Exposing the Truth:

What the EU Whistleblower Directive means for global business

Speaking Out: What impact will the EU whistleblowing law have on business transparency?

In the past few years, demands have been growing around the world for more accountability by businesses and governments – particularly since the start of the Covid-19 crisis. Indeed, the global pandemic has heightened issues around whistleblowing like never before.

Nevertheless, whistleblowers often still face dire consequences – often fatal – if they report on problems their superiors would rather the world didn’t know about.

Dr Li Wenliang, in Wuhan China, was a case in point. Officially reprimanded for warning the world about Covid-19, he was then later ruthlessly silenced by the Wuhan public security bureau. In Poland, meanwhile, Renata Pizanowska, a nurse and midwife, was sacked for posting pictures on social media of her totally inadequate homemade surgical mask used by hospital staff for protection against the deadly virus.

Elsewhere, in the UK at the start of the pandemic, Linda Fairhall, an NHS nurse since 1979, was sacked after warning that the crippling workload NHS staff were under had led to a patient’s death. After she raised the alarm she was summarily dismissed for concerns about her leadership capabilities.

Theoretically, this was all set to change on December 17, with the implementation of the EU’s new whistleblowing directive that was due to be adopted into national laws by different EU states. The aim is a laudable one – to fight for more transparency from governments and organisations not just in the EU but beyond its borders. As with GDPR compliance, the hope is that there will be a positive knock-on effect with all businesses and public sector organisations that are located or have an office in an EU state.

The idea of the directive is to set up uniform minimum protection for people who want to report breaches of EU law – giving them legal security against any retaliation by companies or colleagues. Along with this minimum level of protection, each EU state is obliged to introduce a national legislation to give an added layer of security for whistleblowers. However, almost all professional services advisers agree that this added protection in the form of national laws will take time to enact given the patchwork of legislation that exists across the diverse EU member states.

What is a whistleblower?

Essentially, a whistleblower is defined under the new law as a natural person who reports on or discloses information about breaches or other issues in the context of any work-based activities. The whistleblower will be entitled to legal protection providing there are reasonable grounds to believe that the information on breaches they report were true at the time of reporting. Importantly, the directive also prohibits retaliation and attempts at retaliation (this includes blacklisting, dismissal etc), something that could be extremely difficult to implement among EU governments and further afield.

A single framework?

From a compliance point of view, the Whistleblowing Directive will have a number of hurdles to overcome as EU countries digest the new law and implement it. One of the main debating areas is the idea of applying a single framework and policy across the entire EU or simply adopting different levels of compliance country by country. This will have a huge impact on organisations, which will need to implement compliance according to the local national legislation.

The other issue is how to accommodate whistleblowers who are outside these national boundaries, working from home and/or mobile – which legislation would be applicable? This in turn will have a big impact on employees and employers.

For public and private sector organisations, the directive states that any enterprise with more than 50 employees or public body will have to instigate its own internal whistleblowing channel. Again, many professional services advisors see this as problematic given the complexity of the issues depending on where companies are based and what laws they are adhering to.

Experts have told IR Global these will probably be digital and so will need to be GDPR compliant to ensure they comply with the directive and maintain the whistleblowers’ anonymity. Anna Fernqvist Svensson, partner at Hellstrom Law in Sweden, said: “I work with my clients on data protection and whistleblowing is closely connected with issue around personal data.

“The whistleblowing channel and the new EU directive will take time to implement and to educate everyone on this topic. Given that so many companies in the public and private sectors are not GDPR compliant at the moment (if that’s even possible), there’s a long way to go.”

There is also historical baggage to a take into account for each nation. Robert Lewandowski, managing partner at Dr Lewandowski & Partners in Poland, said: “In Poland the term whistleblower has negative connotations related to being an “informer”. This attitude has historical roots going back to the times of Poland’s Communist era where “whispering” to officials was treated almost as an act of treason.

“Nevertheless, the draft on whistleblowing is definitely an act that should also encourage employer organisations to actively promote whistleblower protection systems as management tools in workplaces.”

Outside the EU, many believe the legislation will never be implemented to mirror that of the Brussels legislators. Rebecca Torrey, founding partner at The Torrey Firm in California, doesn’t see any federal laws on whistleblowing happening soon. In the US, whistleblowers will continue to have to make difficult decisions on reporting: “It’s quite a ways off before such a law is enacted on the federal level.

“In the United States known whistleblowers do face blacklisting. One example is Frances Haugen, the woman who worked at Facebook, now called Metaverse. She was whisteblowing initially anonymously.”

“She went to the Security Exchange Commission, and then the Washington Post ran a series of articles and didn’t say that she was one of their sources. Then it expanded to a testimony in front of Congress. Obviously, that’s not very anonymous.

“It’s hard to imagine any company in the US would want to hire Ms Haugen as an employee after that.”

Such debates will continue for some time, but ultimately for most people it’s a start in the right direction. As Joris Lambrechts, Manager Compliance & Forensics at Finvision in Belgium, says: “It’s a cliché but maybe we’re making a better world with baby steps; one baby step at a time. I don’t think the directive will change the world we’re living in. It will help it change over years.”

In the following pages, IR Global members discuss the huge complexities involved with whistleblowing and how the EU Whistleblowing directive will affect businesses in their different jurisdictions.