How to meet the EU Whistleblowing Directive requirements?

Are you a company with more than 50 employees, a local authority, a school or a publicly funded organisation and want to be sure you're meeting all the requirements of the new EU directive? FaceUp has you covered. We'll also monitor all risks and deadlines for you.

Protects whistleblowers
Compliant with EU Whistleblowing Directive
Trusted by more than 2,700 customers worldwide
EU Flags Directive.png

What are the EU Whistleblowing Directive requirements and how does FaceUp meet them?

Set up a secure internal reporting channel which enables anonymous reports.

✔️ Whistleblowers can create reports through the FaceUp website, your own website, intranet or even through our mobile app.

Designate an impartial person (assignee) who can receive and investigate reports from whistleblowers.

✔️ They'll receive access according to your organisational structure and type of report. We'll provide a contract template to the assignees and are happy to provide training. We can also offer external counsel services.

Protect whistleblowers against retaliation.

✔️ Whistleblowers can communicate anonymously through FaceUp which ultimately is the best way to protect them from retaliation.

Respond to the report and investigate it within the statutory time limit.

✔️ We automatically keep track of all deadlines, send you prompt smart notifications, and simplify all matters relating to the report.

Maintain a secure archive system for individual reports from all sources.

✔️ The FaceUp administration area serves as an encrypted database of reports from all your communication channels. You can add comments, upload attachments, and save notes.

Enable written and oral reporting. For oral whistleblowing reports, you can upload a recording or a transcript.

✔️ With FaceUp, the whistleblower can not only send text reports but also record anonymised voice messages.

Ensure confidential communication between whistleblower and assignee.

✔️ Only designated assignees will have access to reports. Neither FaceUp nor any third party have access to them.

Make the reporting channel accessible not only to your employees but also to other groups (contractors, job applicants...).

✔️ You can make FaceUp available to anyone you wish. This can be through a password, a direct link, QR code or your website.

Ensure that whistleblowers receive a fair evaluation of the legitimacy of their report. .

✔️ The whistleblower can see the status of their report by entering a unique code on the website. They can also receive a notification that their report has successfully reached the system.

Inform the whistleblower of the steps taken to investigate their report.

✔️ Through FaceUp you can keep the whistleblower informed of everything they need to know. Their identity is protected during all communications, for as long as they wish it to be.

Ensure a fair evaluation of the legitimacy of their report.

✔️ FaceUp offers the combination of maintaining the whistleblower's anonymity and the option of a follow up conversation. You can ask for further information and evaluate the legitimacy of the report.

Post the authorised person's details online and provide remote access to reports.

✔️ We'll automatically create a profile for your organisation so all the important information is available online. You can easily set up remote access yourself, as well as for the reporting channel.

Create an internal wiki on the protection of whistleblowers and related legal documents.

✔️ In the FaceUp administration area there are free legal document templates for you to use. We can also put you in contact with approved partners who can create tailored versions for you.

Allow whistleblowers to file a report with a regulatory body or to make it public.

✔️ We'll set up your system in such a way that makes it not only easier, but also safer for whistleblowers to report directly to you. Over 10,000 reports have already been submitted through us.

Whistleblowing channel available 24/7.

✔️ You can put your trust in FaceUp. We have been running for over 5 years, are trusted by 2,700 organisations on 4 continents and have an in-house team of experienced developers working on our platform.

Train the designated person in their responsibilities and record this training.

✔️ Both FaceUp and our partners can assist with training. You can find a free record template in the administration area.

Process data in accordance with GDPR.

✔️ Full compliance with GDPR regulations and ISO 27001 certificated.

Key dates of EU Whistleblowing Directive

Check Icon

23 October 2019

The European Parliament and European Council approved a directive protecting those who report breaches of EU law, known as the "Whistleblowing Directive".

Check Icon

17 December 2021

The European Directive guaranteeing the protection of whistleblowers and prohibiting any form of retaliation comes into force. Affected organisations should have an internal whistleblowing system in place.

Hours Icon

Year 2023

EU countries gradually introduce laws which implement the requirements of the Directive. All private companies with more than 50 employees and autonomous areas of more than 5,000 inhabitants must implement a reporting channel.

REQUEST A DEMO

Frequently asked questions about whistleblowing

Who is a whistleblower?

What can whistleblowers report?

What if an organisation does not comply with the EU Whistleblowing Directive?

How can I protect whistleblowers?

What to look out for in terms of the EU Whistleblowing Directive?

Why is it important for employers that employees report anonymously?

How to prevent an issue being reported to the authorities or made public?

Can smaller organizations share a single whistleblowing system?

Can an organization have an external designee with access to FaceUp?

Articles about whistleblowing

ISO 37301, ISO 37001, IATF 16949, TISAX, SMETA

Standards and certifications that require the introduction of a whistleblowing system

There are a variety of standards and certifications which your organization can apply to ensure that your workplace and processes are ethical, transparent and responsible. Many require or suggest the implementation of whistleblowing system, such as the following:  ISO 37301ISO 37301 was introduced by the International Organization for Standardization in April 2021 and sets out guidance on implementing a compliance management system (CMS). It is based on widely accepted principles of good governance, proportionality, transparency and sustainability. One of the key aims of ISO 37301 is to outline the best practice when implementing a whistleblowing policy. These include: Timely and thorough investigation of allegations or suspicions of misconduct.A visible and accessible whistleblowing system.Confidential, anonymous reporting channels.Impartial investigations of any reports of unethical conduct.Comprehensive documentation of reports made.Recording of any lessons learnt changes to the CMS.ISO 37001Published in 2016, ISO 37001 provides guidance and details requirements for the setup and maintenance of an anti-bribery system. ISO 37001 is designed to help combat instances of bribery in the public, private and nonprofit sectors, perpetrated by individuals within the organization, as well as those acting on its behalf, plus a host of other scenarios. ISO 37001 is only intended for use as part of an anti-bribery system, but its recommendations are deliberately generic as to be applicable for any nature of organization.  The introduction of a whistleblowing system in your organization is crucial for complying with ISO37001. Requirement no. 18 specifically calls for the implementation of a whistleblowing system: ‘Implement reporting (whistle-blowing) procedures which encourage and enable persons to report suspected bribery, or any violation of or weakness in the ABMS, to the compliance function or to appropriate personnel’. IATF 16949IATF 16949 is a standard published by the International Automotive Task Force (IATF) and the Technical Committee of ISO, to be used in the creation of a quality management system to allow for ongoing improvement in the automotive industry supply and assembly process. The standard was updated in 2016 to include a stipulation for a whistleblowing policy. The updated version states: ‘[Organizations] shall define and implement corporate responsibility policies, including at a minimum an anti-bribery policy, an employee code of conduct, and an ethics escalation (whistle-blowing) policy.’ TISAXTISAX (Trusted Information Security Assessment Exchange) stipulates the standards for information security management systems within the automotive industry and is now commonplace across Europe. Its requirements are very similar to ISO 27001, differing mainly in the fact that TISAX is designed specifically for the automotive industry, whereas ISO 27001 is a more generalized standard. ISO 27001 focuses on data security within an organization, TISAX secures data throughout the supply chain. SMETASMETA (Sedex Members Ethical Trade Audit) is not a standard as such, but an audit that your organization can request to help you understand labor, health and safety, environmental and ethical standards within your workplace. After the audit, organizations receive an action plan designed to help them take corrective steps. The audit comprises two mandatory pillars, Labor Standards and Healthy & Safety. The two non-compulsory pillars are Business Ethics and Environment.  Sedex recommends providing whistleblowing hotlines across your supply chain, particularly to combat modern slavery. Other standards and certificationsRead about other standards and certifications and how they relate to whistleblowing in our previous blog posts: Whistleblowing guidelines: what you need to know about ISO 37002Whistleblowing requirements and the SA8000How whistleblowing can help improve your company's ESG scoreGet in touch and see how FaceUp can meet your whistleblowing needs. 
ja .jpeg

Helena Jezkova

2023-03-17T11:11:12.210Zmin read
Whistleblowing requirements and the SA8000

Whistleblowing requirements and the SA8000

Social Accountability International (SAI) is a global non-government organization that protects and advances human rights at work. The Library of Congress in the United States includes the SAI as one of the recommended organizations providing policies and guidelines for socially responsible companies. And GOV.UK, the official website of the UK government, mentions the SAI’s workplace certification, the SA8000 as one of two audits that can be used to combat modern slavery in government supply chains.     Benefits of getting an SA8000 certificateThe SA8000 certification measures organizational practices according to nine criteria: Child LabourForced or Compulsory Labour Health and SafetyFreedom of Association & Right to Collective BargainingDiscriminationDisciplinary PracticesWorking HoursRemunerationManagement System Organizations that apply for an SA8000 certificate signal to stakeholders and the public that they are committed to creating work environments that protect and promote human rights. Having an SA8000 certification also shows potential investors that your organization is a safe investment.  As ESG (Environmental, social, and corporate governance) investing becomes more prevalent, organizations are under increased pressure to ensure that they are above board and operating ethically. The SA8000 is one of the most well-known certifications for ensuring that commitment.    SA8000 whistleblowing requirementsThe SA8000 requires that a company has a written complaint system. This grievance process must be easily accessible, for employees and other interested parties to make complaints, comments, recommendations, or reports about the workplace or violations of SA8000 standards. The SA8000 also specifies that the complaint system must be unbiased, confidential, and non-retaliatory. Once a report is received, the organization needs to have a clearly outlined process for investigating and following up on complaints concerning the workplace or non-conformance to the SA8000 guidelines.  The results of the investigation and response must be freely available to all personnel and interested parties upon request. Finally, The SA8000 makes it clear that the organization can’t in any way punish, dismiss, or discriminate against a member of staff if they choose to make a complaint. Do you need an internal complaints system for the SA8000?FaceUp is an intuitive effective whistleblowing system that matches all of these requirements. FaceUp makes it easy to track reports and respond to issues quickly within your organization. Available in 113 languages, the platform takes minutes to integrate into your organization and makes collecting reports and responding to workplace issues much easier. Get in touch and see how FaceUp can meet your whistleblowing needs. 
ja .jpeg

Helena Jezkova

2023-03-09T19:29:15.555Zmin read
EU Whistleblowing Directive

What is the EU Whistleblowing Directive?

The subject of whistleblowing has been gaining traction in recent years, with both companies and the authorities looking for ways to protect whistleblowers when they speak up about unethical conduct in their workplace. To that end, the EU introduced its EU Whistleblowing Directive 2019 (also known as EU Directive 2019/1937), which aims to standardise the amount of protection afforded to whistleblowers across member states.  What does the EU Whistleblowing Directive cover?Under the Directive, organizations must:  Provide an internal whistleblowing channel (like FaceUp 🙂!)Educate employees and other stakeholders about whistleblowing optionsProtect whistleblowers who report breaches, andPrevent them from retaliationIt’s important to note that this is a directive, not a regulation (like GDPR), which means it is left up to individual member states how they go about applying it. The Whistleblowing Directive acts as a minimum standard of protection for whistleblowers. Countries or individual companies may go even further if they wish. When does the EU Whistleblowing Directive come into effect?The EU Whistleblowing Directive was adopted on 23 October 2019 and came into force on 16 December 2019, meaning that member states had until 17 December 2021 to transpose it into their national laws, although many missed this deadline.  Organizations with 50-249 workers have until 17 December 2023 to implement internal reporting channels. Who is protected and who has to comply?Simply put, the Directive protects anyone who has a ‘work-based relationship’ with an organization. The scope is broad and covers all manner of paid and unpaid workers, from full-time employees to freelancers, suppliers and subcontractors.  The Directive applies to all companies with more than 50 employees or with an annual turnover or assets totalling more than 10 million EUR. It also applies to local authorities which serve more than 10,000 people. How FaceUp can help your company comply with the EU Whistleblowing Directive Complying with the Directive may seem confusing and overwhelming. Fortunately, FaceUp has you covered. By using our whistleblowing platform, you can be assured that you are complying with the Directive’s stipulations through our anonymous and secure internal reporting channel, with the option of appointing an impartial assignee to receive and investigate reports.Check out all the FaceUp features which help you comply with the Whistleblowing Directive.  Do you need advice on how to effectively introduce a whistleblowing system? 
ja .jpeg

Helena Jezkova

2023-03-08T10:02:25.458Zmin read
FREE E-BOOK: everything you need to know about whistleblowing
WHISTLEBLOWING NEWSLETTER