Whistleblower protection

The protection of whistleblowers safeguards people who report certain types of misconduct. In this case, “whistleblower” refers to a person who, in the course of their work, discovers a breach of European Union or national law concerning public procurement, financial services, food safety, or consumer protection, for example, and reports the breach via a reporting channel. Reporting these breaches is important to prevent threats and serious harm to public interest.

Whistleblower protection allows people to safely report breaches without their identity being compromised. The whistleblower’s identity remains confidential information in the subsequent processing of their report.

Whistleblower protection is based on the national Act on whistleblower protection (“Whistleblower Act”) and the European Union’s whistleblower directive.

Whistleblower protection prohibits retaliation against whistleblowers. For example, an employer may not worsen a whistleblower’s terms of employment, dismiss them, or lay them off because of their report.

There are three general requirements for receiving whistleblower protection:

  • At the time of the report, the whistleblower must have a legitimate reason to believe that their information about a breach is true.
  • The information about a breach must be included in the scope of the Whistleblower Act.
  • The whistleblower must be reporting a breach they have discovered in the course of their work.

What breaches may be reported?

Breaches of European Union or national law may be reported, if they

  • are punishable offenses
  • may result in a penalty fee, or
  • may seriously endanger the realisation of public interest.

Reports may be made about breaches in the following sectors:

  • Public procurement (excluding defence and security spending)
  • Financial services, products, and markets
  • Prevention of money laundering and terrorist financing
  • Product safety and conformity
  • Traffic safety
  • Environmental protection
  • Radiation and nuclear safety
  • Food and feed safety and animal health and welfare
  • Public health (as defined by Article 168 of the Treaty on the Functioning of the European Union)
  • Consumer protection
  • Privacy and personal data protection
  • Network and information system security.

In addition, the following may be reported:

  • Violation of rules concerning European Union fund management or expenditure implementation or European Union income or fund collection
  • Violation of rules concerning the granting, use, or recovery of grants or state aid
  • Violation of competition rules
  • Violation of tax rules for businesses and corporations or arrangements made to obtain a tax advantage
  • Violation of legislation enacted to protect consumers.

As an exception to the scope, the Act does not apply to violations of the Medicines Act with regard to a private person bringing their personal medication into a country, social welfare service housing and 24-hour service housing, certain provisions of the Act on the Medical Use of Human Organs, Tissues and Cells, and certain provisions of the Act on Cross-Border Health Care. For further information, see section 2, subsection 2 on the exceptions to the scope. 

Intentionally reporting false information is a punishable act and may result in liability for damages.

Who can receive whistleblower protection?

The Whistleblower Act provides protection for people who report breaches they have discovered in the course of their work.

The whistleblower may be

  • An employee or public servant
  • A self-employed person
  • A shareholder
  • A member of the board of a corporation or foundation or the managing director
  • A volunteer worker
  • A trainee.

Whistleblowers may also report a breach that occurred during the negotiations preceding their hiring or in the course of an already discontinued employment relationship. Reports may be filed even if the negotiations did not result in the person’s hiring.

In addition, the protection extends to persons who assist the whistleblower in their reporting or are connected to the whistleblower and risk post-report retaliation because of their work or station. For example, the above could be a shop steward, trusted representative, health and safety representative, other employee representative, or the whistleblower’s contractual partner, colleague, or relative. 

Who receives the reports?

If a breach is discovered in an organisation, the report should primarily be sent through the organisation’s internal reporting channel. In some cases, the report may be made through the centralised external reporting channel of the Office of the Chancellor of Justice or directly to the competent authority.

The Office of the Chancellor of Justice forwards the reports it receives through its external reporting channel to the competent authority who investigates the report and takes the necessary measures.

Read more about the centralised external reporting channel of the Office of the Chancellor of Justice.