Whistleblower protection: What types of reports are covered?

The European Union’s (EU) Whistleblower Directive welcomes a new chapter for the protection of employees and individuals who report breaches in the law. The directive was officially adopted by the EU in 2019 but organisations have until the end of 2021 (or 2023  for smaller organisations) to put whistleblower policies, programs and channels in place.

In order for the whistleblower to be protected by the directive, the subject of their report must be of certain nature. This blog post will focus on shedding more light into the topics and types of reports listed in the directive.

The Framework

A breach of law is an action or omission that directly violates, or results in a contravention of the laws or regulations in a country. If an individual notices such actions, they can report their findings through a whistleblowing channel while being protected from countermeasures by the directive.

The EU regulation protects whistleblowing regarding the following types of reports:


Public Procurement

A public contract is when a government or government-run entity buys supply, service or public works from an external supplier. In the European Union, such procedures must comply with national procurement legislation and the procurement directives set by the EU.

In order to follow the regulation, the tendering process must be transparent and contracts must be awarded based on the most economically advantageous tender or the lowest price.


Financial Services, Anti-Money Laundering, And Counter-Terrorist Financing

The origin, flow and direction of money are central to global security, integrity of the financial system and sustainable growth. Thus, it is important that banks and other obliged entities apply measures to avert acts such as money-laundering, embezzlement and terrorist financing, amongst others.

In order to follow the regulation, customer due diligence shall be carried out when entering into a new business relationship with another entity.


Product Safety and Compliance

Businesses have to ensure the safety of products for their consumers. Failure to comply with global policies on product safety has legal and public health implications.

To comply with the regulation, companies need to follow labelling requirements, use systematic risk management and assessment approaches to monitor their performance and rapidly notify users when unsafe products reach the market or are a subject of a ban or a recall.


Consumer Protection

In addition to product safety, institutions are further required to operate in a manner that protects the consumer. The topic covers e.g. fair pricing, fair business-to-consumer commercial practices, guarantees, distance marketing of consumer financial services, credit agreements and the comparability of fees related to payment accounts.

If these practices are violated, individuals can and should take action to report them and be able to trust that their anonymity is secured and that they are protected from countermeasures.


Transport Safety

Transport safety has a direct impact on people’s lives and safety. The Directive prioritises whistleblower protection in different transport industries.

To comply with regulation, organisations operating in aviation, maritime, railway, road, or inland waterway transportations need to maintain their equipment and infrastructure in a certain manner, provide sufficient training for their employees, follow safety requirements, carry out investigations of accidents and incidents, to name a few.


Environmental Protection

The EU is driving sustainability and has some of the world’s highest environmental standards. The goal of these standards is to help the economy become more environmentally friendly, protect natural resources and guarantee the health and wellbeing of people.

In order to comply with the regulation, organisations need to protect natural habitats, keep air and water clean, manage noise pollution, ensure proper waste disposal, and be aware and notify stakeholders of toxic chemicals, to name a few.


Radiation protection and Nuclear Safety

There are various regulations that govern nuclear manufacturing and nuclear safety. One example is the rules of the European Atomic Energy Community (Euratom).

The directive supports guidelines like Euratom’s and demands that entities dealing in nuclear energy need to ensure the safety and operation of nuclear installations, protect the general public from getting access to resources (e.g. water) that have been compromised by radioactive substances, set strict procedures for radioactive waste management, and follow the regulation on shipments of radioactive substances. It also promotes the swift reporting of safety malpractices.


New call-to-action

Public Health

This part of the directive consists of four parts:

  • quality and safety of organs and substances of human origin (e.g. blood  tests)
  • quality and safety for medicinal products and devices of medical use
  • patient rights
  • manufacturing, presentation and sale of tobacco and related products

Whistleblowing plays a vital role in promoting public safety and well-being, and can include reporting on any malpractices that could negatively impact public health and safety regarding the four points mentioned above.


Food And Feed Safety, Animal Health And Welfare

The EU Directive offers whistleblower protection for those reporting misconduct within the food and feed industries. Breaches in law in these sectors could be harmful to the public and can also impact the health and welfare of both human beings and animals.

To comply, organisations need to follow the general principles of the union food and feed law, promote the health of animals and plant, and follow the health rules of animal by-products and derived products not intended for human consumption.


Protection Of Privacy And Personal Data, And Security Of Network And Information Systems

Institutions are required to abide by privacy and data-protection laws and sustain the security of their network and information systems. One example is the General Data Protection Regulation (GDPR).

Whistleblowers are encouraged to report on privacy infringements and breaches of personal data. The EU also protects individuals who report breaches of network and data systems that compromise individual data sets or regional and/or national security.


Final Thoughts

As we can see, the EU Whistleblower Directive is extensive and changes how institutions, businesses, and society view whistleblowing as a whole. This wind of change enables more individuals and institutions to be able to take justified action without the fear of personal consequences. It also offers actionable tools for organisations to evaluate and improve the clarity of their operations.


If you're looking for a whistleblowing channel that is in line with the new directive, ticks all the boxes for anonymity, enables real dialogue, has built-in investigation features and more, have a look at our Falcony | Observe module.

We are building the world's first operational involvement platform. Our mission is to make the process of finding, sharing, fixing and learning from issues and observations as easy as thinking about them and as rewarding as being remembered for them.‍

By doing this, we are making work more meaningful for all parties involved.

More information at falcony.io.

Related posts

6 Things Boards Should Know About Whistleblowing

A rise in the prominence of whistleblowing and the development of whistleblowing regulations across...

4 min read

Typical whistleblowing cases in Manufacturing with revealing examples

In the manufacturing industry, there are a number of common types of whistleblowing cases that...

4 min read

The One thing you need to know about whistleblowing in Human Resources

Whistleblowing in the field of Human Resources (HR) is a topic of growing importance in the...

3 min read

Involve your stakeholders to report

At Falcony, we create solutions that multiply the amount of observations and enable our customers to gain greater understanding of what’s going on in their organisations, areas of responsibility and processes.