New obligations of employers related to the protection of whistleblowers

On 18 October 2021, the Council of Ministers has published the draft Act on protection of persons reporting breaches of law. The Act is intended to implement Directive 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law ("Directive 2019/1937") into the Polish legal system. The Act establishes rules and procedures for the protection of whistleblowers, i.e., persons who report information obtained in a work-related context about breaches of the European Union law.

The draft Act will be the first comprehensive regulation in Poland dealing with the protection of whistleblowers, including solutions for receiving reports from such persons and rules for responding to such reports by employers and public authorities.

Who does the Act apply to?

The draft Act will come into force after 14 days of its publication. It means in practice that entities employing at least 250 employees will not have much time to adjust to its requirements, which refers both to public sector entities (e.g.: local government units), and private sector entities. 

The exception will be entities operating in the financial sector (banks, investment funds, insurance companies, reinsurance companies, pension fund companies, pension funds, brokerage houses, investment fund companies) to which the draft act shall apply regardless of a number of employees.

It must also be noted that the aforementioned financial sector entities are already covered by sectoral regulations related to the reporting of breaches of law and other irregularities. The same applies, inter alia, to entities covered by the Act on Counteracting Money Laundering and Terrorist Financing, as well as to companies covered by the obligation to implement a whistleblowing system under the Act on Public Offering, Conditions Governing the Introduction of Financial Instruments to Organised Trading, and on Public Companies. They should verify compliance of internal whistleblowing channels with the draft Act.  

In turn, in the case of private sector entities employing at least 50 and no more than 250 employees, the obligation to establish an internal anonymous whistleblowing system should be implemented by 17 December 2023.

Types of reports

The act, similarly to Directive 2019/1937, will establish a three-tiered whistleblowing system: reports made within the employer (internal reports), reports made to the competent authorities (external reports), and public disclosure of breaches (public disclosure).

The whistleblower status will be a consequence of reporting in a specific manner and meeting the prerequisites related to the reliability of the whistleblower's conduct and the credibility of the information reported or disclosed by him/her

Importantly, the draft Act stipulates that a whistleblower will be able to submit an external report  without prior submission of an internal report.

What a report may refer to?

The Act will apply to whistleblowers submitting reports regarding breaches of law in the following areas: public procurement, services, financial products and markets, prevention of money laundering and terrorism financing, product safety, transport safety, environmental protection, radiological and nuclear safety, food and feed safety, animal health and welfare, public health, consumer protection, protection of privacy and personal data, security of networks and information and communication systems, financial interests of the European Union and its internal market. Public contracts related to defence and security of the state will be excluded from the scope of breaches to be reported.

Significantly, Polish legislator, intends to define the scope of protection of whistleblowers more broadly than Directive 2019/1937. The provisions of the Act are intended to protect the whistleblower whenever a report concerns breach of any provisions of law in the above areas, and not only when the breach concerns a specific provision of EU law.

In addition, in the case of internal reports, the employer shall have the right to extend the scope of application of the protection guaranteed to whistleblowers to other breaches, in particular concerning internal regulations or ethical standards.

Who is a whistleblower?

The draft Act will extend protection to a very broad catalogue of persons, who may be regarded as whistleblowers pursuant to the Act, including:

• employees within the meaning of the Labour Code and temporary employees (also if the employment relationship has already ended);
• candidates for employment, who obtained information about a breach of law during recruitment process or negotiations preceding the employment;
• persons performing work under a different basis than employment relationship, including a civil law agreement;
• entrepreneurs;
• shareholders;
• members of a corporate body of a legal person;
• persons performing work under the supervision and direction of entities with which the employer has economic relationships (contractors, subcontractors, suppliers)
• trainees and volunteers.

Protection of a whistleblower

The draft Act would establish a general prohibition on any retaliatory action against a whistleblower. A whistleblower cannot, by reason of reporting or public disclosure, be subject to any harm. In the case of persons employed under an employment contract, the catalogue of prohibited actions will include, among other things: 

• termination of an employment contract, 
• suspension of performance of employee or professional duties; 
• withholding of promotion or exclusion from promotion, 
• demotion;
• failure to conclude a fixed-term employment contract after termination of a probationary period employment contract, failure to conclude a subsequent fixed-term employment contract or an employment contract for an indefinite term after termination of the fixed-term employment contract in a situation where the employee had legitimate expectations that he or she would be offered permanent employment;
• a negative performance assessment or employment reference;
• blacklisting on the basis of a sector or industry-wide informal or formal agreement, which may entail that the person will not, in the future, find employment in the sector or industry.

Consequently, the employer will not be able to take the aforementioned actions against a whistleblower unless it can prove that it was motivated by objective reasons.

In addition, no retaliatory measures can be taken against individuals assisting the whistleblower in making a report and individuals related to the whistleblower (whistleblower's co-workers or family members) if they are also in an employment relationship with the employer employing the whistleblower.

Similar solutions will be provided in the case of persons cooperating with a given entity on another basis. Thus, in the case of a person employed under a civil law contract, the termination of such contract due to making a report will be ineffective. In addition, termination of a legal relationship being a basis for the supply of goods or provision of services upon notice or without a notice due to whistleblowing will also be ineffective.

Legal position of a whistleblower will be further strengthened by reversing the burden of proof in court proceedings. If, in the course of proceedings concerning harm suffered by a whistleblower, the whistleblower claims that as a result of reporting or making a public disclosure he/she has suffered a harm, the entity that took action causing the harm will bear the burden of proving that such action was in no way connected with the reporting or public disclosure. 

What new obligations will employers face? Why should we start thinking seriously about a Compliance system?

The entry into force of the Act will pose significant legal and organisational challenges for every entity covered by its scope. 

Proper implementation of the act will require:

• establishment of a new legal act – internal reporting rules (having the status of an intracompany source of labour law) regulating the internal procedure of reporting breaches and taking follow-up actions. This act will have to be agreed with company trade union organisations or consulted with employee representatives;
• ensuring that the receipt and verification of reports is properly organised, including ensuring the protection of the confidentiality of the identity of the whistleblower and the person to whom the report refers to;
• appointment of impartial persons to take up appropriate follow-up actions regarding the reports made;
• ensuring that every whistleblower has the possibility to monitor the progress of the case (receiving feedback on the follow-up in order to assess whether the report has been properly addressed);
• verification of intracompany labour law acts and civil law contracts (especially provisions concerning loyalty clauses or non-disclosure agreements) for the possible existence of provisions that directly or indirectly exclude or limit the right to report (such provisions, according to the assumptions of the draft Act, are to be invalid);
• keeping of a record of all reports received, in accordance with the confidentiality requirements of the reporting person.
• verification of compliance of the introduced whistelblowing system with the principles of personal data protection, including among other things, conducting Data Protection Impact Assessment. 

These actions should be preceded by a thorough analysis of the Compliance solutions applied within a company. The implementation of statutory requirements should be a part of the compliance management system existing in the organisation. For the entities, including those in the public sector, which have not implemented a compliance system, the Act should become a serious cause for discussion on the appropriateness of this step. The Compliance system addresses practical problems which the draft Act does not solve, such as management within an organisation of information about risks arising from whistleblowing, prevention of breaches similar to those reported by whistleblowers in the past, and rules for effective investigations. 

Anonymous whistleblowing channels are only one element of a larger whole, which is the Compliance system. Entrepreneurs and public sector entities should be aware that this element may prove ineffective without the remaining parts of the "compliance" link. It should be borne in mind that the legislator also allows to outsource the operation of whistleblowing channels to third parties, on the basis of an appropriate agreement. 

DWF will be happy to answer all your doubts concerning the implementation of the draft Act. Our interdisciplinary team consisting of specialists in many fields of law including Compliance will be happy to support you in solving practical problems that may arise in the context of the implementation of this extremely important regulation. DWF also possesses technological tools improving the whistleblowing system, which meet the requirements of the draft Act.