The Whistleblowing Directive in Europe

October 13, 2023

Current status of the EU Whistleblowing Directive

While the original deadline for the transposition of the EU Whistleblowing Directive was in December 2021, only one Member State managed to get there on time. Malta has had a whistleblowing law since 2013, which was quickly amended in 2021 to meet the provisions of the EU Directive.

Status of the eu whistleblowing directiveThe rest of the countries have been experiencing delays in adopting the law. Different interpretations have created discrepancies between Member States, shaping a rather chaotic legislative landscape. The European Commission has had to initiate numerous formal infringement procedures to accelerate progress.

At the moment, all Member States have adopted the law with the exception of Poland and Estonia, which seem to be experiencing additional delays. When it comes to the UK or Switzerland, the Directive will not be transposed. However, British or Swiss companies with subsidiaries in any of the Member States might still be concerned.

The Directive in a nutshell

The European Directive for the Protection of Whistleblowers first entered into force in 2019, aiming to establish and promote a high level of protection for citizens to report breaches of EU law. It grants protection to individuals reporting misconduct in a work-related context through a three-tier system:

  1. via internal (mandatory) reporting mechanisms of organisations;
  2. via external competent authorities;
  3. via public disclosures to the media.


Organisations with 250+ employees had until December 17, 2021 to comply.

Organisations with 50-249 employees must comply before December 17, 2023.

Comply with SpeakUp

What are the exact requirements for the internal reporting mechanism?

Organisations must:

  • process and store reports in a secure, GDPR-compliant manner
  • acknowledge the receipt of reports and follow-up within specific time-frames
  • allow whistleblowers to report via both written and verbal communication

SpeakUp meets and exceeds the Directive’s requirements for the internal reporting channel.

Highest Security & Privacy Standards

How to guarantee the safety of your reporting mechanism?

At SpeakUp, we accept nothing less than the very best for our clients. This is why we have implemented the most extensive control framework.

We are the only provider to be quarterly audited according to ISAE3000 Type II (eq. SOC2) on all aspects of our operations (including human translations!). Our ISAE3000 Type II assurance program fully encompasses and proves continuous adherence to the following standards:

  • ISO27001
  • ISO27002
  • ISO27701
  • GDPR

See certificates

European Solution

How is whistleblowing perceived in Europe?

As one of the first European providers, we understand the European whistleblowing culture better than anyone. This is what makes us excellent partners to hundreds of European organisations. Other than the EU Whistleblowing Directive, we’ve been helping our clients deal with:

  • GDPR (EU)
  • Schrems II (EU)
  • Sapin II (FR)
  • Lieferkettengesetz (DEU)
  • Public Interest Disclosure Act (UK)

In addition, we make sure that all SpeakUp® data are stored and processed within the EEA+.

© 2023 SpeakUp