EU's Whistleblowing Directive
The EU's Whistleblowing Directive (2019/1937), named "Directive on the protection of persons reporting on breaches of Union law," aims to improve the enforcement of EU law by establishing common standards across EU states to protect whistleblowers. The Whistleblowing Directive is a minimum directive, meaning that member states can have rules that provide better protection for whistleblowers than what is stipulated by the directive.
Member countries were given a deadline of two years after the adoption to implement the directive, which means until December 2021. Some countries have missed the implementation deadline, but as of today, most EU countries have now established national legislation in line with the directive's requirements. This means that there is a common set of minimum requirements across Europe that protects whistleblowers. Norway is not bound by the directive itself, but the question of whether the directive should be made part of the EEA Agreement is currently under consideration. This could lead to changes in Norwegian whistleblowing legislation.
Sector Restrictions
The directive sets a minimum level of protection within specific areas, including public procurement, financial services, prevention of money laundering, product safety, transport safety, environmental protection, nuclear safety, food safety, animal welfare, public health, consumer protection, and data protection.
However, whistleblowing on breaches of health, safety, and employment rights regulations is not included in the list, and thus not regulated by the directive. This differs from Norwegian law, see the Working Environment Act chapter 2. According to the EU directive, however, a new assessment of whether the scope should include occupational and labor law regulations is to be made within four years after the adoption.
Who is Protected by the Directive?
The directive sets out two key conditions for whistleblowers to be protected under the directive. Firstly, the whistleblower must have "reasonable grounds to believe" that the facts reported are correct and that they are within the scope of the directive. Secondly, the whistleblower must have followed the reporting procedure required by the directive: there must first have been internal reporting, or alternatively to public authorities, before it can be reported publicly to the media.
Directive's Requirements for Internal and External Reporting Channels
The directive obliges member states to establish internal reporting channels and procedures for receiving, registering, and following up on internal reports. This requirement covers all private enterprises with 50 or more employees, as well as all public enterprises. However, municipalities with fewer than 10,000 inhabitants and municipal enterprises with fewer than 50 employees may be exempt from these requirements.
The directive also mandates member states to establish external channels through which whistleblowers can contact to get their report registered and processed. This means that authorities are to designate competent authorities to receive and follow up on reports, and provide them with sufficient resources. Furthermore, the directive requires states to report the designated authorities to the Commission.
How are the Whistleblower and Other Affected Parties Protected?
The directive requires member states to prohibit retaliation against whistleblowers. Retaliation includes any form of negative reactions as a result of the report, such as harassment, termination, or similar actions. Furthermore, member states must ensure that whistleblowers have access to easily available information and free advice about procedures and remedies regarding protection against retaliation.
Member states must also ensure effective, proportionate, and deterrent sanctions for breaches of the directive. The type of sanctions used is up to each member state. Sanctions can be criminal, civil, or administrative.
The directive also demands that member states ensure certain rights for the reported parties. This particularly includes confidentiality about their identity.
Sources:
- Justice and Public Security Department's position paper, last treated 18.09.2023, https://www.regjeringen.no/no/
sub/eos-notatbasen/notatene/ 2018/mai/direktivforslag-om- vern-av-varslere/id2606192/ - "Expert Guide on Whistleblowing Laws in the EU – A glance at the implementation of the EU Whistleblowing Directive in the EU Member States", EQS Group, July 2023
