Whistleblower law in Moldova #
Moldova regulates whistleblowing through Legea nr. 165/2023 privind avertizorii de integritate (Law 165/2023 on integrity whistleblowers), in force since 26 October 2023. Moldova is not an EU member state — it is an accession candidate, and Law 165/2023 is partially aligned with Directive (EU) 2019/1937 rather than a transposition of it.
Applicable law #
- Legea nr. 165/2023 — official text (Ministry of Justice)
- Avocatul Poporului — integrity whistleblowers guidance
EU accession alignment #
As a non-member, Moldova has no obligation to transpose Directive (EU) 2019/1937. Law 165/2023 was adopted as a partial alignment with the Directive ahead of accession, and a draft law for full alignment is under legislative consultation , consolidating the protection mechanism for integrity disclosures. Organizations operating in Moldova should expect the framework to converge on the Directive’s standards as the accession process advances.
Who must establish an internal channel #
- All public entities — regardless of employee count.
- Private entities with at least 50 employees.
- Private entities with fewer than 50 employees are not required to operate an internal channel; their employees use the external reporting channel.
Disclosures are recorded in a register of disclosures (Registrul dezvăluirilor privind încălcările legii), and records must be retained for 5 years.
Penalties and liability #
Law 165/2023 establishes liability categories rather than a published fine schedule:
- Failing to operate a required reporting channel — contraventional liability.
- Breaching whistleblower confidentiality — disciplinary or contraventional liability.
- Retaliation against a whistleblower — disciplinary, contraventional, or criminal liability depending on the facts.
- Knowingly false reports — contraventional or criminal liability.
An honest assessment. The current law does not attach specific fine amounts to these categories, so any Moldova compliance pitch built on penalty figures is not grounded in the statute as it stands. The 2025 full-alignment consultation materials propose more detailed contravention fines; until those are adopted, the operational exposure is a disclosure reaching the external authorities with no internal channel in place.
External reporting authority #
The competent external authority is the Centrul Național Anticorupție (CNA) — the National Anticorruption Center, which receives external disclosures.
Whistleblower protection authority #
Whistleblower protection is handled through the Avocatul Poporului (Ombudsman) , which examines protection requests from integrity whistleblowers facing retaliation.
Data protection authority #
For complaints about the handling of personal data in reporting systems, the competent authority is the Centrul Național pentru Protecția Datelor cu Caracter Personal (CNPDCP) .
Key compliance points #
- The law’s own terminology is “avertizor de integritate” (integrity whistleblower) and “dezvăluire de încălcare a legii” (disclosure of a breach of the law) — distinct from the Romanian Legea 361/2022 vocabulary, even though both laws are in Romanian.
- Private entities below 50 employees route reports through the external channel rather than an internal one.
- The disclosure register carries a 5-year retention obligation.
- Full Directive alignment is in legislative consultation — an internal channel built to Directive (EU) 2019/1937 standards today is positioned for the converged framework.
Official sources #
Primary law and authorities
- Legea nr. 165/2023 — official text (Ministry of Justice)
- Avocatul Poporului — integrity whistleblowers
- Centrul Național Anticorupție (CNA)
- CNPDCP — data protection authority
Alignment work
Deploy your reporting channel →
Last updated: