The European whistleblowing directive: The facts you need to know

We strongly encourage any law that highlights the need for protecting so-called whistleblowers, whose bravery promotes transparency and helps battle wrongdoing. We welcome the EU Whistleblowing Directive and all national derivatives of it.

A call for ethical leadership

All organisations have the responsibility to be compliant with the whistleblowing laws being passed in the EU. One condition of being compliant is facilitating transparency, and this can be best carried out by creating a culture of speaking up within the organisation so that ethical wrongdoing can be detected as early as possible. While being compliant with the Directive and creating a speak up culture might appear similar, sometimes they conflict. This occurs mainly when organisations take strict compliancy with whistleblowing law as the means to generate early transparency. This results in barraging employees and third-party service providers with legal terminology, complicated steps in a formal reporting process, confusing exceptions, complicated scope restrictions, rights and duties and scary labels such as “whistleblower” being attached to people hoping to do right. This does not invite potential reporters to speak up.

Surely, protecting the ‘whistleblower’– if such an unfortunate situation should take place–is something that should be strived for by any means possible. However, it should not be forgotten that not all initiatives of sharing a concern are “whistleblowing” cases. With other words: ‘whistleblowing’ should have a spot somewhere in the broader SpeakUp Programme, but it should not be the centrepiece. If it is, it will have a negative effect on the goal of early transparency.

Are you ready to build a speak up culture within your organisation? First, let’s look at what the EU Whistleblowing Directive entails.

What is the European Whistleblowing Directive?

The EU Whistleblowing Directive (hereafter called the Directive) was developed to provide and promote safe and secure ways for employees and individuals to speak up about misconduct in their work environment. The Directive introduces a three-tier reporting system:

Internal reporting within organisations
External reporting to authorities
Public disclosures to the media

The European Commission, by adopting the Directive, shows recognition of the important role whistleblowers have in the effective detection, investigation, and prosecution of violations of EU law. With the Directive, the European Commission seeks to guarantee a high level of protection for people who report breaches of EU law by setting an EU-wide standards for protection.

When does the EU Whistleblowing Directive go into effect?

EU Member States had until 17 December 2021 to transpose the provisions of the Directive into their national legal and institutional systems. Currently, 25 countries have adopted the law, while two Member States—Estonia and Poland—are still discussing the process.

While not officially required to transpose the Directive, the UK and Switzerland, who have business subsidiaries and do business with Member States, might still have reason to be concerned.

The progress of transposition across all 27 Member States is tracked here.

How many employees does a company need to have to be covered by the EU whistleblower directive?

Organisations with 250+ employees need to be compliant by December 17, 2021.
Organisations with 50-249 employees must comply before December 17, 2023.

What is the risk if I do not comply with the EU Whistleblowing Directive?

It’s up to the Member States to decide on effective penalties for not complying. That’s why it is important to keep an eye on how the EU Member States transpose the Directive into their local laws. The progress of transposition across all 27 Member States is tracked here.

But leaving legal consequence aside, it is essential to be in control of misconduct within your organisation. If your employees feel free to speak up and voice their concerns, your organisation can take responsibility and act adequately. By taking a proactive approach, and not waiting for penalties to incur, you can be one step ahead in preventing scandals in the media, and more importantly, to create a safe working environment for your employees.

Will the rules be the same in every European Member State?

The EU Whistleblower Protection Directive supports minimum EU-wide standards of protection. Member States can adopt measures that go beyond these minimum requirements. Member States may exempt municipalities with fewer than 10,000 residents or 50 employees and other public legal entities with less than 50 employees. It’s also up to the Member States to decide what penalties there are for reported retaliation might be, or when organisations attempt to uncover the identity of a reporter.

Compared to compliance with the GDPR, which is universal across the EU, the Directive will offer uniform a framework to work from, but there might be some national deviations from the minimal requirements. Of course, this can cause challenges when implementing a uniform reporting system within a multinational organisation, but we must wait and see how it turns out once all the Member States have transposed their individual measures. That is why it is important to keep an eye on how the EU Member States transpose the Directive into their local laws. The progress of transposition across all 27 Member States can be tracked here.

Where can employees make a report?

Employees should have the ability to report internally, or outside of the organisation. The European Whistleblower Protection Directive introduces a mandatory, three-tier reporting system:

Internal reporting channels: Legal entities in the public and private sector must set up internal reporting channels. Employees (and others) should be encouraged to first use the internal reporting channel to raise a concern, but they do not have to do so.
External reporting channels: Member states must offer independent and autonomous external reporting channels for employees who lack trust in internal channel, or in the case that no internal channel is available.
Public disclosures: Under certain conditions, a reporter who discloses a matter publicly (e.g., in the media) is also protected under the Directive.

SpeakUp® offers a built-in internal reporting channel that meets the requirements of the.

Who will be protected by the EU whistleblowing directive?

All types of potential (anonymous) reporters are protected against retaliation. Reporters include employees, interns, the self-employed, employees of a supplier, former employees, business partners, and even third parties who are closely connected to a reporter, such as a colleague or family members.

How is whistleblowing perceived in Europe?

As one of the first European providers, we understand the European whistleblowing culture better than anyone. This is what makes us excellent partners to hundreds of European organisations. Other than the EU Whistleblowing Directive, we’ve been helping our clients manage changes involved with:

GDPR (EU)
Schrems II (EU)
Sapin II (FR)
Lieferkettengesetz (DEU)
Public Interest Disclosure Act (UK)

In addition, we make sure that all SpeakUp® data are stored and processed within the EEA+.

How do you guarantee the safety of your reporting mechanism?

At SpeakUp we accept nothing less than the very best for our clients and, above all, the reporters. This is why we have implemented the most extensive control framework within our SpeakUp® whistleblowing software.

We are the only provider to be quarterly audited according to ISAE3000 Type II (eq. SOC2) on all aspects of our operations (including human translations!). Our ISAE3000 Type II assurance program fully encompasses and proves continuous adherence to the following standards:

ISO27001
ISO27002
ISO27701
GDPR