The Malta Whistleblower Protection Law

Malta Whistleblower Protection Act overview

Malta enacted amendments to the country’s existing whistleblower protection laws in December 2021, to transpose the EU Whistleblower Protection Directive’s requirements into Maltese law. The updated law establishes protections for whistleblowers as required by the EU Whistleblower Directive and goes further, expanding the scope to protect reports of breaches of both European Union law and violations of Maltese criminal law. 

The new legislation covers all public and private organizations with at least 50 employees, requiring them to establish mechanisms to allow for internal whistleblower reports and to protect whistleblowers. Employers must also appoint a person to investigate whistleblower claims and then follow-up with a report on whether those claims are valid. The law protects whistleblowers and those assisting them from retaliation for submitting a report; and allows them to report their concerns externally to numerous Maltese regulatory agencies, depending on the exact nature of the complaint.

What does the Maltese Whistleblower Protection Act cover?

The Act adopts the minimum standards for whistleblower protection outlined in the EU Whistleblower Protection Directive. These requirements include:

• A secure and confidential channel for receiving whistleblower reports must be in place. 
• Acknowledgment of the receipt of every whistleblowing report must be provided to the whistleblower within seven days. 
• An impartial person or department must be appointed to follow up on the reports. 
• Records must be kept of every report received in compliance with confidentiality requirements. 
• There must be diligent follow-up of the report by the designated person or department. 
• Feedback on the follow-up or investigation must be given to the whistleblower within three months of receiving the report. 
• All processing of personal data must be done in accordance with GDPR.

What are the rules outlined in the Malta Whistleblower Protection Act?

Formally known as the Whistleblower Protection Act, and recorded as Chapter 527 in Maltese law, the law covers all organizations with at least 50 employees. The law requires all covered businesses to (1) set up a whistleblowing channel with comprehensive whistleblower protection; (2) adopt a policy on reporting legal violations and other misconduct; and (3) designate an internal employee who can receive whistleblower reports.

Organizations with fewer than 250 employees are also allowed to establish a joint whistleblower program in coordination with other small businesses. They are also allowed to outsource management of the hotline system to an independent third party.

Anonymous report intake and management

Technically, Malta’s law does not extend whistleblower protections to anonymous reports. That said, a company can receive anonymous reports anyway, and consider the claims in an anonymous report when trying to determine whether a legal or compliance violation has happened. Moreover, if the identity of an anonymous reporter is later revealed, that person can still claim the anti-retaliation protections established under the law and seek damages for any retaliatory harm suffered. 

The whistleblower protections include confidentiality, a prohibition against retaliation, and no liability for disclosing necessary information to the report. The law also provides whistleblowers the right to legal assistance in submitting their reports.

What are the risks of non-compliance?

Malta’s law does not prescribe any specific sanctions for companies that fail to establish a whistleblower program. Individuals who retaliate against whistleblowers, however, can face criminal charges with penalties including up to one year in prison and fines of €500 to €5,000.