On 23 October 2019, the EU Legislature adopted the Whistleblowing Directive with the aim to afford a specific protection to persons who report breaches of EU law that are harmful to the public interest1. According to the EU Legislature, whistleblowers play a key role in exposing and preventing breaches of EU law and in safeguarding the welfare of society. The Whistleblowing Directive seeks to introduce effective, confidential, and secure reporting channels and to ensure that whistleblowers are effectively protected against retaliation. By 17 December 2021, Member States should have adopted measures to comply with the Whistleblowing Directive.
By the same deadline, i.e., 17 December 2021, private companies with more than 250 employees should have established their internal channels and procedures in compliance with the Whistleblowing Directive and the applicable national law. By 17 December 2023, private companies with 50 to 249 workers should establish their internal channels to enable whistleblowing.
To date, many Member States, including Belgium, have not yet adopted the necessary provisions to transpose the Whistleblowing Directive into national law. Therefore, companies cannot be criticized for not (yet) having implemented the obligations enshrined in the Whistleblowing Directive. However, they will need to comply with these obligations at the time of the entry into force of the national transposition measures.
In Belgium, the Legislature is willing to adopt separate laws for the public sector and the private sector. Regarding the private sector, the transposition measures are expected to be adopted by summer 2022.
A. What are the fields covered by the Whistleblowing Directive?
The Whistleblowing Directive applies to specific breaches specified therein, i.e.:
- Breaches of EU Acts which concern the following areas: (i) public procurement; (ii) financial services, products and markets, and prevention of money laundering and terrorist financing; (iii) product safety and compliance; (iv) transport safety; (v) protection of the environment; (vi) radiation protection and nuclear safety; (vii) food and feed safety, animal health and welfare; (viii) public health; (ix) consumer protection; and (x) protection of privacy and personal data, and security of network and information systems;
- Breaches affecting the financial interests of the EU;
- Breaches relating to the internal market of the EU, including competition law, State aid law, and the rules of corporate tax. Regarding competition law, specific programs which are already in force in that area (i.e., the leniency program2 and the anonymous whistleblower tool of the European Commission3) prevail over the principles set out in the Whistleblowing Directive.
The Whistleblowing Directive introduces minimum standards. Member States are invited to extend the protection to areas and acts not expressly covered by the Whistleblowing Directive. In Belgium, the protection will apply to the above-mentioned areas with the addition of the fight against tax fraud and tax evasion.
B. Who can be protected as a whistleblower?
The protection afforded by the Whistleblowing Directive applies to reporting persons working in the private or public sector who acquired information on the above-mentioned breaches in a work-related context, such as workers, self-employees, volunteers, paid and unpaid trainees, shareholders and persons belonging to the administrative, management or supervisory body of an undertaking.
C. What is the reporting mechanism provided under the Whistleblowing Directive?
The Whistleblowing Directive provides three reporting channels:
(1) An internal reporting channel: companies with 50 workers or more should establish channels and procedures for internal reporting and follow-up to enable their “workers” (in the broad sense – see above) to report information on breaches.
It is up to the company to define the kind of reporting channel to be established (by a person or a department, within the company or by an external third party). In any case, the reporting channels should enable persons to report in writing and submit reports by post, by physical compliant box, or through an online platform (intranet or extranet), or to report orally, by telephone hotline or other voice messaging system, or both. An acknowledgment of receipt should be sent within seven days. Feedback should be provided to the whistleblower up to three months. Finally, the company should provide clear and easily accessible information regarding the procedures for reporting externally to the competent authorities.
(2) An external reporting channel: Member States should also establish external reporting channels for receiving and handling information on breaches (orally, in writing, or both). Member States should designate the authority/ies competent to receive, give feedback and follow-up on reports. The authority/ies should be independent and autonomous. In Belgium, the competent authority/ies has/ve not yet been appointed. The interaction between the competent authority/ies and other authorities, like the Belgian Competition Authority, remains also to be clarified.
(3) Publicdisclosure: under certain circumstances, whistleblowing can take place through public disclosure, for instance where the person has reasonable grounds to believe that the breach may constitute an imminent or manifest danger to the public interest.
Whistleblowers will be free to choose between the internal reporting channel and the external reporting channel.
D. What is the protection afforded under the Whistleblowing Directive?
In any case, the Whistleblowing Directive ensures that the whistleblower who has properly filed a report benefits from a specific protection:
(1) The whistleblower benefits from the confidentiality of its identity. According to the Whistleblowing Directive, safeguarding the confidentiality of the identity during the reporting process and investigations triggered by the reporting is an essential ex-ante measure to prevent retaliation;
(2) The whistleblower benefits from the protection against any form of retaliation and threats or attempts of retaliation (like suspension, dismissal, withholding of training, discrimination and psychiatric or medical referrals);
(3) The whistleblower benefits from measures of supports, like a comprehensive and independent information and advice free of charge and an effective assistance from competent authorities;
(4) Any processing of personal data should be made in compliance with the applicable legal framework4.
E. What are the conditions to be protected under the Whistleblowing Directive?
Such protection shall be offered to the extent that:
- The whistleblower has reasonable grounds to believe that the information on breaches reported was true at the time of reporting and that such information fell within the scope of the Whistleblowing Directive; and
- The whistleblower made a report through one of the reporting channels provided in the Whistleblowing Directive.
If a person has made a report and qualifies for protection against retaliation, it will be up to the individual or legal entity responsible for that act of retaliation to prove that there is no link with the report made.
F. What are the penalties provided by the Whistleblowing Directive?
The Whistleblowing Directive refrains from specifying penalties. It requires Member States to provide effective, proportionate and dissuasive penalties applicable to natural or legal persons that: (i) hinder or attempt to hinder reporting; (ii) retaliate against whistleblowers; (iii) bring vexatious proceedings against whistleblowers; or (iv) breach the duty of confidentiality. In Belgium, the possibility to impose administrative fines from EUR 250 to 1.250.000 is under discussion. Member States should also provide effective, proportionate and dissuasive penalties in respect of whistleblowers where it is established that they knowingly reported or publicly disclosed false information.
For any additional information, please do not hesitate to contact us or your usual Strelia contact person.
1 Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law, O.J. L 305, 26.11.2019, p. 17.
2 Commission regulation (EC) No 773/2004 relating to the conduct of proceedings by the Commission pursuant to Articles 81 and 82 of the EC Treaty, O.J. L 123, 27.04.2004, p. 18.
3 https://ec.europa.eu/competition-policy/cartels/whistleblower_en. In Belgium, a whistleblower tool does not (yet) exist. But the Belgian Competition Authority may adopt such a tool in the future which can cover antitrust law (cartels and abuses of dominance/abuses of economic dependency) and merger law.
4 Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (O.J. of 4 May 2016, L 119, p. 89) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (O.J. of 4 May 2016, L 119, p. 1).
Pierre Goffinet - Partner - pierre.goffinet@strelia.com
Laure Bersou - Counsel - laure.bersou@strelia.com