(Co-author: Alex Cotoia)
Alex Cotoia, Regulatory Compliance Manager at the Volkov Law Group, accompanies us on an informative four-part series on the EU Whistleblower Directive.
The Directive 2019/1937 of the European Parliament and of the Council of October 23, 2019 on the "Protection of persons who report violations of Union law" (the "Directive") (1) is due on December 17, 2021 – Fristthe of the European Union ("EU") to implement the requirements of the directive into the national law of all twenty-seven member states. The directive has broad applicability to organizations operating in the EU internal market and applies equally to public and private sector organizations.
In general, the Directive requires Member States to adopt common minimum standards to protect potential whistleblowers who report breaches of EU law in the following areas: (1) public procurement; (2) financial services; (3) product safety and compliance; (4) transportation security; (5) environmental protection; (6) Radiation Protection and Nuclear Safety; (7) food and feed safety, animal health and welfare; (8) public health; (9) consumer protection; and (10) Protection of privacy and personal data as well as the security of network and information systems. (2) The material scope of the Directive also includes “Infringements affecting the financial interests of the Union within the meaning of Article 325 TFEU (Treaty on the Functioning of the European Union) and specified in more detail in Union measures ”(3) as well as“ Infringements in connection with the internal market in relation to acts that are against . . Corporate tax (rules) or rules that create tax advantages ”(4), which largely undermine EU corporate tax law. The EU's emphasis on a separate provision of the TFEU addressing the obligation of member states to adopt measures to combat fraud and other illegal activities in public spaces is a strong sign of Europe's continuing commitment to state transparency and democratic accountability.
Article 4 of the Directive extends whistleblower protection to certain “reporters who work in the private or public sector and who have received information about infringements in a work-related context.” (5) This deliberately broad definition includes both conventional full-time employees and “employees "Within the meaning of Article 45 (1) TFEU (6) and persons with" self-employed status "(7)
Organizations should be aware that the term “worker” as interpreted by the Court of Justice of the European Union (“ECJ”) is broad. In fact, according to established case law, the examination of whether a person qualifies as an “employee” depends on the so-called “Lawrie-Blum formula.” (8) After this examination, the essential characteristic of an employment relationship is that a person provides services of some economic value to and under the direction of another person for whom he is being paid. (9) Thus, the term “worker” for the purposes of the Directive would encompass a wide variety of unconventional employment relationships, including part-time and contract work, voluntary service and Internships.
In particular, the guideline also applies to "shareholders and persons who belong to the administrative, management or supervisory bodies of a company, including non-executive members." Subcontractors "and suppliers" (11) of an organization. Given that retaliation against whistleblowers often extends beyond the reporter, Article 4 also provides protection for certain third parties associated with the whistleblower, including the whistleblower's colleagues and relatives, as well as "intermediaries" who help a whistleblower in a covered context. 12) For the purposes of the directive, the term “intermediary” (13) refers to any natural person who supports a whistleblower in a work-related context in the reporting process.
Under Article 6, whistleblowers are guaranteed legal protection under the Directive to the extent that: (1) they have reasonable grounds to believe that the information reported was true at the time it was reported; and (2) the whistleblower reported either internally to the organization, externally to a competent authority or publicly under Article 15. (14) Significantly, Article 6 (2) of the Directive, despite the proven reluctance of the EU to report anonymously, does not affect the ability of Member States decide whether private organizations or competent authorities designated by the Member States are required to receive and follow up anonymous reports of covered infringements. (15)
(1) Directive 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report violations of Union law, 2019 O.J. (L305) 17th
(2) Directive 2019/1937, Article 2, 2019 OJ (L305) 17, 34.
(3) Directive 2019/1937, Article 2, 2019 OJ (L305) 17, 35.
(4) ID no.
(5) Directive 2019/1937, Article 4, 2019 OJ (L305) 17, 35.
(6) ID no. in Article 4 paragraph 1 letter a.
(7) ID no. in Article 4 (1) (b).
(8) See generally Case 66/85, Deborah Lawrie-Blum v Land Baden-Württemberg, 186 E.C.R. 2139.
(9) ID no.
(10) Directive 2019/1937, Article 4 (1) (c), OJ (L305) 17, 35.
(11) ID no. in Article 4, paragraph 1, letter d).
(12) ID no. in Article 4 (4) (a) and (b).
(13) ID no.
(14) ID no. in Article 6 (1) (a) and (b).
(15) See e.g. B. Article 29 Working Party, Opinion 1/2006, “On the application of EU data protection rules to internal whistleblowing systems in the areas of accounting, internal accounting controls, audit matters, the fight against bribery, banking and financial crime”, 10-11 (February 1st 2006).