Whistleblowing in companies

Whistleblowing occurs when employees report information about violations of applicable law or internal rules within the company. This includes reasonable suspicion of actual or potential violations that have occurred or are likely to occur in the organisation where the whistleblower works or has worked, or in another organisation with which the whistleblower is or has been in contact as a result of his or her work, as well as attempts to conceal such violations.

In principle, internal reporting points or whistleblower reporting channels (whistleblower systems) are intended for employees of a legal entity. The internal reporting channels can also be expanded to include

• Self-employed persons (within the meaning of Art. 49 TFEU),
• Shareholders and persons who are members of the administrative, management or supervisory body of a company (including non-executive members),
• Volunteers and interns,
• Persons working under the supervision and direction of contractors, subcontractors and suppliers.

According to the EU Whistleblower Directive, violations of EU law may be reported, these are in particular:

• Public procurement,
• Financial services, financial products and financial markets, and the prevention of money laundering and terrorist financing,
• Product safety and conformity,
• Road safety,
• Environmental protection,
• Radiation protection and nuclear safety,
• Food and feed safety, animal health and welfare,
• Public health,
• Consumer protection,
• Protection of privacy and personal data and security of network and information systems,
• Infringements of the Union’s financial interests within the meaning of Article 325 TFEU and as further defined in relevant Union measures,
• Infringements of internal market rules within the meaning of Article 26(2) TFEU, including infringements of Union rules on competition and State aid, as well as infringements of internal market rules in relation to acts which breach corporate tax rules or in relation to agreements aimed at obtaining a tax advantage contrary to the object or purpose of the applicable corporate tax law.

The German Whistleblower Protection Act also covers reports of violations of German law in some cases:

• Violations that are punishable by law,
• Violations that are subject to a fine “insofar as the violated regulation serves to protect life, limb or health or to protect the rights of employees or their representative bodies”,
• Violations of national legal acts in explicitly named areas, such as corruption, money laundering or tax fraud, as well as violations of environmental protection or food safety regulations.

Legal entities in the private sector with 50 or more employees as well as public authorities and municipalities with a population of 10,000 or more are obliged to set up internal whistleblower reporting channels. More information in our article on the Whistleblower Protection Act.

Under the EU Whistleblower Directive, it is up to individual member states to decide whether legal entities in the private or public sector are obliged to receive and follow up on anonymous reports of violations.

The German Whistleblower Protection Act does not provide for an obligation to establish anonymous reporting channels. Nevertheless, reports submitted anonymously are to be processed.

Employers must ensure reporting in written or oral form, or both. Consideration can be given to setting up a hotline, an internet-based whistleblowing system, reporting by post, via an in-house complaint box or in person.