On 12 May 2023 the German government has passed a new law to transpose the Whistleblower Directive into German law, named Hinweisgeberschutzgesetz. This will enter into force 4 weeks after its publication, likely in mid June 2023.
For companies with 50-249 employees, there is a grace period until 17 December 2023.
Already in January 2022, the EU initiated an infringement proceeding against Germany due to the delayed transposition of the Whistleblower Directive into German law. With the expiration of the deadline to transpose the Directive into local law in December 2021, the Directive is binding for companies in Germany until treplaced by the new German law.
Legislation passed / Directive implemented.
The scope of the German law is broader than the Directive and covers the following topics:
(1) Information on
1. infringements which are punishable by law,
2. infringements which are subject to a fine, insofar as the infringed regulation serves to protect life, limb or health or to protect the rights of employees or their representative bodies.
representative bodies,
3. other infringements of federal and Land legislation as well as directly applicable legal acts of the European Union and the European Atomic Energy Community
a) to combat money laundering and terrorist financing, including in particular the Money Laundering Act and Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information to be transmitted information accompanying transfers of funds and repealing Regulation (EU) No. 1781/2006 (OJ L 141, 5.6.2015, p. 1), as amended by Regulation (EU) 2019/2175 (OJ L 334, 27.12.2019, p. 1), as amended from time to time,
b) laying down requirements for product safety and conformity,
c) road safety requirements covering road infrastructure safety management, safety requirements in road tunnels and the admission to the occupation of road haulage operator, admission to the occupation of road haulage operator or road passenger transport operator (bus and/or coach undertaking),
d) requirements concerning the safety of railway operations,
e) Maritime safety requirements concerning European Union rules on the recognition of ship inspection and survey organisations, carrier's liability and insurance in respect of the carriage of passengers by sea, the approval of the profession of road haulage operator or of road passenger transport operator (bus and coach undertaking), the licensing of the profession of road haulage operator or of the profession of road passenger transport operator, of passengers by sea, approval of marine equipment, maritime safety inspection, seafarers' training, registration of persons on board passenger ships engaged in maritime transport, and European Union rules and procedures for the safe loading and unloading of bulk carriers,
f) civil aviation safety requirements relating to the prevention of operational and technical safety hazards operational and technical safety and air traffic control,
g) requirements for the safe transport of dangerous goods by road, rail and inland waterways,
h) requirements for the protection of the environment
i) requirements for radiation protection and nuclear safety,
j) promoting the use of energy from renewable sources and energy efficiency,
k) on food and feed safety, organic production and labelling of organic products, the protection of geographical indications for agricultural products and foodstuffs, including wine, aromatised wine products and products and spirit drinks and traditional specialities guaranteed, on the placing on the market and use of plant protection products and on animal health and welfare, insofar as they concern the protection of animals kept for farming purposes, the protection of animals at the time of killing, the keeping of wild animals in zoos, the protection of animals used for scientific purposes and the transport of animals and related operations,
l) on standards of quality and safety of organs and substances of human
origin, medicinal products for human and veterinary use, medical devices and cross-border patient care,
m) on the manufacture, presentation and sale of tobacco products and related products,
n) the regulation of consumer rights and consumer protection in relation to contracts concluded between traders and consumers and the protection of consumers in the field of payment accounts and financial services, price indication and unfair commercial practices,
o) the protection of privacy in electronic communications, the protection of confidentiality of communications, the protection of personal data in the electronic communications sector, the protection of the privacy of users' terminal equipment and of information stored in such terminal equipment, the protection against unreasonable harassment by means of telephone calls, automatic calling machines, facsimile machines or electronic mail, and as well as on the display and suppression of telephone numbers and on the inclusion in subscriber directories,
p) on the protection of personal data within the scope of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1; L 314, 22.11.2016, p. 72; L 127, 23.5.2018, p. 2; L 74, 4.3.2021, p. 35) in accordance with Article 2 thereof,
q) on the security of information technology within the meaning of section 2(2) of the BSI Act of digital service providers within the meaning of section 2(12) of the BSI Act,
r) to regulate the rights of shareholders of public limited companies,
s) to audit the financial statements of public interest entities pursuant to section 316a
sentence 2 of the Commercial Code,
t) on the accounting, including bookkeeping, of companies that are capital market-oriented within the meaning of section 264d of the Commercial Code, of credit institutions within the meaning of section 340 1) of the Commercial Code, financial services institutions within the meaning of section 340 (4) sentence 1 of the Commercial Code, securities institutions within the meaning of § 340 paragraph 4a sentence 1 of the Commercial Code, institutions within the meaning of § 340 paragraph 5 sentence 1 of the Commercial Code, insurance undertakings within the meaning of section 341(1) of the Commercial Code and pension funds within the meaning of section 341(4) sentence 1 of the Commercial Code,
4. violations of regulations for contracting authorities under federal and uniform law on the procedure for the award of public contracts and concessions and on the legal protection in these procedures from the time the relevant EU thresholds are reached,
5. infringements covered by section 4d(1) sentence 1 of the Financial Services Supervision Act unless otherwise provided for in section 4(1) sentence 1,
6. infringements of legal tax provisions applicable to corporations and commercial partnerships legal tax standards applicable to corporations and commercial partnerships,
7. infringements in the form of agreements aimed at improperly obtaining a tax advantage that is contrary to the objective or purpose of the tax law applicable to tax law applicable to corporations and partnerships,
8. infringements of Articles 101 and 102 of the Treaty on the Functioning of the European Union as well as infringements of the provisions of section 81, paragraph 2, numbers 1, 2, letter a and number 5 and paragraph 3 of the Act against Restraints of Competition,
9. infringements of provisions of Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act) (OJ L 265, 12.10.2022, p. 1),
10. statements by federal civil servants which constitute a breach of the duty of loyalty to the Constitution.
In addition, the German Act also applies to the reporting and disclosure of information on
1. infringements of the protection of the financial interests of the European Union within the meaning of
within the meaning of Article 325 of the Treaty on the Functioning of the European Union, and
2. infringements of internal market provisions within the meaning of Article 26(2) of the Treaty on the Functioning of the European Union, including provisions of the European Union going beyond paragraph 1. (8) of the European Union on competition and state aid.
Internal reporting channels must be provided for employees as well as leased employees (Leiharbeitnehmer). Such channels can in addition be opened for other individuals who in connection with their professional activitiy are in contact with the company that provides the reporting channel.
No. The law only generally requires that the appointed internal or external person provides for the required skillset and independency.
The general threshold is a minimum of 50. However the following companies are covered regardless of the number of employees:
1. securities services companies as defined in Section 2 (10) of the German Securities Trading Act (WertpapierhandelsG),
2. data provision service provider within the meaning of Section 2 (40) of the Securities Trading Act (WertpapierhandelsG)
3. exchange operating companies within the meaning of the Germn Stock Exchange Act (BörsenG),
4. institutions as defined in Section 1 (1b) of the German Banking Act (KreditwesenG) and in Sec. 2 (1) of the German Securities Institutions Act (WertpapierinstitutsG)
5. counterparties as defined in Article 3 number 2 of Regulation (EU) 2015/2365 of the European Parliament and of the Council of 25 November 2015 on transparency of securities financing transactions and on reuse and amending Regulation (EU) No 648/2012 (OJ L 337, 23.12.2015, p. 1), as last amended by Regulation (EU) 2021/23 (OJ L 22, 22.1.2021, p. 1) as amended from time to time,
6. capital management companies pursuant to section 17(1) of the German Investment Code (Kapitalanlagegesetzbuch), and
7. companies pursuant to § 1 (1) of the German Insurance Supervision Act (VersicherungsaufsichtsG) with the exception of those operating pursuant to sections 61 to 66a of the Insurance Supervision Act having their registered office in another Member State of the European Union or in another Contracting State to the Agreement on the European Economic Area.
No.
For internal reporting, acknowledgement of receipt must be confirmed within 7 days and the individual musz receive a response within 3 months following confirmation of receipt (or a total of 3 months and 7 days in case receipt was not confirmed)
For external reporting, acknowledgement of receipt is required without delay, at the latest within 7 days and the individual must receive a response within a period of 3 months, that can be extended to 6 months for complex cases.
Yes.
The current draft may however still be subject to changes. There is no requirement to allow for anonymous reporting but if a report is made on an anonymous basis, these must likewise be handled.
No, there is no requirement to establish reporting channels for anonymous reporting.
Administrative penalties of up to EUR 50,000 and compensation for damages.
Yes, depending on the number of employees. Companies with less than 250 employees can establish joint reporting channels to a joint internal reporting point, companies with at least 250 employees are required to establish a separate reporting point for each company.