Skip to content.

Secondary navigation

Get Your Demo
Two women work together at a standing desk in a modern office, focusing on a computer screen. One woman is typing while the other stands beside her. Plants and another person are visible in the foreground.

The Czech Whistleblower Protection Act

Explore the Czech Whistleblower Protection Law, including compliance requirements, scope, and how to support and protect reporting in your organization.

Get your guide to incident management
Long-exposure photo of a cityscape at night, showing blurred lights and motion on elevated railway or road tracks, creating a sense of speed and movement through an urban environment.

Czech Whistleblower Protection Law overview

The Czech Republic updated its whistleblower laws in June 2023 to transpose the EU Whistleblower Protection Directive’s requirements into national law. The amendments define whistleblower protections for anyone reporting violations of EU law or Czech criminal or civil offenses where the maximum penalty is at least 100,000 Czech koruna. 

The new legislation covers all public and private organizations with at least 50 employees, requiring them to establish mechanisms to allow for whistleblower reports and to protect whistleblowers. Employers must also appoint someone to investigate whistleblower claims, and this can be an internal manager or an external third party. 

The law protects whistleblowers and those assisting them from retaliation for submitting a report. It also allows them to report their concerns externally to the Czech Ministry of Justice, or even directly to the press if the whistleblower believes reporting via the other two channels will be ineffective.

A person wearing headphones sits at a desk, smiling and writing on a tablet. The desk is cluttered with pens, a coffee cup, and notebooks. The person is wearing an orange shirt and appears focused and engaged in their work.

What does the Czech whistleblower protection act cover?

The law adopts the minimum standards for whistleblower protection outlined in the EU Whistleblower Protection Directive. These requirements include: 

  • A secure and confidential channel for receiving whistleblower reports must be in place. 
  • Acknowledgment of the receipt of every whistleblowing report must be provided to the whistleblower within seven days. 
  • An impartial person or department must be appointed to follow up on the reports. 
  • Records must be kept of every report received in compliance with confidentiality requirements. 
  • There must be diligent follow-up of the report by the designated person or department. 
  • Feedback on the follow-up or investigation must be given to the whistleblower within three months of receiving the report. 
  • All processing of personal data must be done in accordance with GDPR.

What are the rules outlined in the Czech whistleblower protection act?

The Czech Whistleblower Protection Act, known formally as Law No. 171/2023, was enacted in June 2023. It covers all organizations with at least 50 employees. Organizations with 250 or more employees must establish whistleblower protection programs by 1 Aug. 2023; smaller organizations must do so by 15 Dec. 2023. Organizations with fewer than 250 employees are also allowed to establish a joint whistleblower program in coordination with other small businesses. Financial service firms need to establish an internal reporting system even if they have only one employee.

Two people work together at a desk, looking intently at a computer screen. One person is sitting and using the keyboard, while the other stands nearby, holding a pencil and notepad, appearing focused and engaged in discussion.

All covered business must meet the following basic requirements

The law requires all covered businesses to: 

  • Set up a whistleblowing system with comprehensive whistleblower protections
  • Adopt a policy on reporting legal violations and other misconduct. Businesses must also train employees on how to use the hotline and on the importance of non-retaliation.
A man in a pink shirt smiles while sitting at a desk in a modern office. He is looking at a computer monitor, with large windows and ceiling lights visible in the background.

Report intake

Whistleblowers are allowed to submit reports in writing, verbally, or in person. Contrary to most other whistleblower protection laws in the EU, the Czech law does not require companies to address anonymous reports, although they can always do so if they choose. A report must contain the whistleblower’s name for whistleblower protections to apply, and for the company to act upon it.

A person in a pink blazer uses a smartphone at a desk with a keyboard, digital tablet, and computer monitor, suggesting a modern workspace environment.

Case management

Companies are allowed to outsource the management of their hotline to a third-party service provider, although companies that do so are still responsible for responding to whistleblower complaints on the timelines outlined above.

A person with long hair tied up, wearing an orange shirt, holds a red pen while leaning on a desk with computer monitors in an office. Sunlight streams through a window, and a brick wall is partially visible.

What are the risks of non-compliance?

Companies that fail to implement the required whistleblower program, or that ignore whistleblower reports and allow retaliation to occur, can be subject to fines as high as 1 million Czech koruna (roughly equivalent to €42,000).

Explore more resources on whistleblowing and regulatory compliance in the EU

Your Definitive Guide to Whistleblowing & Incident Management

A strong incident management system is critical to meeting Czech whistleblowing laws, building trust, and protecting your organization.

Get your guide