Anonymous reporting platform for organisations

EU Directive 2019/1937

On December 17 2021 EU Directive 2019/1937 comes into effect.

What is the purpose of the Directive

The Directive aims to strengthen the legal protection available for all whistleblowers and ensure that this protection is broadly consistent throughout the EU Member States.

Its purpose is to provide minimum EU-wide standards for:

  • Reporting channels for organisations over 50 employees
  • The level of protection afforded to persons that report breaches of Union law.

In seeking to achieve its purpose, the Directive places a greater burden on companies as regards the steps that they need to take to receive and handle reports from whistleblowers.

The Directive framework

EU-based organisations with over 50 employees, and local authorities which provide services for more than 10,000 people, must create internal reporting procedures.

Reporting persons will include not only employees, but also non-executive directors, the self-employed, contractors, volunteers, trainees and shareholders.

Whistle-blowers and their supporting colleagues and / or relatives must be protected from retaliation.

Protection is extended to those who had reasonable grounds to believe that the information on breaches reported was true at the time of reporting, irrespective of whether those breaches are substantiated.

Whistleblowers will not be considered as infringing any restriction on disclosure of information imposed by contract or by law (i.e., non-disclosure agreements, confidentiality clauses, breach of copyright, trade secrets etc.) and will be protected from liability when disclosing such information.

Whistleblowers can benefit from the protection afforded by the Directive when reporting internally to the employee’s Affected Organisation, as well as in certain cases externally to authorities and /or publicly to the media.

Remit of the Directive

The Directive has a wide remit and common minimum standards for the protection of whistleblowers are provided across many areas, including areas such as public procurement, financial services, product safety, transport safety, protection of the environment, radiation protection and nuclear safety, food safety, animal welfare, public health, consumer protection, data privacy, competition law and State Aid rules, sexual harassment and corporate tax laws.

Protection offered to whistleblowers

One of the Directive’s main aims is to protect whistleblowers against retaliatory behaviours. The Directive sets out an extensive list of prohibited behaviours that constitute retaliation, including termination, discrimination, the non-extension of employment contracts, bad evaluations, downgrading or omitting promotion. Essentially any behaviour that is constituted as punishment for whistleblowing.

The Directive encourages whistleblowers to report internally BUT whistleblowers who opt to report externally will not be excluded from receiving the Directive’s protection.

This could have significant practical, legal and reputational consequences for any organisation implicated. If a whistleblower chooses to report externally before notifying the organisation, the relevant authority may open an investigation into the organisation which the organisation will have very limited control over.

Having HaYa Org in your organisation will significantly reduce the risk of your employees or stakeholders whistleblowing externally.

Since the EU Directive protects anonymous whistleblowers and states that anonymous reports must be pursued, HaYa Org offers an easy system for managing anonymous reports and reduces the risk of employees and stakeholders going outside the organisation.

What does this mean for your organisation

Your organisations should review your existing whistleblower policies and introduce new whistleblower policies, in relation to your EU operations, to ensure that you are in line with the EU-minimum standard. This would include:

  • Have a reporting channels to allow whistleblowers to contact your organisation (Keep in mind that if this channel is not anonymous, they are more likely to go externally).
  • Upon the request of the reporting person, such channels must allow for a physical meeting within a reasonable timeframe.
  • Internal channels are compliant with the relevant timeframes conferred by the Directive and provide for a process for a follow-up (With a live chat that would be instant).
  • An impartial person or department is designated for following up on reports and maintaining communications, such as the Head of HR or Compliance.
  • Existing company and employee handbooks reflect the changes to internal reporting procedures e.g. information should also be provided concerning external reporting processes to competent authorities and internal handbooks should be easily accessible, e.g. on an intranet.
  • Employees understand the relevant internal reporting channels and are incentivised to utilise these channels as opposed to the external ones (Giving them anonymity is the best way to achieve this).

Days to be prepared


Reporting stats

0 %
of people won't report an issue for fear of retaliation
0 %
of people would report an issue if they could be anonymous

Scan the QR Code below to see how easy it is to use

On a smartphone just TAP the QR Code

Be compliant in 3 easy steps

Step 1

Sign up to HaYa Org for Free

Step 2

Place your HaYa Org QR Codes on your Intranet, Website and Posters

Step 3

Let your employees, stakeholders and members know that they can contact you anonymously by scanning your QR codes

Your could be compliant in 1 day for free with HaYa Org