Transposition of EU Whistleblower Directive | Mandatory whistleblower system

Back to Compliance & Forensic Services

EU Member States have been under an obligation to transpose the EU Whistleblower Directive (2019/1937) into national law since 17 December 2021. This requires companies with 250 or more employees to set up effective, confidential and secure reporting channels for breaches of EU law and, if applicable, also national law. Firms must also protect whistleblowers effectively from retaliation. From 17 December 2023, the same rules shall apply to companies with a headcount of 50 or more. 

Following a long legislative process, the Whistleblower Protection Act was promulgated on 2 June 2023 and entered into force on 2 July 2023. This means that Germany has now transposed the directive into national law, resulting in all German companies with more than 249 employees being obliged to set up an internal whistleblower system. Companies that do not yet have a whistleblower system are therefore advised to start implementing one as soon as possible. From December 2023 onwards, businesses that fail to do so will face severe fines.

The CMS team can support you with regard to the following:

Implementing the whistleblower system
Setting up and operating a whistleblower system raises a host of legal issues relating to compliance, employment law and data protection law. We are happy to assist you in analysing existing structures or implementing the necessary measures, including internal policies.

Digital tool
CMS offers fully digital whistleblowing software, enabling you to receive and deal with reports about compliance violations (for example involving corruption, competition law or discrimination) in a way that is both legally robust and anonymous.

Operating the whistleblower system
Once implemented, the digital whistleblower system must be maintained and monitored. On request, CMS will be pleased to provide a national or international team to handle operation of the whistleblower system on an ongoing basis.

Investigating reports
In addition to operating the system, the CMS Compliance team can provide support as needed for investigating reports of suspected breaches.

Instruction and training
Our experienced lawyers can assist you during implementation and operation. They can also provide support around designing and conducting regular instruction and training sessions for your staff to raise awareness of the requirements for handling reports in a legally compliant manner.

How can we help your business?

Write us a message and we will get in contact.

Your message was sent.

Thank you for contacting us. We will get back to you soon.

Please check these fields.

By including your personal data on this form you agree to it being used in accordance with our Privacy Policy



Study by CMS Hasche Sigle and Kroll Ontrack: Many companies underestimate...
Stuttgart – Companies in Germany are too complacent about compliance, IT security and the threat of data misuse by their own employees. That is the conclusion of a study by CMS Hasche Sigle and Kroll...