Protected report
A protected report is the disclosure of information about breaches that falls within the personal and material scope of the German Whistleblower Protection Act (HinSchG), is made through a permissible reporting channel and rests on reasonable grounds to believe the information is true.
Under the German Whistleblower Protection Act (Hinweisgeberschutzgesetz, HinSchG), a protected report is not just any statement about wrongdoing, but only a report that cumulatively satisfies all statutory protection requirements. Only once these requirements are met do the protective mechanisms of the Act take effect, in particular the prohibition of reprisals, the protection of identity and the reversal of the burden of proof in favour of the reporting person. Whether a report is protected is assessed against three pillars: the scope of application, the reporting channel and the reporting person's good faith.
First, the scope of application must be open. In personal terms, the reporting person must have obtained the information in connection with their professional activity (section 1 in conjunction with section 3(8) HinSchG); covered are in particular employees, temporary agency workers, the self-employed as well as applicants and former employees. In material terms, the reported breach must be covered by the catalogue in section 2 HinSchG, for example criminal offences, certain administrative offences or breaches of selected provisions of EU and federal law. Second, the report must be made through a reporting channel provided for by the Act, that is via an internal reporting office, an external reporting office of the Federation or the Laender, or exceptionally by way of public disclosure under the narrow conditions of section 32 HinSchG.
Third, protection requires good faith: at the time of the report the reporting person must have had reasonable grounds to believe that the information disclosed was true and fell within the material scope of application (section 33(1) nos. 2 and 3 HinSchG). The motive is irrelevant, and a later refutation of the suspicion does no harm as long as the belief in its accuracy was justified. Where all three requirements are met, the report is protected and any reprisal is unlawful. If even one requirement is missing, for example in the case of a deliberately false report or a breach outside the catalogue, protection is lost entirely.
Legal Basis
Sections 1, 2, 3(8), 32, 33 HinSchG; Art. 5, Art. 6 EU Whistleblower Directive (Directive (EU) 2019/1937)
Practical Example
A sales employee learns in the course of their work that a colleague is paying bribes to a buyer at a major customer. The employee reports this suspicion through the employer's internal whistleblowing system, relying on emails they have seen. The compliance officer checks the protection requirements: as an employee the person falls within the personal scope, commercial bribery falls within the material scope of section 2 HinSchG, the report was made through a permissible internal reporting channel, and the employee could reasonably believe the information was true based on the emails. The report is therefore protected; the compliance officer documents this assessment in an audit-proof manner, ensures the protection of identity and points out the prohibition of reprisals.