A 2017 report by the European Commission estimated the damage caused by a lack of EU-wide whistleblower protection at between 5.8 and 9.6 billion EUR – for public contracts alone. Major scandals from recent years, such as the Panama Papers, Paradise Papers, or Cambridge Analytica, were all brought to public attention by whistleblowers. Considering these recent events, the EU set the target of improving whistleblower protection – which, until now, existed in very few areas. According to the 2017 Special Eurobarometer on Corruption, this fragmentation and fear of retaliation were the main cause of infrequent reports on violations.


This is now to be put to an end: in December 2019, the EU Whistleblower Protection Directive was put into force. It requires the individual states to implement the regulations within two years. According to the EU’s official website, whistleblowers should be able to “rely on secure channels for sharing information both within companies and with authorities” from December 17, 2021. They should also be effectively protected from termination, harassment, or other forms of retaliation.”


Flustron specialises in circulating information via secure channels with a focus on whistleblower systems. You can find out here if your company is, too, required to implement secure channels for whistleblowers.

What is a grievance?


If a whistleblower reports a grievance – a violation of EU law in the following sectors – they are guaranteed legal certainty as well as protection against reprisals:


  • Public procurement
  • Financial services, financial products, and financial markets
  • Product safety, traffic safety, environmental protection, and radioprotection
  • Food and feed safety, animal health and welfare
  • Public healthcare
  • Consumer protection
  • Protection of privacy and personal data
  • Security of network and information systems
  • Financial interests of the EU
  • Regulations of the domestic market


These protected sectors are regulated by the EU. Nonetheless, member states are free to extend protection to more branches.

Wer ist durch die Whistleblower Richtlinie geschützt?

Was ist die EU Richtlinie?

A whistleblower is a person who reports a violation of the law within a company. This person can be internal or external to the business.

The directive generally applies to whistleblowers working in the private or public sector who become aware of grievances in the course of their job. Specifically, the following groups of people can become whistleblowers or are protected by the EU directive:

Employees before, during, or after their employment; also included are independent contractors, shareholders, interns, volunteers as well as members of administrative, management, or supervisory bodies of a company. Finally, the directive also applies to labourers working under the supervision and direction of contractors, subcontractors, and suppliers.

Additionally, the directive provides for the protection of intermediaries, legal entities associated with the whistleblower, and third parties, such as relatives or work colleagues.

The directive demands the reporting party be convinced of the truthfulness of the information before further steps are taken. Moreover, they must share the information via the available reporting channels according to the rules set out in the Whistleblower directive. flustron’s whistleblower system creates incentives for potential whistleblowers to first report violations of the law internally. Potential grievances can thus be eliminated within company territory.

Wann muss die Richtlinie umgesetzt werden?

Was ist die EU Richtlinie?

As soon as the respective state has implemented the directive, the following legal entities are obligated to implement a whistleblower system: companies with 50 or more employees or with an annual turnover of more than 10 million EUR (including chartered accountants, tax advisors and lawyers); companies with 250 or more employees need to provide secure channels by 17 December 2021. Companies with 50–249 employees, on the other hand, must comply with the directive only by December 17, 2023. Additionally, legal entities under public law, such as the state and federal government, but also municipalities with a population of 10,000 or more, are required to provide reporting channels by December 2021.

*these numbers are as of 2021 and may vary by country.