Whistleblower Laws in All 27 EU Member States

Whistleblower Laws in All 27 EU Member States — EthicsPortalhttps://ethicsportal.eu/whistleblower-laws/EthicsPortal is a secure, anonymous whistleblower reporting platform that helps organizations comply with EU Directive 2019/1937.enMon, 25 May 2026 01:23:15 +0000https://ethicsportal.eu/images/logo.svgEthicsPortalhttps://ethicsportal.eu/Whistleblower law in Austria — HSchGhttps://ethicsportal.eu/whistleblower-laws/austria/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/austria/Austria's HinweisgeberInnenschutzgesetz (HSchG): the 50-worker trigger, Austria's designated external reporting offices, and the official BAK and DSB sources.<h1 id="whistleblower-law-in-austria"> Whistleblower law in Austria <a href="#whistleblower-law-in-austria" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Austria implemented Directive (EU) 2019/1937 through the <strong>HinweisgeberInnenschutzgesetz (HSchG)</strong>, promulgated on <strong>24 February 2023</strong> and in force since <strong>25 February 2023</strong>. The Austrian regime is more statute-bound than some broader national systems because the act ties protection and reporting channels to the material scope defined in the HSchG.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&amp;Gesetzesnummer=20012541" rel="nofollow">HinweisgeberInnenschutzgesetz (HSchG) — official RIS text</a> </li> <li><a href="https://www.bak.gv.at/701/start.aspx" rel="nofollow">BAK overview of Austrian reporting offices</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Many private legal entities with <strong>at least 50 employees</strong> must establish an internal reporting channel. Public legal entities and certain specially regulated bodies are also covered under the act&rsquo;s own rules.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Austria uses <strong>several designated external reporting offices</strong> rather than one universal national authority. The <a href="https://www.bak.gv.at/701/start.aspx" rel="nofollow">Federal Bureau of Anti-Corruption (BAK)</a> operates an official external reporting office under the HSchG and is the clearest federal reference point for general guidance.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For data-protection complaints relating to the handling of whistleblower reports, the relevant authority is the <a href="https://dsb.gv.at/sites/site0344/media/downloads/beschwerde_an_die_datenschutzbehoerde_complaint_to_the_austrian_data_protection_authority_art15-18_20-22_dsgvo_gdpr.pdf" rel="nofollow">Austrian Data Protection Authority (DSB)</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Austria&rsquo;s whistleblower regime follows the material scope listed in the HSchG, so employers should not market a channel as covering everything unless their own internal policy clearly says so.</li> <li>The official BAK materials stress confidential handling, secure communication and the possibility of anonymous reporting through the external system.</li> <li>In practice, Austrian organisations should point reporters to the correct external office for the relevant subject matter rather than assuming one central state inbox.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&amp;Gesetzesnummer=20012541" rel="nofollow">HSchG — official RIS text</a> </li> <li><a href="https://www.bak.gv.at/701/start.aspx" rel="nofollow">BAK — reporting offices under the HSchG</a> </li> <li><a href="https://bak.gv.at/en/news.aspx?id=576273413155337839546B3D" rel="nofollow">BAK — newly established reporting offices</a> </li> <li><a href="https://www.bak.gv.at/601/FAQ.aspx" rel="nofollow">BAK — HSchG FAQ</a> </li> <li><a href="https://dsb.gv.at/sites/site0344/media/downloads/beschwerde_an_die_datenschutzbehoerde_complaint_to_the_austrian_data_protection_authority_art15-18_20-22_dsgvo_gdpr.pdf" rel="nofollow">DSB — complaint form</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Belgium — Act of 28 November 2022https://ethicsportal.eu/whistleblower-laws/belgium/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/belgium/Belgium's whistleblower framework: the private-sector 50-worker rule, the federal ombudsman route, and the official sources that matter.<h1 id="whistleblower-law-in-belgium"> Whistleblower law in Belgium <a href="#whistleblower-law-in-belgium" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Belgium implemented Directive (EU) 2019/1937 through the <strong>Act of 28 November 2022</strong> for the private sector, alongside parallel public-sector and regional arrangements. For private companies, the main business trigger remains <strong>50 workers</strong>, but Belgium&rsquo;s structure is more fragmented than in unitary systems.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.ejustice.just.fgov.be/cgi/article_body.pl?language=nl&amp;pub_date=2022-12-15&amp;caller=summary&amp;numac=2022042980" rel="nofollow">Act of 28 November 2022 — official text on eJustice</a> </li> <li><a href="https://www.federalombudsman.be/en/leitfaden-fur-hinweisgeber" rel="nofollow">Federal Ombudsman guide for whistleblowers</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private legal entities with <strong>at least 50 workers</strong> must establish an internal reporting channel. Belgium also has public-sector and regional whistleblowing frameworks, so public bodies should check the regime that applies to their level of government.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Belgium does not operate with one single whistleblowing authority for every case. The <a href="https://www.federalombudsman.be/en/contact-us" rel="nofollow">Federal Ombudsman</a> is a key federal external route, while sectoral and regional channels can also be relevant depending on the entity and the subject matter of the report.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For complaints about unlawful processing of whistleblower data, the relevant authority is the <a href="https://www.dataprotectionauthority.be/citizen" rel="nofollow">Belgian Data Protection Authority</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Belgium&rsquo;s whistleblowing framework is legally fragmented across private-sector, federal public-sector and regional layers, so organisations should be explicit about which regime they are following.</li> <li>The Federal Ombudsman explicitly accepts direct whistleblower reports and retaliation complaints.</li> <li>Internal policies should make clear which external authority is appropriate for the organisation&rsquo;s sector and constitutional level.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.ejustice.just.fgov.be/cgi/article_body.pl?language=nl&amp;pub_date=2022-12-15&amp;caller=summary&amp;numac=2022042980" rel="nofollow">Act of 28 November 2022 — official private-sector law text</a> </li> <li><a href="https://www.federalombudsman.be/en/contact-us" rel="nofollow">Federal Ombudsman — contact and whistleblower reporting</a> </li> <li><a href="https://www.federalombudsman.be/en/leitfaden-fur-hinweisgeber" rel="nofollow">Federal Ombudsman — guide for whistleblowers</a> </li> <li><a href="https://www.federalombudsman.be/en/should-i-have-reported-the-facts-in-house-first" rel="nofollow">Federal Ombudsman — direct external reporting is possible</a> </li> <li><a href="https://www.dataprotectionauthority.be/citizen" rel="nofollow">Belgian Data Protection Authority — citizen complaints</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Bulgaria — Bulgarian whistleblowing acthttps://ethicsportal.eu/whistleblower-laws/bulgaria/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/bulgaria/Bulgaria's whistleblowing act: the 50-worker rule, CPDP's dual role, and the official implementation guidance for obliged entities.<h1 id="whistleblower-law-in-bulgaria"> Whistleblower law in Bulgaria <a href="#whistleblower-law-in-bulgaria" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Bulgaria implemented Directive (EU) 2019/1937 through the <strong>Act on the Protection of Persons Reporting Information or Publicly Disclosing Information about Breaches</strong>, in force since <strong>4 May 2023</strong>. The Bulgarian system is notable because the CPDP acts both as the central external authority and as the data protection authority.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://cpdp.bg/%D0%BF%D1%80%D0%B0%D0%B2%D0%BD%D0%B0-%D1%80%D0%B0%D0%BC%D0%BA%D0%B0-%D0%BD%D0%B0%D1%86%D0%B8%D0%BE%D0%BD%D0%B0%D0%BB%D0%BD%D0%B0/%D0%B7%D0%B0%D0%BA%D0%BE%D0%BD-%D0%B7%D0%B0-%D0%B7%D0%B0%D1%89%D0%B8%D1%82%D0%B0-%D0%BD%D0%B0-%D0%BB%D0%B8%D1%86%D0%B0%D1%82%D0%B0-%D0%BF%D0%BE%D0%B4%D0%B0%D0%B2%D0%B0%D1%89%D0%B8-%D1%81%D0%B8%D0%B3/?hilite=%D0%B7%D0%B0%D0%BF%D0%BE%D0%B2%D0%B5%D0%B4&#43;%E2%84%960496&#43;04.05.2023" rel="nofollow">Bulgarian whistleblowing act — official CPDP law page</a> </li> <li><a href="https://cpdp.bg/en/whistleblowers-protection/implementation-of-the-system-for-protection-of-persons-reporting-or-publicly-disclosing-information-about-breaches/" rel="nofollow">CPDP implementation guidance</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private employers with <strong>50 or more workers</strong> are in scope. The <strong>50-249</strong> band became subject to the internal-channel rules from <strong>17 December 2023</strong>. Public-sector obliged entities were generally in scope from 4 May 2023.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The central external channel is the <a href="https://cpdp.bg/en/whistleblowers-protection/implementation-of-the-system-for-protection-of-persons-reporting-or-publicly-disclosing-information-about-breaches/" rel="nofollow">Commission for Personal Data Protection (CPDP)</a> , which also publishes forms, register guidance and FAQs for obliged entities.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The same <a href="https://cpdp.bg/%D0%BF%D0%BE%D0%B4%D0%B0%D0%B2%D0%B0%D0%BD%D0%B5-%D0%BD%D0%B0-%D0%B6%D0%B0%D0%BB%D0%B1%D0%B8-%D0%B8-%D1%81%D0%B8%D0%B3%D0%BD%D0%B0%D0%BB%D0%B8-%D0%B4%D0%BE-%D0%BA%D0%B7%D0%BB%D0%B4/" rel="nofollow">CPDP</a> is Bulgaria&rsquo;s GDPR supervisory authority.</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Municipalities with fewer than 10,000 inhabitants or fewer than 50 workers may share resources for intake and follow-up.</li> <li>Private entities with 50-249 workers may also share resources for receiving and handling reports.</li> <li>CPDP&rsquo;s official materials expect a non-public register of reports and clear public information about how to use the channel.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://cpdp.bg/%D0%BF%D1%80%D0%B0%D0%B2%D0%BD%D0%B0-%D1%80%D0%B0%D0%BC%D0%BA%D0%B0-%D0%BD%D0%B0%D1%86%D0%B8%D0%BE%D0%BD%D0%B0%D0%BB%D0%BD%D0%B0/%D0%B7%D0%B0%D0%BA%D0%BE%D0%BD-%D0%B7%D0%B0-%D0%B7%D0%B0%D1%89%D0%B8%D1%82%D0%B0-%D0%BD%D0%B0-%D0%BB%D0%B8%D1%86%D0%B0%D1%82%D0%B0-%D0%BF%D0%BE%D0%B4%D0%B0%D0%B2%D0%B0%D1%89%D0%B8-%D1%81%D0%B8%D0%B3/?hilite=%D0%B7%D0%B0%D0%BF%D0%BE%D0%B2%D0%B5%D0%B4&#43;%E2%84%960496&#43;04.05.2023" rel="nofollow">Bulgarian whistleblowing act — official CPDP law page</a> </li> <li><a href="https://cpdp.bg/en/whistleblowers-protection/implementation-of-the-system-for-protection-of-persons-reporting-or-publicly-disclosing-information-about-breaches/" rel="nofollow">CPDP — implementation of the protection system</a> </li> <li><a href="https://cpdp.bg/en/frequently-asked-questions-on-the-wpa/" rel="nofollow">CPDP — frequently asked questions</a> </li> <li><a href="https://cpdp.bg/%D0%BF%D0%BE%D0%B4%D0%B0%D0%B2%D0%B0%D0%BD%D0%B5-%D0%BD%D0%B0-%D0%B6%D0%B0%D0%BB%D0%B1%D0%B8-%D0%B8-%D1%81%D0%B8%D0%B3%D0%BD%D0%B0%D0%BB%D0%B8-%D0%B4%D0%BE-%D0%BA%D0%B7%D0%BB%D0%B4/" rel="nofollow">CPDP — complaints and signals</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Croatia — Whistleblower Protection Acthttps://ethicsportal.eu/whistleblower-laws/croatia/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/croatia/Croatia's Whistleblower Protection Act: the 50-worker rule, the Ombudswoman's role as external authority, and the official Croatian sources.<h1 id="whistleblower-law-in-croatia"> Whistleblower law in Croatia <a href="#whistleblower-law-in-croatia" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Croatia implemented Directive (EU) 2019/1937 through the <strong>Whistleblower Protection Act</strong> published in <strong>Narodne novine 46/2022</strong>. The Croatian framework combines the standard <strong>50-worker</strong> employer trigger with a strong coordinating role for the Ombudswoman.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://narodne-novine.nn.hr/eli/sluzbeni/2022/46/572" rel="nofollow">Whistleblower Protection Act — official text in Narodne novine</a> </li> <li><a href="https://www.ombudsman.hr/en/the-new-act-for-the-protection-of-persons-reporting-irregularities-whistleblowers-key-information-for-reporting-persons-and-confidential-persons/" rel="nofollow">Croatian Ombudswoman key implementation guidance</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private employers with <strong>at least 50 workers</strong> must establish an internal reporting channel. Croatian public authorities are also covered by the act&rsquo;s internal-reporting rules.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The <a href="https://www.ombudsman.hr/en/the-new-act-for-the-protection-of-persons-reporting-irregularities-whistleblowers-key-information-for-reporting-persons-and-confidential-persons/" rel="nofollow">Croatian Ombudswoman</a> is the external reporting authority. The Ombudswoman receives reports, protects the reporting person&rsquo;s position and forwards the substance of the case to the competent authority where needed.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For complaints about the processing of personal data in the whistleblowing process, the relevant authority is the <a href="https://azop.hr/zahtjev-za-utvrdivanje-povrede-prava-2/" rel="nofollow">Croatian Personal Data Protection Agency (AZOP)</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Croatian law requires the employer to appoint a confidential person and a deputy for internal handling.</li> <li>Anonymous reporters can still obtain protection if their identity is later established and retaliation follows.</li> <li>The Ombudswoman&rsquo;s official guidance emphasizes identity protection, emotional support and timely communication with the reporting person.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://narodne-novine.nn.hr/eli/sluzbeni/2022/46/572" rel="nofollow">Whistleblower Protection Act — official law text</a> </li> <li><a href="https://www.ombudsman.hr/en/the-new-act-for-the-protection-of-persons-reporting-irregularities-whistleblowers-key-information-for-reporting-persons-and-confidential-persons/" rel="nofollow">Ombudswoman — key information for reporting persons and confidential persons</a> </li> <li><a href="https://www.ombudsman.hr/en/public-disclosure-what-it-is-when-it-is-used-and-how-it-supports-the-fight-against-corruption/" rel="nofollow">Ombudswoman — public disclosure guidance</a> </li> <li><a href="https://azop.hr/zahtjev-za-utvrdivanje-povrede-prava-2/" rel="nofollow">AZOP — request to determine infringement of rights</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Cyprus — Law 6(I)/2022https://ethicsportal.eu/whistleblower-laws/cyprus/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/cyprus/Cyprus's Law 6(I)/2022: the 50-worker rule, Cyprus's competent-authority structure, and the official implementation sources.<h1 id="whistleblower-law-in-cyprus"> Whistleblower law in Cyprus <a href="#whistleblower-law-in-cyprus" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Cyprus implemented Directive (EU) 2019/1937 through <strong>Law 6(I)/2022</strong>, published on <strong>4 February 2022</strong>. The basic private-sector trigger is <strong>50 employees</strong>, but Cyprus organises external reporting through a <strong>competent-authority structure</strong> rather than one universal state inbox.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.cylaw.org/nomoi/arith/2022_1_006.pdf" rel="nofollow">Law 6(I)/2022 — official text PDF</a> </li> <li><a href="https://www.gov.cy/moh/en/whistleblowers/" rel="nofollow">Ministry of Health whistleblower explainer</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private employers with <strong>at least 50 employees</strong> must establish an internal reporting channel. Public-sector bodies are also covered by the law and usually publish their own internal-channel instructions.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Cyprus uses a list of <strong>competent authorities</strong> for external reporting, depending on the subject matter and sector. The official central guidance is the <a href="https://www.gov.cy/moh/en/whistleblowers/" rel="nofollow">government whistleblower explainer</a> , which points to guides for competent authorities rather than one single cross-sector authority.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For data-protection complaints relating to report handling, the relevant authority is the <a href="https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_en/home_en%3Fopendocument" rel="nofollow">Office of the Commissioner for Personal Data Protection</a> . The office has also issued a <a href="https://www.dataprotection.gov.cy/DATAPROTECTION/DATAPROTECTION.NSF/All/D174BEEE706A7B67C2258BB1003C4C8B" rel="nofollow">whistleblower-specific announcement</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Cyprus expects obliged entities to publish both worker-facing guidance and internal handling rules.</li> <li>The law also covers anonymous reports where the whistleblower is later identified and suffers retaliation.</li> <li>In practice, Cypriot organisations should tell reporters which external authority fits the topic instead of treating &ldquo;external reporting&rdquo; as one generic route.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.cylaw.org/nomoi/arith/2022_1_006.pdf" rel="nofollow">Law 6(I)/2022 — official text PDF</a> </li> <li><a href="https://www.cylaw.org/nomoi/enop/non-ind/2022_1_6/full.html" rel="nofollow">Law 6(I)/2022 — consolidated text</a> </li> <li><a href="https://www.gov.cy/moh/en/whistleblowers/" rel="nofollow">Government whistleblower explainer</a> </li> <li><a href="https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_en/home_en%3Fopendocument" rel="nofollow">Office of the Commissioner for Personal Data Protection — home page</a> </li> <li><a href="https://www.dataprotection.gov.cy/DATAPROTECTION/DATAPROTECTION.NSF/All/D174BEEE706A7B67C2258BB1003C4C8B" rel="nofollow">Office of the Commissioner for Personal Data Protection — whistleblower announcement</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Czech Republic — Act No. 171/2023https://ethicsportal.eu/whistleblower-laws/czech-republic/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/czech-republic/Czech whistleblower law under Act No. 171/2023: the 50-worker threshold, the Ministry of Justice external system, and the official Czech sources.<h1 id="whistleblower-law-in-czech-republic"> Whistleblower law in Czech Republic <a href="#whistleblower-law-in-czech-republic" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>The Czech Republic implemented Directive (EU) 2019/1937 through <strong>Act No. 171/2023 Coll. on the protection of whistleblowers</strong>, effective from <strong>1 August 2023</strong>. The Czech model gives the Ministry of Justice a visible role through its public <code>Oznamovatel</code> portal and external reporting system.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://oznamovatel.justice.cz/" rel="nofollow">Ministry of Justice whistleblower portal</a> </li> <li><a href="https://oznamovatel.justice.cz/zakon-o-ochrane-oznamovatelu-a-souvisejici-zmenovy-zakon-nabyvaji-ucinnosti/" rel="nofollow">Ministry note on Act No. 171/2023 entering into force</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private employers with <strong>at least 50 employees</strong> must establish an internal reporting channel. Public authorities, municipalities with <strong>at least 10,000 inhabitants</strong>, and a range of other public bodies are also covered.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The official external reporting system is operated by the <a href="https://oznamovatel.justice.cz/informace-pro-oznamovatele/" rel="nofollow">Ministry of Justice</a> . Czech official guidance also notes that a whistleblower may report directly to the public authority that is substantively competent to address the unlawful conduct.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For data-protection complaints connected to whistleblower handling, the relevant authority is the <a href="https://www.uoou.cz/" rel="nofollow">Office for Personal Data Protection (UOOU)</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Czech law is narrower than a generic ethics hotline because the official ministry guidance ties protection to defined types of unlawful conduct.</li> <li>The Ministry of Justice publishes model forms, methodology and sample internal rules, which makes the Czech market relatively documentation-heavy.</li> <li>Internal systems should clearly explain when a reporter may prefer the ministry&rsquo;s external route instead of the employer&rsquo;s own channel.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://oznamovatel.justice.cz/" rel="nofollow">Oznamovatel — Ministry of Justice portal</a> </li> <li><a href="https://oznamovatel.justice.cz/informace-pro-oznamovatele/" rel="nofollow">Ministry of Justice — information for whistleblowers</a> </li> <li><a href="https://oznamovatel.justice.cz/zakon-o-ochrane-oznamovatelu-a-souvisejici-zmenovy-zakon-nabyvaji-ucinnosti/" rel="nofollow">Ministry of Justice — Act No. 171/2023 enters into force</a> </li> <li><a href="https://oznamovatel.justice.cz/vyrocni-zpravy/" rel="nofollow">Ministry of Justice — annual reports and methodology section</a> </li> <li><a href="https://www.uoou.cz/" rel="nofollow">UOOU — Office for Personal Data Protection</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Denmark — Act 1436/2021https://ethicsportal.eu/whistleblower-laws/denmark/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/denmark/Denmark's whistleblower act: the 50-worker rule, the National Whistleblower Scheme, and the official Danish guidance.<h1 id="whistleblower-law-in-denmark"> Whistleblower law in Denmark <a href="#whistleblower-law-in-denmark" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Denmark implemented Directive (EU) 2019/1937 through <strong>Act No. 1436 of 29 June 2021 on the protection of whistleblowers</strong>, in force since <strong>17 December 2021</strong>. Denmark is one of the clearer markets from an implementation perspective because it combines the standard <strong>50-worker</strong> threshold with a well-defined <strong>National Whistleblower Scheme</strong>.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.retsinformation.dk/eli/lta/2021/1436" rel="nofollow">Act No. 1436 of 29 June 2021 — official text</a> </li> <li><a href="https://whistleblower.dk/english" rel="nofollow">National Whistleblower Scheme — English overview</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Public authorities and private employers with <strong>at least 50 workers</strong> must establish an internal whistleblower scheme.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The official external route is the <a href="https://whistleblower.dk/english" rel="nofollow">National Whistleblower Scheme</a> , which is established within Datatilsynet but operates as a separate national external channel.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The GDPR supervisory authority is <a href="https://www.datatilsynet.dk/om-datatilsynet/den-nationale-whistleblowerordning" rel="nofollow">Datatilsynet</a> , which also hosts the National Whistleblower Scheme institutionally.</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Denmark&rsquo;s national scheme accepts written, oral and in-person reports and explicitly allows anonymous reporting.</li> <li>The national scheme is not limited to GDPR issues; official Danish materials say it also covers serious legal breaches and other serious matters within the law&rsquo;s scope.</li> <li>Internal procedures should make clear when a worker should use the employer&rsquo;s channel and when the national external route is more appropriate.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.retsinformation.dk/eli/lta/2021/1436" rel="nofollow">Act No. 1436 of 29 June 2021 — official text</a> </li> <li><a href="https://whistleblower.dk/english" rel="nofollow">National Whistleblower Scheme — English overview</a> </li> <li><a href="https://www.datatilsynet.dk/om-datatilsynet/den-nationale-whistleblowerordning" rel="nofollow">Datatilsynet — National Whistleblower Scheme</a> </li> <li><a href="https://www.justitsministeriet.dk/wp-content/uploads/2021/12/Vejledning-for-whistleblowerordninger-paa-private-arbejdspladser.pdf" rel="nofollow">Justitsministeriet — guidance for private workplaces</a> </li> <li><a href="https://www.justitsministeriet.dk/wp-content/uploads/2022/02/Vejledning-for-whistleblowerordninger-paa-offentlige-arbejdspladser.pdf" rel="nofollow">Justitsministeriet — guidance for public workplaces</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Estonia — RTKShttps://ethicsportal.eu/whistleblower-laws/estonia/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/estonia/Estonia's Rikkumisest teavitaja kaitse seadus (RTKS): the 50-worker rule, Estonia's still-young reporting framework, and the official state sources.<h1 id="whistleblower-law-in-estonia"> Whistleblower law in Estonia <a href="#whistleblower-law-in-estonia" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Estonia implemented Directive (EU) 2019/1937 through the <strong>Rikkumisest teavitaja kaitse seadus (RTKS)</strong>, which entered into force on <strong>1 September 2024</strong>. Estonia&rsquo;s framework is still relatively new, so the official law text matters more than mature administrative guidance pages.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.riigiteataja.ee/akt/108052024001" rel="nofollow">Rikkumisest teavitaja kaitse seadus (RTKS) — official text</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private employers with <strong>at least 50 workers</strong> are the main business group required to establish an internal reporting channel. Public-sector coverage is broader under the act.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Estonia&rsquo;s act works through <strong>competent authorities</strong> that handle the underlying subject matter of the breach rather than through one highly visible universal whistleblowing portal. In practice, organisations should therefore explain which authority is competent for the issues they cover instead of treating external reporting as a single generic route.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For GDPR complaints about the handling of report data, the relevant authority is the <a href="https://www.aki.ee/en" rel="nofollow">Estonian Data Protection Inspectorate (AKI)</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Estonia&rsquo;s law protects work-related reporting of breaches within the statutory scope, so companies should distinguish the legal whistleblowing process from any broader speak-up or HR intake.</li> <li>Because the regime is new, clear published instructions on scope, intake format and follow-up matter more than in older whistleblowing markets.</li> <li>Organisations handling sensitive reports should also pay attention to AKI guidance and breach-reporting expectations.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.riigiteataja.ee/akt/108052024001" rel="nofollow">RTKS — official text</a> </li> <li><a href="https://www.oiguskantsler.ee/en/contacts/application-chancellor-justice" rel="nofollow">Chancellor of Justice — application page</a> </li> <li><a href="https://www.aki.ee/en" rel="nofollow">AKI — Estonian Data Protection Inspectorate</a> </li> <li><a href="https://www.aki.ee/vota-uhendust" rel="nofollow">AKI — contact page</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Finland — Act 1171/2022https://ethicsportal.eu/whistleblower-laws/finland/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/finland/Finland's Whistleblower Protection Act: the 50-worker rule, the centralised external reporting channel, and the official Finnish sources.<h1 id="whistleblower-law-in-finland"> Whistleblower law in Finland <a href="#whistleblower-law-in-finland" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Finland implemented Directive (EU) 2019/1937 through <strong>Act 1171/2022 on the protection of persons reporting breaches of European Union and national law</strong>, in force since <strong>1 January 2023</strong>. Finland combines the standard <strong>50-worker</strong> threshold with a clearly identified <strong>centralised external reporting channel</strong> at the Office of the Chancellor of Justice.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.finlex.fi/en/legislation/2022/1171" rel="nofollow">Act 1171/2022 — official text on Finlex</a> </li> <li><a href="https://oikeuskansleri.fi/en/whistleblower-protection" rel="nofollow">Office of the Chancellor of Justice — whistleblower protection</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private employers with <strong>at least 50 employees</strong> must establish an internal reporting channel. Public authorities and certain specifically regulated entities are also covered under the act.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The official external route is the <a href="https://oikeuskansleri.fi/en/centralised-external-reporting-channel" rel="nofollow">centralised external reporting channel of the Office of the Chancellor of Justice</a> . The Chancellor of Justice receives the report and forwards it to the competent authority for follow-up.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For GDPR complaints about how whistleblower data are processed, the relevant authority is the <a href="https://tietosuoja.fi/en/home" rel="nofollow">Office of the Data Protection Ombudsman</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Finnish organisations must inform potential reporters not only about the internal process, but also about the external reporting procedure and the conditions for obtaining statutory protection.</li> <li>Finland&rsquo;s law is narrower than a generic ethics line, so companies should separate statutory whistleblowing from broader misconduct intake if they choose to cover both.</li> <li>The Chancellor of Justice model makes Finland one of the clearer countries for explaining the external route to reporters.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.finlex.fi/en/legislation/2022/1171" rel="nofollow">Act 1171/2022 — official Finlex text</a> </li> <li><a href="https://oikeuskansleri.fi/en/whistleblower-protection" rel="nofollow">Office of the Chancellor of Justice — whistleblower protection</a> </li> <li><a href="https://oikeuskansleri.fi/en/centralised-external-reporting-channel" rel="nofollow">Office of the Chancellor of Justice — centralised external reporting channel</a> </li> <li><a href="https://tietosuoja.fi/en/home" rel="nofollow">Office of the Data Protection Ombudsman</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in France — Loi Wasermanhttps://ethicsportal.eu/whistleblower-laws/france/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/france/France's whistleblower framework under Loi Waserman: who needs an internal channel, how external reporting works, and which official authorities matter.<h1 id="whistleblower-law-in-france"> Whistleblower law in France <a href="#whistleblower-law-in-france" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>France implemented Directive (EU) 2019/1937 through <strong>Loi n° 2022-401 du 21 mars 2022</strong> (&ldquo;Loi Waserman&rdquo;), with the October 2022 decree setting the practical framework for internal and external reporting procedures. For most employers, the central threshold remains <strong>50 employees</strong>.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.legifrance.gouv.fr/jorf/id/JORFTEXT000045388745" rel="nofollow">Loi n° 2022-401 du 21 mars 2022 (Loi Waserman)</a> </li> <li><a href="https://www.service-public.gouv.fr/particuliers/vosdroits/F32031" rel="nofollow">Service Public explainer for whistleblowers</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private employers with <strong>50 or more employees</strong> must establish an internal reporting procedure. The French public-service guidance also notes that public employers with at least 50 agents are in scope, and that some entities with fewer than 250 workers may pool the collection and processing arrangement.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>France does not rely on one universal whistleblowing authority. The <a href="https://www.defenseurdesdroits.fr/orienter-et-proteger-les-lanceurs-dalerte-180" rel="nofollow">Défenseur des droits</a> helps orient and protect whistleblowers, while competent sectoral authorities may receive external reports in their own remit.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For concerns about unlawful processing of personal data or confidentiality failures in the reporting process, the relevant authority is the <a href="https://www.cnil.fr/fr/saisir-la-cnil/lanceurs-dalerte-adresser-une-alerte-la-cnil" rel="nofollow">CNIL</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>France no longer requires whistleblowers to report internally before using an external channel.</li> <li>The procedure must keep the identity of the reporting person, the person concerned, and named third parties confidential.</li> <li>French official guidance points to acknowledgment within 7 working days and feedback within 3 months as the standard operating timeline.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.legifrance.gouv.fr/jorf/id/JORFTEXT000045388745" rel="nofollow">Loi Waserman — official text</a> </li> <li><a href="https://www.service-public.gouv.fr/particuliers/vosdroits/F32031" rel="nofollow">Service Public — lancer une alerte</a> </li> <li><a href="https://www.defenseurdesdroits.fr/orienter-et-proteger-les-lanceurs-dalerte-180" rel="nofollow">Défenseur des droits — orienter et protéger les lanceurs d&rsquo;alerte</a> </li> <li><a href="https://www.cnil.fr/fr/saisir-la-cnil/lanceurs-dalerte-adresser-une-alerte-la-cnil" rel="nofollow">CNIL — adresser une alerte</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Germany — HinSchGhttps://ethicsportal.eu/whistleblower-laws/germany/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/germany/Germany's Hinweisgeberschutzgesetz (HinSchG): private-sector threshold, shared internal offices, and the official external and data protection authorities.<h1 id="whistleblower-law-in-germany"> Whistleblower law in Germany <a href="#whistleblower-law-in-germany" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Germany implemented Directive (EU) 2019/1937 through the <strong>Hinweisgeberschutzgesetz (HinSchG)</strong>, in force since 2 July 2023. For most private employers, the decisive trigger is <strong>50 employees</strong>, with a specific allowance for shared internal offices in the 50-249 band.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.gesetze-im-internet.de/hinschg/BJNR08C0B0023.html" rel="nofollow">Hinweisgeberschutzgesetz (HinSchG)</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private employers with <strong>50 or more employees</strong> must establish at least one internal reporting office. The act also allows private employers with <strong>50 to 249 employees</strong> to establish and operate a joint internal reporting office.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The federal external channel is the <a href="https://formulare.bfj.bund.de/ffw/action/invoke.do?id=externeMeldestelle" rel="nofollow">external reporting office of the Federal Office of Justice</a> . Germany also maintains specialised external channels in regulated sectors such as financial services and competition law.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For private-sector GDPR complaints, the competent authority is usually the state-level data protection authority of the relevant Bundesland. The federal <a href="https://www.bfdi.bund.de/DE/Buerger/Inhalte/Allgemein/Datenschutz/BeschwerdeBeiDatenschutzbehoereden.html" rel="nofollow">BfDI complaints guidance</a> explains this split.</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Internal offices must provide clear information about external reporting procedures and competent authorities.</li> <li>Germany requires written and oral intake and an in-person meeting option on request.</li> <li>Anonymous reports are not uniformly mandatory across all regimes, but the federal law strongly encourages handlers to process them.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.gesetze-im-internet.de/hinschg/BJNR08C0B0023.html" rel="nofollow">HinSchG — official text</a> </li> <li><a href="https://formulare.bfj.bund.de/ffw/action/invoke.do?id=externeMeldestelle" rel="nofollow">Federal Office of Justice — external reporting office</a> </li> <li><a href="https://www.bfdi.bund.de/DE/Buerger/Inhalte/Allgemein/Datenschutz/BeschwerdeBeiDatenschutzbehoereden.html" rel="nofollow">BfDI — complaints about data protection authorities</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Greece — Law 4990/2022https://ethicsportal.eu/whistleblower-laws/greece/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/greece/Greece's Law 4990/2022: who needs an internal channel, the role of the National Transparency Authority, and the official Greek compliance framework.<h1 id="whistleblower-law-in-greece"> Whistleblower law in Greece <a href="#whistleblower-law-in-greece" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Greece implemented Directive (EU) 2019/1937 through <strong>Law 4990/2022</strong>. The Greek framework combines the standard private-sector threshold with a named internal reporting officer and an external channel operated by the National Transparency Authority.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.et.gr/api/DownloadFeksApi/?fek_pdf=20220100206" rel="nofollow">Law 4990/2022 — official gazette PDF</a> </li> <li><a href="https://aead.gr/images/imerides/2023/87TIF_10-9-23/Karapidakis_87TIF_1.pdf" rel="nofollow">National Transparency Authority presentation on Law 4990/2022</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private-sector entities with <strong>more than 50 workers</strong> must establish an internal channel and appoint a reporting officer. Public bodies are also in scope under the Greek framework.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The official external channel is the <a href="https://aead.gr/submit-complaint" rel="nofollow">National Transparency Authority</a> , which receives reports under Law 4990/2022 and publishes implementation material for obliged entities.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For complaints about unlawful handling of personal data or confidentiality issues, the relevant authority is the <a href="https://www.dpa.gr/el/syndesi/polites/kataggelia/general" rel="nofollow">Hellenic Data Protection Authority</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Greek implementation material expects written, oral and meeting-based intake options.</li> <li>The reporting officer is a named compliance role, not just a generic mailbox.</li> <li>Official Greek guidance states that private entities in the 50-249 band may use shared reporting officers for intake.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.et.gr/api/DownloadFeksApi/?fek_pdf=20220100206" rel="nofollow">Law 4990/2022 — official gazette PDF</a> </li> <li><a href="https://aead.gr/submit-complaint" rel="nofollow">National Transparency Authority — submit a complaint</a> </li> <li><a href="https://aead.gr/images/imerides/2023/87TIF_10-9-23/Karapidakis_87TIF_1.pdf" rel="nofollow">National Transparency Authority — implementation material</a> </li> <li><a href="https://www.dpa.gr/el/syndesi/polites/kataggelia/general" rel="nofollow">Hellenic Data Protection Authority — complaints</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Hungary — Act XXV/2023https://ethicsportal.eu/whistleblower-laws/hungary/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/hungary/Hungary's whistleblowing framework under Act XXV of 2023: the 50-worker rule, the Commissioner for Fundamental Rights system, and the official sources.<h1 id="whistleblower-law-in-hungary"> Whistleblower law in Hungary <a href="#whistleblower-law-in-hungary" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Hungary implemented Directive (EU) 2019/1937 through <strong>Act XXV of 2023</strong> on complaints, public interest disclosures and rules related to reporting abuses, in force since <strong>24 July 2023</strong>. The Hungarian framework places the official external channel with the <strong>Commissioner for Fundamental Rights</strong>.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://njt.hu/jogszabaly/2023-25-00-00" rel="nofollow">Act XXV of 2023 — official text</a> </li> <li><a href="https://www.ajbh.hu/en/web/ajbh-en/public-interest-disclosure-whistleblower-report" rel="nofollow">Commissioner for Fundamental Rights — public interest disclosure / whistleblower report</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private employers with <strong>at least 50 employees</strong> must establish an internal reporting system. Public-sector bodies and certain specifically regulated entities also follow the act&rsquo;s whistleblowing rules.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The official external reporting system is operated by the <a href="https://www.ajbh.hu/web/ajbh-en/submitting-public-interest-disclosure-whistleblower-report" rel="nofollow">Commissioner for Fundamental Rights</a> , which accepts public interest disclosures and whistleblower reports through its dedicated system.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For GDPR complaints relating to the handling of report data, the relevant authority is the <a href="https://www.naih.hu/" rel="nofollow">Hungarian National Authority for Data Protection and Freedom of Information (NAIH)</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Hungary&rsquo;s official terminology still strongly links whistleblowing to the public-interest disclosure framework.</li> <li>The official external system accepts reports with or without identification, but the handling consequences differ depending on whether the reporter identifies themselves.</li> <li>Organisations entering Hungary should be careful to separate statutory whistleblower handling from any broader ethics or grievance channel.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://njt.hu/jogszabaly/2023-25-00-00" rel="nofollow">Act XXV of 2023 — official text</a> </li> <li><a href="https://www.ajbh.hu/en/web/ajbh-en/public-interest-disclosure-whistleblower-report" rel="nofollow">Commissioner for Fundamental Rights — public interest disclosure / whistleblower report</a> </li> <li><a href="https://www.ajbh.hu/web/ajbh-en/submitting-public-interest-disclosure-whistleblower-report" rel="nofollow">Commissioner for Fundamental Rights — submitting a report</a> </li> <li><a href="https://www.naih.hu/" rel="nofollow">NAIH — Hungarian data protection authority</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Ireland — Protected Disclosures Acthttps://ethicsportal.eu/whistleblower-laws/ireland/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/ireland/Ireland's protected disclosures framework: the 50-worker rule, the Protected Disclosures Commissioner, and the official Irish sources.<h1 id="whistleblower-law-in-ireland"> Whistleblower law in Ireland <a href="#whistleblower-law-in-ireland" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Ireland implemented Directive (EU) 2019/1937 through the <strong>Protected Disclosures (Amendment) Act 2022</strong>, building on the older Irish protected disclosures regime. For most private organisations, the main trigger is <strong>50 workers</strong>, while Ireland&rsquo;s external reporting structure combines a <strong>Protected Disclosures Commissioner</strong> with a long list of sectoral <strong>prescribed persons</strong>.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.irishstatutebook.ie/eli/2022/act/27/enacted/en/html" rel="nofollow">Protected Disclosures (Amendment) Act 2022 — official Irish Statute Book text</a> </li> <li><a href="https://www.gov.ie/en/department-of-justice-home-affairs-and-migration/organisation-information/department-of-justice-protected-disclosures/" rel="nofollow">Department of Justice — protected disclosures guidance</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private organisations with <strong>at least 50 workers</strong> must establish an internal reporting channel. Public bodies are also covered under the Irish protected disclosures framework.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Ireland does not rely on a single universal subject-matter authority. The <a href="https://www.gov.ie/en/department-of-justice-home-affairs-and-migration/organisation-information/department-of-justice-protected-disclosures/" rel="nofollow">Office of the Protected Disclosures Commissioner</a> acts as a routing channel when the worker is unsure of the correct recipient, while many sectoral <strong>prescribed persons</strong> also receive external disclosures directly.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For complaints about the processing of whistleblower data, the relevant authority is the <a href="https://www.dataprotection.ie/en/faqs/initial-contact-dpc/making-complaint-dpc" rel="nofollow">Data Protection Commission</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Irish law still uses the &ldquo;protected disclosures&rdquo; terminology rather than &ldquo;whistleblowing&rdquo; as the primary legal label.</li> <li>The external-reporting map is broad, so internal procedures should tell workers whether they should go to a prescribed person, the Commissioner, or another route set out in the Act.</li> <li>The Data Protection Commission expects complainants to first raise the data issue with the organisation where appropriate before escalating.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.irishstatutebook.ie/eli/2022/act/27/enacted/en/html" rel="nofollow">Protected Disclosures (Amendment) Act 2022 — official law text</a> </li> <li><a href="https://www.gov.ie/en/department-of-justice-home-affairs-and-migration/organisation-information/department-of-justice-protected-disclosures/" rel="nofollow">Department of Justice — protected disclosures</a> </li> <li><a href="https://www.gov.ie/en/department-of-public-expenditure-infrastructure-public-service-reform-and-digitalisation/collections/protected-disclosures-whistleblowing-list-of-prescribed-persons/" rel="nofollow">Government list of prescribed persons</a> </li> <li><a href="https://www.dataprotection.ie/en/faqs/initial-contact-dpc/making-complaint-dpc" rel="nofollow">Data Protection Commission — making a complaint</a> </li> <li><a href="https://www.dataprotection.ie/en/individuals/exercising-your-rights/complaints-handling-investigations-and-enforcement-individuals" rel="nofollow">Data Protection Commission — complaint handling</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Italy — D.Lgs. 24/2023https://ethicsportal.eu/whistleblower-laws/italy/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/italy/Italy's whistleblower framework under Legislative Decree 24/2023: the 50-worker rule, the Model 231 carve-in, and the official ANAC sources.<h1 id="whistleblower-law-in-italy"> Whistleblower law in Italy <a href="#whistleblower-law-in-italy" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Italy implemented Directive (EU) 2019/1937 through <strong>Legislative Decree No. 24 of 10 March 2023</strong>. Italy&rsquo;s framework is commercially important because it combines the standard <strong>50-worker</strong> threshold with a separate rule for organisations that have adopted a <strong>Model 231</strong> compliance model.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.gazzettaufficiale.it/eli/id/2023/03/15/23G00032/sg" rel="nofollow">Legislative Decree No. 24 of 10 March 2023 — official text</a> </li> <li><a href="https://www.anticorruzione.it/en/-/whistleblowing" rel="nofollow">ANAC whistleblowing page</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private entities with <strong>at least 50 workers</strong> must establish an internal reporting channel. Italy also requires channels for entities that have adopted a <strong>Model 231</strong> organisational and management model, even where they are smaller.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The official external authority is <a href="https://www.anticorruzione.it/en/-/whistleblowing" rel="nofollow">ANAC</a> , which provides external reporting procedures and public guidance on the Italian whistleblowing regime.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For GDPR complaints relating to the handling of whistleblower data, the relevant authority is the <a href="https://www.garanteprivacy.it/" rel="nofollow">Garante per la protezione dei dati personali</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Italy&rsquo;s Model 231 overlap means the market expects precise legal positioning rather than a generic &ldquo;50-plus employees&rdquo; message.</li> <li>The Italian regime is documentation-heavy: companies need a clear internal procedure, a designated handler setup and compliant privacy information.</li> <li>ANAC remains the central official reference point even when the report concerns a private entity.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.gazzettaufficiale.it/eli/id/2023/03/15/23G00032/sg" rel="nofollow">Legislative Decree No. 24 of 10 March 2023 — official text</a> </li> <li><a href="https://www.normattiva.it/" rel="nofollow">Normattiva — Italian legal text database</a> </li> <li><a href="https://www.anticorruzione.it/en/-/whistleblowing" rel="nofollow">ANAC — whistleblowing</a> </li> <li><a href="https://www.garanteprivacy.it/" rel="nofollow">Garante privacy</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Latvia — Trauksmes celšanas likumshttps://ethicsportal.eu/whistleblower-laws/latvia/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/latvia/Latvia's Whistleblowing Law: the 50-worker rule, KNAB's contact-point role, and the official Latvian sources.<h1 id="whistleblower-law-in-latvia"> Whistleblower law in Latvia <a href="#whistleblower-law-in-latvia" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Latvia implemented Directive (EU) 2019/1937 through the <strong>Trauksmes celšanas likums</strong> (Whistleblowing Law), effective from <strong>4 February 2022</strong>. The Latvian framework combines the familiar <strong>50-worker</strong> trigger with a visible anti-corruption and public-guidance role for KNAB.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://likumi.lv/ta/id/329680-trauksmes-celsanas-likums" rel="nofollow">Trauksmes celšanas likums — official text</a> </li> <li><a href="https://www.knab.gov.lv/en/whistleblowing" rel="nofollow">KNAB whistleblowing overview</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private legal entities with <strong>at least 50 employees</strong> are the main business group required to establish an internal reporting channel. Public-sector entities are also covered by the law.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Latvia&rsquo;s official whistleblowing landscape is coordinated through <a href="https://www.knab.gov.lv/en/whistleblowing" rel="nofollow">KNAB</a> . Official Latvian materials also describe KNAB as the <strong>contact point</strong> for whistleblowers and a training / guidance body for the system.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For complaints about the processing of whistleblower data, the relevant authority is the <a href="https://www.dvi.gov.lv/en/services/complaint-concerning-processing-personal-data" rel="nofollow">State Data Inspectorate (DVI)</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Latvian official materials emphasise the public-interest nature of whistleblowing and the need to submit reports in the work-related context.</li> <li>KNAB and DVI both publish whistleblowing-related guidance, so Latvian implementation often has a visibly anti-corruption as well as privacy angle.</li> <li>Internal policies should explain when a report belongs in the statutory whistleblowing process and when it should go through another grievance route.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://likumi.lv/ta/id/329680-trauksmes-celsanas-likums" rel="nofollow">Trauksmes celšanas likums — official text</a> </li> <li><a href="https://www.knab.gov.lv/en/whistleblowing" rel="nofollow">KNAB — whistleblowing</a> </li> <li><a href="https://www.dvi.gov.lv/en/whistleblowing" rel="nofollow">DVI — whistleblowing</a> </li> <li><a href="https://www.dvi.gov.lv/en/services/complaint-concerning-processing-personal-data" rel="nofollow">DVI — complaint concerning processing of personal data</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Lithuania — Pranešėjų apsaugos įstatymashttps://ethicsportal.eu/whistleblower-laws/lithuania/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/lithuania/Lithuania's whistleblower law: the 50-worker rule, the central role of the Public Prosecutor's Office, and the official Lithuanian sources.<h1 id="whistleblower-law-in-lithuania"> Whistleblower law in Lithuania <a href="#whistleblower-law-in-lithuania" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Lithuania adopted whistleblower legislation before many other EU states and later aligned it with Directive (EU) 2019/1937. The framework is built around the <strong>Pranešėjų apsaugos įstatymas</strong> and gives the <strong>Public Prosecutor&rsquo;s Office of the Republic of Lithuania</strong> a central role.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://e-seimas.lrs.lt/portal/legalAct/lt/TAD/3832a712149511eab9d9cd0c85e0b745" rel="nofollow">Law on the Protection of Whistleblowers — official text</a> </li> <li><a href="https://www.prokuraturos.lt/data/public/uploads/2020/02/1.9-225-praneseju-apsaugos-istatymas-eng.pdf" rel="nofollow">Official English translation of the law</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private organisations with <strong>at least 50 workers</strong> are the main business group expected to maintain an internal reporting channel. Public-sector bodies are also part of the statutory framework.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Lithuania&rsquo;s whistleblower system gives a central role to the <strong>Public Prosecutor&rsquo;s Office of the Republic of Lithuania</strong>, as reflected in the official English translation of the law.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For GDPR complaints about the handling of report data, the relevant authority is the <a href="https://vdai.lrv.lt/en/services/" rel="nofollow">State Data Protection Inspectorate (VDAI)</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Lithuania&rsquo;s legal framework is older and more institutionally embedded than the late-transposition countries, which makes legal terminology and scope especially important.</li> <li>The official English translation of the law remains one of the clearest primary sources for understanding Lithuania&rsquo;s whistleblower framework.</li> <li>Organisations operating in Lithuania should not blur statutory whistleblowing with wider ethics intake unless the policy clearly separates them.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://e-seimas.lrs.lt/portal/legalAct/lt/TAD/3832a712149511eab9d9cd0c85e0b745" rel="nofollow">Pranešėjų apsaugos įstatymas — official law text</a> </li> <li><a href="https://www.prokuraturos.lt/data/public/uploads/2020/02/1.9-225-praneseju-apsaugos-istatymas-eng.pdf" rel="nofollow">Official English translation of the law</a> </li> <li><a href="https://vdai.lrv.lt/en/services/" rel="nofollow">State Data Protection Inspectorate — services</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Luxembourg — Loi du 16 mai 2023https://ethicsportal.eu/whistleblower-laws/luxembourg/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/luxembourg/Luxembourg's whistleblower law: the 50-worker rule, the 22-authority structure, and the official CNPD and reporting-office sources.<h1 id="whistleblower-law-in-luxembourg"> Whistleblower law in Luxembourg <a href="#whistleblower-law-in-luxembourg" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Luxembourg implemented Directive (EU) 2019/1937 through the <strong>Loi du 16 mai 2023 relative aux lanceurs d&rsquo;alerte</strong>. The Luxembourg system is notable because it uses <strong>22 competent authorities</strong> plus a central <strong>Reporting Office</strong> that helps identify the correct authority.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://legilux.public.lu/eli/etat/leg/loi/2023/05/16/a243/jo" rel="nofollow">Loi du 16 mai 2023 — official text on Legilux</a> </li> <li><a href="https://cnpd.public.lu/en/support/lanceurs-alerte.html" rel="nofollow">CNPD whistleblower guidance</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private and public legal entities with <strong>at least 50 workers</strong> must establish an internal reporting channel, subject to the law&rsquo;s own structure and exceptions.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Luxembourg does not rely on one universal authority. The <a href="https://cnpd.public.lu/en/support/lanceurs-alerte.html" rel="nofollow">CNPD guidance</a> explains that there are <strong>22 competent authorities</strong> and that anyone can contact the <strong>Reporting Office</strong> of the Ministry of Justice to identify the correct authority for a given type of report.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For data-protection matters, the relevant authority is the <a href="https://cnpd.public.lu/en.html/" rel="nofollow">CNPD</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Luxembourg is one of the clearest examples of why country-law pages matter: there is no single obvious external authority unless the organisation explains the competent-authority model.</li> <li>The CNPD itself is one of the competent whistleblowing authorities for data-protection matters, which makes the privacy angle unusually visible.</li> <li>Internal policies should make it easy for reporters to identify the correct external authority or the ministry reporting office.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://legilux.public.lu/eli/etat/leg/loi/2023/05/16/a243/jo" rel="nofollow">Loi du 16 mai 2023 — official law text</a> </li> <li><a href="https://cnpd.public.lu/en/support/lanceurs-alerte.html" rel="nofollow">CNPD — whistleblowers</a> </li> <li><a href="https://cnpd.public.lu/en/support/lanceurs-alerte/signalements-externes.html" rel="nofollow">CNPD — external reporting</a> </li> <li><a href="https://cnpd.public.lu/en.html/" rel="nofollow">CNPD — home page</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Malta — Cap. 527https://ethicsportal.eu/whistleblower-laws/malta/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/malta/Malta's Protection of the Whistleblower Act: the 50-worker rule, Malta's reporting-officer model, and the official sources.<h1 id="whistleblower-law-in-malta"> Whistleblower law in Malta <a href="#whistleblower-law-in-malta" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Malta implemented Directive (EU) 2019/1937 by amending the <strong>Protection of the Whistleblower Act (Cap. 527)</strong>. Malta&rsquo;s framework combines the usual <strong>50-worker</strong> private-sector trigger with a visible public-service reporting-officer model.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://legislation.mt/eli/cap/527/eng/pdf" rel="nofollow">Protection of the Whistleblower Act (Cap. 527) — official text</a> </li> <li><a href="https://whistleblower.gov.mt/" rel="nofollow">Government whistleblower portal</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private employers with <strong>at least 50 workers</strong> must establish an internal reporting procedure. Malta&rsquo;s public-service framework also requires whistleblowing reporting officers across ministries and public entities.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Malta uses <strong>competent authorities</strong> and reporting officers rather than one single universal external authority. The official <a href="https://whistleblower.gov.mt/" rel="nofollow">whistleblower.gov.mt</a> portal and its guidance pages explain the Maltese reporting-officer model for the public service.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For complaints about the handling of whistleblower data, the relevant authority is the <a href="https://idpc.org.mt/file-a-complaint/" rel="nofollow">Information and Data Protection Commissioner (IDPC)</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Malta&rsquo;s public-service model is operationally visible: each ministry has a whistleblowing reporting officer and public-facing procedures.</li> <li>The public guidance stresses that identified reporting is important to obtain formal whistleblower status and protection, even though anonymous submissions may still surface concerns.</li> <li>Organisations operating in Malta should explain clearly whether they are describing the statutory whistleblowing process or a broader grievance / speak-up workflow.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://legislation.mt/eli/cap/527/eng/pdf" rel="nofollow">Protection of the Whistleblower Act (Cap. 527) — official text</a> </li> <li><a href="https://whistleblower.gov.mt/" rel="nofollow">Government whistleblower portal</a> </li> <li><a href="https://whistleblower.gov.mt/about-us/" rel="nofollow">Government whistleblower guidance</a> </li> <li><a href="https://whistleblower.gov.mt/questions-and-answers/" rel="nofollow">Government whistleblower questions and answers</a> </li> <li><a href="https://idpc.org.mt/file-a-complaint/" rel="nofollow">IDPC — file a complaint</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Poland — Ustawa o ochronie sygnalistówhttps://ethicsportal.eu/whistleblower-laws/poland/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/poland/Poland's 2024 whistleblower act: the broader 50-person threshold, the Ombudsman's external channel, and the official Polish rollout dates.<h1 id="whistleblower-law-in-poland"> Whistleblower law in Poland <a href="#whistleblower-law-in-poland" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Poland implemented Directive (EU) 2019/1937 through the <strong>Act of 14 June 2024 on the Protection of Whistleblowers</strong>. The Polish regime uses a broader <strong>50-person</strong> threshold based on gainful work, not just standard employees.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240000928/O/D20240928.pdf" rel="nofollow">Act of 14 June 2024 on the Protection of Whistleblowers — official text PDF</a> </li> <li><a href="https://bip.brpo.gov.pl/pl/sygnalisci" rel="nofollow">Ombudsman information for external reports</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Internal reporting procedures are mandatory for legal entities for which gainful work is performed by <strong>at least 50 persons</strong>. This threshold is broader than a simple employee headcount. Internal obligations started on <strong>25 September 2024</strong>.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The <a href="https://bip.brpo.gov.pl/pl/sygnalisci" rel="nofollow">Rzecznik Praw Obywatelskich (Ombudsman)</a> receives external reports and routes them to the competent public authority where required. External reporting started on <strong>25 December 2024</strong>.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For GDPR complaints about how whistleblowing data is processed, the relevant authority is the <a href="https://uodo.gov.pl/pl/501/3485" rel="nofollow">Urząd Ochrony Danych Osobowych (UODO)</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Poland&rsquo;s threshold counts persons performing gainful work, not only standard employees.</li> <li>Local governments may organise joint internal procedures through shared-service arrangements.</li> <li>The rollout is split: internal reporting from 25 September 2024, external reporting from 25 December 2024.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20240000928/O/D20240928.pdf" rel="nofollow">Act of 14 June 2024 on the Protection of Whistleblowers — official text PDF</a> </li> <li><a href="https://bip.brpo.gov.pl/pl/sygnalisci" rel="nofollow">Ombudsman — whistleblowers page</a> </li> <li><a href="https://bip.brpo.gov.pl/pl/content/ustawa-o-ochronie-sygnalistow-wchodzi-w-zycie" rel="nofollow">Ombudsman — act enters into force notice</a> </li> <li><a href="https://uodo.gov.pl/pl/501/3485" rel="nofollow">UODO — whistleblowing and data protection</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Portugal — Lei 93/2021https://ethicsportal.eu/whistleblower-laws/portugal/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/portugal/Portugal's Lei 93/2021: the 50-worker trigger, authority-specific external reporting, and the official Portuguese sources that matter.<h1 id="whistleblower-law-in-portugal"> Whistleblower law in Portugal <a href="#whistleblower-law-in-portugal" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Portugal implemented Directive (EU) 2019/1937 through <strong>Lei n.º 93/2021, de 20 de dezembro</strong>. The core private-sector trigger follows the familiar <strong>50-worker</strong> line, but external reporting remains authority-specific rather than centralized around one universal whistleblowing office.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://files.diariodarepublica.pt/gratuitos/1s/2021/12/24400.pdf" rel="nofollow">Lei n.º 93/2021 — official text</a> </li> <li><a href="https://justica.gov.pt/Regime-Geral-de-Protecao-de-Denunciantes-de-Infracoes" rel="nofollow">Ministry of Justice explainer</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Legal entities with <strong>50 or more workers</strong> must establish internal reporting channels. Certain EU-regulated sectors remain in scope regardless of size. The Portuguese State and other public legal persons are also in scope.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Portugal does not use one single catch-all external whistleblowing authority. The <a href="https://justica.gov.pt/Regime-Geral-de-Protecao-de-Denunciantes-de-Infracoes" rel="nofollow">Ministry of Justice guidance</a> directs reporters to the competent authority for the subject matter.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For GDPR and confidentiality complaints, the relevant authority is the <a href="https://www.cnpd.pt/cidadaos/participacoes/" rel="nofollow">Comissão Nacional de Proteção de Dados (CNPD)</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Portuguese official guidance treats external reporting as authority-specific, so the correct regulator depends on the subject matter.</li> <li>The law is framed around secure, confidential intake and protection against retaliation.</li> <li>For most private employers, the practical deployment question is still whether the organization has reached the 50-worker threshold.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://files.diariodarepublica.pt/gratuitos/1s/2021/12/24400.pdf" rel="nofollow">Lei 93/2021 — official text</a> </li> <li><a href="https://justica.gov.pt/Regime-Geral-de-Protecao-de-Denunciantes-de-Infracoes" rel="nofollow">Ministry of Justice — general regime for whistleblower protection</a> </li> <li><a href="https://www.cnpd.pt/cidadaos/participacoes/" rel="nofollow">CNPD — complaints and participations</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Romania — Legea 361/2022https://ethicsportal.eu/whistleblower-laws/romania/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/romania/Romania's Legea 361/2022: who needs an internal channel, ANI's role as the external authority, and the official Romanian compliance sources.<h1 id="whistleblower-law-in-romania"> Whistleblower law in Romania <a href="#whistleblower-law-in-romania" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Romania implemented Directive (EU) 2019/1937 through <strong>Legea nr. 361/2022 privind protecția avertizorilor în interes public</strong>. The Romanian framework pairs the standard <strong>50-employee</strong> private-sector trigger with a visible role for ANI as both external authority and practical guidance body.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.ancpi.ro/ocpi/if/wp-content/uploads/2023/05/Lege361_2022_ProtectiaAvertizorilor_Interes_Public.pdf" rel="nofollow">Legea nr. 361/2022 — official text PDF</a> </li> <li><a href="https://avertizori.integritate.eu/intrebari-frecvente/" rel="nofollow">ANI FAQ for whistleblowers</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private legal entities with <strong>at least 50 employees</strong> must establish an internal reporting channel. Public authorities and institutions with at least 50 employees are also in scope, and Romanian official guidance goes further for certain public legal entities.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The official external channel is the <a href="https://integritate.eu/competente/avertizori-in-interes-public/" rel="nofollow">Agenția Națională de Integritate (ANI)</a> . ANI receives reports, can redirect them to the competent authority where needed, and publishes practical guidance for both reporters and employers.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For GDPR complaints about the handling of report data, the relevant authority is the <a href="https://www.dataprotection.ro/?lang=ro&amp;page=Transmiterea_plangerilor_catre_ANSPDCP" rel="nofollow">ANSPDCP</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>If a private entity has fewer than 50 workers and no internal channel, the practical route is often the external channel.</li> <li>Anonymous reports may be examined if they contain sufficient indications of a breach, but identified reporters have fuller procedural rights.</li> <li>ANI explicitly positions itself as both an intake authority and a guidance body for implementation questions.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.ancpi.ro/ocpi/if/wp-content/uploads/2023/05/Lege361_2022_ProtectiaAvertizorilor_Interes_Public.pdf" rel="nofollow">Legea nr. 361/2022 — official text PDF</a> </li> <li><a href="https://integritate.eu/competente/avertizori-in-interes-public/" rel="nofollow">ANI — whistleblower competence page</a> </li> <li><a href="https://avertizori.integritate.eu/intrebari-frecvente/" rel="nofollow">ANI — frequently asked questions</a> </li> <li><a href="https://www.dataprotection.ro/?lang=ro&amp;page=Transmiterea_plangerilor_catre_ANSPDCP" rel="nofollow">ANSPDCP — complaints submission</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Slovakia — Act No. 54/2019https://ethicsportal.eu/whistleblower-laws/slovakia/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/slovakia/Slovakia's whistleblower law: the 50-worker rule, the Whistleblower Protection Office, and the official Slovak sources.<h1 id="whistleblower-law-in-slovakia"> Whistleblower law in Slovakia <a href="#whistleblower-law-in-slovakia" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Slovakia implemented Directive (EU) 2019/1937 by amending <strong>Act No. 54/2019 Coll. on the Protection of Whistleblowers of Anti-Social Activities</strong>. Slovakia stands out because it has a visible and specialised <strong>Whistleblower Protection Office</strong> rather than a low-profile distributed model.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2019/54/" rel="nofollow">Act No. 54/2019 Coll. — official text on Slov-Lex</a> </li> <li><a href="https://www.oznamovatelia.sk/en/" rel="nofollow">Whistleblower Protection Office</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Employers with <strong>at least 50 workers</strong> must establish an internal reporting channel under the Slovak whistleblower framework.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The specialised external authority is the <a href="https://www.oznamovatelia.sk/en/" rel="nofollow">Whistleblower Protection Office</a> , which protects whistleblowers, supervises the law&rsquo;s application and provides guidance to both workers and employers.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For GDPR complaints relating to report handling, the relevant authority is the <a href="https://www.dataprotection.gov.sk/en/rights-data-subjects/proceedings-on-protection-personal-data/" rel="nofollow">Office for Personal Data Protection of the Slovak Republic</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Slovakia has one of the more visible dedicated whistleblowing institutions in CEE, which means buyers often expect a more formal legal framing.</li> <li>The Whistleblower Protection Office can intervene in retaliation-related employment measures, which gives the Slovak regime a strong protection profile.</li> <li>Slovak official materials distinguish between the employer&rsquo;s internal process and the office&rsquo;s own protection and reporting functions, so product copy should do the same.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2019/54/" rel="nofollow">Act No. 54/2019 Coll. — official text</a> </li> <li><a href="https://www.oznamovatelia.sk/en/" rel="nofollow">Whistleblower Protection Office</a> </li> <li><a href="https://www.oznamovatelia.sk/en/nase-cinnosti/ochrana-oznamovatelov/" rel="nofollow">Whistleblower Protection Office — protection activity</a> </li> <li><a href="https://www.oznamovatelia.sk/en/povinne-zverejnovane-informacie/" rel="nofollow">Whistleblower Protection Office — compulsory information</a> </li> <li><a href="https://www.dataprotection.gov.sk/en/rights-data-subjects/proceedings-on-protection-personal-data/" rel="nofollow">Office for Personal Data Protection — proceedings</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Slovenia — ZZPrihttps://ethicsportal.eu/whistleblower-laws/slovenia/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/slovenia/Slovenia's Reporting Persons Protection Act (ZZPri): the 50-worker rule, the KPK protection role, and the official Slovenian sources.<h1 id="whistleblower-law-in-slovenia"> Whistleblower law in Slovenia <a href="#whistleblower-law-in-slovenia" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Slovenia implemented Directive (EU) 2019/1937 through the <strong>Zakon o zaščiti prijaviteljev (ZZPri)</strong>, in force since <strong>22 February 2023</strong>. Slovenia gives a visible role to the <strong>Commission for the Prevention of Corruption (KPK)</strong> for protection and reporting oversight.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.uradni-list.si/glasilo-uradni-list-rs/vsebina/2023-01-0471" rel="nofollow">ZZPri — official text in Uradni list</a> </li> <li><a href="https://www.kpk-rs.si/en/commissions-activities/protection-of-reporting-persons" rel="nofollow">KPK — protection of reporting persons</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Employers with <strong>at least 50 workers</strong> must establish an internal reporting channel under the Slovenian act.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The central official institution in the Slovenian system is the <a href="https://www.kpk-rs.si/en/commissions-activities/protection-of-reporting-persons" rel="nofollow">Commission for the Prevention of Corruption (KPK)</a> , which provides guidance on protection measures and reporting-person status.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For GDPR complaints about whistleblower data handling, the relevant authority is the <a href="https://www.ip-rs.si/en/" rel="nofollow">Information Commissioner of the Republic of Slovenia</a> and its <a href="https://www.ip-rs.si/varstvo-osebnih-podatkov/pravice-posameznika/vlo%C5%BEitev-prijave" rel="nofollow">complaint filing page</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>The KPK can issue a certificate of eligibility for protection, which makes the Slovenian framework more institutionally concrete than a generic hotline model.</li> <li>Slovenia also expects annual reporting statistics from obliged persons and external reporting authorities to the KPK.</li> <li>Internal procedures should make clear that the statutory system is for legally defined reporting-person protection, not just any workplace complaint.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.uradni-list.si/glasilo-uradni-list-rs/vsebina/2023-01-0471" rel="nofollow">ZZPri — official law text</a> </li> <li><a href="https://www.kpk-rs.si/en/commissions-activities/protection-of-reporting-persons" rel="nofollow">KPK — protection of reporting persons</a> </li> <li><a href="https://www.kpk-rs.si/en/kpk-applications/reporting-on-whistleblowing" rel="nofollow">KPK — reporting on whistleblowing</a> </li> <li><a href="https://www.ip-rs.si/en/" rel="nofollow">Information Commissioner of the Republic of Slovenia</a> </li> <li><a href="https://www.ip-rs.si/varstvo-osebnih-podatkov/pravice-posameznika/vlo%C5%BEitev-prijave" rel="nofollow">Information Commissioner — complaint filing</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Spain — Ley 2/2023https://ethicsportal.eu/whistleblower-laws/spain/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/spain/Spain's Ley 2/2023: the private-sector threshold, public-sector scope, regional authority nuance, and the official Spanish reporting authorities.<h1 id="whistleblower-law-in-spain"> Whistleblower law in Spain <a href="#whistleblower-law-in-spain" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Spain implemented Directive (EU) 2019/1937 through <strong>Ley 2/2023, de 20 de febrero</strong>. The Spanish framework combines the standard <strong>50-worker</strong> private-sector trigger with a broad public-sector obligation and a meaningful regional-authority layer.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.boe.es/buscar/act.php?id=BOE-A-2023-4513" rel="nofollow">Ley 2/2023 — official BOE text</a> </li> <li><a href="https://www.proteccioninformante.gob.es/sistema-de-informacion-canal-externo" rel="nofollow">AIPI — external information channel</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Private-sector entities with <strong>50 or more workers</strong> must maintain an internal information system. All public-sector entities are in scope. Municipalities below 10,000 inhabitants may share means, and private entities with 50-249 workers may share resources for the system.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The national external channel is run by the <a href="https://www.proteccioninformante.gob.es/sistema-de-informacion-canal-externo" rel="nofollow">Autoridad Independiente de Protección del Informante</a> . Autonomous community authorities may handle regional and local matters within their territory unless a convention assigns them to the national authority.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For GDPR complaints and privacy guidance, the competent authority is the <a href="https://www.aepd.es/" rel="nofollow">Agencia Española de Protección de Datos (AEPD)</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Spain&rsquo;s public-sector obligation is broader than the simple private-sector 50-worker rule.</li> <li>The national external system expressly supports written and verbal submissions.</li> <li>The regional-authority layer matters in practice, especially for local or single-region cases.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.boe.es/buscar/act.php?id=BOE-A-2023-4513" rel="nofollow">Ley 2/2023 — official BOE text</a> </li> <li><a href="https://www.proteccioninformante.gob.es/sistema-de-informacion-canal-externo" rel="nofollow">AIPI — external information channel</a> </li> <li><a href="https://www.proteccioninformante.gob.es/quienes-somos" rel="nofollow">AIPI — who we are</a> </li> <li><a href="https://www.aepd.es/" rel="nofollow">AEPD</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in Sweden — SFS 2021:890https://ethicsportal.eu/whistleblower-laws/sweden/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/sweden/Sweden's whistleblower act: the 50-worker rule, Sweden's sectoral external-authority model, and the official Swedish sources.<h1 id="whistleblower-law-in-sweden"> Whistleblower law in Sweden <a href="#whistleblower-law-in-sweden" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>Sweden implemented Directive (EU) 2019/1937 through <strong>Lag (2021:890) om skydd för personer som rapporterar om missförhållanden</strong>, in force since <strong>17 December 2021</strong>. Sweden combines the standard <strong>50-worker</strong> trigger with a <strong>sectoral external-authority model</strong> and supervision of internal-channel obligations by the Swedish Work Environment Authority.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/lag-2021890-om-skydd-for-personer-som_sfs-2021-890/" rel="nofollow">Lag (2021:890) om skydd för personer som rapporterar om missförhållanden — official Riksdag text</a> </li> <li><a href="https://www.government.se/government-policy/labour-law-and-work-environment/2021890-act-on-the-protection-of-persons-reporting-irregularities-2021890/" rel="nofollow">Government English translation of the Act</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Public and private organisations with <strong>at least 50 workers</strong> must establish internal reporting channels under the Swedish act.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Sweden does not rely on one universal whistleblowing authority. The <a href="https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/forordning-2021949-om-skydd-for-personer-som_sfs-2021-949/" rel="nofollow">Ordinance (2021:949)</a> designates multiple competent external authorities depending on the sector. The <a href="https://www.av.se/en/about-us/contact-us/" rel="nofollow">Swedish Work Environment Authority</a> also receives reports that an employer has failed to maintain internal channels and procedures.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For GDPR complaints relating to whistleblower data handling, the relevant authority is the <a href="https://www.imy.se/en/individuals/forms-and-e-services/file-a-gdpr-complaint/" rel="nofollow">Swedish Authority for Privacy Protection (IMY)</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>Swedish law is structurally clear but operationally decentralised, so country-specific legal content matters more than generic &ldquo;EU-compliant&rdquo; messaging.</li> <li>Employers should tell users which external authority is relevant for the kind of breach being reported, not just that an &ldquo;external authority&rdquo; exists.</li> <li>The Work Environment Authority is the clearest official supervisory body if the issue is the employer&rsquo;s failure to operate a compliant internal channel.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/lag-2021890-om-skydd-for-personer-som_sfs-2021-890/" rel="nofollow">Lag (2021:890) — official Riksdag text</a> </li> <li><a href="https://www.government.se/government-policy/labour-law-and-work-environment/2021890-act-on-the-protection-of-persons-reporting-irregularities-2021890/" rel="nofollow">Government — English translation of the Act</a> </li> <li><a href="https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/forordning-2021949-om-skydd-for-personer-som_sfs-2021-949/" rel="nofollow">Ordinance (2021:949) — designated competent authorities</a> </li> <li><a href="https://www.av.se/en/about-us/contact-us/" rel="nofollow">Swedish Work Environment Authority — contact and internal-channel supervision</a> </li> <li><a href="https://www.imy.se/en/individuals/forms-and-e-services/file-a-gdpr-complaint/" rel="nofollow">IMY — file a GDPR complaint</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)Whistleblower law in the Netherlands — Wbkhttps://ethicsportal.eu/whistleblower-laws/netherlands/Fri, 24 Apr 2026 00:00:00 +0000https://ethicsportal.eu/whistleblower-laws/netherlands/The Dutch Whistleblower Protection Act: the 50-worker rule, the Dutch Whistleblowers Authority, and the official Dutch sources.<h1 id="whistleblower-law-in-the-netherlands"> Whistleblower law in the Netherlands <a href="#whistleblower-law-in-the-netherlands" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h1> <p>The Netherlands implemented Directive (EU) 2019/1937 through the <strong>Wet bescherming klokkenluiders (Wbk)</strong>, in force since <strong>18 February 2023</strong>. The Dutch regime is institutionally visible because it sits alongside the <strong>Dutch Whistleblowers Authority</strong> and a dedicated government information site for employers.</p> <h2 id="applicable-law"> Applicable law <a href="#applicable-law" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://wetten.overheid.nl/BWBR0033585/2023-02-18" rel="nofollow">Wet bescherming klokkenluiders — official text</a> </li> <li><a href="https://www.wetbeschermingklokkenluiders.nl/service/english" rel="nofollow">Official English version of the Dutch Whistleblower Protection Act</a> </li> </ul> <h2 id="who-must-establish-an-internal-channel"> Who must establish an internal channel <a href="#who-must-establish-an-internal-channel" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>Employers with <strong>at least 50 workers</strong> must establish an internal reporting channel. This applies across the Dutch public and private sectors, subject to the statutory framework.</p> <h2 id="external-reporting-authority"> External reporting authority <a href="#external-reporting-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>The key official body is the <a href="https://www.huisvoorklokkenluiders.nl/english" rel="nofollow">Dutch Whistleblowers Authority</a> . The government employer-facing site also points organisations to the authority as the core institutional reference point.</p> <h2 id="data-protection-authority"> Data protection authority <a href="#data-protection-authority" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <p>For GDPR complaints relating to whistleblower data handling, the relevant authority is the <a href="https://autoriteitpersoonsgegevens.nl/en/submitting-a-tip-off-or-a-complaint-to-the-dutch-dpa" rel="nofollow">Autoriteit Persoonsgegevens (AP)</a> .</p> <h2 id="key-compliance-points"> Key compliance points <a href="#key-compliance-points" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li>The Dutch government maintains a dedicated site explaining the act to employers, which makes the market relatively transparent on basic legal positioning.</li> <li>Internal procedures should clearly explain when workers can use the Dutch Whistleblowers Authority and when another competent authority is more appropriate.</li> <li>The AP expects complainants to first raise the matter with the organisation where possible before escalating a data-protection complaint.</li> </ul> <h2 id="official-sources"> Official sources <a href="#official-sources" class="ml-1 text-base-content/30 hover:text-base-content/60 no-underline" aria-label="Link to this section">#</a> </h2> <ul> <li><a href="https://wetten.overheid.nl/BWBR0033585/2023-02-18" rel="nofollow">Wet bescherming klokkenluiders — official text</a> </li> <li><a href="https://www.wetbeschermingklokkenluiders.nl/service/english" rel="nofollow">Government site — official English version of the Act</a> </li> <li><a href="https://www.wetbeschermingklokkenluiders.nl/service/contact" rel="nofollow">Government site — contact / service page</a> </li> <li><a href="https://www.huisvoorklokkenluiders.nl/english" rel="nofollow">Dutch Whistleblowers Authority</a> </li> <li><a href="https://autoriteitpersoonsgegevens.nl/en/submitting-a-tip-off-or-a-complaint-to-the-dutch-dpa" rel="nofollow">Autoriteit Persoonsgegevens — submitting a complaint</a> </li> </ul> <hr> <p><a href="/pricing/">Deploy your reporting channel →</a> </p>support@ethicsportal.eu (EthicsPortal)