EU Directive Transposition 

Whistleblowers protection already in place

Before the introduction of the directive

The Netherlands already had a comprehensive framework for whistleblowers protection in place with The House of Whistleblowers Act (Wet Huis voor klokkenluiders). 

However, changes need to be introduced in order to comply with the Directive.

Current implementation status

The transposition of the EU Whistleblowing Directive is transposed and implemented into the Dutch Whistleblower Protection Act (‘the Act’).

The new Dutch Whistleblower Protection Act entered into force for public and private entities with 250 employees or more on 18 February 2023.

Private entities with 50 to 249 employees are given a period to adjust to the new rules. The Dutch Whistleblower Protection Act will apply to them from 17 December 2023 onwards. Until this date, the former Dutch Whistleblowing Act applies. 

New Requirements

The new Dutch Whistleblower Protection Act differs from the Directive, as the Dutch legislator has chosen not to implement all national discretion options. 

However its scope remains fairly extended with few restrictions regarding the operating and processes for a whistleblowing system.

Implementation of an internal reporting system

If a works council is established, the works council must approve the implementation, amendment or revoking of whistleblowing procedure. The employer must inform the works council at least once per year about the Whistleblower System and its effects.

There are no language requirements regarding the policy, procedure and operation of the Whistleblowing System. However, it’s recommended that it is operated in Dutch.

Reporting procedures

There are no limitations in the new Dutch Whistleblower Protection Act regarding:

• The persons allowed to file a report 
• Topics that can be reported through the Whistleblowing System
• Concerned Persons (who can be subject of a report via the Whistleblowing System)

The Dutch data protection authority takes the position that alerts may only be escalated beyond the local group company if it regards serious misconduct that exceeds the level of the local group company (e.g. misconduct that takes place at a higher management level).

Sending the alert to a centralized external service provider would not collide with the position of the data protection authority, as long as the alert is then send back to a local management level only. However, it is noted that alters will often by their nature exceed the local level.

A whistleblower should receive an acknowledgement of receipt within seven days counting from the moment of receipt of the report by the employer. (Article 2 (2)(h) Dutch Whistleblower Protection Act)

The Whistleblower should be provided with information on the assessment and, if applicable, on the follow-up on the report within a reasonable period but no later than three months after confirmation of receipt sent by the employer. (article 2 (2)(i) Dutch Whistleblower Protection Act)

Protection against retaliation

Anonymity is voluntary. However, the identity of the Whistleblower, the person(s) who conducted the misconduct/infringement, and the person(s) to whom the misconduct/infringement is attributed should be kept confidential.

In addition, the Whistleblower may not be disadvantaged during and after the handling of a report under certain circumstances.

Article 17f Dutch Whistleblower Protection Act states that the Whistleblower may not be liable for an infringement of any restriction on the disclosure of information under certain circumstances.

Localization Requirements

The new Dutch Whistleblower Protection Act doesn’t have any special requirements for the operation of a non-local (group-wide) Whistleblowing System. 

This means that a centralized Whistleblowing System can be operated, even if it is in another country.

Get a Head Start 

Having a flexible platform that can adapt to any legislation and regulations can give you a great head start. With Whispli, you can build up your solution according to your current needs, and modify it at any time. 

You can start by complying to the minimum requirement of the EU Directive today and adjust to your local legislation later. 

Get in touch with one of our expert and get a guided demo to see how Whispli can help your Organization to comply with the Directive.