A whistleblower is a person, often an employee, who exposes wrongdoing, illegal activities, or dangers within an organization (public or private) to an external or internal authority, such as government agencies, law enforcement, or the media, to bring the issue to public or official attention and prompt corrective action, usually protected by law from retaliation.
Â
The EU Whistleblower Directive (Directive (EU) 2019/1937) creates minimum EU-wide standards to protect individuals reporting breaches of EU law, requiring companies (50+ employees) and public bodies to set up secure, confidential reporting channels (internal & external) and safeguarding whistleblowers from retaliation (like firing, harassment) by providing legal protection and remedies. It covers areas like public procurement, environment, health, finance, and data privacy, ensuring transparency and accountability by encouraging reporting without fear of negative consequences, though member states can implement stronger national laws.To establish a high, uniform level of protection for whistleblowers across the EU, encouraging them to report misconduct and breaches of EU law, thus detecting and preventing wrongdoing.
Obligations for Member States:
Ensuring Effective and Confidential Reporting Channels for Whistleblowers
To ensure that whistleblowers have at their disposal effective channels to report breaches of EU rules confidentially, both internally (within an organisation) and externally (to a competent authority).
Ensuring Proper Investigation and Action on Whistleblower Reports
To ensure that whistleblowers’ reports are properly investigated and acted upon by the organisations and competent authorities.
Protecting Whistleblowers from Retaliation
To make sure that whistleblowers are protected from retaliation.
Obligations for Organizations:
Prohibiting negative actions (e.g., dismissal, harassment, discrimination) against whistleblowers and offers legal remedies if they occur.
 All EU Member States must transpose the directive into national law, with many choosing to go beyond the minimum standards, leading to varying national regimes.Â
Frequently Asked Questions (FAQ)
The Directive protects a wide range of individuals who report breaches of EU law in a work-related context. This includes employees, self-employed persons, freelancers, contractors, trainees, volunteers, shareholders, and even job applicants who obtain information during the recruitment process. Protection also extends to facilitators (such as colleagues or union representatives) and, in some cases, family members who may face retaliation.
The Directive covers breaches of EU law in key areas such as public procurement, financial services, money laundering, product and transport safety, environmental protection, public health, consumer protection, data protection, and competition rules. Member States may expand this scope in their national laws to include additional areas, such as corruption, labor law, or human rights violations.
The Directive strengthens transparency, accountability, and the rule of law across the EU. By protecting people who speak up about wrongdoing, it helps uncover corruption, prevent harm to public health and the environment, safeguard fundamental rights, and ensure that EU laws are effectively enforced.
Don't worry, this is one of the strongest shields for whistleblowers. Usually, in a lawsuit, the person suing has to prove they were wronged. Under the "Reversed Burden of Proof," once you show that you reported a breach and then suffered a "detriment" (like being fired, demoted, or harassed), the legal burden shifts to the employer. They must prove in court that their action against you was based on legitimate reasons entirely unrelated to your report.
It is much more than just being fired.It includes: suspension, lay-off, demotion, withholding of training or a negative performance review, changing your working hours or location without a good reason, harassment, bullying, or social exclusion at the office.
Yes. The Directive protects more than just full-time employees. It covers:
*Current and former employees.
*Job applicants and interns (paid or unpaid).
*Freelancers, contractors, and suppliers.
*"Facilitators" (colleagues or relatives who help you report).
Yes. The Directive protects more than just full-time employees. It covers:
*Current and former employees.
*Job applicants and interns (paid or unpaid).
*Freelancers, contractors, and suppliers.
*"Facilitators" (colleagues or relatives who help you report).
Yes. Under the EU Directive, you have the right to receive confidential legal and/or psychological advice before making a formal report. This might help you understand your rights and the potential risks before you decide to move forward with a report.
Whistleblowing can be a stressful and isolating experience. The VoiceGuard platform offers recommendations of trauma-informed psychological support professionals. You may address to them to seek advice for managing the emotional impact of the situation, evaluating your options in a safe environment, and preparing for the social and/or professional challenges that may follow your disclosure.
According to the Directive, whistleblowers can report concerns through secure internal channels within their organization, external channels to competent public authorities, or (under certain conditions) by public disclosure; for example, to the media. All reporting channels must ensure confidentiality, protect the whistleblower’s identity, and provide timely follow-up and feedback.
As a general rule, information about reported violations is not publicly disclosed in order to protect confidentiality, the integrity of the investigation, and the rights of all parties involved. Public disclosure may only occur where it is required by law, justified by overriding public interest, or mandated by a competent authority, and always in compliance with the specific legal framework of the relevant jurisdiction. In any case, national legal framework should be examined too.
Once a report is submitted through an internal or external channel, the recipient is legally required to:
*Acknowledge receipt of your report within 7 days.
*Maintain confidentiality of your identity throughout the investigation.
*Provide feedback within a maximum of 3 months (or 6 months for external channels in complex cases), informing you of the actions taken or planned to follow up on your report.
Retaliation against whistleblowers is strictly prohibited. If retaliation occurs, whistleblowers are entitled to legal protection, including access to remedies such as reinstatement, compensation, or interim relief. Importantly, the burden of proof lies with the employer or organization to show that any negative action was not linked to the whistleblowing.
If you experience any form of professional or personal retaliation (such as dismissal, demotion, or harassment), you should immediately contact the competent national authority in your country. These authorities are responsible for enforcing whistleblower protections and providing legal remedies. You can also check the support network identified by VoiceGuard!
Under the EU Directive, you have three options, but it is generally recommended to follow this order:
First, internal reporting. Most companies with more than 50 employees are required to have a secure internal channel. This is often the fastest way to resolve an issue.
Secondly, you can proceed with external reporting. You can go directly to a "Competent Authority" (a government body) if you fear retaliation at work or if the internal channel didn't work. You are still protected even if you skip internal reporting.
Lastly, a public disclosure. Reporting to the media or social media is a last resort. You are only protected here if you’ve already tried the other tiers without success, or if there is an imminent danger to the public interest (e.g., an immediate environmental disaster).
