Polish bill on whistleblowers has been agreed and reviewed
The draft act on the protection of persons reporting breaches of the law, assuming the protection of persons who report or disclose information regarding breaches of law in the private or public sector, in the context related to work, was agreed and reviewed, results from information on the Government Legislation Center (RCL).
The arrangements are to last 14 days, and giving opinions - 30 days.
The purpose of the proposed regulation is to implement Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons reporting breaches of EU law.
The directive lays down rules and procedures to protect "whistleblowers", ie people who report information obtained in a work-related context about breaches of EU law.
Scope notifications fall within the scope of the directive
a) infringements of regulations in the following areas:
- public procurement,
- services, products and financial markets,
- preventing money laundering and terrorist financing,
- product safety and compliance with the requirements,
- transport safety in the rail, road, maritime and inland waterway sectors,
- environmental protection, from waste management to chemicals,
- radiological protection and nuclear safety,
- food and feed safety,
- animal health and welfare,
- public health, including patient rights and tobacco control,
- consumer protection,
- protection of privacy and personal data,
- security of networks and ICT systems;
b) breaches affecting the EU's financial interests;
(c) breaches of the internal market, including breaches of the Union competition and state aid rules and breaches of national corporate tax law.
The guarantees and legal remedies provided for in the act will be available to the person reporting the breach, regardless of the basis and form of work performance (including employment contract, civil law contract, business activity by a natural person, management contract, volunteering, internship and apprenticeship) , including those performing work for entities with which the employer maintains economic relations, such as contractors, subcontractors or suppliers, and other persons reporting information about violations in a work-related context, such as shareholders and partners and members of the legal entity's bodies, according to the report.
Protection will also apply to reporting persons whose employment relationship has ended or is about to be established, if information about the breach was obtained during the recruitment process. The sanction of the invalidity of the provisions of employment contracts and other acts covered by labor law and civil law actions will be introduced to the extent that they directly or indirectly exclude or limit the right to make a notification.
Reporting of violations of the law will be possible through internal reporting channels established by private and public entities, through external reporting channels to relevant state authorities and through public disclosure. The draft act will specify the requirements for the establishment and organization of internal and external channels (procedures and organizational solutions) for reporting violations, and the rules for public disclosure.
The employer will be obliged to ensure the proper organization of the receipt and verification of reports, including protection of the confidentiality of the identity of the reporting person and the person concerned.
The provisions of the act, as regards the obligation to establish internal channels for reporting violations, will apply to public and private sector entities employing at least 50 employees. Entities operating in the financial sector (including banks, investment funds, insurance companies, reinsurance companies, mutual funds, pension companies, pension funds, brokerage houses, investment fund companies) will be required to establish internal channels for reporting infringements, regardless of whether or not they belong to the public or private sector and regardless of the number of employees. For other entities, the creation of internal reporting channels will not be obligatory, but these entities, depending on the needs, will be able to create them voluntarily, applying the rules provided for in the Act.
Employment in an entity with no internal reporting channels will not exclude the possibility of reporting a violation of the law. Such persons will be able to report a violation of the law through external reporting channels or through public disclosure.
The draft provides for the delegation of powers and responsibilities of the central institution to the Human Rights Defender. It will be responsible for both the provision of information and support reporting violations of the law, as well as accepting the so-called external notifications (including acceptance and initial verification of the notification, forwarding the case by sending the notification to the public institution competent for its substantive examination).
The institution to which the Ombudsman submits the notification will be required to provide the reporting person with feedback, undertake follow-up actions and provide the Ombudsman with comprehensive information on actions taken in connection with the notification. Apart from the central institution, the tasks of receiving external notifications will also be able to be carried out by other public authorities on their own initiative, mainly with regard to infringements in the areas within their scope of operation.
Authorities accepting external reports will be obliged to implement a minimum set of procedural and organizational solutions for the receipt and verification of reports and communication with applicants provided for by the Act.
Taking into account the above, as part of the implementation of Directive 2019/1937 into the national legal system, the draft act will therefore specify in particular:
1) the legal status of the person reporting the violation of law, the so-called whistleblower;
2) the scope and definition of the breaches of law subject to reporting;
3) the conditions for the protection of persons submitting the notification;
4) reporting violations through internal channels (obligation to establish internal reporting channels, procedures for internal reporting and follow-up of reports);
5) reporting violations via external channels (establishment of external reporting channels, designation of state authorities receiving reports, procedures for external reporting and follow-up);
6) public disclosure;
7) measures to protect reporting persons (prohibition of retaliation, measures to protect against retaliation, sanctions);
8) the concept and model of a central institution dealing with receiving reports and providing support to persons reporting violations of the law.
Directive 2019/1937 should be implemented into the Polish legal system by December 2021. Only in the case of entities in the private sector employing 50-249 employees, the implementation of the directive with regard to the obligation to establish internal channels for reporting infringements should take place by December 2023.