Whistleblower law in Portugal #
Portugal implemented Directive (EU) 2019/1937 through Lei n.º 93/2021, de 20 de dezembro. The core private-sector trigger follows the familiar 50-worker line, but external reporting remains authority-specific rather than centralized around one universal whistleblowing office.
Applicable law #
Who must establish an internal channel #
Legal entities with 50 or more workers must establish internal reporting channels. Certain EU-regulated sectors remain in scope regardless of size. The Portuguese State and other public legal persons are also in scope.
External reporting authority #
Portugal does not use one single catch-all external whistleblowing authority. The Ministry of Justice guidance directs reporters to the competent authority for the subject matter.
Data protection authority #
For GDPR and confidentiality complaints, the relevant authority is the Comissão Nacional de Proteção de Dados (CNPD) .
Key compliance points #
- Portuguese official guidance treats external reporting as authority-specific, so the correct regulator depends on the subject matter.
- The law is framed around secure, confidential intake and protection against retaliation.
- For most private employers, the practical deployment question is still whether the organization has reached the 50-worker threshold.
Official sources #
- Lei 93/2021 — official text
- Ministry of Justice — general regime for whistleblower protection
- CNPD — complaints and participations
Deploy your reporting channel →
Last updated: