Italy

New regulation on Whistleblowing

30 March 2023 2 min read

By Tommaso Erboli

At a glance

  • On 15 March 2023, Legislative Decree no. 24 dated 10 March 2023 (the Decree) was published in the Italian Official Gazette, implementing the Whistleblowing Directive.
  • The Decree will be effective as of 15 July 2023. Below, we provide more detail on what the new law sets out.

Who does the new law apply to?

The Decree applies to all legal entities of the public sector and all legal entities of the private sector that:

  • Staff more than 50 employees; or
  • Staff less than 50 employees and operates in the European regulated markets (e.g. financial markets, credits); or
  • Voluntary decide to apply the regulation.

What must employers do?

Pursuant to newly introduced regulation employers must adopt a proper reporting channel by 15 July 2023 (when an average of more than 249 employees is employed) or 17 December 2023, when such threshold is not met.

The purpose of the Decree is to establish a minimum standard of protection for whistleblowers, who are employees, self-employed workers, consultants, and other individuals who report and disclose violations of EU and / or national law that affect public or private interests within their work context.

Previously, whistleblowing legislation was primarily concerned with entities that had an organisational model pursuant to Legislative Decree 231/2001. However, this provision has now been superseded, and now – as indicated above – the decree provides that whistleblower’s protection needs to be related to the size of the company or the sector in which it operates.

In addition, the decree provides for various reporting channels, including an internal reporting channel, which allows reports to be made in writing or orally, and an external reporting channel managed by ANAC (National Anti-Corruption Authority). The ANAC can be used if the internal channel is not activated or does not comply with the law, or if the whistleblower fears retaliation for using the internal channel. The possibility of public disclosure through the press or by electronic means capable of reaching multiple individuals is also provided.

Data protection

Finally, the decree explicitly refers to the protection of the personal data of whistleblowers / reported person, and compliance with the GDPR in the reporting procedure.

Protections are not limited to reporters 

It is essential to note that these protection measures are also extended to so-called "facilitators," such as colleagues, relatives, or stable relatives of the person who reported.

Failure to establish reporting lines

Administrative fines ranging between EUR 10,000 and EUR 50,000 apply to companies that do not establish whistleblowing channels and procedures within the mandatory timeframe indicated above. Administrative fines between EUR 500 and EUR 2,500 are also applied to whistleblowers in the event of false reports.

More to explore

ADGM has published a consultation on whistleblowing framework

United Arab Emirates

ADGM has published a consultation on whistleblowing framework

The ADGM has published a consultation paper on a proposed whistleblowing framework.

17 May 2024 1 min read
Pilot program on voluntary self-disclosure for individuals

United States

Pilot program on voluntary self-disclosure for individuals

Program to encourage disclosure of corporate crime likely to impact financial institutions and investmentfunds. 

2 July 2024 1 min read
Poland approves Whistleblower Protection Act

Poland

Poland approves Whistleblower Protection Act

Poland implements EU Whistleblower Directive.

27 June 2024 1 min read
Managing anonymous whistleblowing reports: internet consultation launched

Netherlands

Managing anonymous whistleblowing reports: internet consultation launched

The Dutch government is consulting on requirements for submission and processing of anonymous whistleblowingreports. 

16 April 2024 2 min read
EU Whistleblower Protection Directive: Practical implementation considerations

Europe

EU Whistleblower Protection Directive: Practical implementation considerations

17 December 2023, the deadline for medium-sized companies to implement internal reporting channels under the Whistleblower Protection Directive, is fastapproaching. 

20 November 2023 3 min read
Supreme Court ruling on whistleblowing

Norway

Supreme Court ruling on whistleblowing

The Supreme Court addressed whether an e-mail sent from an employee representative to a manager in the company, constituted whistleblowing under the Working Environment Act.

12 February 2024 2 min read