The French Whistleblower Protection Law

France Whistleblower Protection Law overview

On 21 March 2022, the last formal step was taken to bring into force a Whistleblower Protection law in France.

In its implementation of the EU Whistleblower Protection Directive into national law, France has gone further than the minimum standards required at the EU level. 

The French Whistleblower Protection law goes further than France’s existing law, “Loi Sapin II”, that had previously provided protection for whistleblowers. Organizations are required to review their compliance program, as adherence to Loi Sapin II no longer means they will automatically comply with the updated whistleblowing regulations.  

For instance, there is a broader application of the law in terms of the requirements on organizations, the types of whistleblowers protected and the kind of misconduct that counts as a whistleblowing matter.

What does the French whistleblower protection law cover?

The French whistleblowing law is based on the minimum standards of the EU directive, which means companies are to comply with the following requirements:

• A secure channel for receiving whistleblower reports must be put in place 
• Acknowledgment of the receipt of the report must be provided to the whistleblower within seven days 
• An impartial person or department must be appointed to follow up on the reports 
• Records must be kept of every report received 
• There must be diligent follow-up of the report by the designated person or department 
• Feedback about the follow-up/investigation must be given to the whistleblower within three months 
• All processing of personal data must be done in accordance with the GDPR regulation

Just like Sapin II, the new law applies to all organizations with 50 employees or more operating in France. This applies to all organizations at the same time, thus removing the tiered approach outlined by the EU Directive.

What are the new rules to protect whistleblowers against retaliation?

Protection for whistleblowers has been further strengthened by the introduction of stricter penalties that include three years imprisonment and a fine of EUR 60,000 for those who victimize or discriminate against a whistleblower. 

The law reinforces existing protection provided under Loi Spain II by explicitly prohibiting “harm, including damage to the reputation of the person, in particular on an online public communication service, or financial loss, including loss of business and loss of revenue.” 

Organizations in France should do their utmost to encourage whistleblowers to report their concerns internally first to enable matters to be resolved faster, and reduce costly and potentially reputationally damaging legal processes. Two of the key aspects to achieving this are creating a climate of trust within the organization and providing a confidential reporting channel that is always accessible, secure and user-friendly.

Broader protections and greater reporting freedom for whistleblowers

The new law introduces a wider definition of a whistleblower and a whistleblower report, and makes changes to the required reporting process within Loi Sapin II.

In accordance with the EU directive, the new French Whistleblower Protection Law introduces a free choice of reporting. 

Previously, whistleblowers in France were obliged to report their concerns internally. For external processing of a whistleblowing report to be possible, the report must have first been made internally to the employer or to its representative. This is no longer the case. A whistleblower will now be free to report externally if they do not believe that the case can be resolved internally or if they fear they will be subject to retaliation. Several competent authorities have been appointed to receive external reports, including the French Defender of Rights (Défenseur des droits). 

The new law also introduces a wider definition for protection given to whistleblowers. Not only are employees protected, but also any natural person who reveals or reports violations of the law or international commitments, or indeed any threat to the public interest. Regardless of whether the information is known directly or indirectly by the person, it will qualify as a whistleblowing report. Those who facilitate or assist whistleblowers, including non-profit organizations such as trade unions, will also be given protection, as will military personnel.

Greater flexibility in reporting channels

In accordance with the EU Directive, the new French law introduces a free choice of reporting.

Previously, whistleblowers in France were required to report concerns internally before an external report could be made. This is no longer the case. Individuals may now choose to report externally if they believe the issue cannot be effectively resolved internally or if they fear retaliation.

Several competent authorities have been designated to receive external reports, including the French Defender of Rights (Défenseur des droits).

Expanded definition of whistleblowers and protected individuals

The updated law broadens the definition of who qualifies as a whistleblower and who is eligible for protection.

Protection now extends beyond employees to include any natural person who reports or discloses violations of the law, breaches of international commitments, or threats to the public interest. This applies regardless of whether the information was obtained directly or indirectly.

The law also extends protection to individuals who support or assist whistleblowers, including non-profit organizations such as trade unions, as well as military personnel.