Which companies are affected by the directive?

All companies with at least 50 employees as of December 2023. As of December 2021 all companies with more than 250 employees.

Which communities does the policy affect?

Municipalities and cities with at least 10,000 inhabitants.

When does the directive have to be implemented?

The directive must be implemented by December 2023 at the latest, depending on the size of the company.

The most important points on the EU Whistleblowing Directive

Here you will find the text of the law summarized in simple terms.

What is the Whistleblower Policy about?
Companies
Municipalities and public companies
Whistleblowers are protected when reporting the following violations
Frequently asked questions

What is the Whistleblower Policy about?

The directive aims to protect whistleblowers from reprisals and retaliation when they reveal violations of EU law.

To this end, each EU member state is introducing several reporting channels to which whistleblowers can turn if internal channels are not provided by organizations.

Companies

Companies will have to set up an internal reporting channel for whistleblowers from December 17, 2023.

Such a reporting channel protects the company from potential reputational losses as well as direct financial damage, as grievances can be countered internally and discreetly.

The reporting channel should be available to various parties inside and outside the company:

Employees, interns
Employees who have left the company
External employees
Suppliers
Contractors

Municipalities and public companies

Municipalities with a population of 10,000 or more are required by the EU Whistleblower Directive to implement a whistleblower system from 2023*. This is intended to enable municipalities to take action against abuses or violations of the law and to counteract them discreetly.

*these figures are as of 2021 and may vary by country.

Whistleblowers are protected when reporting the following violations.

An overview of violations for which the EU Directive guarantees legal certainty for whistleblowers.

Member states are free to extend protection to other areas as well.

Public procurement
Financial services, financial products, and financial markets
Product safety, traffic safety, environmental protection, and radioprotection
Food and feed safety, animal health and welfare
Public healthcare
Consumer protection
Protection of privacy and personal data
Security of network and information systems
Financial interests of the EU
Regulations of the domestic market

Frequently asked questions

Which companies are affected by the directive?: All companies with at least 50 employees as of December 2023. As of December 2021 all companies with more than 250 employees.
Which communities does the policy affect?: Municipalities and cities with at least 10,000 inhabitants.
When does the directive have to be implemented?: The directive must be implemented by December 2023 at the latest, depending on the size of the company.
Where can I find the policy?: The full policy can be found here