Tag Archivewhistleblower platform

Whistleblower Protection Act (HinSchG)

The obligation to introduce a whistleblowing process at European level arises from Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law (“Whistleblowing Directive”). It must be implemented by the German legislator within two years of the Directive coming into force.

The EU Whistleblowing Directive and the resulting German Whistleblower Protection Act (HinSchG) require companies and church bodies with 50 or more employees to introduce an independent whistleblower system from December 18, 2023, through which employees, customers, business partners, authorities, citizens, etc. can provide confidential information about abuses in the company or church body. authorities, citizens, etc. can provide confidential information about irregularities in the company or church body. The possibility for whistleblowers to submit anonymous reports is only included in the law as an optional provision and is therefore no longer a legal obligation.

The whistleblowing system must be implemented via an external provider due to the possibility of confidential reports. Implementing the whistleblower system via the company’s own IT infrastructure does not ensure the confidentiality of the report, as the user can be identified via the IP address and login to the network.


Requirements of the Whistleblowing Directive

The Whistleblowing Directive includes the following requirements, which must be transposed into German law:

  • Companies and church bodies with more than 50 employees are obliged to take measures to protect whistleblowers and set up secure whistleblowing channels and clear reporting processes.
  • The identity of the whistleblower must always be kept secret.
  • Companies or church bodies can either set up and manage their reporting systems through a specially created internal department or commission an external third party to set up and operate the reporting system.
  • Within 7 days of receipt of the report by the reporting person, receipt of the report must be confirmed to the reporting person.
  • The company or the church office must inform the whistleblower in detail within 3 months of the report of how the report has been dealt with and what follow-up measures the company has planned and taken.
  • Whistleblowers must be protected against reprisals (sanctions) of any kind (e.g. suspension, dismissal, demotion or denial of promotion, coercion, intimidation, bullying or exclusion, but also non-renewal of fixed-term employment contracts, damage to reputation, etc.). The reporting of a whistleblower under the protection of the Directive does not constitute a breach of a contractual restriction on disclosure. Liability on any legal grounds whatsoever must be excluded. Whistleblowers should have the opportunity to obtain free and comprehensive information on the available legal remedies and procedures. They must be granted unhindered access to interim legal protection to prevent retaliation under labor law that has already occurred or is still imminent.
  • Not only employees are protected, but also interns, volunteers and the self-employed.
  • There is a reversal of the burden of proof. Previously, the employee/whistleblower had to prove the connection between the report and discrimination in the event of a dispute. Now, the employer/company must explain and, if necessary, prove the (deviating) reason for the alleged discrimination.
  • Internal whistleblowing no longer takes precedence over external whistleblowing. This means that the whistleblower does not have to report the information to the company or church office first, but can contact external offices directly.
  • Sanctions are envisaged for companies or church bodies that obstruct or at least attempt to obstruct reports, take reprisals or disclose the identity of the whistleblower without authorization.
  • In addition, a claim for damages is created for the whistleblower.

In order to maintain confidentiality vis-à-vis the whistleblower and due to the problem of the employer’s reversal of the burden of proof, we recommend not installing the internal whistleblowing office on the company’s or the church’s own IT resources, but instead using an external software solution. This can be made available to you by our law firm.


Services of our law firm

Our law firm can support you in fulfilling the legal requirements of the Whistleblower Protection Act and the Supply Chain Due Diligence Act by providing the following services:

  • Assumption of the function of the internal reporting office in accordance with the Whistleblower Protection Act and the Supply Chain Due Diligence Act
  • Provision of a whistleblower platform for receiving and managing reports from whistleblowers
  • Presentation of the whistleblower platform to the specialist departments, the works council or the employee representatives
  • Preparation of an information letter to employees on the outsourced internal reporting office
  • Creation of a privacy policy for the internal reporting office
  • Appointment of a coordinator in the company or church office who works together with the law firm
  • Legal assessment of whether the scope of application of the aforementioned laws is open
  • Confirmation of receipt of the notification to the notifying person within 7 days
  • Implementation of follow-up measures within a further 3 months
  • Deadline control and monitoring via the whistleblower platform
  • Maintaining the confidentiality of the reporting persons
  • Statistics and reports on the notifications received from whistleblowers

We can offer you a standardized electronic reporting platform that implements both the reporting categories from the Whistleblower Protection Act and those from the Supply Chain Due Diligence Act.

If you have any further questions, please contact our law firm using the contact details provided.



Supply Chain Act

The Supply Chain Duty of Care Act, or Supply Chain Act for short, was passed by the German Bundestag on June 11, 2021 and regulates corporate responsibility for compliance with human rights in global supply chains. This includes, for example, protection against child labor, the right to fair wages and environmental protection.

The law is intended to improve the international human rights situation by setting out requirements for the responsible management of supply chains, with due diligence obligations graded according to the companies’ or branches’ ability to exert influence. The law is applicable from January 1, 2023 for companies based in Germany and companies with a branch office pursuant to Section 13 d HGB with at least 3,000 employees in Germany. From January 1, 2024, companies with at least 1,000 employees in Germany will be covered.

The due diligence obligations of the company or church body relate to its own business area and direct suppliers. Indirect suppliers are subject to an event-driven due diligence obligation, i.e. companies must only take action if there are substantiated indications of possible legal violations in the supply chain.

The due diligence obligations must be exercised by the company or the authorized body along the chain of activity. The activity chain only includes the activities of downstream business partners insofar as they carry out the distribution, storage and disposal of the product for the company.

Companies must define a plan to ensure that the company’s business model and strategy are compatible with the transition to a sustainable economy and limiting global warming to 1.5°C in accordance with the Paris Agreement. If climate change has been identified as a principal risk or impact of the company’s activities, companies must include emissions reduction targets in their plan. The link to management’s variable remuneration has been maintained.

As a last resort, companies must terminate business relationships with the companies concerned if negative impacts on human rights and the environment have occurred or threaten to occur.

Financial penalties can amount to up to 5% of the company’s global net turnover.


What obligations do companies and church bodies have?

Establishment of risk management

Companies or church bodies must set up a procedure that identifies (potential) negative impacts of business activities on human rights. This represents the core of corporate due diligence. Companies and church bodies must also define internal company or church responsibilities and ensure that regular risk analyses are carried out.

Adoption of a declaration of principles on respect for human rights

Companies or ecclesiastical bodies must submit a written declaration of principles by the management of the company or ecclesiastical body stating that the company or ecclesiastical body fulfills its responsibility to respect human rights.

Anchoring preventive measures and taking corrective action

Based on the results of the risk analysis, measures to avert potential and actual negative effects should be identified and integrated into business activities. Such measures may include, for example, training employees and suppliers, adapting management processes and joining industry initiatives.

The establishment of a complaints procedure

Companies or ecclesiastical bodies are obliged to set up an internal or external whistleblower office for reporting grievances in accordance with the Supply Chain Due Diligence Act so that people can report possible adverse effects of the company’s or ecclesiastical body’s business activities on human rights.

Documentation and reporting

Companies and church bodies must document the fulfillment of due diligence obligations internally on an ongoing basis. An annual report on the fulfillment of its due diligence obligations in the previous financial year must be prepared and published on the company’s or church body’s website.


Services of our law firm

Our law firm can support you in fulfilling the legal requirements of the Whistleblower Protection Act and the Supply Chain Due Diligence Act by providing the following services:

  • Assumption of the function of the internal reporting office in accordance with the Whistleblower Protection Act and the Supply Chain Due Diligence Act
  • Provision of a whistleblower platform for receiving and managing reports from whistleblowers
  • Presentation of the whistleblower platform to the specialist departments, the works council or the employee representatives
  • Preparation of an information letter to employees on the outsourced internal reporting office
  • Creation of a privacy policy for the internal reporting office
  • Appointment of a coordinator in the company or church office who works together with the law firm
  • Legal assessment of whether the scope of application of the aforementioned laws is open
  • Confirmation of receipt of the notification to the notifying person within 7 days
  • Implementation of follow-up measures within a further 3 months
  • Deadline control and monitoring via the whistleblower platform
  • Maintaining the confidentiality of the reporting persons
  • Statistics and reports on the notifications received from whistleblowers

We can offer you a standardized electronic reporting platform that implements both the reporting categories from the Whistleblower Protection Act and those from the Supply Chain Due Diligence Act.

If you have any further questions, please contact our law firm using the contact details provided.