The European Union imposes whistleblower protection in EU countries

The Council of the European Union has adopted a directive to protect persons who report breaches of EU law, the so-called whistleblowers’ protection directive. What does the directive require from countries and organizations?

The directive introduces minimum standards on the harmonisation and strengthening of whistleblower protection within the entire European Union. The directive enters into force on 16th December 2019, and EU member states will have two years (until 17th December 2021) to implement the directive into their legal systems. States which already possess such legislation (such as France, Hungary and Sweden) are required to adapt their legislation so as to make it compatible with the directive. By the same deadline, private companies (employing more than 50 people) and public entities must develop whistleblower protection regulations and procedures. However, the directive states that entities which operate in the private sector and which employ 50-249 people will not fall within the scope of the new regulations before 17th December 2023.

Whistleblowers in Poland

Current Polish legislation contains certain provisions to protect whistleblowers, including in the Act on Counteracting Money Laundering and Terrorist Financing (AML). It is worth emphasizing that this Act only applies to selected entities, e.g. those which provide banking services. Such regulations are also found in the following legislative proposals:

·         (Proposed) Act on the Liability of Collective Entities for Criminal Offences;

·         (Proposed) Act on the Transparency of Public Life.

During further discussions on how to ensure whistleblower protection in new legislation, the Stefan Batory Foundation, Helsinki Foundation for Human Rights, Forum of Labour Unions and Institute for Public Affairs prepared a citizens’ legislative proposal containing a comprehensive regulation of whistleblower protection. In 2018, the Management Board and Supervisory Board of the Warsaw Stock Exchange (WSE) adopted recommended standards for systems to manage compliance on anti-corruption and whistleblower protection in companies listed on the markets organized by the WSE.

Definition of a whistleblower

A whistleblower is defined as any person, working in the private or public sector, who has learnt about infringements in their workplace or professional environment. An infringement is any actual or potential action which constitutes an infringement or abuse of EU law in certain areas, such as public procurement, environmental protection, transport, consumer protection and the safety of products and food. The directive’s definition of a whistleblower includes individuals hired by employment agreements, sole traders, contractors, suppliers, trainees and volunteers. People whose employment agreement has expired and job candidates who are aware of such infringements are also protected against an employer’s retaliation, as is anyone who passes information about infringements to an investigative journalist.

Protection in companies and institutions

Every private company with more than 50 employees must have procedures to protect whistleblowers. When implementing the directive into their legal systems, EU member states can adopt even more restrictive measures regarding the number of employees.

Public entities which will be obliged to introduce whistleblower protection procedures include public administration and self-governmental units, including communes having more than 10,000 residents.

The main measures to be adopted by private and public entities within their procedures include:

  • Developing an internal channel for receiving anonymous whistleblower reports on irregularities and taking action on those reports. Such a channel should enable a person to submit written reports by post, via complaint boxes or via an online platform or to make verbal reports via so-called hotlines or other communication systems, provided that the reporting person’s identity is kept confidential,
  • Designating an independent person, department or third party responsible for receiving such reports,
  • Developing a procedure on further action to be taken following such reports, taking into account the three-month deadline for examining a report and providing the whistleblower with feedback.

How to report irregularities?

Firstly, whistleblowers are encouraged to report detected infringements via their employer’s internal system. If a suspicion exists that the employer may retaliate against the whistleblower, or if the employer has not implemented such an internal channel (including if the channel doesn’t properly function), the whistleblower may use an external reporting channel. When implementing the directive into their legal systems, EU member states must designate an institution responsible for receiving and examining whistleblower reports.

Retaliation will be punished

Retaliation against whistleblowers is defined in the directive as direct or indirect action or omission which occurs in a work-related context, provoked by a breach having been reported, and exposing a whistleblower to any kind of disadvantage. A non-exhaustive list of types of retaliation is provided in the directive, including:

  • suspending professional functions and duties,
  • forced unpaid leave,
  • dismissal,
  • demotion,
  • suspending trainings,
  • changing workplace or working hours,
  • harassment,
  • failing to renew a fixed-term employment agreement,
  • requiring the employee to undertake medical examinations and tests.

It should be emphasized that the burden of proof (to show that such measures are justified) is upon the person who exposes the whistleblower to the relevant disadvantage (i.e. the employer).

The Directive obliges all EU member countries to create a system of punishments applicable to natural or legal persons who retaliate (or would permit retaliation) against whistleblowers. Such punishments should be effective, proportionate and dissuasive. The Directive does not, however, regulate the details of such sanctions, including the amounts of fines.

Whistleblowers need to be protected – ideally starting today…

Both national and EU legislators share a desire to strengthen whistleblower protection and to ensure that appropriate compliance procedures exists within businesses. Even before the directive enters into force, the application of proper compliance standards and policies can protect company’s management boards against claims of improper company organization and inappropriate behaviour by their employees. Entrepreneurs should already be thinking about implementing adequate systems for reporting irregularities and protecting whistleblowers.

Our compliance team would be happy to discuss these issues with you.