Legal requirements of the Directive of the European Parliament and of the Council (EU) 2019/1937

The directive is intended to regulate the protection of persons who report irregularities in an organization.
It is possible to report shortcomings and violations through three channels.

Internal channel within the organization

It is recommended that irregularities should be reported first through internal channels, and then, if it is not possible to resolve them within the organization, forward them to external authorities. The Whistleblower system was created specifically to ensure safe and efficient communication between whistleblowers and verifiers of notifications. Check out our offer and choose the best one for you!

External channel

Central authority: Ombudsman.
Public authority: The President of the Office of Competition and Consumer Protection and other authorities accepting external reports concerning irregularities in the areas within their range of activities.

By public disclosure

This channel is a last resort when none of the above actions have brought the expected result.

Who is affected by the Directive?

From December 2021, the directive includes:

Public and private institutions employing more than 50 people or municipalities with more than 10,000 residents.
Private entities employing over 250 employees.
Financial market entities and entities dealing with AML / CF, regardless of the number of employees and the sector.

From December 2023, the directive includes:

Legal entities in the private sector with 50-249 employees.

Which whistleblower protection requirements must be fulfilled?


Internal channel reporting systems must ensure security and confidentiality. The Directive stipulates that the identity of the Whistleblower may not be disclosed to any unauthorized person who is not part of the group for receiving reports and solving problems.

Personal data protection

The processing of personal data must be in accordance with the GDPR and Directive 2016/680. This refer to personal data processed under the Whistleblower Directive, including the exchange or transfer of personal data by competent authorities.

What are the penalties facing employers under the Whistleblower Protection Act?

The employer is liable to a fine, imprisonment or imprisonment for up to 3 years if:

We use cookies. More information available in Privacy Policy.