The Czech Whistleblower Protection Act

Explore the Czech Whistleblower Protection Law, including compliance requirements, scope, and how to support and protect reporting in your organization.

Get your guide to incident management

Czech Whistleblower Protection Law overview

The Czech Republic updated its whistleblower laws in June 2023 to transpose the EU Whistleblower Protection Directive’s requirements into national law. The amendments define whistleblower protections for anyone reporting violations of EU law or Czech criminal or civil offenses where the maximum penalty is at least 100,000 Czech koruna.

The new legislation covers all public and private organizations with at least 50 employees, requiring them to establish mechanisms to allow for whistleblower reports and to protect whistleblowers. Employers must also appoint someone to investigate whistleblower claims, and this can be an internal manager or an external third party.

The law protects whistleblowers and those assisting them from retaliation for submitting a report. It also allows them to report their concerns externally to the Czech Ministry of Justice, or even directly to the press if the whistleblower believes reporting via the other two channels will be ineffective.

What does the Czech whistleblower protection act cover?

The law adopts the minimum standards for whistleblower protection outlined in the EU Whistleblower Protection Directive. These requirements include:

A secure and confidential channel for receiving whistleblower reports must be in place.
Acknowledgment of the receipt of every whistleblowing report must be provided to the whistleblower within seven days.
An impartial person or department must be appointed to follow up on the reports.
Records must be kept of every report received in compliance with confidentiality requirements.
There must be diligent follow-up of the report by the designated person or department.
Feedback on the follow-up or investigation must be given to the whistleblower within three months of receiving the report.
All processing of personal data must be done in accordance with GDPR.

What are the rules outlined in the Czech whistleblower protection act?

The Czech Whistleblower Protection Act, known formally as Law No. 171/2023, was enacted in June 2023. It covers all organizations with at least 50 employees. Organizations with 250 or more employees must establish whistleblower protection programs by 1 Aug. 2023; smaller organizations must do so by 15 Dec. 2023. Organizations with fewer than 250 employees are also allowed to establish a joint whistleblower program in coordination with other small businesses. Financial service firms need to establish an internal reporting system even if they have only one employee.

All covered business must meet the following basic requirements

The law requires all covered businesses to:

Set up a whistleblowing system with comprehensive whistleblower protections
Adopt a policy on reporting legal violations and other misconduct. Businesses must also train employees on how to use the hotline and on the importance of non-retaliation.

Report intake

Whistleblowers are allowed to submit reports in writing, verbally, or in person. Contrary to most other whistleblower protection laws in the EU, the Czech law does not require companies to address anonymous reports, although they can always do so if they choose. A report must contain the whistleblower’s name for whistleblower protections to apply, and for the company to act upon it.

Case management

Companies are allowed to outsource the management of their hotline to a third-party service provider, although companies that do so are still responsible for responding to whistleblower complaints on the timelines outlined above.

What are the risks of non-compliance?

Companies that fail to implement the required whistleblower program, or that ignore whistleblower reports and allow retaliation to occur, can be subject to fines as high as 1 million Czech koruna (roughly equivalent to €42,000).

Explore more resources on whistleblowing and regulatory compliance in the EU

Datasheets
Integrated Telephony Reporting Systems for Whistleblowing & Incident Management
Discover how NAVEX supports global whistleblowing and incident reporting programs through trusted telephony providers, broad geographic coverage and reliable caller access.
Get the datasheet
Webinars Upcoming
AI for Compliance: What Teams Are Using Today
Discover how risk and compliance teams are using AI today to improve investigations, policy management, reporting, and oversight – and what’s next for AI-powered compliance.
Save your seat!
12 Jun 2026 NAVEX Editorial Team
Building a Speak-Up Culture Employees Trust
A strong speak-up culture starts with trust. Learn how reporting practices, leadership behavior and program performance influence whether employees raise concerns.
Read more
10 Jun 2026 Matt Kelly
What Makes Whistleblowers Blow the Whistle?
Why do employees wait days or weeks before making an internal report? Explore the emotions, fears and motivations that shape speak-up behavior and reporting decisions.
Read more
Webinars Upcoming
What Separates a Mature Speak-Up Programme from an Effective One?
Across continental Europe, organisations report 0.85 whistleblowing cases per 100 employees, and 58% of reports are submitted anonymously. In the UK, reporting rates are even lower at 0.69 cases per 100 employees, while anonymity levels are higher at 66%. Both figures sit in contrast to the global benchmark of 1.65 cases per 100 employees. What can these benchmarks tell us about the health of speak-up cultures across Europe, and what can organisations do to strengthen employee trust and reporting confidence?
Join NatWest, M&G and NAVEX as they explore the latest UK whistleblowing benchmark findings and compare them with trends across continental Europe. Discover what reporting volumes, anonymity rates and investigation outcomes reveal about programme effectiveness, and gain practical strategies to build trust, encourage employees to speak up and strengthen your whistleblowing programme.
Save your seat!
19 May 2026 Carrie Penman
Understanding Case Management and Incident Management
Learn the difference between incident management and case management, how the workflows connect and what to look for when evaluating software and program structure.
Read more
12 May 2026 Matt Kelly
A Better Way to Manage the EU Anticorruption Directive and Whatever Comes Next
The EU Anti-Corruption Directive introduces stricter penalties, broader accountability, and greater expectations for compliance programs operating across Europe.
Read more
11 May 2026 NAVEX Editorial Team
UK Whistleblowing Law 2026: What new sexual harassment protections mean for employers
UK whistleblowing law changes in 2026 bring sexual harassment under protected disclosures. Learn what this means for employers, compliance risk, and speak-up culture.
Read more
Use Cases
Whistleblower Intake for Third Parties
Expand your incident management program to capture data from external stakeholders with NAVEX One Whistleblowing & Incident Management.
Get the use case
Guides
2026 Guide to Workplace Conduct
Explore the state of workplace conduct issue reports, learn what the data really says about culture, risk and trust, and determine how to best approach your speak-up program in 2026 and beyond.
Get the guide
16 Apr 2026 NAVEX Editorial Team
The Signals of a Healthy Speak-Up Culture
Speak-up culture is revealed through patterns, not promises. Learn which signals matter most for oversight and trust.
Read more
8 Apr 2026 Matt Kelly
Learning to Speak the Language of Business
Compliance officers need to speak the language of the business and communicate in terms that the board, management, and other leaders will understand.
Read more