What are the key Whistleblower obligations for EU businesses?

Establish secure internal reporting channels. Acknowledge reports within 7 days. Follow up within 3 months. Protect reporter identity. Prohibit all forms of retaliation.

What is the maximum fine for Whistleblower non-compliance?

The maximum fine under Whistleblower is Per member state.

When does Whistleblower apply or what is the enforcement deadline?

Whistleblower deadline: December 17, 2023 (50+ employee entities).

Whistleblower Directive

The Whistleblower Directive protects persons who report breaches of EU law. It requires organisations with 50+ employees to establish internal reporting channels and prohibits retaliation.

What does Whistleblower require and when does it apply?

Whistleblower applies to All private sector (50+ employees) and Public Sector organisations across all EU member states. The key deadline is December 17, 2023 (50+ employee entities). Non-compliance carries a maximum penalty of Per member state. Core obligations include establish secure internal reporting channels and acknowledge reports within 7 days.

Establish secure internal reporting channels
Acknowledge reports within 7 days
Follow up within 3 months
Protect reporter identity
Prohibit all forms of retaliation

Deadline	December 17, 2023 (50+ employee entities)
Max fine	Per member state
Primary sectors	All private sector (50+ employees), Public Sector, Financial Services

Source: Official Journal of the EU — Whistleblower DirectiveReviewed: 2026-05-01

TL;DR

Whistleblower: Per member state max fine

Whistleblower applies to All private sector (50+ employees) and Public Sector organisations in all EU member states. Key deadline: December 17, 2023 (50+ employee entities).

Source: Official Journal of the European Union — Whistleblower Directive

Deadline

December 17, 2023 (50+ employee entities)

Max Fine

Per member state

Sectors Affected

All private sector (50+ employees), Public Sector, Financial Services

Per member statemaximum fine

The highest penalty for non-compliance with Whistleblower in the EU.

EU Official Journal

How do I comply with Whistleblower?

Establish secure internal reporting channels
Acknowledge reports within 7 days
Follow up within 3 months
Protect reporter identity
Prohibit all forms of retaliation

Does Whistleblower apply to your business?

Find out in 2 minutes with our free regulation checker.

Check now — free

Related Regulations

AI Act

The EU AI Act classifies AI systems by risk level and imposes obligations on providers and deployers. High-risk systems face mandatory conformity assessments, documentation, and human oversight requirements.

GDPR

GDPR governs the processing of personal data of EU residents. It requires lawful basis for processing, data subject rights, breach notification, and accountability measures.

NIS2

NIS2 expands cybersecurity obligations to essential and important entities across critical sectors. It mandates risk management, incident reporting, and supply chain security.

Next step — classify

Classify your AI systems

Use the free regulation checker to find out exactly which Whistleblower obligations apply to your business in 2 minutes.