Whistleblowers reporting breaches of European Union (EU) laws will have greater protection, under a recently finalized directive. First proposed in 2018, the directive applies to whistleblowing connected with EU laws on money-laundering prevention, corporate taxation, public procurement, data protection, environmental protection and nuclear safety. Member states can include other policy areas but must implement the directive into national laws before 2022 — within two years of the directive’s publication in the official journal.

Highlights

The new directive will replace the currently fragmented whistleblower protections in the EU. Only 10 EU countries — France, Hungary, Ireland, Italy, Lithuania, Malta, the Netherlands, Slovakia, Sweden and the United Kingdom — have comprehensive whistleblower laws, and other countries provide only partial protection. At the EU level, whistleblower protection currently applies in a limited number of sectors, mostly financial services.

Provisions of the directive include the following requirements:

• Reporting channels. Companies with 50 or more employees or municipalities with more than 10,000 inhabitants must establish effective and efficient reporting channels. Smaller companies with 50 to 249 employees can share reporting and investigative resources, subject to certain safeguards. The directive sets out the minimum criteria for reporting channels, including recordkeeping of submitted reports. Whistleblowers are encouraged to first use their organization’s internal channels but face no penalty if they instead use external reporting channels.
• More individuals covered. Protected whistleblowers include individuals who acquire information on breaches in a work-related context, such as employees, civil servants at national or local level, volunteers, trainees, nonexecutive board directors and shareholders.
• Wide application. The annex listing all EU laws covered by the directive includes public procurement, financial services, money-laundering prevention, public health and other areas. Member states can establish “a comprehensive and coherent whistleblower protection framework at national level,” including smaller organizations and expanding the areas to which whistleblowing rules will apply.
• Anti-retaliation protections. Whistleblowers — and individuals who assist whistleblowers, such as coworkers or relatives — will be protected from retaliation, including suspension, demotion and intimidation. The directive requires certain supportive measures for whistleblowers, including advisory services and confidentiality protections.
• Feedback obligations. Companies and municipalities must acknowledge a whistleblower’s report within seven days of receipt and respond within three months. Extension of the response deadline to six months is possible in certain cases.
• Penalties. Member states must provide effective, proportionate and dissuasive penalties, including sanctions for retaliating against whistleblowers and for knowingly reporting or publicly disclosing false information.

Related Resources

Non-Mercer Resources

• Directive on the Protection of Person Who Report Breaches of Union Law (Council of the EU, 7 Oct 2019)
• Press Release (Council of the EU, 7 Oct 2019)