The EU Council of Ministers has adopted the directive on whistle-blower protection

By Søren Narv Pedersen, Mia Boesen, Pia Skovgaard Hansen, Pieter De Koster


On 7 October 2019, the EU Council of Ministers adopted the new whistle-blower protection directive which requires companies and administrations alike to introduce whistle-blower protection schemes that include every employee in the company. The directive was presented by the EU Commission in April 2018, and Bird & Bird has covered the process in news and reports

Obligations of the Directive

The fundamental aim of the new  directive is to strengthen compliance with and   enforcement of specific areas of EU law, by making it mandatory for all concerned  to establish a whistleblower scheme, including strengthening of the protection of whistleblowers when reporting violations of EU law within the scope of the directive. 

The directive applies to private companies with 50 or more employees.  However, this threshold does not apply if there is an obligation to establish a whistleblower scheme under other special legislation, including financial services regulations or the money laundering regulations. As a general rule, all public authorities must establish an internal whistleblower system. However, the Member States are allowed to exclude municipalities with less than 10,000 inhabitants or fewer than 50 employees and other government agencies with fewer than 50 employees. 

Under the new whistleblower directive, there is nothing to prevent the whistleblower scheme from having an impact on both external partners, who also have the opportunity to report any violations.  

Scope and standards of the whistleblower schemes

From a subject matter perspective, the directive covers reports of breaches of EU law. More in particular, violation of EU law in the following areas is covered: (1) public procurement, (2) financial services, (3) money laundering prevention, (4) environmental protection, (5) product security, (6) consumer and data protection and (7) public health. However, Member States can extend the material scope of coverage.

The directive lists procedural requirements or guarantees for any internal whistleblower scheme.  These include that the confidentiality of the whistleblower’s identity should be ensured, that a confirmation of receipt of the report to the whistleblower must occur within seven days after the receipt, and that an impartial person or department is competent in order to follow up the report. The whistleblower schemes should enable the reporting process to be made either in writing and/or by oral reporting, e.g. by telephone or by a voice messaging system. If the whistleblower requests a physical meeting with the impartial person, this must be conducted within reasonable time. 

Prohibition of reprisals

The new directive prohibits Member States and employers from any form of reprisal against whistleblowers, as a whistleblower might be intimidated from making a report. This includes suspension, termination, demotion or failed promotion, pay reduction, change in working hours, coercion, harassment or exclusion in the workplace. 

The whistleblower is only protected from those reprisals if there are reasonable grounds for assuming that protection is obtained, and if the relevant information appears correct and falls within the scope of the directive at the time of reporting.

Bird & Bird's comments

The new whistleblower directive introduces a number of minimum standards for protection of both the whistleblower process and the whistleblowers themselves. Member States are now given a two year deadline to implement the directive in national law. The new directive allows the adoption of regulations which go beyond the directive. 

At present, discussions are proceeding between the Danish Ministry of Justice and the Labour Market partners regarding the implementation of the whistleblower directive in national law.