The law of 28 November 2022 on the protection of whistleblowers of breaches of Union or national law established within a legal entity in the private sector (the Law), has been published on 15 December 2022. The Law transposes Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law into Belgian law (the Directive). The Law enters into force two months after publication in the Belgian Official Gazette (i.e., on 15 February 2022), noting that for certain legal entities, a number of provisions may be implemented later.

The Law does not prejudice the application of existing whistleblowing frameworks, namely the provisions of the law of 2 August 2002 (as amended by the law of 31 July 2017) that concern the reporting of actual or suspected infringements to the financial laws and regulations of which the compliance is supervised by the FSMA and the law of 18 September 2017 providing options to blow the whistle on breaches of the anti-money laundering and counter-terrorist financing provisions and on suspicious client transactions. The precise interplay between the Law and these frameworks however remains to be assessed.

Finally, the material scope of the Law is broader than the one of the Directive, as it also protects persons reporting issues that concern tax and social fraud.

  • Relevant thresholds

The Law provides for different thresholds at the level of legal entities in the private sector, triggering different obligations.

In light of the very broad definition of the concept of legal entity in the Law, these thresholds will be computed at the level of the technical business unit (unite technique d’exploitation / technische bedrijfseenheid) or any other level that is relevant in a given case.

  • Internal reporting lines: points of attention

Legal entities in the private sector with more than 50 employees must set up procedures for internal reporting and follow-up, after consultation with their employee representative bodies, if any.

The key points of attention in such respect are the following:

  • the procedures must be clear, easy and accessible;
  • they should, amongst other requirements, guarantee the confidentiality of the identity of the whistleblower and any involved third party and be accessible only to designated persons; and
  • they may be managed internally by a reporting manager or made available externally through a third-party service provider. In both cases, the legal entity is considered as the data controller of the personal data processed in this context.
  • The whistleblower’s protection

Who is protected?

The whistleblower (whether or not still employed by the legal entity at the timing of reporting).

Facilitators, third parties who are related to the whistleblower and who may experience retaliation in a work-related context (e.g., colleagues or family members), legal entities owned by or working with the whistleblower.

Persons who reported or disclosed issues anonymously, but are later identified and suffer retaliations, are eligible for the same protection, provided they also meet the conditions set out below.

Which conditions must be met?

The (anonymous) whistleblower benefits from the statutory protection provided that he / she:

  • reports (internally or externally) the information:
    • having reasonable grounds to believe that, at the time of reporting, the reported information was correct and fell within the scope of the Law; or
  • discloses the information publicly:
    • after having reported the information internally and/or externally but no appropriate measures were taken; or
    • because he / she has reasonable grounds to believe that:
      • the breach constitutes an imminent or real danger to the public interest; or
      • there is a risk of retaliation in the event of external reporting, or the breach is unlikely to be effectively remedied due to the particular circumstances of the case.

Facilitators and other third parties benefit from the same protection, provided that they had reasonable grounds to assume that the whistleblower fell under the scope of the Law.

What does the protection include?

The whistleblower protection includes the following:

  • prohibition of retaliation (although most of the examples of retaliation in the Law are linked to the professional context (e.g.: dismissal, negative reviews, demotion, harassment, discrimination, non-renewal of a fixed term employment agreement or service agreement, etc.), retaliation does not necessarily need to be linked to the professional context);
  • supporting measures (e.g.: advice, mental support);
  • remedies against retaliation, i.e., the possibility to:
    • file a complaint with a federal coordinator, conducting an out-of-court protection procedure if there is a reasonable suspicion of retaliation (the burden of proof lies with the legal entity concerned);
    • claim a protection indemnity, the amount of which depends on:
      • the capacity of the victim (employee: between 18- and 26-weeks’ remuneration; service provider: actual damages); and
      • whether the information relates to financial markets, products and services or AML (6 months’ remuneration or actual damages occurred).

The protection indemnity cannot be combined with the indemnity for manifestly unreasonable dismissal (national CBA no.109).

  • re-integration for employees reporting and/or disclosing information related to financial markets, products and services or AML.