2025: What You Need to Know About New Whistleblowing Requirements

In 2025, several new regulations will come into effect, imposing stricter requirements for whistleblowing across various industries. To ensure compliance and a safe working environment, organizations must prepare for these new requirements and update their whistleblowing procedures.

Changes to Whistleblowing Rules in the Correctional Services

The Ministry of Justice and Public Security has proposed amendments to whistleblowing regulations to strengthen the rights of victims and bereaved individuals. The proposal includes a duty for the correctional services to notify victims or their bereaved about various situations during an offender’s sentence execution. This applies especially to serious offenses such as violent crimes and sexual offenses. The deadline for consultation on the proposal is April 1, 2025 (Government of Norway, 2025).

What Does This Mean for Organizations?

• Companies connected to the correctional services must ensure their whistleblowing systems comply with the new requirements.

• Public institutions and the judiciary must prepare internal routines to ensure proper information management.

The NIS2 Directive and the Digital Security Act

The EU's NIS2 Directive will take effect in 2025 and will be implemented into Norwegian law through the new Digital Security Act. The directive imposes stricter requirements for incident reporting among providers of critical societal services (European Commission, 2025).

What Does This Mean for Organizations?

• Companies operating in energy, finance, healthcare, transportation, and public administration must establish or enhance their whistleblowing systems to report security breaches.

• The use of technology to enable rapid and accurate reporting of cyberattacks and other security threats is more important than ever.

New Electronic Communications Act and Stricter Reporting Requirements

The new Electronic Communications Act, which came into force on January 1, 2025, imposes stricter requirements for security and incident notification in the field of electronic communications. Providers of such services are required to immediately notify the Norwegian Communications Authority (Nkom) of incidents that may reduce the availability of electronic communications services (Nkom, 2025).

What Does This Mean for Organizations?

• Telecom operators and internet service providers must have robust systems for detecting and reporting security incidents.

• Businesses dependent on electronic communications services should have contingency plans for handling service disruptions and information security breaches.

Updated Whistleblowing Requirements in the Workplace

The Working Environment Act § 2 A-3 requires all organizations with at least five employees to have written whistleblowing procedures. These procedures must be easily accessible to employees and outline what can be reported, how to report, and how the employer will handle reports (Norwegian Labour Inspection Authority, 2025).

What Does This Mean for Organizations?

• All companies must review their existing whistleblowing procedures and ensure compliance with the new legal requirements.

• It is recommended to implement digital whistleblowing systems to simplify reporting and case handling.

• Employers must ensure that employees are aware of their rights and reporting options.

How Can Organizations Prepare for the New Requirements?

• Update whistleblowing procedures – Review existing policies to ensure alignment with new regulations.

• Implement whistleblowing technology – Digital systems can streamline reporting and documentation.

• Training and awareness – Employees should be informed about reporting opportunities and feel confident that their reports will be handled confidentially and professionally.

• Ensure security compliance – For industries with specific whistleblowing requirements (such as under the Electronic Communications Act or NIS2), it is crucial to have the technical infrastructure to handle security breaches.

Conclusion

In 2025, whistleblowing requirements will be tightened across several sectors, and organizations must be prepared. Whether it concerns internal reporting in the workplace, security notifications in critical infrastructure, or compliance with new laws, having robust procedures in place is essential. By taking whistleblowing seriously and leveraging modern technology, organizations can ensure safety, compliance, and a healthy corporate culture.

Sources

• Government of Norway (2025). Proposed amendments to whistleblowing rules. Available at: https://www.regjeringen.no

• European Commission (2025). NIS2 Directive. Available at: https://ec.europa.eu

• Norwegian Communications Authority (2025). New Electronic Communications Act and Reporting Requirements. Available at: https://www.nkom.no

• Norwegian Labour Inspection Authority (2025). The Working Environment Act and Whistleblowing Procedures. Available at: https://www.arbeidstilsynet.no

Need Help with Whistleblowing Systems?
We offer efficient digital solutions that help your organization comply with the new whistleblowing requirements in 2025. Contact us for a non-binding conversation!