WHISTLER PROTECTION ACT – INTRODUCTION

On 24 June 2024, the Act on the Protection of Whistleblowers dated 14 June 2024 was published in the Journal of Laws. This Act implements the provisions of the Directive of 23 October 2019 on the protection of persons who report breaches of Union law, commonly referred to as the Whistleblowing Protection Directive. The provisions of the Act on the Protection of Whistleblowers will mostly come into force on 25 September 2024, with the exception of the regulations concerning external reports, which will apply three months later, i.e. from 25 December 2024. The new regulation brings new obligations and challenges for private companies and public entities. The Act on the Protection of Whistleblowers regulates, among other things: the conditions for granting protection to whistleblowers reporting or publicly disclosing information about breaches of law, measures for the protection of whistleblowers reporting or publicly disclosing information about breaches of law, and the rules for establishing an internal procedure for reporting information about breaches of law and taking follow-up actions.

Who is a whistleblower?

According to Article 4 of the Act on the Protection of Whistleblowers, a whistleblower is a natural person who reports or publicly discloses information about a breach of Union law obtained in a work-related context. This may include, among others, an employee, temporary worker, proxy, shareholder or partner, or a person performing work under a basis other than an employment relationship, including under a civil law contract. The regulations also apply when a person makes a relevant report or disclosure of information about a breach of law obtained in connection with work before the commencement of an employment relationship or other legal relationship forming the basis for the provision of work or services or holding a position within a legal entity or on behalf of that entity, or performing service in a legal entity, or even after the termination of such relationships.

What breaches of law can be reported?

Article 3(1) of the Act on the Protection of Whistleblowers states that a breach of law is an act or omission contrary to the law or intended to circumvent the law, concerning corruption, public procurement, services, products and financial markets, anti-money laundering and counter-terrorism financing, product safety and compliance with requirements, transport safety, environmental protection, radiological protection and nuclear safety, food and feed safety, animal health and welfare, public health, consumer protection, privacy and personal data protection, security of network and information systems, financial interests of the State Treasury of the Republic of Poland, local government units and the European Union, the internal market of the European Union, including public law rules on competition and state aid, and taxation of legal persons, constitutional freedoms and human and citizen rights — occurring in relations of the individual with public authorities and unrelated to the areas listed above. Additionally, it is worth noting that a legal entity may, within the framework of the internal reporting procedure, create the possibility of reporting information about breaches related to internal regulations or ethical standards established by the legal entity based on generally applicable law and consistent with it.
The provisions of the Act on the Protection of Whistleblowers shall not apply to information covered by the provisions on classified information and other information that may not be disclosed under generally applicable law for reasons of public security, professional secrecy of medical and legal professions, judicial deliberation secrecy, and criminal proceedings — with respect to secrecy of preparatory proceedings and court hearings conducted in camera.

Ways of reporting breaches

The regulation provides three possible ways of reporting breaches of law. After becoming aware of breaches covered by the scope of the Act, a whistleblower may report them through internal procedure, external procedure, or public disclosure. In the case of internal reporting, the whistleblower informs the legal entity at which they are employed or with which they have other remuneration-based relations. External reporting consists of directing the information to a public authority or the Commissioner for Human Rights. As a last resort, after meeting the conditions set out in the Act, the whistleblower may choose public disclosure. In this case, the whistleblower makes the information about the breach publicly known, bypassing the other reporting channels.

New obligations arising from the Act on the Protection of Whistleblowers

The new regulation imposes the obligation on certain private and public entities to develop and implement an internal procedure. This obligation applies to private and public entities employing at least 50 persons on 1 January or 1 July of a given year. This threshold includes not only employees under employment contracts but also other persons performing remunerated work under other bases, including contracts of mandate. The threshold does not apply to legal entities operating in the fields of services, products and financial markets, anti-money laundering and counter-terrorism financing, transport safety, and environmental protection covered by the relevant EU legislation. In such cases, regardless of the number of persons performing remunerated work, the entity must have an internal procedure. Other private entities may optionally develop and introduce a suitable whistleblowing process. When preparing and implementing the appropriate procedures, it is advisable to seek the assistance of a legal firm that can help draft the necessary documents and implement the procedure in compliance with the law, while addressing practical aspects important for every entrepreneur.
Regarding legal entities that are local government units, the obligations of the legal entity will be fulfilled by the organisational units of the local government units. It is worth noting that local government units will have the right to establish a joint internal reporting procedure within a shared service, provided that its distinctiveness and independence from the procedure for receiving external reports and taking follow-up actions is ensured. Organisational units of a municipality or county with fewer than 10,000 inhabitants will not be required to establish an internal procedure. In their case, the legislator has provided for voluntariness.