The obligation to introduce a whistleblowing process at European level arises from Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law (“Whistleblowing Directive”). It must be implemented by the German legislator within two years of the Directive coming into force.
The EU Whistleblowing Directive and the resulting German Whistleblower Protection Act (HinSchG) require companies and church bodies with 50 or more employees to introduce an independent whistleblower system from December 18, 2023, through which employees, customers, business partners, authorities, citizens, etc. can provide confidential information about abuses in the company or church body. authorities, citizens, etc. can provide confidential information about irregularities in the company or church body. The possibility for whistleblowers to submit anonymous reports is only included in the law as an optional provision and is therefore no longer a legal obligation.
The whistleblowing system must be implemented via an external provider due to the possibility of confidential reports. Implementing the whistleblower system via the company’s own IT infrastructure does not ensure the confidentiality of the report, as the user can be identified via the IP address and login to the network.
Requirements of the Whistleblowing Directive
The Whistleblowing Directive includes the following requirements, which must be transposed into German law:
In order to maintain confidentiality vis-à-vis the whistleblower and due to the problem of the employer’s reversal of the burden of proof, we recommend not installing the internal whistleblowing office on the company’s or the church’s own IT resources, but instead using an external software solution. This can be made available to you by our law firm.
Services of our law firm
Our law firm can support you in fulfilling the legal requirements of the Whistleblower Protection Act and the Supply Chain Due Diligence Act by providing the following services:
We can offer you a standardized electronic reporting platform that implements both the reporting categories from the Whistleblower Protection Act and those from the Supply Chain Due Diligence Act.
If you have any further questions, please contact our law firm using the contact details provided.
The Supply Chain Duty of Care Act, or Supply Chain Act for short, was passed by the German Bundestag on June 11, 2021 and regulates corporate responsibility for compliance with human rights in global supply chains. This includes, for example, protection against child labor, the right to fair wages and environmental protection.
The law is intended to improve the international human rights situation by setting out requirements for the responsible management of supply chains, with due diligence obligations graded according to the companies’ or branches’ ability to exert influence. The law is applicable from January 1, 2023 for companies based in Germany and companies with a branch office pursuant to Section 13 d HGB with at least 3,000 employees in Germany. From January 1, 2024, companies with at least 1,000 employees in Germany will be covered.
The due diligence obligations of the company or church body relate to its own business area and direct suppliers. Indirect suppliers are subject to an event-driven due diligence obligation, i.e. companies must only take action if there are substantiated indications of possible legal violations in the supply chain.
The due diligence obligations must be exercised by the company or the authorized body along the chain of activity. The activity chain only includes the activities of downstream business partners insofar as they carry out the distribution, storage and disposal of the product for the company.
Companies must define a plan to ensure that the company’s business model and strategy are compatible with the transition to a sustainable economy and limiting global warming to 1.5°C in accordance with the Paris Agreement. If climate change has been identified as a principal risk or impact of the company’s activities, companies must include emissions reduction targets in their plan. The link to management’s variable remuneration has been maintained.
As a last resort, companies must terminate business relationships with the companies concerned if negative impacts on human rights and the environment have occurred or threaten to occur.
Financial penalties can amount to up to 5% of the company’s global net turnover.
What obligations do companies and church bodies have?
Establishment of risk management
Companies or church bodies must set up a procedure that identifies (potential) negative impacts of business activities on human rights. This represents the core of corporate due diligence. Companies and church bodies must also define internal company or church responsibilities and ensure that regular risk analyses are carried out.
Adoption of a declaration of principles on respect for human rights
Companies or ecclesiastical bodies must submit a written declaration of principles by the management of the company or ecclesiastical body stating that the company or ecclesiastical body fulfills its responsibility to respect human rights.
Anchoring preventive measures and taking corrective action
Based on the results of the risk analysis, measures to avert potential and actual negative effects should be identified and integrated into business activities. Such measures may include, for example, training employees and suppliers, adapting management processes and joining industry initiatives.
The establishment of a complaints procedure
Companies or ecclesiastical bodies are obliged to set up an internal or external whistleblower office for reporting grievances in accordance with the Supply Chain Due Diligence Act so that people can report possible adverse effects of the company’s or ecclesiastical body’s business activities on human rights.
Documentation and reporting
Companies and church bodies must document the fulfillment of due diligence obligations internally on an ongoing basis. An annual report on the fulfillment of its due diligence obligations in the previous financial year must be prepared and published on the company’s or church body’s website.
Services of our law firm
Our law firm can support you in fulfilling the legal requirements of the Whistleblower Protection Act and the Supply Chain Due Diligence Act by providing the following services:
We can offer you a standardized electronic reporting platform that implements both the reporting categories from the Whistleblower Protection Act and those from the Supply Chain Due Diligence Act.
If you have any further questions, please contact our law firm using the contact details provided.