Time to blow the whistle? All you need to know about the EU Whistleblower Directive

“Whistleblowing’ is the term used to define reporting of wrongdoing. It is an essential component of a good governance framework, which in turn is a fundamental pillar underlying ethical and responsible business conduct. Whistleblowing procedures, in fact, feature in the ISO 26000 guidelines on corporate responsibility.

Our current legal framework already regulates the protection of whistleblowers, to a certain extent. A Directive adopted in 2019 however, is set to extend the protection granted to whistleblowers.

Directive 2019/1937 on the protection of persons who report breaches of Union law (the Whistleblower Directive), which currently applies to companies with over 250 employees, and which will apply to all companies employing more than 50 people from 2023, comes into force this December. Here’s what you need to know about it:

1. It is aimed at granting greater protection for those who seek to expose corporate wrongdoing. In fact, the preamble to the Directive states that:

“Persons who work for a public or private organisation or are in contact with such an organisation in the con­text of their work-related activities are often the first to know about threats or harm to the public interest which arise in that context. By reporting breaches of Union law that are harmful to the public interest, such persons act as ‘whistleblowers’ and thereby play a key role in exposing and preventing such breaches and in safeguarding the welfare of society. However, potential whistleblowers are often discouraged from reporting their concerns or suspicions for fear of retaliation. In this context, the importance of providing balanced and effective whistleblower protection is increasingly acknowledged at both Union and international level.”

2. The persons who are to be guaranteed protection under the law will be largely extended under the Directive, encompassing workers, self-employed persons, shareholders and persons belonging to the administrative, management or supervisory body of the undertaking, including non-executive members, as well as volunteers and paid or unpaid trainees; as well as any persons working under the supervision and direction of contractors, subcontractors and suppliers.  Moreover, the measures for the protection of reporting persons shall also apply, where relevant, to facilitators; third persons who are connected with the reporting persons and who could suffer retaliation in a work-related con­text (such as colleagues or relatives of the reporting persons); and legal entities that the reporting persons own, work for or are otherwise connected with in a work-related context.

3. The Directive envisages a three-tier reporting structure, which means that reporting can be done either internally within the company; or externally, when for instance, such reports would be facilitated through the relevant national authorities; or publicly, via platforms such as Twitter!

4. The Directive applies to legal entities in both the private and public sector.

5. The identity of the whistleblower must be kept confidential at all times – the only exception is when the identity of the reporting person and any other relevant information has to be disclosed due to it being a necessary and proportionate obligation imposed by Union or national law, in the context of investigations or judicial proceedings. In such cases, any form of retaliation is prohibited. The directive defines ‘retaliation’ as “any direct or indirect act or omission which occurs in a work-related context, is prompted by internal or external reporting or by public disclosure, and which causes or may cause unjustified detriment to the reporting person” and provides a list of actions that can be considered as such:

• suspension, lay-off, dismissal or equivalent measures;
• demotion or withholding of promotion;
• transfer of duties, change of location of place of work, reduction in wages, change in working hours;
• withholding of training;
• a negative performance assessment or employment reference;
• imposition or administering of any disciplinary measure, reprimand or other penalty, including a financial penalty;
• coercion, intimidation, harassment or ostracism;
• discrimination, disadvantageous or unfair treatment;
• failure to convert a temporary employment contract into a permanent one, where the worker had legitimate expec­tations that he or she would be offered permanent employment;
• failure to renew, or early termination of, a temporary employment contract;
• harm, including to the person’s reputation, particularly on social media, or financial loss, including loss of business and loss of income;
• blacklisting on the basis of a sector or industry-wide informal or formal agreement, which may entail that the person will not, in the future, find employment in the sector or industry;
• early termination or cancellation of a contract for goods or services;
• cancellation of a licence or permit;
• psychiatric or medical referrals.

If a whistleblower is exposed to such reprisals after making a report (coved by the scope of the Directive), it will be assumed that the reprisals are initiated due to the report and the employer must in this case prove that the reprisals were not initiated due to report.

• It covers a wide array of issues: from public procurement, to product safety and compliance, food safety, transport safety, public health, data protection, consumer health and environmental protection.

• All companies with more than 250 employees have until December 2021 to comply with the Directive.

The European Union is adding this Directive to the portfolio of tools available to fight corruption and bad practice and to promote a culture of good governance and accountability. If your company hasn’t yet updated its policies and procedures to align itself with the requirements of the new Directive, you only have a couple of months left to comply – time to take action!