The end of 2023 means at least two things: the time left for holiday shopping is fast dwindling and the time to meet the deadline for the EU Whistleblower Directive  –– for companies with 50 – 249 employees in the EU –– is fast approaching (December 17th!).

In this article, we’ll break down the key aspects of the EU Whistleblower Directive, from who it impacts and the steps needed to comply to how Ethena can help.

A quick disclaimer: Please note this neither constitutes legal advice nor does it contain every detail or requirement of the applicable laws! It’s provided solely to inform and not intended as a standalone resource. For questions about these laws or their implications for your organization, please consult your legal counsel.

1. What is the EU Whistleblower Directive?

In 2019, the European Union issued a new directive designed to protect individuals who report breaches of EU laws. It’s worth noting that the directive itself isn’t a regulation or law; rather, it requires all 27 EU member states to pass their own local whistleblower protection laws that meet a set of minimum standards determined by the EU. The good news is that many member states have already passed their respective laws, while some have yet to do so. For more information on the status of specific country-level laws, check out this tracker from law firm DLA Piper.

Although member states’ individual whistleblower laws will differ, all must meet the standards set out within the Directive, including requiring that companies:

  • Offer internal whistleblowing channels for their employees 
  • Educate their employees about whistleblowing options
  • Protect whistleblowers who report breaches of EU laws
  • Ensure whistleblowers are not retaliated against

To get a better sense of  the specifics of each requirement and how they may impact your organization, read on!

2. Who does the EU Whistleblower Directive affect?

If your organization, be it public or private, has 50 or more employees operating within the European Union, then the EU Whistleblower Directive likely applies. The Directive is applicable to organizations across numerous sectors –– corporations, governmental bodies, and non-profits. 

Also! Companies with 250 or more EU employees are already expected to be in compliance with the Directive and subject to applicable local laws. But for organizations with 50 to 249 employees, compliance is expected by December 17, 2023. Note that individual member states may have set earlier deadlines, so time is of the essence.

3. What steps are required to be compliant?

The intention behind the EU Whistleblower Directive as we’ve noted is to both enhance transparency and protect individuals who raise issues within an organization. So for your organization to be compliant with the Directive, several key steps must be taken:

  • Establish internal reporting channels by creating secure and confidential channels for employees to report wrongdoing within the organization.
  • Appoint a responsible internal authority, be it an individual or department responsible for handling reports and ensuring your organization stays compliant with the Directive. This includes acknowledging reports within seven days and responding to them within three months. 
  • Provide training to educate your employees about a) their rights and obligations under the Directive and b) your own reporting procedures. 
  • Keep documentation by ensuring thorough records of all reports and actions taken to address them are accurately noted.
  • Implement anti-retaliation measures  to protect whistleblowers from retaliation, to ensure their safety and job security.

We’ve given you a snapshot of the steps required above, but for more detailed guidance, refer to the comprehensive resources available at Seyfarth’s EU Whistleblower Directive Insights and DLA Piper’s Whistleblowing Guide.

4. How can Ethena help?

At Ethena, compliance tools are our bread and butter! Ethena’s hotline and case management product suite were quite literally built to help your organization get compliant with ordinances like the EU Whistleblowing Directive. And we do love a snazzy chart, so here’s how Ethena ensures key requirements set out by the Directive are met:

The requirement:How Ethena helps you meet them:
Organizations must offer accessible reporting channels to all potential whistleblowers (including employees and third parties)Ethena’s reporting form can be made accessible both internally (to employees) and publicly (to third parties).
Reports can be made either written or orallyEthena’s hotline offers a form to submit written reports. For oral reports, admins can accept them in person and add them to the portal via the case management hub.
Reporting channels are secure and protect the reporter’s confidentialityEthena’s case manager includes advanced permissioning to limit access to reports. Here, we lay out the security measures Ethena implements to protect the confidentiality of reporters. 
The designated admin responsible for a report communicates with the reporter promptly and throughout the investigationEthena’s digital hotline enables two-way communication with reporters –– even when they choose anonymity.
Reports can be made anonymously (depending on specific national legislation)Ethena’s product includes the option to report anonymously.
Records of reports are kept for a reasonable period of timeEthena’s case management hub includes a complete log of case activity (i.e. the initial submission, internal notes, and all communications).

Plus, Ethena’s comprehensive training course catalog and LMS can help you meet the education requirements set out by the Directive.

Check this off your 2023 to-do list– talk to a friendly Ethena salesperson today to learn more! You can also preview the hotline and the broader Ethena compliance suite here, with a clickable, self-paced demo.