New regulation on Whistleblowing

30 March 2023 2 min read

By Tommaso Erboli

At a glance

  • On 15 March 2023, Legislative Decree no. 24 dated 10 March 2023 (the Decree) was published in the Italian Official Gazette, implementing the Whistleblowing Directive.
  • The Decree will be effective as of 15 July 2023. Below, we provide more detail on what the new law sets out.

Who does the new law apply to?

The Decree applies to all legal entities of the public sector and all legal entities of the private sector that:

  • Staff more than 50 employees; or
  • Staff less than 50 employees and operates in the European regulated markets (e.g. financial markets, credits); or
  • Voluntary decide to apply the regulation.

What must employers do?

Pursuant to newly introduced regulation employers must adopt a proper reporting channel by 15 July 2023 (when an average of more than 249 employees is employed) or 17 December 2023, when such threshold is not met.

The purpose of the Decree is to establish a minimum standard of protection for whistleblowers, who are employees, self-employed workers, consultants, and other individuals who report and disclose violations of EU and / or national law that affect public or private interests within their work context.

Previously, whistleblowing legislation was primarily concerned with entities that had an organisational model pursuant to Legislative Decree 231/2001. However, this provision has now been superseded, and now – as indicated above – the decree provides that whistleblower’s protection needs to be related to the size of the company or the sector in which it operates.

In addition, the decree provides for various reporting channels, including an internal reporting channel, which allows reports to be made in writing or orally, and an external reporting channel managed by ANAC (National Anti-Corruption Authority). The ANAC can be used if the internal channel is not activated or does not comply with the law, or if the whistleblower fears retaliation for using the internal channel. The possibility of public disclosure through the press or by electronic means capable of reaching multiple individuals is also provided.

Data protection

Finally, the decree explicitly refers to the protection of the personal data of whistleblowers / reported person, and compliance with the GDPR in the reporting procedure.

Protections are not limited to reporters 

It is essential to note that these protection measures are also extended to so-called "facilitators," such as colleagues, relatives, or stable relatives of the person who reported.

Failure to establish reporting lines

Administrative fines ranging between EUR 10,000 and EUR 50,000 apply to companies that do not establish whistleblowing channels and procedures within the mandatory timeframe indicated above. Administrative fines between EUR 500 and EUR 2,500 are also applied to whistleblowers in the event of false reports.

More to explore

EU Whistleblower Protection Directive: Practical implementation considerations

EU Whistleblower Protection Directive: Practical implementation considerations

17 December 2023, the deadline for medium-sized companies to implement internal reporting channels under the Whistleblower Protection Directive, is fastapproaching. 

Supreme Court ruling on whistleblowing

Supreme Court ruling on whistleblowing

The Supreme Court addressed whether an e-mail sent from an employee representative to a manager in the company, constituted whistleblowing under the Working Environment Act.

SEC steps up enforcement of rule 21F-17 Whistleblower Protections

SEC steps up enforcement of rule 21F-17 Whistleblower Protections

Based on recent enforcement activity by the Securities and Exchange Commission, employers are encouraged to review their agreements, policies, and procedures to ensure they do...

The Whistleblowing Protection Act now in force

The Whistleblowing Protection Act now in force

The new Whistleblowing Protection Act came into force on 2 July 2023.

Whistleblowing - update on broadened protection for whistleblowers

Whistleblowing - update on broadened protection for whistleblowers

As of 1 July 2023, Slovakia introduced significant changes to its existing whistleblowing regulations extending the protection of whistleblowers by transposing Directive (EU) 2019/1937...

Whistleblower Protection Act

Whistleblower Protection Act

On 7 June 2023, the President of the Czech Republic signed the government bill on protection for whistleblowers which is set to enter into force on 1 August 2023. We provide further...