The EU Whistleblower Protection Directive: What this means for European Scaleups
This blog covers The EU Whistleblower Protection Directive, approved by the European Parliament mandating EU member states to legally protect whistleblowers.Insights + resources
The EU Whistleblower Protection Directive Explained
What is it?
On April 16, 2019, the European Parliament approved a pioneering EU Directive on Whistleblowing. This directive establishes fundamental protection levels that EU member states are legally required to offer to whistleblowers.
The law safeguards individuals who expose illegal or harmful activities in an organisation, particularly in their workplace. It's designed to encourage transparency and ethical conduct.
When was it adopted?
The EU Whistleblower Protection Directive was formally adopted on October 23, 2019. EU member states were given a deadline until December 17, 2021, to transpose the directive into their national law, meaning they had to integrate the directive's rules into their own legal systems by that date. Those companies with 50 or more will now be under the scope of the directive from 17 December 2023. This process ensures that the protections offered by the directive are enforceable in each member state of the European Union.
Which countries have adopted it?
So far, 25 of 27 EU Member states have adopted it into national law. As of 25 September 2023, those Member States that have reported a delay with adopting the law are Poland and Estonia.
What about the UK?
The UK is under no legal obligation to implement the Directive and it seems unlikely that the Directive will be implemented directly in the UK. The UK does have it’s own similar legislation - the Public Interest Disclosure Act (PIDA) 1998.
PIDA shields whistleblowers from employer retaliation, covering disclosures of wrongdoings like criminal acts, safety risks, environmental harm, and legal breaches. It urges internal issue reporting but also protects wider disclosures and is applicable to most UK workers and workplaces.
What kind of companies must implement this?
Companies, public and private, with 50 or more employees and municipalities with 10,000 residents.
How can they prepare for adopting this?
Companies can prepare for the EU Whistleblower Protection Directive by establishing clear, confidential internal reporting channels, ensuring protection against retaliation, training staff on rights and procedures, and creating awareness.
How are employees protected?
- Protection from retaliation such as dismissal, demotion, suspension, intimidation
- Anti-Retaliation guidelines including “Reverse burden of proof”
- Exemption from liability for acquiring or accessing information that is reported
- Protection of the reporter’s identity
- Access to appropriate remedial action (e.g. interim relief during legal proceedings)
What can be reported?
Broad range of violations of EU law, such as:
- Protection of privacy and personal data
- Tax law
- Consumer protection
- Money laundering
- terrorist financing
- Public health
- Product safety
- Transport safety
- Environmental safety,
- Food safety, animal health and welfare,
- Security of network information systems,
- EU competition law, etc.
To enquire how our partner DataGuard can support your business with compliance should you be under scope, visit: https://www.dataguard.de/whistleblowing. You can also read more information on this directive in their article here.