Whisteblower protection: What types of reports are covered?

by Kaarle Parikka


The European Union’s (EU) Whistleblower Directive welcomes a new chapter for the protection of employees and individuals who report breaches in the law. The directive was officially adopted by the EU in 2019 but organisations have until the end of 2021 (or 2023  for smaller organisations) to put whistleblower policies, programs and channels in place.

In order for the whistleblower to be protected by the directive, the subject of their report must be of certain nature. This blog post will focus on shedding more light into the topics and types of reports listed in the directive.

The Framework


A breach of law is an action or omission that directly violates, or results in a contravention of the laws or regulations in a country. If an individual notices such actions, they can report their findings through a whistleblowing channel while being protected from countermeasures by the directive.

The EU regulation protects whistleblowing regarding the following types of reports:


Public Procurement


A public contract is when a government or government-run entity buys supply, service or public works from an external supplier. In the European Union, such procedures must comply with national procurement legislation and the procurement directives set by the EU.

In order to follow the regulation, the tendering process must be transparent and contracts must be awarded based on the most economically advantageous tender or the lowest price.


Financial Services, Anti-Money Laundering, And Counter-Terrorist Financing


The origin, flow and direction of money are central to global security, integrity of the financial system and sustainable growth. Thus, it is important that banks and other obliged entities apply measures to avert acts such as money-laundering, embezzlement and terrorist financing, amongst others.

In order to follow the regulation, customer due diligence shall be carried out when entering into a new business relationship with another entity.


Product Safety and Compliance


Businesses have to ensure the safety of products for their consumers. Failure to comply with global policies on product safety has legal and public health implications.

To comply with the regulation, companies need to follow labelling requirements, use systematic risk management and assessment approaches to monitor their performance and rapidly notify users when unsafe products reach the market or are a subject of a ban or a recall.


Consumer Protection


In addition to product safety, institutions are further required to operate in a manner that protects the consumer. The topic covers e.g. fair pricing, fair business-to-consumer commercial practices, guarantees, distance marketing of consumer financial services, credit agreements and the comparability of fees related to payment accounts.

If these practices are violated, individuals can and should take action to report them and be able to trust that their anonymity is secured and that they are protected from countermeasures.


Transport Safety


Transport safety has a direct impact on people’s lives and safety. The Directive prioritises whistleblower protection in different transport industries.

To comply with regulation, organisations operating in aviation, maritime, railway, road, or inland waterway transportations need to maintain their equipment and infrastructure in a certain manner, provide sufficient training for their employees, follow safety requirements, carry out investigations of accidents and incidents, to name a few.


Environmental Protection


The EU is driving sustainability and has some of the world’s highest environmental standards. The goal of these standards is to help the economy become more environmentally friendly, protect natural resources and guarantee the health and wellbeing of people.

In order to comply with the regulation, organisations need to protect natural habitats, keep air and water clean, manage noise pollution, ensure proper waste disposal, and be aware and notify stakeholders of toxic chemicals, to name a few.


Radiation protection and Nuclear Safety


There are various regulations that govern nuclear manufacturing and nuclear safety. One example is the rules of the European Atomic Energy Community (Euratom).

The directive supports guidelines like Euratom’s and demands that entities dealing in nuclear energy need to ensure the safety and operation of nuclear installations, protect the general public from getting access to resources (e.g. water) that have been compromised by radioactive substances, set strict procedures for radioactive waste management, and follow the regulation on shipments of radioactive substances. It also promotes the swift reporting of safety malpractices.


Public Health


This part of the directive consists of four parts:

  • quality and safety of organs and substances of human origin (e.g. blood  tests)
  • quality and safety for medicinal products and devices of medical use
  • patient rights
  • manufacturing, presentation and sale of tobacco and related products

Whistleblowing plays a vital role in promoting public safety and well-being, and can include reporting on any malpractices that could negatively impact public health and safety regarding the four points mentioned above.


Food And Feed Safety, Animal Health And Welfare


The EU Directive offers whistleblower protection for those reporting misconduct within the food and feed industries. Breaches in law in these sectors could be harmful to the public and can also impact the health and welfare of both human beings and animals.

To comply, organisations need to follow the general principles of the union food and feed law, promote the health of animals and plant, and follow the health rules of animal by-products and derived products not intended for human consumption.


Protection Of Privacy And Personal Data, And Security Of Network And Information Systems


Institutions are required to abide by privacy and data-protection laws and sustain the security of their network and information systems. One example is the General Data Protection Regulation (GDPR).

Whistleblowers are encouraged to report on privacy infringements and breaches of personal data. The EU also protects individuals who report breaches of network and data systems that compromise individual data sets or regional and/or national security.


Final Thoughts


As we can see, the EU Whistleblower Directive is extensive and changes how institutions, businesses, and society view whistleblowing as a whole. This wind of change enables more individuals and institutions to be able to take justified action without the fear of personal consequences. It also offers actionable tools for organisations to evaluate and improve the clarity of their operations.

If you're looking for a whistleblowing channel that is in line with the new directive, ticks all the boxes for anonymity, enables real dialogue, has built-in investigation features and more, have a look at our | Whistleblowing module and book a demo to discuss your specific needs:

Book a demo

We're a tech company with a passion for helping our customers adapt to the fast changing VUCA world. We're doing that by developing easy-to-use SaaS products that make gathering, managing and analysing field information as easy as possible for the end users. Remove gatekeepers, go horizontal and learn from your mistakes before they actually happen. More info at


Kaarle Parikka

Head of Marketing