illustration EU-Flag

The most important points on the EU Whistleblowing Directive

What is the Whistleblower Policy about?

illustration lock

The directive aims to protect whistleblowers from reprisals and retaliation when they reveal violations of EU law.

To this end, each EU member state is introducing several reporting channels to which whistleblowers can turn if internal channels are not provided by organizations.


illustration company

Companies will have to set up an internal reporting channel for whistleblowers from December 17, 2023.

Such a reporting channel protects the company from potential reputational losses as well as direct financial damage, as grievances can be countered internally and discreetly.

The reporting channel should be available to various parties inside and outside the company:

  • Employees, interns
  • Employees who have left the company
  • External employees
  • Suppliers
  • Contractors

Municipalities and public companies

illustration municipality

Municipalities with a population of 10,000 or more are required by the EU Whistleblower Directive to implement a whistleblower system from 2023*. This is intended to enable municipalities to take action against abuses or violations of the law and to counteract them discreetly.

*these figures are as of 2021 and may vary by country.

Whistleblowers are protected when reporting the following violations.

An overview of violations for which the EU Directive guarantees legal certainty for whistleblowers.

Member states are free to extend protection to other areas as well.

  • Shield Exclamation

    Public procurement

  • Shield Exclamation

    Financial services, financial products, and financial markets

  • Shield Exclamation

    Product safety, traffic safety, environmental protection, and radioprotection

  • Shield Exclamation

    Food and feed safety, animal health and welfare

  • Shield Exclamation

    Public healthcare

  • Shield Exclamation

    Consumer protection

  • Shield Exclamation

    Protection of privacy and personal data

  • Shield Exclamation

    Security of network and information systems

  • Shield Exclamation

    Financial interests of the EU

  • Shield Exclamation

    Regulations of the domestic market

Frequently asked questions

Which companies are affected by the directive?

All companies with at least 50 employees as of December 2023. As of December 2021 all companies with more than 250 employees.

Which communities does the policy affect?

Municipalities and cities with at least 10,000 inhabitants.

When does the directive have to be implemented?

The directive must be implemented by December 2023 at the latest, depending on the size of the company.

Where can I find the policy?

The full policy can be found here