Coming soon the New EU Whistleblower Protection Law

Whistleblower employee concept and whistle blower symbol representing a person in society or a company exposing corruption as a red whistle shaped as a human head in a 3D illustration style.

An important gauge of the compliance and ethics program’s success is how comfortable employees and third parties feel about raising questions and concerns.


Soon all public and private organizations in the EU with more than fifty (50) employees will soon be required to comply with a new EU Whistleblower Protection law. The new law highlights the importance of responsive, transparent, and timely whistleblowing case management. So just implementing a hotline is not enough. Organizations must consider confidentiality, acknowledgment of the tip or compliant, response times, the competence of persons receiving the reports, communication with the whistleblower, and feedback on how the case is being processed. The new law also includes the right to report concerns externally while remaining legally protected. That’s a risk organizations must avoid. With the December 2021 deadline fast approaching, there is no better time for management and boards to act.  Below is a timeline for your reference.

The new EU Whistleblowing Directive 2019 introduces minimum standards for the protection of whistleblowers and requires many public and private entities to introduce their own internal whistleblowing channels. EU countries are required to implement the directive no later than December 2021. To guarantee an EU-wide standard for the protection of whistleblowers, the European Union adopted a regulation for whistleblower protection in December 2019. In a two-year implementation period, EU member states will be obliged to implement the directive into their own national laws until 2021. This writing summarizes the critical aspects of the new law and what companies should do now, for tomorrow!


The core feature of the new law is protection for whistleblowers. The key points are:

With these safeguards, the EU is signaling to whistleblowers that they have nothing to fear while encouraging individuals to report on the organization’s infringements.

Readiness Checklist

Create the necessary conditions for the introduction of an internal whistleblower- system:

Define what your organization’s requirements are in terms of an appropriate reporting channel for your business. For example, clarify which languages the whistleblowing system should be available in, whether third parties (such as suppliers) should also be allowed to issue reports and which data protection requirements must be fulfilled. 

Implement the reporting system.

Develop a successful communication strategy:

U.K. Regulations

The Public Interest Disclosure Act (PIDA), enacted in 1998, protects against workplace retaliation against whistleblowers and allows for anonymous reporting. Other European countries have similar frameworks, including Ireland, Italy, and the Netherlands.

Additionally, both the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) expect regulated firms to adopt internal whistleblowing systems and appoint a senior manager as their “whistleblowers’ champion.” Moreover, the Serious Fraud Office (SFO) encourages companies to self-report misconduct by providing cooperation credit and, potentially, a DPA to self-reporters. And, if prosecuted under the U.K. Bribery Act or Criminal Finances Act 2017, the existence of internal procedures that include whistleblower reporting mechanisms is a factor that may help establish a defense to corporate offenses of bribery or facilitation of tax evasion, respectively.

Triaging Allegations

Implementing a hotline involves more than the installation of software.  Organizations must have a proper triage process, whereby allegations and issues are evaluated, prioritized, and responded to in a timely and consistent manner. In order to do this, organizations must:

Timely Updates and Communication

Once issues and reports have been triaged and assigned to the appropriate parties, Organizations must develop a process for communicating timely updates to relevant stakeholders.

Other Thoughts


One solution to consider is EQS Integrity Line. As a secure, intuitive, and flexible whistleblower reporting and case management system, it fulfills all requirements of the new EU Whistleblower Directive. The system offers features such as a roles & permission management, audit trail, a case chat function, and advanced reporting functionalities.  I personally participated in a demonstration of the EQS product and its worth a look!

With the directive focusing on the whistleblowing process, these features are key to being compliant. Companies large and small around the world trust EQS Integrity Line to help them identify and manage corporate misconduct. To learn more about EQS Integrity Line, please follow this link.

Download the free 2019 Whistleblowing Report– a study conducted by the Swiss [university HTW Chur in cooperation with EQS Group – which highlights how companies use whistleblowing systems to deal with illegal and unethical actions.

I welcome your thoughts and comments and thanks to EQS and Ali Rampurawala from Baker Tilly’s Global Forensic, Compliance, and Integrity Services and Solutions practice for contributing to this writing!


Jonathan T. Marks, CPA, CFF, CFE

Please follow and like us:
Skip to toolbar