Protection of whistleblowers in Poland

Whistleblower Protection – Draft Act

The legislative agenda of the Council of Ministers includes a new version (dated 4 August 2022) of the draft so-called Whistleblower Protection Act, i.e. the Act on the Protection of Persons Reporting Legal Violations. The aim of its adoption is to implement Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law (OJ EU L 305, 26.11.2019, p. 17) into Polish law. The deadline for transposing the Directive into the legal systems of Member States expired almost a year ago, on 17 December 2021. The European Commission has issued opinions to some EU countries requesting clarification on this matter. The amendment will impose an obligation on entrepreneurs to implement a special protection system for so-called whistleblowers – persons who report or publicly disclose information about breaches of the law obtained in a work-related context.
Offer: Labour Law Advisory Services

Whistleblower Protection – Who Does It Concern?

Recall that the obligation to introduce an internal reporting procedure will apply to private entities for which at least 50 people perform work. Exceptions apply to private entities operating in the fields of financial services, products and markets, anti-money laundering and counter-terrorism financing, as well as transport security and environmental protection. Entities operating in these fields will be required to implement the procedure regardless of the number of employees. However, the drafters envisage varying levels of statutory obligations depending on the number of employees. Private entities employing between 50 and fewer than 250 persons must establish internal procedures by 17 December 2023. Entities employing more than 250 persons, or providing the aforementioned services, will need to comply within two months from the entry into force of the amendment.

Who is a Whistleblower under the Act?

The new version of the draft expands the statutory definition of a person reporting violations. Article 4 provides that the Act applies to a natural person who reports or publicly discloses information about a breach of law obtained in a work-related context, including:

1. an employee,
2. a temporary worker,
3. a person performing work other than under an employment relationship, including under a civil law contract,
4. an entrepreneur,
5. a shareholder or partner,
6. a member of a governing body of a legal person or organisational unit without legal personality,
7. a person working under the supervision and direction of a contractor, subcontractor, or supplier, including under a civil law contract,
8. an intern,
9. a volunteer,
10. a trainee,
11. a law enforcement officer as defined in Article 1(1) of the Act of 18 February 1994 on pension provision for Police officers, the Internal Security Agency, the Intelligence Agency, the Military Counterintelligence Service, the Military Intelligence Service, the Central Anti-Corruption Bureau, the Border Guard, the Marshal’s Guard, the State Protection Service, the State Fire Service, the Customs and Tax Service, and the Prison Service, as well as their families,
12. a professional soldier as defined in Article 2(39) of the Act of 11 March 2022 on Homeland Defence,

What Violations May Whistleblowers Report?

According to Article 3 of the draft, a breach is any action or omission contrary to the law or aimed at circumventing the law relating to:

1. public procurement;
2. financial services, products and markets;
3. anti-money laundering and counter-terrorism financing;
4. product safety and compliance;
5. transport safety;
6. environmental protection;
7. radiological protection and nuclear safety;
8. food and feed safety;
9. animal health and welfare;
10. public health;
11. consumer protection;
12. privacy and personal data protection;
13. security of network and information systems;
14. the financial interests of the European Union;
15. the EU internal market, including competition rules, state aid, and corporate taxation.

A legal entity may additionally establish the reporting of violations concerning internal regulations or ethical standards adopted by that entity under generally applicable law and consistent with it.

Anonymous Reports

The drafters have decided not to introduce the possibility of anonymous internal or external reporting. According to the draft’s justification, this decision is based on practical considerations such as the risk of excessive influence from incidental or low-value information with little actual impact on preventing violations, and difficulties in obtaining additional information from the reporter when initial information is incomplete but significant. Anonymous reports could also complicate proving the connection between the information provided and the reporter in any proceedings. Other reasons include the costs and organisational burden of processing numerous potentially worthless reports within established reporting mechanisms.
This means that for an effective report, the reporting person must provide identifying information allowing contact. Anonymous reports will not be subject to the Act’s requirements and may be disregarded, including those submitted to the Ombudsman. While anonymous reporting is not excluded entirely, should an entity choose to allow anonymous reports, it must include appropriate provisions in its internal reporting procedure.

Personal Data Processing

Compared to previous versions, the provision regarding the obligation to promptly delete personal data after processing by an external entity authorised to receive reports has been amended. According to the new wording of Article 28(1), the issue of data deletion will be agreed upon in the contract between the data controller and the external entity authorised to receive reports.

Whistleblower Protection – Employer Obligations

We have already informed on the firm’s website about the upcoming obligations for employers under the forthcoming amendment. The most important include the prohibition of retaliation against whistleblowers and the requirement to establish an internal procedure for handling reports of violations.

Prohibition of Retaliation against Whistleblowers

The primary employer obligation is negative in nature. Pursuant to Article 10 of the Act, an employer may not undertake retaliatory measures against a whistleblower who reports a violation. Such measures are defined as direct or indirect actions or omissions caused by the report or public disclosure, which infringe or may infringe the reporter’s rights or cause or may cause harm to the reporter.
According to Article 11, if the work is or is to be performed under an employment relationship, the reporter must not be treated detrimentally because of their report or public disclosure.

Detrimental treatment, in particular, includes:

1. refusal to establish an employment relationship,
2. termination or dismissal without notice,
3. failure to conclude a fixed-term employment contract after a probationary contract, failure to conclude a subsequent fixed-term or indefinite contract if the employee had a justified expectation of such a contract,
4. reduction of remuneration,
5. withholding or omission of promotion,
6. withholding other employment-related benefits,
7. transfer to a lower position,
8. suspension from duties,
9. assignment of duties to another employee,
10. unfavourable change of work location or working hours,
11. negative performance assessment or work opinion,
12. disciplinary measures, including fines or similar penalties,
13. exclusion or omission from training opportunities to improve qualifications,
14. unjustified referral to medical examinations, including psychiatric exams, where allowed by separate provisions,
15. actions aimed at hindering future employment in a given sector or industry based on informal or formal sectoral or industry agreements.

Threats or attempts to apply these measures also constitute detrimental treatment, unless the employer proves objective reasons for their actions.

Internal Reporting Procedure

The internal reporting procedure must specify:

1. the internal organisational unit or person within the entity’s structure, or an external entity authorised to receive reports;
2. methods for submitting reports, including the reporter’s correspondence or email address (“contact address”);
3. an impartial internal organisational unit or person authorised to undertake follow-up actions, including verifying the report and further communication with the reporter, possibly the same unit/person as in point 1, if impartiality is ensured;
4. the obligation to confirm receipt of the report within 7 days, unless the reporter does not provide a contact address for confirmation;
5. the obligation to take follow-up actions diligently by the unit/person from point 3;
6. a maximum deadline for providing feedback to the reporter, not exceeding 3 months from confirmation or, if no confirmation is sent, 3 months from 7 days after the report, unless no contact address is given;
7. a system of incentives to encourage use of the internal procedure where the breach can be effectively addressed internally and no risk of retaliation exists;
8. clear and easily accessible information on external reporting to the Ombudsman or public authorities, and where relevant, EU institutions or bodies.

The internal procedure may include additional elements, such as identifying risk factors related to the entity’s activities that could lead to breaches, particularly regulatory or corruption risks. Whistleblowers will also have the right to make external reports regardless of the internal procedure, addressed to the Ombudsman and public authorities.
We will keep you updated on further developments in the legislative process. Due to pressure from the European Commission, the process is expected to proceed quite rapidly. It is therefore advisable to begin organising an appropriate internal reporting procedure and compliance with the rest of the forthcoming amendment now. Please feel free to contact the experts at ATL LAW Anna Błaszak Legal Adviser’s Office. ATL LAW lawyers provide comprehensive legal assistance to employers in all areas related to human resources management and labour law. We deliver tailor-made solutions covering all aspects relevant to your company’s business goals and operational specifics, ensuring legal security.