A Comparison of Whistleblowing Regulations in the UK and the EU


The term ‘whistleblowing’ means making a (public) disclosure that is in the public interest.  In other words, whistleblowers come forward about breaches of law or other wrongdoings that they are aware of within the company they work for. For every company, but especially for larger ones,  whistleblowing is important to maintain an open and transparent working environment. Whisteblowers are able to expose threats to society or the environment. As this will likely involve very sensitive information, whistleblowers are protected by law against being dismissed, degraded, or discriminated against. However, these laws differ per country, and in this article, we will discuss the key differences between the European Union (EU) and the United Kingdom (UK).

The EU Whistleblowing Directive

In the EU, the Whistleblowing Directive (2019/1937/EU) was introduced to create more consistency among the EU Member States. In doing so, every country will have the same minimum standards for employers as well as regulators when it comes to whistleblowing. There are however member states that offer more protections that even go beyond the minimum requirements.

Who is affected?

Under the EU Whistleblowing Directive, every company with 50 or more workers must comply with its provisions. This includes (i) an obligation to enable workers to report breaches of certain laws (detailed below) within the company; and (ii) ensuring that those who do make such a report, are legally protected against retaliation. The obligations will also apply to regulated entities in the financial services industry and those vulnerable to money laundering or terrorist financing regardless of their size.

Who can be a whistleblower?

Under EU law, whistleblower protection extends not only to employees, but also job applicants, former employees, supports of the whistleblower, self-employed/freelance workers, shareholders and non-executive directors, persons under supervision of (sub)contractors and suppliers and journalists.

What can be reported?

The breaches of law that are covered by the EU Whistleblowing Directive are EU laws concerning public procurement; financial services, products, and markets; anti-money laundering and terrorist financing; environmental protections; product safety; transport safety; radiation protection; food and feed safety, animal health and welfare; protection of privacy and personal data; and security of network and information systems. This means that some of the most important workers’ rights are not included, such as anti-discrimination, bullying, and health and safety.

What are the criteria for protection for whistleblowers?

In order for a whistleblower to be protected under the EU Whistleblowing Directive, two criteria have to be met: (i) the whistleblower must have reasonable grounds to believe that what they are reporting is true at the time of the report and that it is within the scope of the Directive; and (ii) the whistleblower must follow a very specific procedure to make a disclosure.    

How are whistleblowers protected?

If a whistleblower meets the criteria as set out above, they will be legally protected from dismissal or discrimination. They will be exempt from liability for any actions they need to take to acquire, access, and disclose information (unless they obtained it in a way that is criminal). Moreover, if the whistleblower can show that they are being retaliated against due to their disclosure, the person or persons who took the detrimental action have to provide that their action was (i) justified and (ii) not connected to the whistleblowing.

Obligations on companies

As stated above, the EU Whistleblowing Directive also imposes obligations on companies, apart from offering protection to disclosures.  Companies with more than 50 employees are required to:

-       Set up internal systems for whistleblowers to report their concerns orally or in writing;

-       If a disclosure is made, acknowledge the receipt within 7 days;

-       Maintain confidentiality and respect data protection law (the GDPR);

-       Designate an impartial person or department to investigate the concern(s);

-       Communicate investigation updates to whistleblower and give feedback within 3 months; and

-       Provide options to whistleblowers on how to report concerns to regulators.

The UK Public Interest Disclosure Act 1998 (PIDA)

In the UK, the PIDA governs the legal protection of whistleblowers. Whistleblowers will be protected if they meet three criteria: (i) they are a worker; (ii) they reveal information of the right type (‘qualifying disclosure’); and (iii) they make their qualifying disclosure to the right person, following the right procedure (‘protected disclosure’). Disclosures must be made to a ‘prescribed person’.

Who is affected?

The PIDA does not impose specific obligations on companies like the EU Whistleblowing Directive does. Rather it applies to any qualifying worker within any company.

Who can be a whistleblower?

Within the PIDA, ‘worker’ has a very specific meaning. Apart from (former) employees, it also includes agency workers, freelancers, seconded workers, homeworkers, trainees, and non-executive directors.

What can be reported?

Six relevant failures that fall under the PIDA and which may be reported through a qualified disclosure are: (1) criminal offences; (2) breach of a legal obligation; (3) a miscarriage of justice; (4) danger to health and safety of an individual; (5) risk of or actual damage to the environment; or (6) the deliberate concealing of a wrongdoing.  Personal grievances such as bullying, harassment and discrimination are excluded (unless the case is in the public interest).

What are the criteria for protection for whistleblowers?

PIDA offers protection to workers who make ‘qualified disclosures’. A qualified disclosure is made when the worker (i) reasonably believes that the disclosure is made in the public interest, (ii) that the disclosure is made in the public interest, and (iii) that malpractice in the workplace is happening, has happened, or will happen. A disclosure also only qualifies if it is made following a specific procedure. Moreover, the disclosure may not be made if the person making it commits an offence by making it or breaches a professional privilege in doing so.

A qualified disclosure is also a protected disclosure if the way in which the information is disclosed meets certain criteria. Any disclosure directly to (a) the employer, (b) a third-party responsible for the failure (such as a client or supplier), (c) a legal advisor is a protected disclosure. Disclosures may also be made to ‘prescribed persons’, if the claim is a matter within their area of responsibility (e.g. HMRC, the Health and Safety Executive, or the Office of Fair Trading). If there is an exceptionally serious failure, the worker will not need to go through the regular channels, but may make a public disclosure straight away.

How are whistleblowers protected?

If a worker has made a disclosure, they may not be subjected to any detriment. They may not be dismissed if the reason for dismissal is making the disclosure.

What steps should your business take next?

Although not every company is required to set up a whistleblowing policy, having a defined procedure will create an open, transparent, and safe working environment. Your workers will feel as though speaking up is encouraged, which ultimately will only help your business become better. Moreover, if an employee with a concern feels heard about their issue, this will reduce the risk that they go public with their complaint. Your employees are often direct witnesses of wrongdoings, which means they are in an excellent position to prevent further harm which may damage the company’s performance or reputation.

1.    Implement a whistleblowing policy

-       Explain to workers what their rights are

-       Set up the right processes to handle complaints when they come in

2.    Communicate your whistleblowing policy to everyone who is concerned a worker

3.    Appoint an individual or team who know how to implement your whistleblowing policy

4.    Protect disclosers’ privacy, confidentiality and make sure they are not retaliated against in any way

5.    Keep disclosers updated regarding any investigation and updates to prevent them from making a public disclosure