The European Parliament adopted by 591 votes to 29, with 33 abstentions, a legislative resolution on the proposal for a directive of the European Parliament and of the Council on the protection of persons reporting on breaches of Union law.
The European Parliaments position adopted at first reading under the ordinary legislative procedure amended the Commission proposal as follows:
Common minimum standards to protect whistleblowers
The proposed Directive shall aim to enhance the enforcement of Union law and policies in specific areas by laying down common minimum standards providing for a high level of protection of persons reporting on breaches in a wide range of areas, including public procurement, financial services, product and transport safety, nuclear safety, public health, consumer protection, personal data protection and breaches of competition and state aid rules.
The Directive shall not affect the responsibility of Member States to ensure national security and their power to protect their essential security interests. It shall not affect the protection of confidentiality of communications between lawyers and their clients.
Scope
This Directive shall apply to reporting persons working in the private or public sector who acquired information on breaches in a work-related context. It shall also apply to reporting persons also where they report or disclose information acquired in a work-based relationship which has since ended. The measures for the protection of reporting persons shall also apply to facilitators and to third persons connected with the reporting persons and who may suffer retaliation in a work-related context, such as colleagues or relatives of the reporting person.
Conditions for protection of reporting persons
Persons reporting information on breaches falling within the areas covered by this Directive shall qualify for protection provided that:
- they had reasonable grounds to believe that the information reported was true at the time of reporting and that the information fell within the scope of this Directive;
- they reported internally in accordance with the Directive and externally, or directly externally or publicly disclosed information.
Persons who reported or publicly disclosed information anonymously but were subsequently identified shall nonetheless qualify for protection in case they suffer retaliation.
Obligation to establish internal channels and procedures for reporting and monitoring
Legal entities in the private and public sectors shall establish internal channels and procedures for reporting and following up on reports. The use of internal channels shall be encouraged before any external reporting, where the offence can be effectively remedied internally and the reporting person considers that there is no risk of retaliation.
Member States may exempt from the obligation referred to in paragraph 1 municipalities with less than 10 000 inhabitants, or less than 50 employees, or other entities with less than 50 employees.
Legal entities in the private sector with 50 to 249 employees may share resources as regards the receipt and possibly also the investigations of reports. This is without prejudice to their obligations to maintain confidentiality and to give feedback, and to address the reported breach.
Internal reporting procedures
These procedures shall include the following elements:
- channels for receiving the reports ensuring the confidentiality of the identity of the reporting person;
- an acknowledgment of receipt of the report to the reporting person within no more than seven days of that receipt;
- the designation of an impartial person or department competent for following up on the reports;
- diligent follow up where provided for in national law as regards anonymous reporting;
- a reasonable timeframe to provide feedback to the reporting person about the follow-up to the report, not exceeding three months from the acknowledgment of receipt of or if no acknowledgement was sent, from the expiry of the seven-day period after the report was made;
- clear and easily accessible information regarding the conditions and procedures for reporting externally to competent authorities and, where relevant, to institutions, bodies, offices or agencies of the Union.
External reporting
Informants may also provide information on breaches by using external channels after using the internal channel or by reporting directly to the competent authorities. Member States shall designate the competent authorities to receive, provide feedback on or follow up on reports. The competent authorities shall inform the reporting person of the final outcome of investigations.
Public disclosures
A person who publicly discloses information on breaches shall be protected if he or she first made a report through internal and external channels and had reasonable grounds to believe that the offence may represent an imminent or manifest danger to the public interest, such as an emergency situation or a risk of irreversible damage.
Member States shall ensure that the identity of the informant is not disclosed without the explicit consent of the informant to any person other than staff members authorised to receive and/or follow up on reports.
Prohibition of retaliation
The proposed Directive prohibits any form of retaliation, including threats and attempts at retaliation, direct or indirect, in particular in the form of dismissal, demotion or refusal of promotion.
Member States shall provide whistleblowers with comprehensive and independent information on available procedures, free advice and legal assistance during the procedure. During the latter, whistleblowers may also benefit from financial and psychological support.