Whistleblowing in the workplace is when an employee reports misconduct that they have witnessed as part of their work duties. This can include harassment, discrimination, financial fraud and other legal and ethical breaches. Workplace whistleblowing is typically carried out by an employee but can also be carried out by a third party, such as a customer, director or supplier amongst other stakeholders. 

How do employees make whistleblowing reports?  

Whistleblowers can use the following whistleblowing channels: 

Internal channels 

An employee can choose to report within their organisation (internal whistleblowing) via online systems (whistleblower software), hotlines, post boxes and email. They report to their superiors or to a department designated to handle whistleblower complaints, such as the compliance and HR departments. 

External organisations 

Employees can also turn to external channels either directly or if they are not satisfied with the results of internal reporting. Third parties, such as national competent authorities (NCA) and trade unions, must establish independent reporting channels and ensure confidentiality. 

Public disclosure 

Public disclosure means reporting to the media and press. Under the EU Whistleblowing Directive, an employee should turn to public disclosure only if: 

  • They have already reported internally, externally or both 
  • They fear retaliation from other channels 
  • There is an imminent public danger 

What are the legal protections?  

The legal protections under the EU Whistleblowing Directive include: 

Prompt acknowledgement 

The whistleblower must receive acknowledgement that their report has been received within seven business days of sending it. 


The identity of the whistleblower must remain hidden from unauthorised parties throughout the process. 


While investigating a whistleblower complaint, the receiver must establish the facts by following evidence and interviewing the accused and witnesses. They must then take action as needed and follow up with the whistleblower within three months of the report submission. 

Prevention of retaliation 

The whistleblower must be ensured protection against any form of retaliation in the workplace, such as bullying, demotion and dismissal. If the whistleblower believes they have suffered as a result of the report, the accused must prove that it was an unrelated occurrence. 

What are an employer’s responsibilities? 

As per the EU Whistleblowing Directive, employers must: 

  • Ensure confidentiality for the whistleblowers, accused and other connected parties. 
  • Provide acknowledgement and a detailed follow-up. 
  • Provide them with access to legal, financial and psychological support, if needed. 
  • Demand evidence from those accused of retaliating to prove it was an unrelated event. Otherwise, take necessary action. 
  • Not hold the whistleblower liable for disclosing confidential information. 
  • Direct them to alternative channels if the outcome is unsatisfactory.