What is the impact of the EU whistleblowing legislation?

Whistleblowing became a subject of concern when major consequences produced by Swiss Leaks and Lux Leaks made the case for a change in the European framework. In both cases, the whistleblowers worked for private companies prior to leaking information. If their situation was to repeat now, would they be protected?

Launch of whistleblowing directive
In our last article on the topic, we emphasized the need for stronger protection for whistleblowers. In October 2019, the directive 2019/1937 on the protection of persons who report breaches of Union law was adopted. Member States had until 17 December 2021 to transpose it into national law.


The mission of the directive is to pursue the objectives of the former provisional agreement and to solidify the EU framework with a directly applicable, in depth, and broad legislation on this issue. In this article, we will explore if this legislation provides a sufficient protection for whistleblowers and the entities impacted by the leak of confidential information.


What is the scope of the whistleblowing directive?


Material Scope

The following EU matters are included in the scope of application: public procurement, financial services, products and markets, prevention of money laundering and terrorist financing, product safety and compliance, transport safety, protection of the environment, radiation protection and nuclear safety, food and feed safety, animal health and welfare, public health and consumer protection, protection of privacy and personal data, security of network and information systems, and corporate tax. Nonetheless, State Members are free to expand the scope of protected matters as they see fit.

By derogation, this directive doesn’t apply to reports of breaches involving defence, security or national rules, and the rights of workers to consult their representatives or trade unions. The exclusion of defence is understandable. Defence rules have always been, by public international law principles, considered as part of a state’s sovereignty. Based on those principles, the EU chose to stay out of those matters by excluding defence out of the Union’s scope of competence (Treaty on the Functioning of the European Union).

Personal Scope

The directive is applicable to all reporting persons working in the private or public sector who acquired information in a current or past work-related context. The protection also applies to facilitators , third persons or legal entities owned or connected (in a work-related context) to a reporting person. Facilitators are persons who assist reporting persons in the reporting process in a work-related context, and whose assistance should be confidential.

Reporting requirements

Whistleblowers will qualify for protection if, at the moment of the reporting, they had reasonable grounds to believe that the information reported was true and if they reported through an internal channel, external channel, or made a public disclosure. An internal channel implies disclosing information to a source within the organization while an external whistleblowing implies disclosing information outside the organization.

The public disclosure of information will be protected if the information may place public interest in danger or if the internal and external reporting were both ineffective.

Based on the report of the Whistleblowing International Network, 14 Members States have not started or only made minimal progress towards the implementation of the directive.

Map of EU whistleblowing directive


What are the legal repercussions of a leak of information?

As previous cases made it clear, being a whistleblower is not an easy task. The term whistleblowing comes from sports where referees blow their whistle to stop an illegal or foul play.

After leaking information, whistleblowers are often met with public criticism, or even worse with retaliation such as threats or public prosecution. To take a famous example, Julian Assange, is currently detained in prison in the United Kingdom for blowing the whistle on thousands of classified documents of the US government and is currently facing extradition.
Whistleblower retaliation


The directive took some steps forward by forbidding any form of retaliation. Retaliation can among other things include suspension, discrimination, harm, early termination of the contract, and reduction in wages.

To fight against foreseeable legal actions, the directive mandates that all Members States provide legal assistance to whistleblowers protected under the scope, together with compensation and reparation. Comprehensive and independent information or advice, which are easily accessible to the public and free of charge, should also be provided.


How are entities impacted?

Private and public entities need to follow certain guidelines to be in line with the whistleblowing regulation. The mandatory changes differ based on the sector.

Similarities

There is a common ground of rules that is applicable for both private and public entities. The establishment of an internal channel is one of them. In order to increase the transparency and the fairness of the internal procedure, entities should:

  • 1

    set up a channel for receiving the reports;

  • 2

    acknowledge receipt of the report within 7 days;

  • 3

    designate an impartial person or a competent department responsible for following-up on the reports;

  • 4

    set up a diligent follow-up;

  • 5

    define a reasonable timeframe to provide feedback, not exceeding three months from the acknowledgment of receipt;

  • 6

    provide accessible information on the external procedure;



Differences

All entities in the private sector with 50 or more workers shall establish an internal reporting channel. Under that threshold, there is no mandate for the creation of an internal channel. This threshold is not applicable to entities working in financial services, products and markets, and prevention of money laundering and terrorist financing. All legal entities in the public sector shall establish an internal reporting channel, including other entities they may own or control.


How would the Whistleblower Directive grant protection today?

If both the Lux and Swiss Leaks were to repeat now, would the whistleblowers fulfil the directive’s requirements? Let’s make a practical case out of the two examples.

First, both Swiss Leaks and Lux Leaks concerned tax evasion, which is a protected matter under the material scope. Second, concerning the personal scope, both whistleblowers were in a work-related context during their disclosure. Therefore, that condition is also fulfilled. The third condition requires the use of an internal or external channel before the disclosure or the direct use of a public disclosure when the information may constitute a danger to the public interest.

Hypothetically, if the whistleblowers had reasonable ground to believe that the information was a danger to public interest, that condition could have been fulfilled too.

Directive's conditions
Swiss Leaks
Lux Leaks
Information concerns one of the protected matters
Yes - tax evasion
Yes - tax evasion
Information collected in a professional context
Yes
Yes
The use of an internal channel, external channel, or public disclosure
Yes - public disclosure
Yes - public disclosure


Therefore, the whistleblowers would have fulfilled the three main requirements and eventually be granted the protection of the directive. Obviously, this is only hypothetical.


How are whistleblowers protected in Belgium?

As of today, no transposition was made by Belgium’s federal parliament. Belgium did make a provisional agreement (1380/001) on the topic in June of 2020. Compared to the European Directive 2019/1937, the scope of the agreement is broader in some aspects and more restricted in others.

Belgium and the whistleblowing directive
On the broader side, the agreement expands the protection to those participating in the disclosure process (writers, journalists, documentary filmmakers, directors or producers). The agreement stipulates that the information can be collected in or out of a professional setting. On the more restricted side, the agreement doesn’t mandate companies to create internal reporting channels which can create a safer place for employees.


The major point of the provisional agreement is the creation of a legal status for those recognized as whistleblowers by a court judgment. In practice, any person will be able to bring a case to the Court of Appeal to obtain recognition of the whistleblower’s legal status. Once the judgment granting the recognition of the legal status of the whistleblower is pronounced, the whistleblower and their family will benefit from protection. In our opinion, if it is implemented, it will be a strong element of safeguard.

The directive creates a safer space for whistleblowers to express their concerns on EU rights violations. It creates obligations for private and public entities to establish diligent reporting channels. The absence of transposition by some Members State creates a lack of efficiency. Members States need to take the lead and make the proper changes. Nonetheless, efficiency comes with time. Adopting the directive still is a major step in the right direction.
EU whistleblower directive steps to take
0 comments
Add your comment

Related articles

What are financial sanctions and embargos? Learn about the countries considered as tax havens or non-cooperative econom...

Tax Havens Mon 01 April 2019

What is the Payment Services Directive (PSD2)? Discover the opinion published by the EBA in 2019 on strong customer aut...

Europe Tue 10 September 2019

Why are compliance costs increasing? Learn what compliance costs cover and how they have skyrocketed after the economic...

Europe Mon 02 December 2019

Panama Papers, Offshore Leaks, and Swiss Leaks revealed a dark side to finance. Learn how the data were leaked, what ce...

Data Security Fri 26 February 2021
Experts in risk management and regulatory compliance

Pideeco is a consultancy firm providing legal services, business solutions, operational assistance and educational material for professionals in the financial industry.

We are based in Brussels and we specialize in regulatory risk compliance services covering the Eurozone.

Pideeco combines professional Regulatory knowledge and technical expertise to safeguard your business’ reputational and operational risk. Our unique customer-centric approach helps us build strategical and legitimate cost-efficient remedies.

Working with us means reaching out to complementary people, allowing for original thinking and innovative vision.

Our Network Learn more about us