Whistleblowing: Directive on the protection of persons who report breaches of Union law
Compliance and whistleblowing. Today has been published the Directive EU 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law.
According to the text, Member States shall ensure that legal entities in the private and public sector establish channels and procedures for internal reporting and for follow-up, following consultation and in agreement with the social partners where provided for by national law.
Transposition and transitional period
1. Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive by 17 December 2021.
2. By way of derogation from paragraph 1, as regards legal entities in the private sector with 50 to 249 workers, Member States shall by 17 December 2023 bring into force the laws, regulations and administrative provisions necessary to comply with the obligation to establish internal reporting channels.
3. When Member States adopt the provisions referred to in paragraphs 1 and 2, those provisions shall contain a reference to this Directive or be accompanied by such a reference on the occasion of their official publication. Member States shall determine how such reference is to be made.
They shall forthwith communicate to the Commission the text of those provisions.
Protection
Reporting persons shall qualify for protection under this Directive provided that:
-they had reasonable grounds to believe that the information on breaches reported was true at the time of reporting and that such information fell within the scope of this Directive; and
-they reported either internally in accordance with Article 7 or externally in accordance with Article 10, or made a public disclosure in accordance with Article 15.
Without prejudice to existing obligations to provide for anonymous reporting by virtue of Union law, this Directive does not affect the power of Member States to decide whether legal entities in the private or public sector and competent authorities are required to accept and follow up on anonymous reports of breaches.
Persons who reported or publicly disclosed information on breaches anonymously, but who are subsequently identified and suffer retaliation, shall nonetheless qualify for the protection provided for under Chapter VI of the Directive, provided that they meet the conditions laid down in paragraph 1.
Persons reporting to relevant institutions, bodies, offices or agencies of the Union breaches falling within the scope of this Directive shall qualify for protection as laid down in this Directive under the same conditions as persons who report externally.
