New EU Whistleblowing Directive

Emily Smith
Emily Smith
  • 2m read
  • January 25, 2022

On October 23, 2019, the EU formally adopted the new EU Whistleblower Protection Directive (Directive EU 2019/1937, the ‘Directive’).

What is it?

The Directive was designed to provide enhanced protection for whistleblowers, including by setting up internal reporting channels.

Member States must implement the Directive into their national law. The deadline for doing so was 17 December 2021. One month on, and only four Member States have finalised their national law implementing the Directive, with the remaining 23 Member States either having drafted their national law or taken no significant action.

Who is affected?

The categories of individuals given protection by the Directive is broad and covers (among others) employees, workers, job applicants and consultants working in the private and public sector. The protection will be triggered when individuals report suspected breaches of certain EU laws in a work-related context, such as in relation to financial services, money laundering, the environment, personal data and information security. Member States can choose to expand the scope of protection, e.g. so that reported breaches of local laws also trigger protection.

Generally, the Directive applies to businesses with over 50 employees, though businesses with between 50 and 249 employees have an additional two years (to 17 December 2023) to comply. Different rules may apply for financial services companies or those vulnerable to money laundering or terrorist financing.

What does it mean in practice?

The minimum requirements of the Directive that Member States must implement into their national laws, include obligations on relevant organisations to, among other things:

  • introduce internal reporting channels and specific procedures for reporting concerns internally and externally
  • take necessary measures to prohibit all forms of retaliation against whistleblowers
  • keep records of reports securely and subject to appliable data protection legislation
  • implement effective and proportionate penalties for retaliation, obstructing reports, compromising a whistleblower’s confidentiality, or otherwise breaching the Directive

Specific rules apply to internal reporting channels, including ensuring reports can be made in writing or orally, maintaining the confidentiality of whistleblowers and providing acknowledgement and feedback within certain timeframes.

What happens now?

While businesses cannot be 100% prepared until Members States have implemented their national laws, it would be sensible to assume that all countries will – at some point – adopt at least the minimum standards of the Directive.

At this stage, we recommend that businesses with EU operations:

  • review the minimum standards of the Directive
  • assess its existing whistleblowing reporting lines, procedures and policies in place
  • track the implementation status of the Directive across Member States
  • consider where updates may be needed to existing whistleblowing practices for compliance with the Directive/a certain country’s national laws
  • consider how to communicate any changes to the workforce

For global businesses, a key challenge will be whether – and to what extent – a uniform approach to whistleblowing protection and practices can be introduced or maintained.

Please get in touch with your MDR ONE team contact if you have any questions on the Directive, or your business needs legal support in this area.

Emily Smith Emily Smith
Article

Resource Centre

Article

Japan – Amendments to Japan’s Child Care and Family Care Leave Law

Impacts – effective 1 April 2025 Key changes to childcare: Employees will be able to take childcare leave entitlement until their child completes their third year of primary school (currently it is only until the child starts primary school). Employees will be able to take time off in more situations (e.g. school closure, entrance /
View
Article

Ramadan Working Hours and Compliance in the United Arab Emirates (UAE)

Therefore, as the holy month of Ramadan approaches, it is essential for employers in the UAE to understand the changes in working hours and compliance requirements under UAE employment law. Reduced working hours during Ramadan Private-sector employees are entitled to a reduction of two working hours per day throughout Ramadan. This change applies to all
View
Resource

Navigating labour, employment and executive compensation challenges in global M&A: Post-deal integration, harmonisation and incentives

  Our key takeaways from this insightful discussion included:  First things first: Key actions to take swiftly post-completion will include payment and reporting obligations and any remedial action identified as necessary during the due diligence process as needing immediate attention. The integration and harmonisation will then be a journey often managed in phases. Talent and Headcount
View
abstract glass building
Article, Legal Updates

Saudi Arabia: Amendments to Labour Law – key changes

Various amendments to Saudi labour laws will come into force on 18 February 2025 introducing a number of changes to employer responsibilities and employee rights.
View

How can we help you?

I'm looking for advice Subscribe: I'd like to keep in touch
I'm looking for advice


Subscribe to our mailings


MDR ONE
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.