The Clock Is Ticking For SME's And Their Internal Reporting Channels

• Jurisdiction: European Union
• Law Firm: Contrast
• Subject Matter: Corporate/Commercial Law, Employment and HR, Government, Public Sector, Compliance, Corporate and Company Law, Government Contracts, Procurement & PPP, Whistleblowing
• Author: Mr Filip Tuytschaever and Lise Ryckaert
• Published date: 06 March 2023

Imagine...

You are a producer of pralines. You started out small, but today your company has over 150 employees. Right from the start you did everything you could to promote a compliance culture within your company. You find it imperative to always deal correctly with your commercial partners and to strictly comply with all applicable laws.

You hear that Europe has adopted legislation establishing reporting channels for legal infringements. At your initiative, you had already set up such a reporting channel within your company a few years ago. Employees who identify or suspect abusive practices can always report this to their superior, who will arrange for the necessary follow-up. You are pleased to hear that you were ahead of your time. Or perhaps not? According to your legal department, there is still a good deal of work left to do. But if so, why? And what remains to be done?

A brief clarification.

People who work for a company are often the first to become aware of possible infringements that the company is committing and which can be detrimental to the public interest. Due to fear of retaliation, however, they often refrain from reporting the infringements they have discovered. In 2019 Europe adopted a directive designed to fix that situation. The directive contains minimum requirements for reporting channels and assures protection for reporting persons (AKA whistleblowers). It gave the Member States until 17 December 2021 to transpose these requirements into national law. For SME's with 50 to 249 employees, the obligations only need to enter into force on 17 December 2023. This means that our praline producer still has the rest of this year to do what is necessary.

As a reminder, what kinds of breaches can be reported?Firstly it concerns infringements of important EU legislation. This legislation is listed in the directive and includes breaches of the rules on product safety, environmental and consumer protection, public procurement contracts, personal data, competition, state aid and the internal market. The directive introduces only a minimum level of protection. Member States may expand the protection on the basis of their own national law. Europe will also periodically evaluate whether the list of legislation should be extended.

Who enjoys protection?The directive offers protection to persons who communicate information on infringements that they acquired in a work-related context. The protection extends to third parties who are connected to the...