On 7 October 2019, the European Council formally adopted a Directive aimed at improving protection of whistle-blowers in the EU (the "Directive"). The Directive will now be published in the Official Journal of the European Union ("OJEU") and will enter into force 20 days after publication. Member states will then have two years to transpose these rules into their national law.
what you need to know - key takeaways |
- Member States have two years from the entry into force of this Directive to transpose these rules into their national laws. By 2021, companies with more than 250 employees will have to be compliant and two years later, companies with 50 to 250 employees.
- Obligations include setting up an effective, GDPR-compliant, internal reporting channel available 24/7 in relevant languages.
- They also include implementing a number of safeguard and support measures intended to protect the whistle-blower and the individuals who assisted him. These consist notably in the provision of information on the rights of these individuals, on the procedures and remedies available to them. Companies should also ensure the protection of the anonymity of these individuals and protect them against retaliation in the organisation.
|
Whistle-blowers are individuals who in the context of their work become aware and expose behaviours that may threaten or harm public interest. These may be anticompetitive conduct or more generally breaches of rules and regulations (notably in the environmental or public health sectors).
However, potential whistle-blowers are often discouraged from reporting their concerns or suspicions for fear of retaliation. Currently, Member States' national laws relating to the protection of whistle-blowers are still very fragmented, some affording little to no protection to the latter1. Prompted by scandals such as the Dieselgate or the ongoing Cambridge Analytica revelations, the European Council and Parliament adopted – upon a proposal of the European Commission – a Directive on the protection of persons who report breaches of EU law.
The new rules are intended to have a broad scope of application. Individuals protected include employees, civil servants at national/local level, volunteers and trainees, non-executive members and shareholders. Areas covered include public procurement, financial services, prevention of money laundering and public health. A list of all EU legislative instruments covered is annexed to the Directive but Member States may go beyond the latter when implementing the new rules.
The main protective measures provided for by the Directive include:
- the obligation to create effective and efficient reporting channels in companies of over 50 employees and municipalities of more than 10 000 inhabitants. Whistle-blowers are encouraged to use internal channels within their organisation first, before turning to external channels which public authorities are obliged to set up;
- safeguards to protect whistle-blowers from retaliation, such as being suspended, demoted and intimidated. Those assisting whistle-blowers, such as colleagues and relatives are also protected. The Directive contains a list of support measures which will be put in place for whistle-blowers. These include easily accessible information and advice on procedures and remedies available and on the rights of the person concerned, effective assistance by competent authorities and legal aid in criminal and in cross-border civil proceedings; and
- the obligation for employers/public authorities to respond and follow-up on whistle-blowers' reports within 3 months, with the possibility of extending this to 6 months for external channels in duly justified cases.
Member States have two years from the entry into force of this Directive to transpose these rules into their national laws. This means that by 2021 companies with more than 250 employees must fulfil their obligations and two years later this will also apply to companies with 50 to 250 employees. Companies who have yet to implement internal reporting processes/channels may already do so in order to manage risks within their organisations.
With thanks to Schéhérazade Oozeerally of Ashurst for her/his contribution.
- At the moment, only 10 EU countries have a comprehensive law protecting whistle-blowers. At EU level, there is legislation in only a limited number of sectors (mostly in the areas of financial services) which include measures to protect whistle-blowers.