Skip to main content
Hinweisgeberschutz

EU Whistleblower Directive

Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law, which all EU member states were required to transpose by 17 December 2021.

The EU Whistleblower Directive (Directive 2019/1937/EU) is the European Union's primary legislative instrument for protecting individuals who report breaches of EU law. Adopted in October 2019, it establishes minimum standards for the protection of whistleblowers across all member states and covers a broad range of policy areas, including public procurement, financial services, anti-money laundering, product safety, environmental protection, food safety, and data protection.

The Directive requires private sector organisations with 50 or more employees and all public sector bodies to establish secure internal reporting channels. It mandates specific procedural safeguards, including acknowledgement of reports within seven days, a follow-up response within three months, and strict protection of the reporter's confidentiality. Whistleblowers who report in good faith must be protected from any form of retaliation, and member states must provide effective remedies and penalties for violations.

Germany transposed the Directive into national law with the Whistleblower Protection Act (HinSchG), which entered into force on 2 July 2023 – approximately eighteen months after the original EU deadline. The Directive sets a floor, not a ceiling: member states are free to provide broader protections. Organisations operating across multiple EU member states should be aware that national implementations may differ in scope and detail.

Legal Basis

Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019

Practical Example

An international software company with offices in Germany, France, and the Netherlands reviews the national implementations of the EU Whistleblower Directive in each country to determine whether a single group-wide reporting system can satisfy all three legal frameworks. After a comparative analysis, the company implements a centralised whistleblower platform with country-specific configuration to meet the varying requirements, including different language options and locally designated case managers.

FAQ

The Directive covers a wide range of EU policy areas, including public procurement, financial services, anti-money laundering, product safety, transport safety, environmental protection, nuclear safety, food safety, animal health, pharmaceutical regulation, privacy and data protection, and network and information security.
The Directive is limited to violations of EU law. Member states may extend protections to national law violations, and Germany has done so to a significant extent through the HinSchG, which covers a broader range of legal breaches than strictly required by the Directive.
Yes. The Directive requires member states to establish external reporting channels at a national level, operated by designated competent authorities. Whistleblowers may choose to report to internal or external channels, or in some cases directly to the public, and remain protected in all scenarios.

How preeco supports you

Learn how our software supports you with this topic.

Learn more

Related Terms

Whistleblower Protection Act (HinSchG) Whistleblowing Prohibition of Retaliation Internal Reporting Channel Anonymous Reporting
Back to Glossary