Learn everything about the new Whistleblowing Law in Germany

Tuesday, June 20, 2023

8 Minutes reading time

Whistlehub
Whistlehub content team

Germany's new Whistleblower Protection Act requires companies with 50 or more workers to have an internal whistleblowing system and sets out fines up to €50,000 for companies that fail to setup whistleblower system or violate other provisions of the law. This groundbreaking legislation goes beyond the requirements of the EU's Whistleblower Protection Directive, ensuring robust protection for those exposing misconduct while maintaining a balance between employee rights and company interests.

Key Takeaways

  • The new German Whistleblower Protection Act establishes internal and external reporting offices for companies and public authorities, with robust protections against retaliation for whistleblowers who report in good faith.
  • Companies with 250 or more employees must have internal whistleblower systems set up by July 2, 2023, while those employing between 50-249 individuals must comply by December 17, 2023.
  • Violators of the HinSchG may face penalties up to EUR 50,000. Public institutions operating within Germany should prioritize preparing for compliance with this new legislation through establishing appropriate internal mechanisms that ensure effective implementation of this groundbreaking legislation.
  • Whistleblowers are assured confidentiality protection and multiple protective measures under the act that includes prohibition on retaliation and reversal of burden of proof to employers.

Overview Of The German Whistleblower Protection Act (HinSchG)

The German Whistleblower Protection Act (HinSchG) is a new law that aims to protect whistleblowers who report violations of both EU and German law, and it establishes internal and external reporting offices for companies and public authorities.

Purpose Of The Act

The primary purpose of the German Whistleblower Protection Act (HinSchG) is to safeguard individuals who expose illegal activities or misconduct in their organizations.

Moreover, the HinSchG both aligns with and compliments Directive (EU) 2019/1937 on protecting whistleblowers under European law while boosting Germany's overall compliance landscape.

Core Elements Of The Act

The German Whistleblower Protection Act (HinSchG) is designed to encourage and protect those reporting misconduct within companies and public authorities by focusing on several core elements that play a vital role in ensuring a safe and effective whistleblowing process. These core elements include:

  1. The establishment of both internal and external reporting offices within companies and public authorities, which increases accessibility for whistleblowers.
  2. The extension of whistleblower protection to employees, executive employees, trainees, temporary workers, civil servants, and management bodies as per the HinSchG.
  3. Implementation of stringent confidentiality requirements to protect the identity of whistleblowers and third parties involved in reports, with some exceptions when necessary.
  4. Prohibition of retaliation against whistleblowers who report in good faith, paired with the reversal of burden of proof in legal disputes related to alleged reprisals.
  5. An obligation for companies to promptly investigate whistleblower reports and take appropriate actions based on the findings.
  6. The possibility for companies to establish a group - wide whistleblowing system instead of implementing separate systems in each country they operate in.
  7. Imposition of heavy fines for companies that fail to comply with the HinSchG's requirements or retaliate against whistleblowers.
  8. Coverage for reports on violations of both EU and national laws that pose a threat to health or life and are subject to criminal or administrative penalties.

These core elements ensure that Germany's Whistleblower Protection Act aligns with the EU Whistleblower Directive (Directive (EU) 2019/1937) while providing a comprehensive framework for protecting individuals who act in the best interest of their organization and society by reporting illegal activities or misconduct within their workplace.

Who Is Affected By The New Law?

The new German Whistleblower Protection Act applies to companies and public authorities in Germany, making it crucial for employers to understand the act's provisions in creating a safe reporting culture for their businesses.

Companies In Germany

Companies in Germany are mandated to comply with the German Whistleblower Protection Act (HinSchG), which aims to establish standardized protection for whistleblowers and safeguard them against retaliation.

This act impacts companies based on their employee headcount, requiring those with 250 or more employees to have internal whistleblower systems set up by July 2, 2023, and companies employing between 50-249 individuals must comply by December 17, 2023.

These new regulations lay out specific guidelines for establishing reporting channels and maintaining confidentiality standards while handling reports from whistleblowers within companies.

As part of HinSchG compliance, businesses in Germany need to protect the identity of whistleblowers according to GDPR requirements and communicate actions taken resulting from these disclosures within a stipulated timeframe—seven days for acknowledging receipt of a report and three months for providing feedback on measures executed—further encouraging transparency across different sectors.

Public Authorities

Public authorities in Germany are also affected by the new whistleblower protection law. Under the HinSchG, public organizations with more than 10,000 residents must offer whistleblower systems to their employees and stakeholders.

This is aimed at ensuring accountability, transparency, and preventing corruption within these entities. The act requires such authorities to have both internal reporting channels for whistleblowers as well as external reporting offices like those established in companies covered by the law.

The protected scope under the HinSchG includes violations of both EU and national laws that pose a threat to health or life and are subject to criminal or administrative penalties.

Public sector workers who report misconduct will be offered various protective measures under this law ranging from confidentiality requirements to monetary compensation for damages incurred from retaliation.

Types Of Whistleblowing Systems

Companies and public authorities can establish both internal and external reporting channels for whistleblowers, with internal systems being the preferred option as they provide a more direct route to resolving issues before they escalate.

Internal Reporting Channels

One of the types of whistleblowing systems under the German Whistleblower Protection Act is internal reporting channels. This refers to a mechanism within a company or organization where employees can report abuse, misconduct, or violations of the law directly to designated persons or departments within their workplace.

Such reporting channels are encouraged as they provide an opportunity for companies to address grievances internally before they escalate into larger legal disputes. Starting from July 2, 2023, companies with more than 249 employees will be required to establish and operate an internal whistleblower system that provides sufficient safeguards for whistleblowers and their anonymity.

External Reporting Channels

External reporting channels are an important part of the German Whistleblower Protection Act, allowing whistleblowers to report violations to competent authorities directly.

These can include public authorities such as law enforcement or regulatory agencies. The Federal Office of Justice, the Federal Financial Supervisory Authority, and the Federal Cartel Office have set up external reporting offices to receive and handle reports under the HinSchG.

Reports received through these channels must be documented securely and retrievably while maintaining confidentiality for both whistleblowers and any third parties mentioned in their reports.

Companies must confirm receipt of reports within seven days and provide feedback on actions taken within three months.

Whistleblower Protection

The law requires confidentiality and offers protective measures for whistleblowers, ensuring that they can report suspected misconduct without fear of retaliation.

Confidentiality Requirement

The Hinweisgeberschutzgesetz requires confidentiality for whistleblowers who report abuses or violations of the law. The law mandates that reports and the identity of whistleblowers shall only be disclosed in compliance with legal provisions or orders by authorities.

Exceptions to this rule include cases where a whistleblower approves the disclosure or when it is necessary to investigate an alleged violation of statutory provisions. For instance, if there are reasonable grounds to suspect criminal conduct, regulatory bodies may have access to personal data and other information relating to whistleblower reports.

In summary, German companies and public authorities must ensure strict adherence to the confidentiality requirement stipulated in HinSchG when handling whistleblowing reports from employees.

Protective Measures For Whistleblowers

The German Whistleblower Protection Act provides several protective measures for whistleblowers who report abuses and violations of the law. These measures include:

  1. Confidentiality requirement: Whistleblowers are assured that their identity and the information they provide will be kept confidential by the company or public authority.
  2. Prohibition on retaliation: Employers are prohibited from taking any retaliatory actions against whistleblowers in response to their reports, such as termination, demotion, or harassment.
  3. Reversal of burden of proof: Employers must prove that any adverse actions taken against whistleblowers are not related to their reports, rather than requiring the whistleblower to prove that they were retaliated against.
  4. Monetary compensation for damages: Whistleblowers who suffer damages as a result of the retaliation can claim monetary compensation.
  5. Psychological support: Employers have an obligation to provide medical and psychological support to whistleblowers who experience stress or other negative effects due reporting.
  6. Legal assistance: Whistleblowers have access to legal assistance throughout the reporting process and any subsequent legal proceedings.
  7. Training and awareness programs: Employers should establish training and awareness programs to inform employees about the new law's provisions, how to use internal reporting channels, and the potential consequences of retaliation.
  8. Encouraging internal reporting systems: Companies should also encourage employees to report misconduct through internal channels rather than external ones, reducing reputational damage for companies while providing greater protection for whistleblowers.
  9. Anonymity: While not legally required, companies should consider implementing anonymous reporting procedures that protect whistleblowers' identities if they choose not to reveal them outright.

Overall, these protective measures aim to encourage more whistleblowing while guaranteeing confidentiality, preventing retaliation against those who do speak up while outlining a clear path toward compensation for those who suffer damages as a result of doing so.

Consequences Of Violations

Violators of the German Whistleblower Protection Act (HinSchG) may face fines and penalties, as well as potential damages and compensation for whistleblowers who have suffered retaliation due to their reports.

Sanctions And Penalties

Violations of the German Whistleblower Protection Act can result in serious sanctions and penalties, including:

  • Fines of up to EUR 50,000 for companies that fail to set up a whistleblower system or violate other provisions of the law.
  • Criminal liability for company executives who intentionally or negligently fail to implement a whistleblower system.
  • Monetary compensation for damages suffered by whistleblowers as a result of retaliation or discrimination by their employers.
  • Reversal of burden of proof in legal disputes, meaning that the burden shifts to the defendant company to prove that they did not retaliate against the whistleblower.
  • Potential reputational damage and loss of trust from stakeholders.

Given the potential consequences, companies and public authorities must take steps to comply with the German Whistleblower Protection Act and establish effective reporting channels. It is also important for employers to educate employees on their rights and protections under the law.

Potential Damages And Compensation

The German Whistleblower Protection Act includes provisions for potential damages and compensation for whistleblowers who suffer harm as a result of their disclosure. If an employer engages in retaliation against a whistleblower, they can be held liable for any resulting damages or losses suffered by the whistleblower.

For example, if an employee is wrongfully terminated after reporting illegal activity within their company, they may be entitled to compensation for lost wages and other employment benefits that were unfairly taken away from them.

In addition, if the employer's actions cause the whistleblower emotional distress or reputational damage, they may be entitled to additional compensation.

Modalities Of The Whistleblowing System

Companies and public authorities are required to establish internal and external reporting channels to ensure that whistleblowers have a secure channel for reporting misconduct; read on to learn more about the requirements and modalities of these systems.

Implementation Requirements

To comply with the German Whistleblower Protection Act, companies and public authorities must establish internal and external reporting systems that meet the following requirements:

  • The internal reporting office should be set up to receive reports of potential violations of laws or regulations. It should have clear procedures in place for receiving, processing, and addressing such reports.
  • The external reporting office must be established to allow whistleblowers to make anonymous complaints directly to competent authorities. These offices should provide clear channels for submitting reports and ensure confidentiality.
  • Companies must develop compliance management systems (CMS) that cover relevant legal areas such as criminal tax law, environmental law, antitrust law, corporate law, commercial criminal law, inheritance law, notary services, reorganization, insolvency, product safety and product liability, etc. Companies must also review existing CMSs and adjust them if necessary.
  • Companies must offer appropriate training programs for employees that explain the purpose of the HinSchG and how it works in practice. In addition to educating employees about whistleblower protection rights and obligations under the act.
  • Companies should consult with external experts such as lawyers or consultants with expertise in employment law or labor relations before setting up a whistleblowing system.

By fulfilling these implementation requirements laid out by the HinSchG, companies can ensure they are compliant with the new legislation while protecting their interests.

Handling Anonymous Reports

The German Whistleblower Protection Act (HinSchG) allows for anonymous reports to be made, but it is important that companies and public authorities still take these seriously.

The law stipulates that anonymous reports cannot be rejected outright, but must be processed through the same reporting channels as non-anonymous reports. This means that companies and public authorities need to have procedures in place for handling anonymous reports without compromising the whistleblower's anonymity.

For example, they may need to appoint a trusted third party to receive and process such reports confidentially. Digital whistleblowing systems can also help with this by allowing whistleblowers to make anonymous reports safely and securely.

Shared Systems And Outsourcing

Companies and public authorities can opt to outsource their whistleblowing systems or share them with another organization to comply with the HinSchG. Shared systems make sense for smaller organizations that may not have the resources or need for an individual system, while outsourcing can provide additional benefits like 24/7 support and data analysis.

However, it is important to choose a provider who understands German employment law and GDPR requirements. According to KPMG Law, shared systems must still adhere to confidentiality rules and protect the whistleblower's identity, while outsourcing requires clear agreements on responsibilities between the provider and client.

Key Controversies And Criticisms Of The Act

Some have criticized the scope of the law, while others question whether it strikes a balance between protecting employees and safeguarding company interests.

Scope Of The Law

The German Whistleblower Protection Act applies to all employees, including executive employees, trainees, temporary workers, civil servants and management bodies. It also covers both defined EU law and violations of German criminal and administrative offenses law.

The scope of the law is extensive and its purpose is to protect individuals who report any form of misconduct in public authorities or companies with more than 249 employees.

In case a whistleblower's confidentiality is not respected or they face retaliation after reporting a violation, the HinSchG provides protection measures for whistleblowers such as preventing dismissal, transfer or social exclusion.

Balance Between Employee Protection And Company Interests

The new German Whistleblower Protection Act strikes a precarious balance between protecting employees and safeguarding company interests. Companies have raised concerns that the law will encourage false reports and legal disputes, while employees fear retaliation for speaking out against wrongdoing.

To achieve this delicate equilibrium, the HinSchG requires companies to establish compliant internal and external reporting channels. These systems should serve as a first line of defense in resolving issues before they escalate into full-blown crises.

At the same time, whistleblowers are protected from reprisals through confidentiality requirements and other protective measures under the law.

How Companies And Public Authorities Should Prepare

Companies and public authorities should prepare for the new German Whistleblower Protection Act by establishing reporting channels, encouraging the use of internal reporting systems, and implementing training and awareness programs to ensure compliance with the law.

Establishing Reporting Channels

Companies and public authorities are required to establish reporting channels that allow whistleblowers to report misconduct safely and securely. Organizations have the option of setting up either internal or external reporting channels, but either way, they must provide clear information on how to submit reports.

Internal Reporting Channels:

  • Companies should set up an internal reporting office that receives reports from employees.
  • The office should be accessible and independent of the company's management.
  • Employees must be provided with clear and secure methods for submitting their reports, such as a hotline or online portal.
  • Reports must be kept confidential.

External Reporting Channels:

  • External reporting offices can be established by companies or public authorities if it is not practical to set up an internal office.
  • Whistleblowers can also make anonymous reports through external reporting offices.
  • These offices should be easily accessible and operate independently of any company or authority.

Reporting Office Modalities:

  • Whistleblowers must be assured that confidentiality will be maintained throughout the process, including any follow-up investigations that may occur.
  • Each report received through the system should be carefully reviewed, investigated thoroughly, and acted upon appropriately within a specified timeframe.
  • Reprisals against whistleblowers are prohibited under HinSchG. Officials who are responsible for receiving reports must ensure that this is enforced.

By establishing effective reporting channels, companies can encourage employees to come forward with information about misconduct without fear of retaliation. This can help promote transparency, ethics, and compliance within an organization while increasing trust between employers and employees.

Encouraging The Use Of Internal Reporting Systems

To ensure the success of the German Whistleblower Protection Act, it is important for companies and public authorities to encourage the use of internal reporting systems.

Establishing clear communication channels and easy-to-use systems can help whistleblowers feel comfortable enough to report misconduct without fear of retaliation.

Moreover, timely feedback from the company on actions taken after a report is filed can increase trust between employers and employees. Companies should confirm receipt of reports within seven days and provide feedback within three months following an investigation or action on the matter.

Training And Awareness Programs

To ensure companies and public authorities are prepared for the new German Whistleblower Protection Act (HinSchG), training and awareness programs are essential.

Compliance officers must work to establish professional compliance structures and communication channels that promote internal reporting channels. Companies need to encourage whistleblowers to report breaches or irregularities while also ensuring their protection under this law.

The Future Of Whistleblower Protection In Germany

Experts predict that the implementation of the new law will lead to a significant increase in reports of misconduct, and may drive companies to improve their compliance management systems and internal reporting channels.

Potential Amendments And Improvements

Looking ahead, there are potential amendments and improvements to the German Whistleblower Protection Act that could further strengthen its effectiveness. One area for improvement is expanding the scope of the law to cover more types of misconduct, such as corruption or sexual harassment.

Another consideration is providing greater clarity around shared systems and outsourcing. The law currently requires companies to implement a whistleblower system, but it is not clear how this would work in practice if multiple companies share resources or outsource certain functions.

Addressing these issues would provide more legal certainty and make it easier for companies to comply with the legislation.

Impact On Corporate Culture And Compliance

The new German Whistleblower Protection Act will have a significant impact on corporate culture and compliance. Organizations that establish robust internal reporting channels will benefit from improved transparency, accountability, and trust within their teams.

Whistleblowing can be an effective tool for preventing misconduct and illegal activities in companies. By creating safe environments for whistleblowers to report concerns without fear of retaliation, companies can demonstrate their commitment to ethical practices and build a positive corporate culture.

However, this requires more than just providing a whistleblower hotline or reporting system; it involves establishing systems for handling reports effectively, investigating allegations thoroughly, protecting whistle-blowers' confidentiality securely, addressing retaliation appropriately while ensuring that no false accusation is made.

In summary: The act sets out specific guidelines around how organizations must manage whistleblowing cases whilst still maintaining data privacy restrictions set up by GDPR laws throughout Europe.

Conclusion

With the new German Whistleblower Protection Act coming into force in July 2023, companies and public authorities need to prepare for the changes ahead. The law establishes both internal and external reporting channels for whistleblowers and includes strong protections against reprisals for reports made in good faith.

While there are still some controversies surrounding the scope of the law, it represents a positive step forward for employee protection and corporate compliance in Germany.

Frequently asked questions