the last minute before setting one up. There are many issues that a company should consider before deciding on how to establish a whistleblowing function, and the process takes time. What requirements do you have of a whistleblowing function? Is a digital solution appropriate or are traditional communication channels, such as telephone, post or e-mail sufficient? Are there any people within your business who are suitable, from an independence and objectivity perspective, to receive whistleblowing reports and handle them properly?