On 23 April 2018, the European Commission published a proposal for a Directive on the protection of whistleblowers reporting on breaches of EU law, accompanied by an explanatory memorandum.

The Directive

The intention behind the proposal is to harmonise the minimum level of protection available to whistleblowers across the EU. It reflects the Commission’s view that whistleblowers can play an important role in exposing breaches of EU law, but they will often resist coming forward for fear of the legal and financial consequences which may occur. At present, legal protection for whistleblowers is fragmented and, in the Commission’s view, insufficient. In its explanatory memorandum, the Commission talks of ‘missed opportunities’ for preventing and detecting breaches of EU law where certain Member States currently have a lack of protection and argues that the harmonisation brought about by the draft Directive will contribute toward improving the business environment, increasing fairness in taxation and promoting labour rights.

The draft Directive applies to reports of breaches across a wide range of EU areas of law, including the protection of privacy and personal data, and security of network and information. It creates an obligation to establish internal channels and procedures to handle reports made by whistleblowers, which applies to entities that meet the prescribed thresholds. For those entities in the private sector, the threshold is 50 or more employees, or an annual turnover of EUR 10 million or more, although this does not apply to businesses offering financial services, for which there is no minimum threshold. Entities in the public sector will be caught if they are involved in state or regional administration, if they are responsible for municipalities with more than 10,000 inhabitants or if they are otherwise governed by public law.

New protections for whistleblowers

The protections afforded under the proposal are granted to individuals who acquire information on violations of EU law in a ‘work related context’. This gives the draft Directive a broad scope, covering not only employees, but also other categories of individuals such as volunteers, shareholders and job applicants.

The draft Directive grants protection to such individuals where they have reasonable grounds to believe that the information reported was true at the time of reporting and where the information falls within the scope of the draft Directive. Whistleblowers meeting these criteria are protected from any form of retaliation, including, to name but a few examples: suspension, demotion or withholding of promotion, any financial penalty or a transfer of duties.

Member States are required to sanction any retaliation measures taken and to ensure that whistleblowers have access to free advice on the procedures and remedies available on protection against retaliation. In the current draft, qualifying whistleblowers must also be exempt from any liability for breach of restrictions on disclosure of information by contract or statute, as to allow businesses to rely upon such argument would undermine the entire objective of the proposal.


The proposal is open for feedback via the Commission’s Have Your Say website until 20 June 2018, although this deadline will be extended to allow further opportunities for public consultation. The draft Directive is pending adoption by the European Parliament and Council, and it is anticipated to become applicable in 2021. It will be interesting to see how closely the current iteration of the draft resembles the final Directive, and there is an important balance to be struck here. As crucial as it is not to allow those with knowledge of serious breaches of EU law to be discouraged from coming forward, the damage which an individual could do to a business’s reputation by making an accusation, or disclosing confidential information, in the reasonable but mistaken belief that that business is acting in breach of EU law is not something which should be taken lightly.