See local law. The Directive covers:
See local law. The Directive covers:
See local law.
Reports of topics in the fields of the prevention of social and fiscal fraud are also covered.
As per the Directive (no deviation from the Directive).
Yes,
(i) the choice of the most appropriate persons or services for receiving and following up on reports may depend on the structure of the entity, but their independence and the absence of conflicts of interest must at all times be safeguarded;
(ii) the reporting channels may be managed internally by a reporting manager or provided externally by a third party. In both cases, from data protection perspective, the entity concerned remains data controller withing the meaning of the EU GDPR;
(iii) the internal reporting channel must be established after consultation with the existing employee representative bodies; and
(iv) the different stages of the internal reporting process can be specified by the federal government (either through ministerial circular or via Royal Decree).
In addition to those covered by the Directive, the Czech Republic has included:
i) mandatory audit and other auditing services;
ii) transportation and road traffic safety;
iii) public auctions;
iv) protection of internal order and security; and
v) protection of electronic communications.
Persons engaged in:
Yes, the Act on Whistleblowing provides that the obliged entity will appoint/authorise a person(s) to assess reports.
The Directive is a minimum directive allowing member states to (amongst other elements) broaden its application to also include reporting on other types of breaches than the ones listed in the Directive and the annex to the Directive. Denmark has in this connection decided to include “serious offences and other serious matters”, (e.g. sexual harassment, serious interpersonal conflicts and serious harassment.)
No
Protection is limited to the topics mentioned in the Directive.
Basically the same as those in the Directive, but additionally a person receiving a sportsperson's allowance.
Entities that have established an internal reporting channel must appoint or authorise a person who receives the incoming reports, provides feedback to the reporting person and ensures the notification of the follow-up measures. A third party outside the entity can also manage the internal reporting channel. This means that the reporting service can be bought from third parties.
Same as those in the Directive. However, the scope of the reporting topics has been widened to include also breaches of national law with certain limitations regarding public procurement (defence and security procurement is not included) and public health.
Same as those in the Directive.
The organization or, if the whistleblowing channel has been outsourced to an external service provider, the external service provider needs to appoint a person or persons who are responsible for processing reports impartially and independently. Only such designated persons may process reports. It is also possible to appoint experts for investigating the accuracy of reports.
The facts reported may concern "information" on a crime, offence or violations of the law, but also "attempts to conceal" these violations.
The violation of the rule will no longer have to be "serious and manifest".
A whistleblower is now defined as follows:
"the physical person who reports or discloses, without direct financial compensation and in good faith, information concerning a crime, an offence, a threat or harm to the general interest, a violation or an attempt to conceal a violation of international or European Union law, the law or the regulations."
Certain protections offered to whistleblowers are extended to :
I: Companies required to set up an internal procedure
Legal entities employing at least 50 employees, must set up an internal procedure for collecting and processing alerts. The French decree of 3 October 2022 specifies that this threshold is to be assessed:
- at the end of 2 consecutive financial years ;
- in accordance with the procedures set out in I of article L. 130-1 of the Social Security Code.
II: The whistleblowing procedure may be implemented by any means
The company must communicate its internal whistleblowing procedure to potential whistleblowers (employees, for example), by any means that ensures sufficient publicity and under conditions that make it permanently accessible.
II: The internal procedure must provide a channel for receiving whistleblowers
The internal procedure is required to set up a reception channel enabling any whistleblower to send a written or oral report, as provided for in the procedure. The reception channel may be managed externally by a third party.
III: The company ensures that the report is admissible...
Once the alert has been received, its processing begins with an analysis of its admissibility in the light of the legal conditions. To this end, the company may request any additional information from the whistleblower.
When the legal conditions are met, the company processes the alert. If the report appears to be well-founded, the entity will use the means at its disposal to remedy the matter.
IV: One or more departments/entities are responsible for the internal procedure
The internal alert procedure must indicate the person(s) or department(s) designated to receive and process alerts. By virtue of their position or status, these persons or departments must have sufficient competence, authority and resources to carry out their duties.
V: The internal procedure guarantees confidentiality and integrity
The internal procedure must guarantee the integrity and confidentiality of the information collected, in particular the identity of the author of the alert, the persons concerned by the alert and any third party mentioned in the alert. In particular, members of staff who are not authorised to know the information must be denied access to it.
VI: The external authorities responsible for issuing alerts are designated as follows
The scope of the German law is broader than the Directive and covers the following topics:
(1) Information on
1. infringements which are punishable by law,
2. infringements which are subject to a fine, insofar as the infringed regulation serves to protect life, limb or health or to protect the rights of employees or their representative bodies.
representative bodies,
3. other infringements of federal and Land legislation as well as directly applicable legal acts of the European Union and the European Atomic Energy Community
a) to combat money laundering and terrorist financing, including in particular the Money Laundering Act and Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information to be transmitted information accompanying transfers of funds and repealing Regulation (EU) No. 1781/2006 (OJ L 141, 5.6.2015, p. 1), as amended by Regulation (EU) 2019/2175 (OJ L 334, 27.12.2019, p. 1), as amended from time to time,
b) laying down requirements for product safety and conformity,
c) road safety requirements covering road infrastructure safety management, safety requirements in road tunnels and the admission to the occupation of road haulage operator, admission to the occupation of road haulage operator or road passenger transport operator (bus and/or coach undertaking),
d) requirements concerning the safety of railway operations,
e) Maritime safety requirements concerning European Union rules on the recognition of ship inspection and survey organisations, carrier's liability and insurance in respect of the carriage of passengers by sea, the approval of the profession of road haulage operator or of road passenger transport operator (bus and coach undertaking), the licensing of the profession of road haulage operator or of the profession of road passenger transport operator, of passengers by sea, approval of marine equipment, maritime safety inspection, seafarers' training, registration of persons on board passenger ships engaged in maritime transport, and European Union rules and procedures for the safe loading and unloading of bulk carriers,
f) civil aviation safety requirements relating to the prevention of operational and technical safety hazards operational and technical safety and air traffic control,
g) requirements for the safe transport of dangerous goods by road, rail and inland waterways,
h) requirements for the protection of the environment
i) requirements for radiation protection and nuclear safety,
j) promoting the use of energy from renewable sources and energy efficiency,
k) on food and feed safety, organic production and labelling of organic products, the protection of geographical indications for agricultural products and foodstuffs, including wine, aromatised wine products and products and spirit drinks and traditional specialities guaranteed, on the placing on the market and use of plant protection products and on animal health and welfare, insofar as they concern the protection of animals kept for farming purposes, the protection of animals at the time of killing, the keeping of wild animals in zoos, the protection of animals used for scientific purposes and the transport of animals and related operations,
l) on standards of quality and safety of organs and substances of human
origin, medicinal products for human and veterinary use, medical devices and cross-border patient care,
m) on the manufacture, presentation and sale of tobacco products and related products,
n) the regulation of consumer rights and consumer protection in relation to contracts concluded between traders and consumers and the protection of consumers in the field of payment accounts and financial services, price indication and unfair commercial practices,
o) the protection of privacy in electronic communications, the protection of confidentiality of communications, the protection of personal data in the electronic communications sector, the protection of the privacy of users' terminal equipment and of information stored in such terminal equipment, the protection against unreasonable harassment by means of telephone calls, automatic calling machines, facsimile machines or electronic mail, and as well as on the display and suppression of telephone numbers and on the inclusion in subscriber directories,
p) on the protection of personal data within the scope of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1; L 314, 22.11.2016, p. 72; L 127, 23.5.2018, p. 2; L 74, 4.3.2021, p. 35) in accordance with Article 2 thereof,
q) on the security of information technology within the meaning of section 2(2) of the BSI Act of digital service providers within the meaning of section 2(12) of the BSI Act,
r) to regulate the rights of shareholders of public limited companies,
s) to audit the financial statements of public interest entities pursuant to section 316a
sentence 2 of the Commercial Code,
t) on the accounting, including bookkeeping, of companies that are capital market-oriented within the meaning of section 264d of the Commercial Code, of credit institutions within the meaning of section 340 1) of the Commercial Code, financial services institutions within the meaning of section 340 (4) sentence 1 of the Commercial Code, securities institutions within the meaning of § 340 paragraph 4a sentence 1 of the Commercial Code, institutions within the meaning of § 340 paragraph 5 sentence 1 of the Commercial Code, insurance undertakings within the meaning of section 341(1) of the Commercial Code and pension funds within the meaning of section 341(4) sentence 1 of the Commercial Code,
4. violations of regulations for contracting authorities under federal and uniform law on the procedure for the award of public contracts and concessions and on the legal protection in these procedures from the time the relevant EU thresholds are reached,
5. infringements covered by section 4d(1) sentence 1 of the Financial Services Supervision Act unless otherwise provided for in section 4(1) sentence 1,
6. infringements of legal tax provisions applicable to corporations and commercial partnerships legal tax standards applicable to corporations and commercial partnerships,
7. infringements in the form of agreements aimed at improperly obtaining a tax advantage that is contrary to the objective or purpose of the tax law applicable to tax law applicable to corporations and partnerships,
8. infringements of Articles 101 and 102 of the Treaty on the Functioning of the European Union as well as infringements of the provisions of section 81, paragraph 2, numbers 1, 2, letter a and number 5 and paragraph 3 of the Act against Restraints of Competition,
9. infringements of provisions of Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act) (OJ L 265, 12.10.2022, p. 1),
10. statements by federal civil servants which constitute a breach of the duty of loyalty to the Constitution.
In addition, the German Act also applies to the reporting and disclosure of information on
1. infringements of the protection of the financial interests of the European Union within the meaning of
within the meaning of Article 325 of the Treaty on the Functioning of the European Union, and
2. infringements of internal market provisions within the meaning of Article 26(2) of the Treaty on the Functioning of the European Union, including provisions of the European Union going beyond paragraph 1. (8) of the European Union on competition and state aid.
Internal reporting channels must be provided for employees as well as leased employees (Leiharbeitnehmer). Such channels can in addition be opened for other individuals who in connection with their professional activitiy are in contact with the company that provides the reporting channel.
No. The law only generally requires that the appointed internal or external person provides for the required skillset and independency.
In the internal whistleblowing system, an unlawful or suspected unlawful act or or omission or other abuse may be reported.
(i) employees,
(ii) employees whose employment relationship has ended,
(iii) people seeking to establish an employment relationship for whom the procedure for the establishment of such a relationship has started
(iv) self-employed people, the sole proprietor, if they have a contractual relationship with the employer,
(v) shareholders, members of the management, executive or supervisory body of an employer, also non-executive member,
(vi) contractors with a contractual relationship, subcontractors, suppliers, persons under the supervision and control of an agent,
(vii) trainees and volunteers,
(viii) for whom the procedure for the establishment of a legal or contractual relationship has been initiated, and
(ix) whose legal or contractual relationship with the employer has ended.
The internal whistleblowing system may be operated by a neutral person or department within the employer designated for this purpose. The operation may be contracted to a whistleblower protection lawyer or other external organisation. Where an external organisation is engaged, the rules on conflict of interest and impartiality applicable to the whistleblower protection lawyer shall apply to the external organisation.
1.1. Where an offence has been, is being, or is likely to be committed.
1.2. Where a person has failed, is failing or is likely to fail to comply with any legal obligation (other than one arising under their contract of employment or other working contract).
1.3. Where a miscarriage of justice has occurred, is occurring or is likely to occur.
1.4. Where the health and safety of any individual has been, is being or is likely to be endangered.
1.5. Where the environment has been, is being or is likely to be damaged.
1.6. An unlawful or otherwise improper use of funds or resources of a public body, or of other public money, has occurred, is occurring or is likely to occur.
1.7. An act or omission by or on behalf of a public body that is oppressive, discriminatory or grossly negligent or constitutes mismanagement.
No additional categories although the categories specified in the Directive are described in more granular detail in the Act.
The person(s) who is appointed to follow up on reports should be impartial and competent to do so.
In addition to the topics covered by the Directive, Legislative Decree 24/2023 has included:
- administrative, financial, civil and criminal offences that do not fall within the provisions of the Whistleblowing Directive;
- infringements related to provisions of Legislative Decree no. 231/2001 or to organisational and management models therein provided, which do not fall within the provisions of the Whistleblowing Directive.
Categories of person who may report according to Legislative Decree 24/2022 are the same provided in the Directve.
Yes.
In case of implementation of an internal reporting channel, the latter is entrusted to a person or an autonomous internal office or to an autonomous external entity, composed of specifically trained personnel who are responsible for the process of the reports received.
For the purpose of the establish of the internal reporting channel, it is mandatory to proceed with the consultation of the trade unions or work council.
Reporting topics, as included in Article 1 of the Act:
- a breach of EU Community law (violation or undermining the material scope in Article 2 WBD); or
- an act or ommission jeopardising a public interest in the following sense:
1. a (risk of) violation of a statutory regulations or internal company regulations containing a concrete obligation which internal regulations have been established by the company pursuant to a statutory regulation; or
2. a danger to:
(i) public health;
(ii) the safety of persons;
(iii) the environment; or
(iv) the proper functioning of the public service or an enterprise;
Same definition as used in the Directive.
Internal reports: the choice of the most appropriate persons or services for receiving and following up on reports may depend on the structure of the entity, but their independence and the absence of conflicts of interest must at all times be safeguarded. Also, the internal whistleblowing policy must state to whom an internal report can be made.
External reports: in case of a direct external report, the reporter can address any of the competent bodies stated in article 2c of the Act, dependent on the nature of the report. These bodies are as from that moment responsible for investigating reports and taking appropriate action. Based on Article 2c of the Dutch WB Act, the designated competent external bodies are:
a. the Authority for Consumers and Markets (Autoriteit Consument & Markt);
b. the Authority for the Financial Markets (Autoriteit Financiele Markten);
c. the Data Protection Authority (Autoriteit Persoonsgegevens);
d. the Central Bank of the Netherlands (De Nederlandsche Bank)
e. the Whistleblowers Authority (Het Huis voor Klokkenluiders);
f. the Health and Youth Inspectorate (Inspectie gezondheidszorg en jeugd);
g. the Dutch Healthcare Authority (de Nederlandse Zorgautoriteit); and
h. the Authority for Nuclear Safety and Radiation Protection (Autoriteit Nucleaire Veiligheid en Stralingsbescherming); or
Other competent authorities as may later be designated by ministerial public decree on the basis of the Dutch WB Act.
The topics covered in the Directive. However, the discussed bill provides the possibility for the employer to regulate reporting other violations as well, including those related to internal regulations or ethical standards applicable at the employer.
No.
Basically, under the newly amended Whistleblowing Act there are two categories of anti-social activities that are reportable:
1. Anti-social activities (minimal protection):
According to the Slovak National Labour Inspectorate's interpretation this shall include e.g. unethical practices in the workplace, pathological phenomena that have a negative impact on society and are the basis for criminal activity such as aggressive behaviour, alcoholism, gambling.
2. Serious anti-social activities (very specific protection further elaborated in section L14 of this document):
The list of categories of persons is not exhaustively defined by the newly adopted Whistleblowing Act, the assessment of the nature of the relationship of the person reporting the anti-social activity will depend on a case-by-case basis, but from the text of the newly adopted Whistleblowing Act it is possible to clearly abstract a wide range of categories, e.g.:
Yes, the effective and newly amended Whistleblowing Act provides that the obliged entity shall appoint/authorise a person(s) to assess reports. The entity may also contract external provider to assess reports.
In addition to those covered by the Directive Spain has included:
Whistleblowers are the same as those in the Directive. However, please note that certain protections offered to whistleblowers are extended to:
i) Employees of the administration/ordinary employees
ii) Self-employed individuals
iii) shareholders, participants and persons belonging to the administrative body, management or supervisory body of a company, including non-executive members;
iv) any person working for or under the supervision and direction of contractors, subcontractors and suppliers.
v) whistleblowers who communicate or publicly disclose information about infringements within the framework of a terminated employment or statutory relationship, volunteers, scholarship employment or statutory relationship already terminated, volunteers, trainees, whether or not they receive remuneration, as well as those whose employment relationship has not yet begun, in cases where the information on infringements information on violations was obtained during the selection process or pre-contractual negotiation.
vi) The legal representatives of employees in the exercise of their functions of advising and supporting the informant.
vii) The whistleblower protection measures provided for in the law shall also apply, where appropriate, to:
a. persons who, within the framework of the organization in which the whistleblower provides services, assist the whistleblower in the process,
b. persons who are related to the whistleblower and who may suffer retaliation, such as co-workers or relatives of the whistleblower, and
c. legal entity, for whom he/she works or with whom he/she maintains any other type of relationship in a work context or in which he/she holds a significant participation. For these purposes, it is understood that the participation in the capital or in the voting rights corresponding to shares or holdings is significant when, due to its proportion, it allows the person who holds it to have the capacity to influence the legal entity in which it has an interest.
The management of internal information systems may be carried out in-house or by a third party.
The new Swedish Whistleblowing Act applies also to reports on misconduct in work-related contexts for which there is a "public interest". It is not applicable for information that falls under the The Protective Security Act, nor for information that is related to national security within the national defence or information with a public authority within defence or public protection/security.
The investigator(s) must be an independent individual (or entity). The investigator may be an employee or an external company.
The reporting topics covered in the Directive are not applicable but existing law covers information which tends to show one or more of the following:
The categories covered in the Directive are not applicable but existing law covers "workers", which is defined widely for this purpose and includes agency workers as well as those directly engaged to provide personal services to the employer.
No.
