The new whistleblower law

The new proposed law will replace the current whistleblower law, which is primarily a protection regulation against retaliation. The new law will make it clearer how to go about reporting. It includes, amongst other requirements, that both private and public sector companies with at least 50 employees are required to set up an internal reporting system which makes it easier for an employee to raise an alarm annonymously. When assessing whether an employer has at least 50 employees, part-time employees and fixed-term employees must also be included.

Employers will include more than just employees, including jobseekers, self-employed, volunteers and shareholders. The protection applies to a person who report issues of misconduct before or after their employment. It will also provide protection against retaliation for those persons who report the issues of misconduct.

The proposed law also includes external whistleblower functions which should be able to report different types of incident categories. The government will use different authorities who have responsiblity for areas based on the authority's expertise. The whistleblower's identity must be protected and covered by the duty of confidentiality in both internal and external reporting.

The Whistleblower Act comes into force on 17 December 2021. Time points for when whistleblower functions are to be implemented vary.

  • For employers with more than 249 employee compliance is required from 17 July 2022.
  • For employers with 50 - 249 employee compliance is required from 17 December 2023.

Those who can report misconduct and other serious incidents that have occured in the organisation via the system are:

  • Employees
  • Volunteers
  • Consultants
  • Job seekers
  • Self-employed workers
  • Interns
  • Individuals who are part of an organisation’s management and body of leadership
  • Stockholders


The Trust&heart Whistleblower System enables you to meet the requirements of the new EU Whistleblower Directive 2019/1937.

  • EU Whistleblower Directive 2019/1937
  • ISO 27001
  • General Data Protection Regulation (GDPR)