On 23 April 2018, the European Commission presented its draft directive “proposal for a directive of the European parliament and of the council on the protection of persons reporting on breaches of Union law”.

The proposal is based on the official Council of Europe Recommendation on the protection of whistleblowers of 2014, according to which Member States should have a legal and institutional framework to protect persons who, in the context of their industrial relations, draw attention to violations and threats to the public interest or make information on them public. The central approach and declared objective of the EU Commission’s draft directive is to create a uniform framework to strengthen the protection of whistleblowers at EU level.

An EU-wide uniform standard for the protection of whistleblowers does not exist yet. Only ten Member States have enshrined comprehensive and sufficient protection for whistleblowers in law, Germany is not one of them.

For some of the legal areas mentioned in the draft directive, German law already contains requirements, e.g. for the financial services sector (§ 4 d FinDAG) or for reporting violations in connection with money laundering and terrorist financing (§ 6 V AMLA). There are also regulations for cases of discrimination (Sections 13, 27 I AGG) or in the area of occupational safety (Section 17 ArbSchG) beyond the objective scope of application of the proposed directive. However, a general legal regulation is still lacking.

According to the draft directive, a minimum level of protection is to be guaranteed in future on the basis of EU-wide minimum standards.

However, these are only minimum standards, as the limited scope for only certain areas shows.

In contrast, the concept of the whistleblower to be protected is interpreted broadly. In addition to employees in the private or public sector, shareholders, management bodies, unpaid interns, volunteers and suppliers should also benefit from the planned rules.

The whistleblower does not have to act with the intention of protecting the general “public interest” when providing the information.

One of the main points of the draft directive is the obligation for companies to introduce an internal procedure for dealing with whistleblower reports (whistleblower system). This affects companies with more than 50 employees or annual sales of more than 10 million euros.

Within the framework of this whistleblower system, a responsible reporting office must be appointed, which is to be organised either internally or externally. The identity of the whistleblower must be treated confidentially and protected from access by unauthorised persons.

A three-stage escalation procedure is prescribed for employees. Accordingly, whistleblowers must first report violations of the law to the internal whistleblower in order to allow the company to investigate possible grievances itself. If the company does not respond to the information within three months, the whistleblower can approach the competent authorities at the second stage. Here, too, there is a three-month deadline for re-registration. If no suitable measures are taken on the first two levels, the whistleblower can finally approach the public, e.g. via journalists and media, on the third level.

The employer is to be prohibited from taking personal retaliatory measures against the whistle-blower (e.g. indemnity, termination, negative performance assessment), provided that the whistle-blower has followed the prescribed procedure. The employer must bear the burden of proof.

The draft directive has yet to be adopted by the Heads of State and Government. If this happens, the draft directive already provides a deadline for transposition into national law by the member states by 15 May 2021.

Companies should therefore begin to deal with the introduction of the whistleblower system.