A Matter of Life & Death: Whistleblowing Legislation in the EU


Some EU Member States have already adopted broad-ranging whistleblowing legislation because of financial or public health scandals. In this context, the European Parliament suggested a draft directive to protect whistleblowers by offering a “horizontal” approach covering all public and private sectors. In 2018, the European Commission, by contrast, proposed widening the existing EU sectoral approach and including the protection of the financial interests of the European Union in a directive “on the protection of persons reporting on breaches of Union law.” The author argues that this broader sectoral approach − while making a step forward − still raises a number of issues.

I.  Introduction

Un attachement passionné au droit” – this is the way François Ost described the relationship of a whistleblower with the law, adding “risquant son emploi et s’exposant à toutes sortes de poursuites judiciaires, parce qu’il dénonce la corruption de ses supérieurs hiérarchiques, la fraude fiscal de sa banque, la fraude environnementale ou sanitaire de l’entreprise qui l’occupe.”1 In this context, it becomes clear that lives, the environment, money, and reputations are at stake. However, this “attachement passionné au droit” is often viewed with suspicion and alarm, rather than as the positive contribution to the rule of law that it is.

At the international level, the jurisprudence of the European Court of Human Rights has been constant in affirming the rights of whistleblowers to freedom of expression and to protection against retaliation,2 as well as the duties of employers in this respect.3 International organisations have promoted the improvement of whistleblowing regulation for a number of years.4 Despite this chorus at the international level, some EU Member States continue to show a distinct lack of enthusiasm in adopting legislation.5

In other Member States, legislation exists but proves inadequate in the face of some of the challenges and so continues to evolve. The UK Public Interest Disclosure Act (PIDA) of 1998, one of the earliest pieces of dedicated legislation in the EU, shows that even this legislation has had to be “tweaked” on several occasions, based on jurisprudence and practice. Even so, it is not clear that the necessary change in culture has taken place across all sectors. In the public health sector, for instance, whistleblowers in the recent Gosport hospital tragedy were “fired, gagged and blacklisted” for drawing attention to the fact that 456 elderly people had died in the hospital after having been given excessive doses of opioid drugs through pumps by medical staff.6 It is tragic that the whistleblowers were not listened to.

At present, there is a tendency to try to move away from concepts connected with the intention of the whistleblowers, such as “good faith,” and to move towards tests that focus on the nature of the information itself.7 The notion of “public interest”8 can be equally slippery and is undergoing some careful recalibration in some Member States.

Arguably, an independent service is needed to implement the protection of whistleblowers. The efficacy and independence of such a system can only be gauged and improved through practice over a certain period of time, as recent changes in the law of the Netherlands (Wet Huis voor klokkenluiders 2016) or the present review of the 2014 Irish Protected Disclosure Act have shown.9

In France, the “Sapin II” law adopted in December 201610 requires a number of organisational measures to be put in place in order to protect whistleblowers. They include the setting up of internal reporting mechanisms for firms with more than 500 employees and with a turnover of over €100 million. This requirement also applies to municipalities with more than 10,000 inhabitants. The French Anti-Corruption Agency has acquired a new role in ensuring the respect for procedures.

However, new legislation alone is no “magic bullet” and, with recently enacted legislation, time needs to pass before whistleblowers begin to understand and trust systems that have been put in place. Hence, there may not be a noticeable increase in the number of whistleblowers reporting immediately after the adoption of legislation. A change in culture in the work place must also take place for whistleblowers to begin to trust reporting procedures.

Whistleblowing does not lend itself well to statistical analysis, as the number of disclosures or the number of recognised or presumed whistleblowers are a crude measuring tool and do not give any idea of the interests at stake. A presumed whistleblower in the nuclear safety sector or in the public health sector giving information on dangerous behaviour or products counts as one data entry in statistical terms. In prevention terms, the human misery and financial costs potentially prevented may be much higher indeed. Thus, in the future, it will be necessary to develop more sophisticated statistical models in relation to whistleblowing, which are based on the grounds for preventing harm – in this way, the small number of whistleblowers could no longer be used as a reason for not putting an adequate legal framework in place. This should be taken into account when developing benchmarks and indicators for whistleblowing policies, as advocated by the European Parliament.11 It is a challenging task for criminologists, who are undoubtedly needed in this area.

We are conscious here that investigative journalists and their sources are also exposed through the nature of their work. This is beyond the scope of this article however, as is whistleblowing regulation within the EU institutions. Both these topics – journalists and their sources and regulation of whistleblowing within the EU institutions – deserve further analysis.

The European parliament has put forward solutions at the EU level in the form of a proposal for a horizontal approach covering all sectors, both public and private. This horizontal approach is consistent with that adopted in a number of Member States.12

In 2018, the European Commission, mindful of securing strong legal bases in relation to the EU internal market, proposed a directive extending the sectoral approach. As we shall see, this proposed directive does potentially widen the ambit of whistleblowing rules, but also raises a number of issues. In the following, both approaches are briefly presented and juxtaposed.

II.  Horizontal Approach Favoured by the European Parliament

Recent, highly publicised whistleblowing incidents in the financial and public health sectors have suggested that harmonisation at the EU level could ensure that minimum standards on the protection of whistleblowers are respected. The harmonisation level should at least require that national legislation be in compliance with the existing ECtHR case law. Such harmonisation would also make it possible for all Member States to draw on the experience already acquired in some Member States, and it would promote the equal treatment of workers throughout the EU. Harmonised rules would cover both the public and private sectors and apply horizontally to all sectors of the economy, with as few exceptions as possible (typically and controversially: national security). All workers would be covered, whatever their status.

Member States have also discussed the need for horizontal legislation. For example, when considering their legislative option in 2018, the Irish Government Reform Unit considered the following option: “Do nothing and continue with sectoral legislation.” However, they found that:13

"The sectoral approach resulted in a number of separate protected disclosure provisions across a number of statutes. While there are similarities between these provisions, there are also significant differences. This uncoordinated approach led to an unsatisfactory patchwork of sector specific provisions which are potentially confusing in nature and which fail to provide clarity in the law relating to protected disclosures. The continuation of such a policy, even on a coordinated basis, would take some considerable time to ensure a sufficiently broad sectoral coverage. Such an approach would not be in accordance with best international practice and would also militate against the generally recommended concept of a robust and comprehensive pan-sectoral approach. […] Not recommended."

The International Bar Association echoed this sentiment in 2018:14

"Whistleblower legal frameworks should not be sector-specific (subject to some qualifications) and should apply to public, private and not-for-profit sectors."

The Greens/European Free Alliance (EFA) group in the European Parliament had such a horizontal approach in mind when it put forward its draft directive in 2016, with Arts. 151 and 153(2)(b) TFEU as legal bases.15 These legal bases concern working conditions and the health and security of workers, respectively. In October 2017, the European Parliament also adopted a resolution calling for a proposal from the European Commission for a horizontal (trans-sectoral) directive providing for whistleblower protection.16

However, as will be discussed in the next section, the European Commission subsequently opted for the continuation of pre-existing sectoral approaches at the EU level.

III.  Sectoral Approaches Favoured by the European Commission

The EU approach to whistleblowing, as applicable in the Member States, has hitherto been one tailored to specific sectors and issues in order to include investment products,17 insurance distribution,18 securities,19 statutory audits,20 market abuse,21 money laundering,22 credit institutions,23 and trade secrets24. Provisions on whistleblowing vary in accordance with the sector: they are comprehensive in market abuse legislation, whilst whistleblowing is mentioned only briefly in the directive on trade secrets, as an exception to the general rule on secrecy.25 The limited protection that whistleblowers enjoy at present in EU law therefore depends on the Single Market sectors in which the whistleblower seeks to act.

With its proposed directive of April 2018,26 the Commission continues a sectoral approach covering various aspects of the Single Market and, for the first time, the protection of the financial interests of the EU (“PIF”). The legal bases put forward are Arts. 16, 33, 43, 50, 53(1), 62, 91, 100, 103, 109, 114, 168, 192, 207 TFEU27 for the Single Market and Art. 325(4) TFEU for “PIF”. The Single Market areas covered are:

(i) public procurement;

(ii) financial services, prevention of money laundering and terrorist financing;

(iii) product safety;

(iv) transport safety;

(v) protection of the environment;

(vi) nuclear safety;

(vii) food and feed safety, animal health and welfare;

(viii) public health;

(ix) consumer protection; and

(x) protection of privacy and personal data and security of network and information systems.

The following are also covered: breaches relating to the Internal Market, as referred to in Art. 26(2) TFEU, as regards acts breaching the rules of corporate tax or arrangements whose purpose is to obtain a tax advantage that defeats the object/purpose of the applicable corporate tax law. We will return to the material scope of this proposed directive and the issues it raises later.

It is important to be familiar with the following aims of the Commission proposal:

  • Strengthen the protection of whistleblowers and avoid retaliation against them;

  • Provide legal clarity and certainty;

  • Support awareness-raising and the fight against socio-cultural factors leading to under-reporting.

The impact assessment on the proposed directive28 shows how the decision to continue sectoral approaches was reached. It recollects that, in 2016, the Commission announced that it would assess the scope for horizontal or further sectoral EU action with a view to strengthening the protection of whistleblowers. This commitment was affirmed by President Juncker in the Letter of Intent complementing his 2016 State of the Union speech and in the 2017 Commission Work Programme.29 The impact assessment found that the EU Treaty did not provide for a specific legal basis for the EU to regulate the legal position of whistleblowers in general; that is to say, it did not provide a basis for a horizontal approach: in particular, freedom of expression, as enshrined in the Charter of Fundamental Rights of the European Union, cannot serve as a standalone legal basis.30

As a result, a legislative initiative under Art. 153(1)(a) and (b) TFEU was not attempted. Such an initiative would have regulated aspects of whistleblower protection relating, respectively, to improvement of the working environment to protect workers’ health and safety and to working conditions, and it would have provided protection to workers reporting on violations of both national and EU law. It was argued that the personal scope of such an initiative would be too limited, in the sense that it would not allow for protection of all the categories of persons referred to in the Council of Europe Recommendation.31 Thus, such a horizontal approach would only have limited effectiveness in terms of improving the enforcement of EU law.

2.  The innovative aspects of the Commission proposal

Notwithstanding the limitations in the applicability of the proposed EU directive, the Commission’s proposal is innovative especially in five aspects. This innovation results from the fact that these aspects are not always present in the most advanced EU and/or national legislations.

Firstly, the Commission proposes a wide definition of a “reporting person.” A reporting person may be a natural or a legal person and persons working in the private or public sectors. According to the given definition “reporting persons” may include the following:

  • Persons having the status of worker within the meaning of Art. 45 TFEU;

  • Persons having the status of being self-employed within the meaning of Art. 49 TFEU;

  • Shareholders and persons belonging to the management body of an undertaking, including non-executive members, volunteers, and unpaid trainees;

  • Any persons working under the supervision and direction of contractors, as well as sub-contractors and suppliers.

Reporting persons whose work-based relationship is yet to begin are also included. It may be useful to compare this with the situation that exists in the Irish Protected Disclosure Act of 2014.32 The Act’s definition of the term “worker” includes employees and former employees, trainees, people working under a contract for services, independent contractors, agency workers, people on work experience, and the Gardaí (Police force). The Irish legislation does not, however, mention volunteers, that is to say persons without contract of employment.

Secondly, the proposed directive has adopted the “tiered” approach to reporting that is already evident, for example, in Ireland, France, the UK, the Netherlands, Belgium, or Romania. This tiered approach involves a separation between “reporting” (internally or externally) and disclosing (making the disclosure public) in the draft directive.

A tiered approach usually means that, in order to be protected against retaliation, a whistleblower must follow prescribed routes and must first of all report internally, if at all practicable. The draft directive (Art. 13(2)) states that a person reporting externally shall qualify for protection, inter alia, according to the following comprehensive criteria:

  • No appropriate action was taken after internal reporting;

  • Internal reporting channels are not available;

  • The use of internal channels was not mandatory;

  • The reporting person could not be expected to make use of internal reporting channels in light of the subject matter of the report;

  • The reporting person has reasonable grounds to believe that the use of internal reporting channels could jeopardise the effectiveness of investigative actions by the competent authorities;

  • The reporting person was entitled to report to a competent authority directly through the external reporting channels by virtue of Union law.

In addition, the draft directive provides that public/media disclosure may also justify protection under certain circumstances: According to Art. 13(4)(b) a person making a public disclosure qualifies for protection if he or she could not reasonably be expected to use internal and/or external reporting channels, due to imminent danger in terms of the public interest, or to the particular circumstances of the case, or where there is a risk of irreversible damage. This provision allowing public disclosure is meant to avert environmental or public health disasters and extends the boundaries of legally acceptable action by whistleblowers.

Another aspect of the tiered approach in the Commission proposal is that the obligation to set up internal reporting channels is subject to certain thresholds (cf. Art. 4). In the private sector, the directive is to apply to the following:

  • Legal entities with 50 or more employees;

  • Legal entities with a turnover of €10 million or more;

  • Legal entities of any size operating in the area of financial services or those that are vulnerable to money laundering or terrorist financing;

  • Vulnerable small private entities, following a risk assessment to be conducted by the Member State.

Public sector entities obliged to set up internal reporting channels are state or regional administrations or departments, municipalities of more than 10,000 inhabitants, and other entities governed by public law. The thresholds are considered necessary so as not to unnecessarily burden small entities, and this approach has already been adopted by a number of Member States. A harmonisation of thresholds seems desirable, particularly in cross-border cases.

Thirdly, protection against retaliation is construed widely and deems access to remedial measures against retaliation as appropriate, including interim relief, pending the resolution of legal proceedings, in accordance with the national legal framework (cf. Art. 15(6)). The prohibited measures of retaliation are listed in Art. 14, i.e., the draft directive takes an enumerative approach in this regard. There is, of course, always a danger associated with this method, in that a particular measure could be omitted. However, Art. 14(k) seems wide enough, when it stipulates:

“Member States shall take the necessary measures to prohibit any form of retaliation, including damage, including to the person’s reputation, or financial loss, including loss of business and loss of income.”

Fourthly, Art. 16 contains measures for the protection of the identity of concerned persons, i.e., natural or legal persons who are referred to in the report or disclosure as persons to whom the breach is attributed or with which they are associated. Where the identity of the concerned persons is not known to the public, competent authorities must ensure that the identity is protected for as long as the investigation is ongoing. This echoes the need to protect the identity of the whistleblower specified in Arts. 5 and 7. According to Art. 5(1), internal channels for receiving the reports must be designed, set up, and operated in a manner that ensures the confidentiality of the identity of the reporting person and prevents access to non-authorised staff members. According to Art. 7(c), external reporting channels must be designed, set up, and operated in a manner that ensures the completeness, integrity, and confidentiality of the information and prevents access to non-authorised staff members of the competent authority. Art. 7(4) goes into detail by requiring Member States to establish procedures to ensure that, where a report being initially addressed to a person who has not been designated as responsible handler for reports that person is refrained from disclosing any information that might identify the reporting or the concerned person.33

Fifthly, Art. 17 lays down penalties applicable to natural or legal persons who hinder or attempt to hinder reporting, take retaliatory measures against reporting persons, bring vexatious proceedings against reporting persons, or breach the duty of maintaining the confidentiality of the identity of reporting persons. According to Art. 17(2), Member States must also provide for effective, proportionate, and dissuasive penalties applicable to persons making malicious or abusive reports or disclosures, including measures for compensating persons who have suffered damage from malicious or abusive reports or disclosures.

3.  Points of discussion

These five points show that the legislation intends to address situations in the public and private sectors, whilst paying attention to the rights and obligations of the various parties. It is worth remembering, however, that this will only apply to aspects of the Single Market and to “PIF.” The defined material scope of the proposed directive may exclude practices in hospitals, residential homes, schools, etc. unless there is a recognisable, single-market issue at stake, which is covered by one of the above-mentioned Single Market legal bases. It may be difficult for employees and members of the public to know whether a particular “report” or “disclosure” would justify protection against retaliation. In this context, the draft directive does not mention a whistleblower’s access to legal advice in this admittedly complex regulatory framework.

An EU internal market perspective makes sense from the European Commission's point of view. However, from a human rights perspective, it is not clear why the internal market should be privileged in terms of whistleblower protection. As the EU is not yet a party to ECHR, perhaps this level of coherence is not yet required; in any case it would seem desirable.

Art. 1 of the draft directive refers to an annexe with nine pages of legal instruments the directive would apply to. One wonders therefore it would be immediately clear to a prospective whistleblower whether his information would fall within the ambit of any of these instruments.

Would it protect whistleblowers in hospitals and institutions dealing with vulnerable people, for example? The answer seems to be: it depends! Protection would be guaranteed only if the public health issue concerned the quality and safety of organs and substances of human origin or the quality and safety of EU medicinal products and devices. There is therefore scope for the protection of a whistleblower with information on faulty or dangerous products. The directive would not, however, cover a whistleblower such as Heinisch, with information on ill-treatment in an institution. In such cases of ill-treatment in institutions, national law on whistleblowing (when it exists) would have to apply. As a consequence, one whistleblower reporting on both aspects (faulty products and ill-treatment) might only be protected for part of his or her disclosure by the implementing rules of the directive. It is not clear yet how this can work in practice.

Another point worthy of discussion is the issue of “follow up.” The draft directive also regulates reporting in some detail34 and the follow-up of reports (but curiously not the follow-up of disclosures). It does not require competent authorities to investigate but rather to “follow up”. Art. 3 defines the latter notion as

“any action taken by the recipient of the report, made internally or externally, to assess the accuracy of the allegations made in the report and, where relevant, to address the breach reported, including actions such as internal enquiry, investigation, prosecution, action for recovery of funds and closure”.

In the same way, the reporting person must receive “feedback” about the “follow-up of the report” – feedback is not defined here. The precise nature of follow-up and feedback will therefore be left to Member States’ competent authorities.

In its draft opinion of July 2018,35 the EP Committee on Budgetary Control made a number of suggestions for the amendment of the draft directive. It suggests, inter alia, the following:

  • Creation of a European referral body associated with the Office of European Ombudsman to receive and handle reports at the Union level;

  • Protection under the directive for both reporting persons and persons facilitating the reporting;

  • Obligation to provide advice and legal support for reporting persons and those facilitating the reporting.

Let us also look at the procedure for internal reporting in Art. 4 of the proposed directive. It requires “a diligent follow up to the report by the designated person or department.” This does not have quite the same bite as a “duty to investigate and take the necessary remedial measures.” The term “follow up” (at least in English) tends to suggest that one is waiting for someone else to act. But who would be acting in this case? And would this be any clearer in national legislation?

IV.  The Potential Impact for “PIF” Whistleblowers

As mentioned in the introductory remarks, the proposed whistleblower directive includes the protection of the EU’s financial interests (PIF).

The financial interests of the EU have been usefully defined in Art. 2(1) of Regulation 883/2013 to include revenues, expenditures, and assets covered by the budget of the European Union and those covered by the budgets of the institutions, bodies, offices, and agencies and the budgets managed and monitored by them. In the context of PIF, three points are worth mentioning.

The first point is that "PIF" whistleblowers may not know whether EU funds are involved, but the directive might not bring the required elucidation. Both EUROCADRES and the European Court of Auditors have voiced several misgivings about the material scope of the directive. In their opinion, the auditors are concerned about the complexity surrounding the scope of the proposed directive. Its scope is based on a list of EU directives and regulations in an annex to the directive. The Commission encourages Member States to consider extending the directive to ensure a comprehensive and coherent framework at the national level. If there is no such voluntary extension, warn the auditors, potential whistleblowers would need to know whether the breach they were planning to report is covered or not, ergo whether or not they could benefit from protection. This could deter them.36

The second point relates to institutional dynamics that do not appear altogether propitious. The European Parliament called on the Commission, and on the European Public Prosecutor’s Office, as far as it is within its mandate, to create efficient channels of communication between the parties concerned, to likewise set up procedures for protecting whistleblowers who provide information on irregularities relating to the financial interests of the Union, and to establish a single working protocol for whistleblowers.37 It also calls for the creation of a special unit with a reporting line as well as dedicated facilities within Parliament for receiving information from whistleblowers relating to the financial interests of the Union.38 This mechanism would be in addition to the establishment of a European referral body associated with the Office of the European Ombudsman to receive and handle reports at the Union level.

It seems that the optimum trajectory for PIF whistleblowers’ information still needs to be clearly defined, as does the role of the EPPO in this area. Perhaps from the potential PIF whistleblower’s point of view, it should be crystal clear who receives the information, who is responsible for acting on it -- and who may grant protection. OLAF's role and cooperation with EPPO in relation to whistleblowers should also be clarified. Too circuitous a route for "PIF" disclosures could lead to information not reaching the person habilitated to take action in time and to whistleblowers not obtaining timely protection from those with authority to grant it.

The third point has to do with a specific conundrum related to EU expenditure. EU budget funding is often mixed with national, regional, or private funding. This can lead to a confusing legal situation. Member States may decide to apply one whistleblower regime to the national part of funding in accordance with existing national legislation (if any exists), whilst the EU whistleblowing regime would apply to only the EU part of the funding. Yet other Member States may consider the whistleblowing directive to apply to the entire funding (which, by the way, would not correspond to the present definition of the financial interests of the European Union).

The same remark would apply mutatis mutandis on the income side of the EU budget (customs duties, VAT), as national tax is often evaded at the same time as EU tax. In the area of indirect taxation, however, experience shows that information often comes from informants, rather than from whistleblowers. The draft directive does not, however, provide any framework for the protection of informants – indeed it was not intended to do so, the legal framework for the protection of informants being the sole competence of the Member States. This means however that only a small proportion of "PIF" information providers would be protected on the income side of the EU budget.

V.  Conclusion

Whistleblowing legislation will remain a matter of striking a delicate balance between the rights and obligations of the whistleblower, the employer, and all persons concerned. Contrary to popular belief, such legislation does more than just ensure whistleblower protection, but also ensures that an adequate response is given in reaction to disclosures and that the above-mentioned delicate balance is scrupulously respected. As such, it is complex legislation, obviously touching on many areas of law: criminal, civil, labour, and sector-specific laws.

Whistleblowing is often discussed as an antidote to financial malpractice. There certainly is plenty to deal with, and the proposed directive represents a real advancement, with Single Market-related and finance-related sectors being well covered – including, inter alia: procurement, insurance, money laundering, protection of the EU’s financial interest of the EU. At the same time, there is a wider range of problems in relation to which the potential of whistleblowing has yet to be fully explored or supported by EU legislation, as pointed out by the European Parliament. At their extreme, these problems concern life-and-death situations, affecting the greater population (when exposed to chemical or biological hazards) and vulnerable groups in society (for example, the sick and/or aged, as illustrated by the UK’s Gosport tragedies). The present patchwork of legislative responses are only steps on the road to progress in this legal area.

Should the directive be adopted, the issues raised in this article could no doubt be resolved in time. It is in the nature of whistleblowing legislation that it evolves in practice, so we look forward to following the proposed directive’s journey - and not just in relation to “PIF”.

  1.   F. Ost, "Le droit, objet de passions? I crave the law", Académie Royale de Belgique, see <https://fr.wikipedia.org/wiki/Fran%C3%A7ois_Ost> accessed 20 November 2018.

  2.   The right to freedom of expression is enshrined in Art. 10 ECHR and also in Art. 11 CFR.

  3.   ECtHR, 21 July 2011, Heinisch v. Germany, Appl. no. 28274/08; 12 February 2008, Guja v. Moldova, Appl. no. 14277/04; 18 December 2008, Zakharov v. Russia, Appl. no. 14881/03; 26 February 2009, Kudeshkina v Russia Appl. no. 29492/05; 19 January 2016, Aurelian Oprea v. Romania, Appl. no. 12138/08.

  4.   See (in no particular order) OECD, "Committing to Effective Whistleblower Protection", 2016, <http://www.oecd.org/corruption/anti-bribery/Committing-to-Effective-Whistleblower-Protection-Highlights.pdf>; Transparency International, "International principles for whistleblower legislation, best practices for laws to protect whistleblowers and support whistleblowing in the public interest", 2013, <https://www.transparency.org/whatwedo/publication/international_principles_for_whistleblower_legislation> accessed 20 November 2018; Council of Europe "Recommendation CM/Rec(2014)7 of the Committee of Ministers to member States on the protection of whistleblowers", <https://search.coe.int/cm/Pages/result_details.aspx?ObjectId=09000016805c5ea5>; ETUC, Whistleblowerprotection.eu <https://www.etuc.org/en/pressrelease/whistleblowerprotectioneu> accessed 20 November 2018; Eurocadres – Council of European Professional and Managerial Staff, “Directive on whistleblower protection” <https://www.eurocadres.eu/news/directive-on-whistleblower-protection/>; European Court of Auditors (ECA), “Opinion No 4/2018 concerning the proposal for a Directive of the European Parliament and of the Council on the protection of persons reporting on breaches of Union law” <https://www.eca.europa.eu/en/Pages/DocItem.‌aspx? did=47282 >; G20 Anti-Corruption Action Plan - Protection of Whistleblowers (2011) "Study on Whistleblower Protection Frameworks, Compendium of Best Practices and Guiding principles for Legislation" < https://www.oecd.org/g20/topics/anti-corruption/48972967.pdf>, all links accessed 20 November 2018.

  5.   Blueprint for Free Speech, “Analysis of whistleblower protection laws, <https://blueprintforfreespeech.net/en/library-overviews/>, accessed 20 November 2018.

  6.   Express, “After scandal of Gosport...time to act to protect whistleblowers” <https://www.ex‌press.co.uk/news/uk/978707/gosport-hospital-scandal-jane-barton-nhs-should-protect-whistleblo‌wers> accessed 20 November 2018.

  7.   See, for example, International Bar Association – Legal Policy & Research Unit and Legal Practice Division "Whistleblower Protections: A Guide", April 2018, available at: <https://www.ibanet.org/‌Conferences/whistleblowing.aspx>, accessed 20 November 2018, pp 22–23: "An inquiry into the whistleblower’s motives in lodging the complaint is almost always irrelevant and detracts from the misconduct reported".

  8.   See UK jurisprudence: Parkins v Sodexho [2002] IRLR 109; Chesterton Global Limited and Another v Murmohamed [UK EAT/U335/14]; Underwood v Wincanton Plc [UK EAT/0163/15].

  9.   Cf. 33 258 Voorstel van wet van de leden Van Raak, Heijnen, Schouw, Voortman, Segers en Ouwehand, houdende de oprichting van een Huis voor klokkenluiders (Wet Huis voor klokkenluiders), <https://zoek.officielebekendmakingen.nl/kst-33258-6.html>; Irish Department of Public Expenditure and Reform, Statutory Review of the Protected Disclosures Act 2014, 2018.

  10.   Loi n°2016-1691 du 9 décembre 2016 relative à la transparence, à la lutte contre la corruption et à la modernisation de la vie économique.

  11.   European Parliament resolution of 14 February 2017 on the role of whistleblowers in the protection of EU’s financial interests, P8_TA(2017)0022.

  12.   These include: France, Hungary, Ireland, Malta, The Netherlands, Portugal, Sweden, Slovakia and the UK. Other Member States are in the process of adopting horizontal legislation.

  13.   Ireland: Government Reform Unit – Department of Public Expenditure and Reform, “Protected Disclosures Bill 2013 – Regularly Impact Analysis”, July 2013, available at: <https://www.google.‌com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=2ahUKEwigguLOoPLeAhW1AxAIHcl-DoIQFjAAegQIABAC&url=https%3A%2F%2Fper.gov.ie%2Fwp-content%2Fuploads%2FProtected-Disclosures-Bill-2013-Regulatory-Impact-Assessment.pdf&usg=AOvVaw3G4S8R2M_zOts-0X37mL_X>, p. 10.

  14.   International Bar Association, op. cit. (n. 7), p. 18.

  15.   Cf. V. Abazi, A. Alemanno, "Whistleblower protection in the public and private sector in the European Union – A draft directive”, available at: <https://www.greens-efa.eu/legacy/fileadmin/‌dam/Images/Transparency_campaign/WB_directive_draft_for_consultation_launch_May_2016.pdf> accessed 20 November 2018; see also T. Wahl, “Green Initiate Whistle-Blowers Directive”, (2016) eucrim, 80.

  16.   European Parliament resolution of 24 October 2017 on legitimate measures to protect whistle-blowers acting in the public interest when disclosing the confidential information of companies and public bodies, P8_TA(2017)0402; see also T. Wahl, “EP Urges Commission to Draft EU Law on Protection of Whistle-Blowers”, (2017) eucrim, 176.

  17.   Art. 28 of Regulation 1286/2014 on key information for packaged retail and insurance-based investment products (PRIIPs), O.J. (2014) L 352/1.

  18.   Art. 35 of Directive 2016/97 on insurance distribution, O.J. (2016) L 26/19.

  19.   Arts. 26 and 65 of Regulation 909/2014 on improving securities settlement in the EU and on central security depositories, O.J. (2014) L 257/1.

  20.   Art. 30 of Directive 2014/56 amending Directive 2006/43 on statutory audits of annual accounts and consolidated accounts, O.J. (2014) L 158/196.

  21.   Commission Implementing Directive 2015/2392 on Regulation 596/2014 as regards reporting to competent authorities of actual or potential infringements of that Regulation, O.J. (2015) L 332/126.

  22.   Arts. 37 and 38 of Directive 2015/849 on the prevention of use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation 648/2012 and repealing Directive 2005/60 and Commission Directive 2006/70, O.J. (2015) L 141/73.

  23.   Art. 71 of Directive 2013/36 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, O.J.(2013) L 176/338.

  24.   Art. 5 of Directive 2016/943 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure, O.J. (2016) L 157/1.

  25.   See Art. 5 of Directive (EU) 2016/943, ibid.

  26.   European Commission, "Proposal for a Directive of the European Parliament and of the Council on the protection of persons reporting on breaches of Union law", COM(2018) 218 final = 2018/0106(COD). See also T. Wahl, “’Commission Proposes EU-Wide Rules on Whistleblowers’ Protection”, (2018) eucrim, pp. 27–29.

  27.   Areas covered include: data protection, customs cooperation, the Common Agricultural Policy, the right of establishment, mutual recognition of qualifications, transport and transport safety, competition, state aid, health, safety, environmental protection and consumer protection, public health, the environment, and the common commercial policy of the EU.

  28.   Commission Staff Working Document, Impact Assessment, SWD (2018) 117 final.

  29.   ibid, p. 1 of the Impact Assessment.

  30.   ibid, pp. 30–31 of the Impact Assessment.

  31.   Ibid, Impact assessment.

  32.   The Act is presently under review; see: Department of Public Expenditure and Reform, “Statutory Review of the Protected Disclosures Act 2014”, July 2018, <https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=2ahUKEwjgutXlpvLeAhXvsIsKHZxwATMQFjAAegQIARAC&url=https%3A%2F%2Fwww.per.gov.ie%2Fwp-content%2Fuploads%2FStatutory-Review-of-the-Protected-Disclosures-Act-2014.pdf&usg=AOvVaw2V_BIu11sfkeGKlb-BU76n> accessed 20 November 2018.

  33.   The draft directive does not, however, contain rules about the communication of reporting persons’ identities to judicial authorities or courts; national provisions would therefore apply.

  34.   Art. 11 of the draft directive (Record-keeping of reports received), op. cit. (n. 26).

  35.   European Parliament, Committee on Budgetary Control, "Draft Opinion on the proposal for a directive of the European Parliament and of the Council on the protection of persons reporting on breaches of law" rapporteur: Dennis de Jong, 2018/0106 (COD) PE623.726v623.761

  36.   ECA, Opinion No 4/2018, op. cit. (n. 4).

  37.   European Parliament resolution of 14 February 2017, op. cit. (n. 11), point 24.

  38.   Ibid, point 19.


Dr. Simone White

European Anti-Fraud Office (OLAF)

Legal Advice Unit

Legal Officer

The information and views in this article are those of the author and do not reflect the official opinion of the European Commission.