Directive on the protection of whistleblowers - Transposition is late but on its way

The European directive of 23 October 2019 on the protection of persons who report breaches of EU law (“whistleblowers”) was supposed to be transposed into Belgian law by 17 December 2021 at the latest. The transposition of this directive is therefore behind schedule, but should take place in the course of 2022, since a bill targeting the private sector should be adopted soon, just as in the public sector.

Legislative process

Currently, in Belgium, only certain sectors have regulations on the protection of whistleblowers, particularly in the public and financial sectors. With the adoption of the directive of 23 October 2019, the European legislator called for an extension of this type of procedure to all sectors, both public and private.

A draft bill on the private sector was submitted for a joint opinion to the National Labour Council and the Central Economic Council. In an opinion of 30 November 2021, the social partners made various recommendations related in particular to the definition of the material scope of the law; the need to clearly define the role of trade unions; the need to take account of the difficulty and cost of setting up internal reporting channels for SMEs; the coexistence of two whistleblowing systems within financial and economic SMEs; the need to give the services designated to receive external whistleblowing a collaborative rather than a repressive role; the need to provide for appropriate sanctions in case of retaliation, but also in case of the deliberate dissemination of false allegations and to limit the reversal of the burden of proof over time.

Content of the directive

The idea behind the directive of 23 October 2019 is that workers are best placed to reveal and prevent breaches of EU law in certain areas of public interest such as public procurement, environmental protection, public health, food safety, consumer protection, privacy and personal data protection etc.

However, they are often reluctant to report such violations for fear of retaliation. The aim of the directive is therefore to create a protection for these whistleblower workers against any form of reprisal, whether it be dismissal, disciplinary sanctions, negative evaluation, unilateral modification of working conditions, etc.

The directive also aims to provide a protection for former workers of the company, candidates for employment, self-employed persons, shareholders, administrators, workers of subcontractors and providers, volunteers and trainees. In addition, possible “facilitators” and “third parties” in relation to the whistleblower will also be protected against retaliation.

Under the directive, the worker must be able to disclose information, or even reasonable suspicion, of actual or potential violations, past or future, and attempts to conceal these violations. However, the protection offered by the directive only applies if the person in question could reasonably believe that the information reported was true and fell within the scope of the regulation.

When a person is in possession of information meeting these conditions, the directive offers him or her a choice of three channels to whistleblowing:

1. An internal reporting procedure to be implemented in all private sector companies with 50 or more workers, but companies with fewer than 249 workers will have an additional period to implement this procedure (until 17 December 2023);

2. An external reporting procedure to the competent authorities;

3. Under certain conditions, public disclosure (particularly when the two previous procedures have not resulted in appropriate action).

Under the internal whistleblowing procedure, the employer has various obligations. The employer must designate an impartial person or department to follow up on the reports, communicate about the existence of external whistleblowing channels, ensure the confidentiality of the whistleblower’s identity in the case of internal whistleblowing, follow up on the internal whistleblowing within a reasonable period (maximum three months after the whistleblowing has taken place), etc.

Finally, the directive explicitly provides that any processing of personal data under the directive must be carried out in accordance with the provisions of the GDPR, which the Belgian legislator will have to take into account in the transposition.

Key message

The directive has not yet been transposed into Belgian law. However, in view of the many steps to be taken and the need to respect social dialogue, it is advisable to start preparing now. This is all the more important as failure to comply with the forthcoming regulations may result in sanctions, including administrative fines.