France: Lignes Directrices from 2015

The French commission for the fight against corruption Service Central de Prévention de la Corruption (SCPC) released guidelines for the reinforcement of prevention of corruption in commercial transactions.

Within the principle 3d "Setting up an internal whistle-blowing mechanism" the guidelines demand the collection of any reports as well as adequate protection of employees who report illegal or risky behaviour or situations.


France: Délibération de la CNIL n° 2014-042 from 2014

In 2014, the French data protection authority Commission Nationale de l'Informatique et des Libertés (CNIL) eased the stringent restrictions for the permitted fields of application for whistleblowing systems. Whilst it was previously only allowed to submit reports on topics concerning finances, bookkeeping, banking, and the battle against corruption, now reports regarding the topics of environmental protection, discrimination, health and hygiene, as well as workplace safety are also permitted – provided the company is legally obliged to comply in this regard or has an economic interest in these areas. According to this, the anonymity in a whistleblowing system shall not be actively promoted and, in future, whistleblowers shall also be motivated to provide their name along with the information. Here, companies are strongly advised to treat the identity of whistleblowers confidentially when handling this information. Anonymous reports may still be processed if the severity of the acts described has been ascertained, the process has been described in sufficient detail, and the report is be processed with "great attention".

Link (French)

Netherlands: House for Whistleblowers Act from 2016

To start with, reports should be submitted within a company. For this, the companies must take internal measures, e.g. in the form of an anonymous whistleblowing system. “Suspected malpractice” must be clearly defined, contact persons and the reporting process must be known in advance and companies must ensure that whistleblowers will be comprehensively protected against reprisals. The protection comprises, apart from current employees, also former employees and external colleagues. What is more, the law established the “Institute for Whistleblowers” with two strictly separated areas of responsibility. In the advisory function, the Institute advises, informs and supports the whistleblowers and forwards cases to authorities. In the clarification function, it takes decisions regarding whether cases should be pursued further and, where necessary, also investigates itself. The report of an employee to the Institute must be preceded by a company-internal report. In contrast to the authorities, the Institute only has limited rights. It can demand information from the companies; however, the subsequent report with suggestions to the company is not legally binding.

Link (Dutch)

Ireland: Protected Disclosures Act from 2014

This regulation provides for extensive protection for whistleblowers who report abuses at their workplace in the public and private sectors. In the event of an unjustified termination due to disclosure of information, a compensatory payment corresponding to the whistleblower's income is possible. If a reported offence turns out to be false, the whistleblower is still protected, unless the report concerns intentionally incorrect information.


Luxembourg: Loi Moyens de lutte contre la corruption from 2011

This law only allows for whistleblowers to be protected if they submit information on grievances to the Public Prosecutor's Office or superiors at their company. External whistleblowing is not protected.

Link (French)

Austria: change of the Stock Exchange Act (BörseG 1989) of 2016

Section 48h obliges employers in the field of financial markets to make available suitable procedures that “allow their employees to report company-internal breaches of the regulations stipulated by this federal law or of provisions passed on the basis of these regulations or decisions or Directive (EU) No. 596/2014 or a legal act passed on grounds of this directive to a suitable authority without jeopardising the confidentiality of their own identity.”

Link (German)

Austria: Austrian Banking Act § 99 BWG from 2013

According to the implementation of an EU Directive, banks and financial institutions in the European Union must establish adequate measures, in order for their employees to be able to confidentially and anonymously report on criminally-relevant actions within the company. Employees who report such acts are to enjoy comprehensive protection.

Link (German)

Whistleblowing systems in Austria have to be registered with the data privacy agency (Datenschutzbehörde). They must fulfil the following criteria, amongst others: Primarily executive employees get accused of severe malpractice, the whistleblowing system is strictly separated from other group sections, data is deleted after case closure, the anonymity of the whistleblower is secured at least towards externals - except from knowingly wrong accusations.

Link (German)

Romania: Whistleblower Protection Act from 2004

Employees of public authorities and national limited liability companies may make information on grievances public and transmit this to the media.


Switzerland: Ruling from the Swiss Federal Council from 2013

In principle, employees in the private sector are also forbidden in future to make information on grievances at their workplace public. They may only report them to a public authority, if their employer does not offer an internal reporting system or if the employer does not respond to a submitted report.

Link (German)

Serbia: Whistleblower Protection Act from 2014

The law applies for whistleblowers both from the public and the private sector. It differentiates between internal (notification of employer), external (notification of a public authority) and public whistleblowing (notification of the media), whereas the latter is permitted only in exceptional cases when an acute danger exists that evidence could be destroyed. In companies with more than ten employees, an internal agreement must be established which describes the exact process of the internal submission of reports. Employers are required to provide sufficient protection for whistleblowers and eliminate observed malpractices or risks. Violations of the whistleblower protection act can be punished with fines.

Link (Serbian)

Slovakia: Act No. 307/2014 from 2015

The Act obliges employers with at least 50 employees and public authorities to either establish a separate organizational unit or to designate a person who will be responsible for handling reports. The identity of the responsible person/unit and the methods of reporting must be made public and available to all employees, whilst the identity of the whistleblower must be treated confidentially. At least one method of reporting must be available 24/7. Anonymous reports cannot be excluded.

Link (Slovakian)

Slovenia: Integrity and Prevention of Corruption Act from 2010

Section III provides detailed information on the protection available to whistleblowers from both the private and public sectors who report on corruption, or unethical or illegal conduct.


Spain: Código Penal from 2015

Alongside the monitoring and supervision obligation for the executive management, six elements of a legally compliant compliance programme are defined. The law also calls for the establishment of a whistleblowing system by which employees can report observed risks or malpractices. If a company has established a corresponding compliance organisation, penalties in event of violations can be reduced or eliminated in the future. If no compliance system exists, the executive management will be at risk of fines or even imprisonment.

Link (Spanish)

UK: Bribery Act from 2010

This law, applicable worldwide, penalises most of all corruption abroad. Natural persons as well as companies can be penalised if an instance of corruption has occurred in connection with their activities and if said person or company neglected to prohibit this act by introducing adequate provisions for fighting corruption (e.g. a compliance system). Whistleblowing systems are explicitly mentioned as an appropriate measure (Guidance to the Bribery Act 2010 Download, pages 22 and 23).


UK: Whistleblowing Arrangements from 2008

The Publicly Available Specification (PAS) of the British Standards Institution (BSI) contains general information on the subject of whistleblowing as well as guidelines for setting up, introducing, implementing, and monitoring whistleblowing structures within companies and organisations.


UK: Public Interest Disclosure Act from 1998

This law protects employees at companies and public authorities who, in the interest of the general public, forward information to their employer or a specific authority if they disclose these facts in good faith.


Ukraine: Anti-Corruption Strategy from 2015

The law applies to almost all companies participating in public tenders and to state owned enterprises over a certain size. Among other things, it requires companies to appoint a compliance officer with responsibility for implementing the compliance program and reporting to shareholders. The law also encourages companies to establish procedures for reporting misconduct and protecting whistleblowers.

Link (Ukrainian)

Hungary: Act CLXV of 2013 on Complaints and Public Interest Disclosure from 2013

This law replaces the Act on the Protection of Fair Procedures from 2010 which already provided for protection of whistleblowers. However, there is still no state authority which implements the requirements set out in this law. This new law is to encourage companies to set up compliance programmes. Internal whistleblowing systems must be registered with the data protection agency and be made available via the company's website.


EU: Guidelines on processing personal information within a whistleblowing procedure from 2016

Organs and institutions of the European Union are urged to instate secure channels that comply with data protection regulation to facilitate the reporting of risks and fraud. On the basis of the principles of “data minimisation” and “data economy”, clear processes must be implemented for the examination of incoming reports; deletion periods must be observed and third-party access must be prevented.


EU: Regulation 596/2014 on market abuse from 2014

In effect since 1st January 2016, the regulation strengthens whistleblowing to facilitate detection of  insider dealing and market manipulation (section 74). Member states should ensure that adequate arrangements are in place to enable whistleblowers to alert competent authorities to possible infringements of this regulation and to protect them from retaliation. Member states should be allowed to provide for financial incentives for whistleblowers.


EU: Recommendation CM/Rec(2014)7 on the protection of whistleblowers from 2014

Based on Resolution 1729 (2010) this official recommendation calls on member states to improve legal framework conditions for whistleblowers in the private and public sector. The 29 principles specify, amongst other things, that internal communication channels are to be installed and that whistleblowers are to be assured confidentiality and protection from damages.


EU: Directive 2013/36/EU from 2013

Banks and financial institutions in countries of the European Union have been urged to establish adequate mechanisms, in order for their employees to be able to confidentially and anonymously report on criminally-relevant actions within the company (Article 71). Employees reporting on such acts within their own institution are to enjoy comprehensive protection (Article 71, para. 2 b, c, d). In Germany, for example, the innovations are being regulated in the German Banking Act (§ 25a KWG) and in Austria in the Austrian Banking Act (§ 99 BWG).


EU: Criminal Law Convention on Corruption from 1999

This agreement obliges contracted parties to prosecute numerous corrupt practices and to protect whistleblowers (Chapter II, Article 22). It further allows for better international co-operation with regards to prosecuting instances of bribery.


EU: Civil Law Convention on Corruption from 1999

In Chapter 1, Article 9, the contracted parties are requested to appropriately protect employees from unjustified damages if these inform the responsible persons or authorities, in good faith, that they have reason to suspect bribery.


With us, your data is safe

ISO 27001 certificate
BKMS® Compliance System
Data privacy quality seals BKMS® System