Whistleblowing Legislation

Recognising the value a whistleblowing hotline can provide, through the early detection of employee misconduct, many regulatory bodies are choosing to introduce requirements for organisations to establish confidential internal reporting channels.

Buy Now & Get Compliant

Ensure your organisation complies with all major international Whistleblowing requirements

Safecall’s whistleblowing products are designed with best practice in mind –  as such we help your organisation to comply with all major whistleblowing regulations. This allows even large, complex, international businesses to share a single dedicated whistleblowing hotline system.

Our data resides in the UK and our system is designed to be fully GDPR compliant.

EU Whistleblowing Directive (2019/1937) (EU)

The European Parliament passed a directive in October of 2019 which compels all 27 EU members states to incorporate changes to their national legislation to raise the minimum level of legal protection for whistleblowers.

Under this directive all legal entities which employ more than 50 people are compelled to establish effective internal reporting mechanisms. Penalties for poor handling of whistleblowing cases are likely to be significant.

The specifics of the EU Directive can be found here. EU Member states are likely to implement the requirements in a variety of ways, it is therefore important to monitor legislation in jurisdictions where your organisations operates.

Need more information?
Try here for a more in-depth definition of the EU Whistleblowing Directive

Get Compliant with the EU Whistleblowing Directive

Financial Conduct Authority (UK) SYSC 18

The Financial Conduct Authority is the conduct regulator for nearly 60,000 financial services firms and financial markets in the UK.

There is a requirement placed on a sub-set of FCA regulated firms (SMCR banking and insurance sector firms) to establish appropriate internal procedures for handling concerns relating to misconduct.

Failure to comply with the requirements of SYSC 18 may call into question the fitness and propriety of the firm or relevant members of its staff.

Need more information?
Try here for a more in-depth definition of the FCA


Get Compliant with FCA SYSC 18


(British Retail Consortium Global Standards) Issue 8 (Global)

Food safety standards agency BRCGS includes in Clause 1.1.6 a requirement to implement a confidential reporting system to enable staff to report concerns.

Organisations involved in the food supply chain wishing to maintain their AA status will need to demonstrate their compliance with Issue 8 as part of their audit programme.

Need more information?
Try here for a more in-depth definition of BRCGS

Get Compliant With the BRCGS Issue 8


(System and Organization Controls) 2

This data protection standard from the AICPA, commonly held by IT service providers, requires that firms have a method where internal personnel and external users of the system can report potential fraud anonymously.

Get Compliant with SOC 2


(The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013) (UK)

All employers are bound to keep a record of health and safety incidents and near misses, and in serious cases to in-tern report these to the Health and Safety Executive.

Organisations in industries which carry higher risks, such as construction and manufacturing often deploy a confidential reporting system to detect and resolve breaches of health and safety policy.

Need more information?
Try here for a more in-depth definition of RIDDOR

Get Compliant With the RIDDOR


(European Union Aviation Security Agency) Regulation (EU) No 376/2014

This aviation safety regulation outlines mandatory and voluntary reporting of health and safety incidents and near misses.

Organisations involved in the aviation industry often deploy confidential reporting services in support of these reporting requirements.

Need more information?
Try here for a more in-depth definition of EASA

Get Compliant with EASA

SOX (Sarbanes-Oxley Act of 2002)

The Sarbanes-Oxley (SOX) Act requires all publicly traded companies implement a confidential, anonymous way for whistleblowers to inform the company of suspicious accounting practices.

Need more information?
Try here for a more in-depth definition of the Sarbanes-Oxley (SOX) Act

Get Compliant With the SOX

German Corporate Governance Code (DGCK)

The German Corporate Governance Code encourages organisations to establish protected reporting channels for employees to report suspected illegal activity.

Need more information?
Try here for a more in-depth definition of the German Corporate Governance Code

Get Compliant with DGCK


Under French anti-corruption legislation organisations with over 50 employees should implement internal confidential reporting channels. There are enhanced requirements for organisations with over 500 employees.

There are substantial penalties for non-compliance, specifically relating to interference with the reporting process and disclosure of confidential information.

Need more information?
Try here for a more in-depth definition of SAPIN II

Get Compliant With the SAPPIN II

Market Abuse Regulation (MAR)

The EU introduced Market Abuse Regulation in 2016. These regulations are designed to combat practices such as insider dealing and market manipulation. MAR applies to all listed businesses in the UK and EU and requires such businesses to facilitate the receipt of whistleblowing reports.

These rules were on-shored to the UK as part of the Brexit process.

Get Compliant with MAR

UK Corporate Governance Code (2018)

Published by the Financial Reporting Council the UK Corporate Governance Code promotes the importance of establishing a corporate culture that is aligned with the company purpose, business strategy, promotes integrity and values diversity.

As such the code states that “There should be a means for the workforce to raise concerns in confidence and – if they wish – anonymously. The board should routinely review this and the reports arising from its operation. It should ensure that arrangements are in place for the proportionate and independent investigation of such matters and for follow-up action”.


Get Compliant With the UK Corporate Governance Code (2018)


BCorps are a group of businesses that have committed to business as a force for good.  Focusing on environmental, social and governance factors businesses must achieve a set standard in order to be certified as a BCorp.   

Organisations are able to benchmark themselves using a free confidential online tool

BCorps recommend implementing Whistleblowing arrangements to improve corporate governance and to safeguard work place conditions.  

Get Compliant with BCORP

Protected Disclosures (Amendment) Act 2022

On 1 January 2023, The Protected Disclosures (Amendment) Act 2022 was introduced: it implements EU Whistleblowing Directive and amends the original Protected Disclosures Act 2014. It widens the scope of protections for whistleblowers and mandates extra rigour for whistleblowing policy.

Need more information?
Try here for a more in-depth definition of the Protected Disclosures Act

Get Compliant with the Protected Disclosures (Amendment) Act 2022

Public Interest Disclosure Act (PIDA)

The Public Interest Disclosure Act (PIDA) was enacted in 1998 to protect employees who report wrongdoing in the workplace. PIDA provides legal protection to whistleblowers who disclose information about malpractice, corruption, or other illegal activities in their workplace. 

Need more information?
Try here for a more in-depth definition of the PIDA

Get Compliant with PIDA