
The Romanian Whistleblower Protection Law
Explore the Romanian Whistleblower Protection Law, including compliance requirements, scope, and how to support and protect reporting in your organization.

Explore the Romanian Whistleblower Protection Law, including compliance requirements, scope, and how to support and protect reporting in your organization.

In March 2023, Romania amended its whistleblower protection law, which was originally passed at the end of 2022, to transpose the EU Whistleblower Protection Directive’s requirements into national law. The law defines whistleblower protections for anyone reporting violations of either EU law or Romanian criminal, corporate, and tax law, and imposes several obligations on organizations to protect internal whistleblowers.
The new legislation covers all public and private organizations with at least 50 employees, requiring them to establish mechanisms to allow for whistleblower reports and to protect whistleblowers. However, there are certain institutions where the Law applies if there are fewer than 50 employees, including, “Authorities, public institutions, other legal persons governed by public law, regardless of the number of employees, Article 9(1)”. Employers must also appoint someone to investigate whistleblower claims, and this can be an internal manager or an external third party.
The law protects whistleblowers and those assisting them from retaliation for submitting a report. It also allows them to report their concerns externally to Romanian law enforcement and regulatory agencies, depending on the exact concern being raised.

The law adopts the minimum standards for whistleblower protection outlined in the EU Whistleblower Protection Directive. These requirements include:

Formally known as Law no. 316/2022 (and informally as “the Whistleblowing Law”), Romania’s law covers all public or private organizations with at least 50 employees. Organizations with 250 or more employees should have already implemented their whistleblower protections by the start of 2023; companies with 50 to 249 employees must do so by the end of 2023. Those with fewer than 250 employees are also allowed to establish a joint whistleblower program in coordination with other small businesses. Financial service firms need to establish an internal reporting system even if they have only one employee.
The law requires all covered organizations to (1) set up a whistleblowing system with comprehensive whistleblower protections; and (2) adopt a policy on reporting legal violations and other misconduct. Businesses must also train employees on how to use the hotline and on the importance of non-retaliation, and maintain records of the whistleblower complaints they receive for at least five years. Companies are allowed to outsource the management of their hotline to a third-party service provider.

Whistleblowers are allowed to submit reports in writing, verbally, or in person, and the company must preserve a record of every report submitted. Anonymous reports are allowed under Romania’s law, and must be handled with the same attention and care as reports from named whistleblowers. That said, if a company receives an anonymous report that doesn’t contain sufficient information to investigate the issue, the company can request more details from the original reporter, and if the reporter does not reply within 15 days, the company can discard the anonymous report.
If a company receives an anonymous report and that person’s identity later becomes known, they are still eligible for the law’s anti-retaliation protections just like any other whistleblower.

Companies that violate Romania’s whistleblower law by failing to implement a whistleblower program can be subject to enforcement and fines up to 30,000 Romanian lei, the national currency. Penalties for failing to investigate whistleblower reports or to prevent retaliation are subject to fines up to 40,000 lei.
Webinars Upcoming
Discover how risk and compliance teams are using AI today to improve investigations, policy management, reporting, and oversight – and what’s next for AI-powered compliance.
Save your seat!
Guides
France’s regulatory environment is one of the most complex in Europe. Understanding French compliance regulations is critical for organizations operating in or connected to the market. This definitive guide helps you understand compliance obligations in France and build a resilient, trusted compliance program.
Get the guide
23 Jun 2026 NAVEX Editorial Team
This World Whistleblowing Day, we explore retaliation, early warning signs and how to protect reporters.
Read more
Datasheets
Discover how NAVEX supports global whistleblowing and incident reporting programs through trusted telephony providers, broad geographic coverage and reliable caller access.
Get the datasheet
White Papers
This white paper explores how organizations can better support whistleblowers and create a culture in which reporting is seen as an act of integrity, not disloyalty.
Get the white paper
12 Jun 2026 NAVEX Editorial Team
A strong speak-up culture starts with trust. Learn how reporting practices, leadership behavior and program performance influence whether employees raise concerns.
Read more
10 Jun 2026 Matt Kelly
Why do employees wait days or weeks before making an internal report? Explore the emotions, fears and motivations that shape speak-up behavior and reporting decisions.
Read more
Webinars Upcoming
Across continental Europe, organisations report 0.85 whistleblowing cases per 100 employees, and 58% of reports are submitted anonymously. In the UK, reporting rates are even lower at 0.69 cases per 100 employees, while anonymity levels are higher at 66%. Both figures sit in contrast to the global benchmark of 1.65 cases per 100 employees. What can these benchmarks tell us about the health of speak-up cultures across Europe, and what can organisations do to strengthen employee trust and reporting confidence?
Join NatWest, M&G and NAVEX as they explore the latest UK whistleblowing benchmark findings and compare them with trends across continental Europe. Discover what reporting volumes, anonymity rates and investigation outcomes reveal about programme effectiveness, and gain practical strategies to build trust, encourage employees to speak up and strengthen your whistleblowing programme.
Save your seat!
19 May 2026 Carrie Penman
Learn the difference between incident management and case management, how the workflows connect and what to look for when evaluating software and program structure.
Read more
12 May 2026 Matt Kelly
The EU Anti-Corruption Directive introduces stricter penalties, broader accountability, and greater expectations for compliance programs operating across Europe.
Read more
11 May 2026 NAVEX Editorial Team
UK whistleblowing law changes in 2026 bring sexual harassment under protected disclosures. Learn what this means for employers, compliance risk, and speak-up culture.
Read more
Use Cases
Expand your incident management program to capture data from external stakeholders with NAVEX One Whistleblowing & Incident Management.
Get the use case
Romania’s regulatory environment is complex and constantly evolving. Get the insights you need to strengthen your compliance program, reduce risk, and build a culture of transparency.