
The 17 December 2021 deadline for EU Member States to implement the EU Whistleblowing Directive into national laws is fast approaching. Private sector organisations in the European Union with 250 or more workers (and certain public authorities) will be required to comply with the new laws from that date, though those with 50-249 workers have until 17 December 2023 to do so. Importantly, the 50-worker minimum limit is removed for financial services firms and the UK is not required to introduce the Directive. We’ve set out below responses to some of the frequently asked questions on this topic. This is based on the provisions of the Directive though do remember that Member States are free to go beyond these minimum standards and so the final national laws must be checked.
Existing whistleblower protection in the European Union offers patchwork protection only, which may deter individuals from raising concerns (particularly those in global roles where it is not clear which jurisdiction/laws apply). The economic case for enhancing whistleblower protection is strong. Annual losses in the EU due to a lack of whistleblower protection in public procurement are estimated at between €5.8 and €9.6 billion. That’s in a “normal” year, absent a global pandemic coupled with significant (and often questionable) increases in public spending.
It’s limited to reporting breaches of certain EU laws, including those relating to financial services, food and product standards, public health, public procurement and consumer protection. Some Member States (e.g. Denmark) are going further and extending this to serious wrongdoing and violations of national law whereas others (e.g. Germany) are being criticised for their plans to apply the minimum approach only.
It’s broader than employees and workers. Self-employed contractors, workers, volunteers, non-executive directors, shareholders, suppliers and contractors are all covered.
Member States are free to decide to enhance any of the protections in the Directive, though these key areas have been left up to the Member States:
If you’re handling a workforce in the EU, it’s one to watch. It’s up to each Member State whether they bring interpersonal grievances within the scope of the protection. Even if they do not do so, you’re HR and investigation teams need to be alive to the risk of employees raising concerns via these channels. You’ll also need to proactively manage the reputational risk of employees raising concerns with any regulators directly (e.g. particularly in the financial services and healthcare sectors).
Although national legislation is not yet finalised in many countries (though it’s underway in 23 of the 27 EU Member States), businesses can take proactive steps to manage this change by:
For businesses who are not impacted (including those in the UK), this is a welcome reminder to consider introducing, or refreshing their existing, whistleblowing or speaking up policies not least from a cultural and governance perspective – see our previous article on this here.
If you need more information about implementing whistleblowing frameworks in your organisation, or the Littler | Whistle Protect tool that allows employees to report their concerns, please contact Alison Sneddon.