The EU Whistleblowing Directive: considerations for employers reopens borders
The purpose of the Whistleblowing Directive is to establish uniform minimum protections to ensure that whistle-blowers who want to report breaches of EU law are afforded legal protections against retaliation from their employers or colleagues. The European Parliament approved the “whistleblowing” directive in December 2019 (EU Directive 2019/1937).
All EU Member States must transpose this directive into their national legislation by the end of 2021.
Companies will therefore face the challenge of meeting the new requirements and it is essential that they engage in this process now and develop an internal strategy to implement the new regulations.
There are two different dates for the legal implications:
- First, authorities and companies with over 250 employees must have a whistleblowing system by 17 December 2021 – by this date EU Member States must enforce national laws and regulations.
- The same rules will also apply to companies with 50-250 employees, but only starting in 2023. Of course, companies can also proactively implement whistleblowing systems before the deadline.
Private and public entities with 50+ employees who are operating in the EU. The whistle-blower will be entitled to protection under the Whistleblowing Directive when reporting on breaches of EU law. The directive does not extend to whistle-blowers of breaches of non-EU laws.
A whistle-blower (or a ‘reporting person’) is broadly defined as a natural person who reports or publicly discloses information on breaches acquired in the context of his or her work-related activities. This will include self-employed persons, shareholders, personnel of (sub)contractors, former employees, job applicants, and others.
Whistle-blowers will be entitled to protection if person had both:
Reasonable grounds to believe that the information on breaches reported was true at the time of reporting and that such information fell within the scope of the Whistleblowing Directive; and reported, either internally or externally, in accordance with the Whistleblowing Directive, or made a public disclosure in accordance with the Directive.
The Directive also prohibits retaliation and attempts at retaliation (for example, dismissal, change of employment conditions and blacklisting) against the whistle-blower (or persons/entities connected to the whistle-blower) by providing for:
- An exemption from liability for acquiring or accessing information that is reported or publicly disclosed, provided that such acquisition or access did not constitute a ‘self-standing criminal offence’.
- A reversal of the burden of proof in cases of alleged detrimental treatment, i.e. if a whistle-blower can – on the face of it – show they suffered a detriment after reporting breaches or making a public disclosure in accordance with the Whistleblowing Directive, the person who took the detrimental action must ‘prove that that measure was based on duly justified grounds’ and was not connect to the whistleblowing itself; and
- Access to appropriate remedial action (for example, interim relief pending the resolution of relevant legal proceedings).
The Directive will mean revisions to existing whistle-blower or ethics hotline policies/mechanisms as well as related data protection and record retention practices. In some cases, companies may want to plan to modify and seek board approval for their Codes of Conduct to incorporate these developments. We suggest the following practical steps:
For employers with a headcount of over 50 (or with one that will exceed 50 soon), take stock of current whistleblowing procedures in each of their EU jurisdictions and compare them with (i) the minimum requirements of the Directive and (ii) relevant national legislation, when published. This will be particularly crucial for employers with at least 250 workers, given the December 17, 2021 deadline.
If significant changes to policies will be required, consider whether information/consultation procedures (i.e. with work councils, unions etc.) will be triggered, and whether there will be
All companies must keep in mind that collection and processing of whistle-blower data implicate data privacy and record retention issues, and, GDPR compliance requirements specific to the often-sensitive nature of whistleblowing reports.
Whistleblowing is a sensitive issue and needs to be handled with caution. It would be best to have legal and compliance experts on hand to help manage and ensure that your company is complying to these new rules.
Global People is a leading local employment solutions provider for national and international corporations and can advise and escort you in your next destination.