In October 2019, the European Union adopted the Directive on the protection of persons who report breaches of Union law (Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019), commonly referred to as the “Whistleblower Protection Directive”. The Whistleblower Protection Directive follows an acknowledgement from the European Union that there was not sufficient protection for whistleblowers who report breaches of EU law.

The Whistleblower Protection Directive provides a new legal framework for the protection of persons who choose to report breaches of EU law («whistleblowers») with the aim of encouraging whistleblowers. The Whistleblower Protection Directive sets minimum standards of the subjects of reports that will be protected, and Member States are free to expand on these. We have set out country specific information below for a summary on how they have done so. The purpose of the Whistleblower Protection Directive is to strengthen the enforcement of EU law and EU policies in specific areas by setting common minimum standards that protect people who report infringements of EU law.

The EU Member States are obliged to implement the Directive’s provisions into national legislation by 17 December 2021, with the exception that organizations with between 50 and 249 workers will have until 17 December 2023 to introduce internal reporting channels (see below).

The Whistleblower Protection Directive obliges member states to ensure that all forms of retaliation against whistleblowers by their employers are prohibited. The concept of who can be a whistleblower is broadly defined in the Whistleblower Protection Directive and includes not only workers, but also shareholders, persons supervised by contractors or suppliers, as well as potential employees who may obtain information in the course of the recruitment process. Member states must ensure that penalties for retaliation are proportionate and dissuasive.

Additionally, the Whistleblower Protection Directive obliges legal entities with over 50 workers in the private or public sectors to establish reporting channels for reports of infringement of EU law (“whistleblower schemes”), and to ensure that in such schemes, the whistleblower’s identity is kept confidential. In addition, Member States are required to establish one or more independent and autonomous external whistleblower schemes, which can also receive and process alerts. The designated external authority must be competent to receive, give feedback and follow up on reports.

In this document, ELLINT focuses on a few key points of the implementation of the Whistleblower Protection Directive in a number of jurisdictions, namely, Belgium, Denmark, France, Germany, Ireland, Italy, Luxembourg, Netherlands, Poland, Romania, and Spain and also looks at the current protection of whistleblowers in the UK, China and Switzerland.

ELLINT can provide you with advice, support and template documents to assist with compliance with the Whistleblower Protection Directive and the contact details for lawyers within specific jurisdictions can be found below.

In addition ELLINT has been working with a partner, Got Ethics, which can assist companies in establishing whistleblower schemes.