The whistleblower system - reporting misconducts

As of 2019, the provisions of Directive (EU) 2019/1937 of the European Parliament and of the Council on the protection of whistleblowers, the so-called Whistleblower Protection Directive, are in force. Member States are required to implement its provisions by 17 December 2021. A "whistleblower" is a person in a private or public company whose mission is to report any irregularities in the company or unfair activity of the employer. Today, these individuals are particularly vulnerable to discrimination or retaliation and often choose not to raise their concerns for fear of adverse effects. The European Union authorities have therefore decided to ensure balanced and effective protection of whistleblowers under EU law, thus obliging Member States to implement appropriate legal provisions guaranteeing such protection.

Time for implementation

As a first step, all member states have until December 17, 2021 to issue regulations implementing the Directive, which will apply to public sector entities and private sector entities, i.e., companies with at least 250 employees. These entities are required to establish procedures and implement tools that meet the requirements of the Directive.

With respect to private entities that employ between 50 and 249 employees, transitional provisions apply, for which the time for implementing the Directive has been extended twice - until December 17, 2023. The 50-employee limit does not apply to legal entities that operate in the financial sector, civil aviation, maritime transport and activities in the area of offshore oil and gas fields.

Integrity Line - whistleblowing

The implementation of the Directive will impose new obligations on businesses, including:

The provisions of the Directive do not expressly set out the technical and organizational measures that companies should implement. The obligation to specify lies with the member states that implement the Directive.

Polish law implementing the provisions of the Directive has not yet been enacted, however the obligation to provide an appropriate notification channel rests with the companies, which are obliged to activate it by 17 December 2021.

Simple and safe solution

While waiting for national legislation, all companies can already prepare themselves to ensure proper protection of whistleblowers by implementing a dedicated IT solution - EQS Integrity Line - a secure whistleblowing system in Poland and the EU.

The system guarantees the anonymity of whistleblowers and ensures that their identity cannot be traced by technical means. EQS Integrity Line is hosted on external high-security servers with ISO 27001 certification. These servers do not store IP addresses, location data, device specifications or other data that could allow conclusions about the whistleblower's identity.

The whistleblower can choose whether to remain anonymous or provide any personal information. In all cases, the content of the report is sent highly encrypted using a public-private key procedure (PGP) with 2048 RSA bits. In addition, all communication with the server is done over a secure HTTPS connection.

Guarantee of security

EQS Integrity Line meets the highest standards of IT security and personal data protection, confirmed by certificates obtained in this field.

Integrity Line certyfikaty

If you would like more information about our incident management solutions, please contact us by e-mail at info@cogit.pl or call +48 22 496 60 00.