On May 12, 2023, the Bundesrat gave its final approval to the Whistleblower Protection Act (HinSchG). The law is expected to come into force before the end of June 2023.
After the Bundesrat initially refused to give its approval to the first draft of a Whistleblower Protection Act, an agreement has now been reached in the Mediation Committee. The original version of the law provides in particular for changes to the reporting channels for anonymous tips, fines and the scope of the law.
What does the Whistleblower Protection Act regulate?
The Whistleblower Protection Act transposes the EU Whistleblower Directive (EU) 2019/1937 into national law. The aim of the Act is to strengthen the previously patchy protection of whistleblowers and other persons affected by a report. The aim is to ensure that whistleblowers are not put at a disadvantage by internal or external reporting of violations. Among other things, this applies to internal violations of criminal law, occupational health and safety, health protection and minimum wages. At the same time, however, the law also covers all general legal standards protecting third parties that are standardized in the EU Whistleblower Directive, including in particular money laundering regulations as well as requirements for product safety, IT security, consumer protection and data protection.
What are the consequences of the law for companies?
Companies with at least 50 employees – or regardless of the number of employees in the financial and insurance sectors – are required to set up internal reporting systems. Medium-sized companies with up to 249 employees are required to implement the law by Dec. 17, 2023. Large companies must be able to demonstrate reporting systems within one month of promulgation.
What do companies have to do?
There is a concrete need for companies to take action. It should be ensured that the necessary reporting points are set up in compliance with the law and on time. The specific structure may vary depending on the size of the company. Furthermore, the reporting offices should be capable of acting and internal processes and workflows should be designed securely. WR Legal will be happy to advise you on the type and design of timely implementation.