In April 2018 the European Commission proposed a directive to further protect whistleblowers.

According to the proposal, 'whistleblowers' are defined as reporting persons working in the private or public sectors who have acquired information on breaches in a work-related context. This includes, besides those persons who are workers or self-employed:

  • shareholders and persons belonging to the management body of an undertaking, including non-executive members;
  • volunteers and unpaid trainees; and
  • any persons working under the supervision and direction of contractors, subcontractors and suppliers.


The proposal provides for the implementation of an internal and external whistleblowing reporting process which will give employees and external persons the opportunity to report breaches of EU law and ensures that such reports will be followed up.

The obligation to implement this whistleblowing reporting process will apply in the private sector to companies with over 50 employees or with an annual turnover of at least €10 million, as well as to all companies in the financial sector irrespective of their size. Of course, the proposal allows EU member states to go further and impose these obligations on smaller companies after prior assessment.

As far as the reporting and follow-up processes is concerned, the proposal provides the following, among other things:

  • Confidentiality of the identity of whistleblowers – the system must safeguard the identity of the reporting person and unauthorised persons must not have access to their identity.
  • Restricted access to the information – a responsible person must be chosen to follow up on the whistleblowing report.
  • Feedback within a maximum period of three months – companies are basically free to choose a follow-up method and this needs only to ensure that the reporting person will receive feedback on their report within three months of making their report.
  • Whistleblowers must be provided with clear and easily accessible information on how and under what conditions reports may be made externally to the competent authorities (see below).

All persons who believe in good faith that the information that they have reported within the scope of the directive was correct at the time of the reporting will be protected.

The proposal also reverses the procedural burden of proof in certain circumstances. If the reporting person claiming retaliation has reasonable grounds to believe that an act of retaliation is due to their whistleblowing, the accused company has the onus of rebutting this accusation.


It is already obvious that the scope of the proposal is extremely broad. However, such protection should be reasonable, taking into account the interests of not only the whistleblower, but also the companies in question and the public.

For further information on this topic please contact Markulf Behrendt or Inge Vanderreken at Allen & Overy LLP by telephone (+49 69 2648 5000) or email ( or The Allen & Overy LLP website can be accessed at

This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.