On Oct. 7, the EU whistleblower protection directive was approved. Jan Tadeusz Stappers, LL.M, our legal counsel, was interviewed by Fraud magazine about the backgrund and main elements of the directive.
Less than half of all EU member states had whistleblower protection legislation in place before this directive, which means potential whistleblowers were facing a real risk of retaliation. The new directive addresses this fear, stating that “the importance of providing balanced and effective whistleblower protection is increasingly acknowledged both at European and international level.” In the EU, there’ve only been a very limited number of sectors where measures have been instituted to protect whistleblowers, mostly in the areas of financial services.
The new law protects whistleblowers from liability related to reporting breaches of law in accordance with the directive. The Whistleblower Protection Directive includes a wide array of EU law that whistleblowers might report on. Moreover, member states are free to extend these rules to other areas. The European Commission encourages them to establish comprehensive frameworks for whistleblower protection based on the same principles.
The new directive has a broad scope, including private and public sectors. A wide range of individuals might rely on the new law — from employees and volunteer workers to so-called facilitators, colleagues and family members of the person issuing the report. The directive’s scope covers whistleblowers who haven’t commenced their work-based relationship to those whose job has already ended. Although consumers aren’t explicitly mentioned as eligible for protection under the law, there’s no prohibition to report on breaches perceived by a consumer, as long as knowledge of the breach was gathered in a work-related context.
It’s more important than ever for organisations to offer a secure and effective internal whistleblowing channel. After all, from an organisation’s perspective it’s better to deal with a wrongdoing internally rather than risk sensitive information ending up in the public domain.
The Whistleblower Protection Directive will introduce sanctions on retaliation against whistleblowers. Some EU member states offer more far-reaching protection to whistleblowers than others. Practice will show whether this will lead to side effects like whistleblowers “forum shopping” for protection in various national jurisdictions.
Member states must transpose the Whistleblower Protection Directive no later than two years after adoption. Legal entities with more than 50 and less than 250 employees have another two years after transposition to comply.