Whistleblower law in Luxembourg #
Luxembourg implemented Directive (EU) 2019/1937 through the Loi du 16 mai 2023 relative aux lanceurs d’alerte. The Luxembourg system is notable because it uses 22 competent authorities plus a central Reporting Office that helps identify the correct authority.
Applicable law #
Who must establish an internal channel #
Private and public legal entities with at least 50 workers must establish an internal reporting channel, subject to the law’s own structure and exceptions.
External reporting authority #
Luxembourg does not rely on one universal authority. The CNPD guidance explains that there are 22 competent authorities and that anyone can contact the Reporting Office of the Ministry of Justice to identify the correct authority for a given type of report.
Data protection authority #
For data-protection matters, the relevant authority is the CNPD .
Key compliance points #
- Luxembourg is one of the clearest examples of why country-law pages matter: there is no single obvious external authority unless the organisation explains the competent-authority model.
- The CNPD itself is one of the competent whistleblowing authorities for data-protection matters, which makes the privacy angle unusually visible.
- Internal policies should make it easy for reporters to identify the correct external authority or the ministry reporting office.
Official sources #
- Loi du 16 mai 2023 — official law text
- CNPD — whistleblowers
- CNPD — external reporting
- CNPD — home page
Deploy your reporting channel →
Last updated: