by Daniel Vaknine
Many people, especially within the compliance area, are talking about the EU’s relatively new directive on whistleblowing. From December 17 2023, all organisations with more than 50 employees must implement internal whistleblower channels. In addition to this, there are also requirements for secure data storage (among other things linked to GDPR) and an easily accessible and informative whistleblower policy to ensure that all requirements are met. Here you can find the full directive in English, but how will the directive actually affect workplaces around Europe, and what effect will it have in the long run?
I took the liberty to describe the purpose of the directive, the way forward, and the long-term effects. Tove Tullberg, an expert in compliance and whistleblowing at one of Sweden’s leading law firms, Vinge, also explains how they see the EU directive’s long-term impact.
The purpose of the new laws
Most of the national laws and regulations of the European member states covered whistleblowing and reporting protection even before the EU directive. However, these rules and regulations varied greatly, and many were deficient.
The aim of the directive is to set a basic level of protection in all member states and to “even out” the whistleblowing landscape and the protection whistleblowers receive within the EU. It should be emphasised that, although minimum requirements are specified, some Member States may choose to adopt stricter laws. As a result, different levels of protection, as well as different standards or thresholds for such protection, may be implemented within the EU. Keep in mind that if your company operates in different European countries, you may have to follow different regulations as it is up to each member state to interpret and implement the EU directive in national legislation.
The first step in providing any kind of protection is to address the target audience: the people who are entitled to protection as a result of whistleblowing. The directive, as one of the most critical initiatives adopted in recent times, expands this group by broadening the definition of “whistleblowers”. A wide range of people, in addition to workers, can report in a work-related setting from December 17, 2021 (provided the country has time to adopt the law itself). This type of work-related environment is interpreted broadly and includes both current and past work-related misconduct.
This can include part-time employees and freelancers, as well as (anyone working under the supervision of) contractors and suppliers, active shareholders, or job candidates. Furthermore, people who may be subject to reprisals as a result of a complaint should be protected. These people may be facilitators, employees, or relatives of the reported person.
For a summarised version of what you as a compliance professional need to do if your company has more than 50 employees, see the guide I wrote about the Whistleblower Directive’s 6 minimum requirements for employers.
What the long-term effects of the directive may look like
Exactly what the long-term effects will look like is of course difficult to say for sure. In theory, by standardising whistleblowing across the EU, the directive will encourage more and more people to speak out. With better protection against reprisals and better whistleblower channels to use, safety and mental health in workplaces will probably be higher than before.
Tove Tullberg, an expert in compliance and whistleblowing at one of Sweden’s leading law firms, Advokatfirman Vinge, helps us clarify the long-term effects: “In the long term, the whistleblower directive will include greater changes than those that can be read directly in the wording of the directive. This is because, through the directive, companies are incentivised to review their corporate culture to ensure that employees also, in practice, dare to report internal misconduct. Increased transparency within the company in turn also increases the chance that internal irregularities will come to the company’s attention – which is a prerequisite for the company to be able to investigate and act against the irregularities in question.
Knowledge of internal irregularities is also a prerequisite for preventive measures to be implemented where there were previous deficiencies. In the long run, the directive, therefore, is likely to mean a reduced risk of crimes being committed in the company’s operations.”
As more and more people dare to speak out against injustice and wrongdoing such as corruption, it will, just as Tove Tullberg says, hopefully, lead to more and more companies also following the guidelines and standards that are established within the EU. Through a standardised set of regulations, it is also ensured that all countries offer similar protection and rights for whistleblowers.
The way forward: Becoming compliant
As previously mentioned, compliance in one Member State does not always mean compliance in others, although most national laws so far are very similar. Consider whether the criteria apply and follow the strictest rules if possible, or choose a more decentralised system with different approaches adapted to local legal frameworks.
In any case, you should consider the following factors when deciding whether your company is prepared for the upcoming deadline. You can do this through the following points:
- Have you previously appointed a person or department to handle incoming reports?
- What does your incoming report triage look like?
- Can your reporting system handle reports from non-employees? (This is not always a legal requirement, depending on the country and organisation, but is usually recommended.)
- Have you thought about how to deal with oral reports on union legislation?
- Are automatic receipt confirmations possible in your reporting system?
- Are your staff aware of the consequences of anti-retaliation laws?
As of December 17 2023, all companies in the EU with more than 50 employees must have implemented internal whistleblower channels. If your company has not yet implemented a solution, it may be time you think about getting started with implementing a whistleblower solution.
The author, Daniel Vaknine, is CEO and Partner of Visslan, a Sweden-based whistleblowing solution to simplify whistleblowing and compliance with the new EU Whistleblowing Directive.