Skip Nav
DONATE NOW

Evaluating European Whistleblower Protection

Evaluating European Whistleblower Protection: Taking stock on the EU Directive on Whistleblowing – The Good, the Bad, and the Ugly Risk of Revision

Date published: 21 April 2026
Authored by: Ida Nowers and Marie Terracol

 

A Critical Moment for Whistleblower Protection – The Evaluation Kicks Off

The future of whistleblower protection in Europe is now open for debate, and the outcome is far from guaranteed.

In August 2025, the European Commission opened a public consultation on its action plan on whistleblower protection, kicking off its formal evaluation of the EU Whistleblowing Directive. A questionnaire was published to receive feedback online between 28 January and 22 April 2026, with stakeholder consultation also underway as consultants gather qualitative data from a wide variety of actors.

👉 Have your say here: https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14468-Whistleblower-Protection-Directive-evaluation/public-consultation_en

This is a rare and important opportunity for practitioners, civil society, and whistleblowers themselves to shape what comes next. And the stakes are high – because at stake is not just whether the Directive will be improved, but whether it could be weakened.

The Risk: From Progress to Rollback

Early signals suggest that the evaluation could open the door to legislative revision. In the current political climate, this carries real risks.

The political composition of the European Commission has changed, and there is a broader EU movement to reduce administrative burdens. In this context, whistleblowing obligations, particularly requirements on companies to establish internal reporting channels, may be framed as excessive regulation.

  • It is anticipated that business actors may push for revisions that weaken protections, including raising the threshold for establishing internal reporting channels from 50 to 250 employees and reducing compliance obligations under the banner of “simplification”
  • At the same time, it is widely accepted that the Directive itself is not the core problem. The real challenges lie in uneven and incorrect transposition, weak and inconsistent implementation, and lack of enforcement and support systems

Reopening the Directive risks addressing the wrong problem, and potentially dismantling protections that are already in place. Indeed, deficiencies in the Directive’s text are generally considered secondary. Amending the Directive may therefore do little to address the core issues. There is also concern that reopening the Directive could lead to a weakening of existing protections rather than strengthening them.

A Better Way Forward

Rather than reopening the Directive, the priority should be to make it work in practice.

There is increasing recognition that the most effective path forward is a dual approach: strengthening implementation through non-legislative measures at the EU level, while pursuing targeted legislative improvements at the national level.

To achieve this, the European Commission should:

  • Ensure consistent implementation through clear guidance, including guidelines, FAQs, and practical toolkits for Member States and practitioners
  • Use infringement procedures where necessary to address incorrect or incomplete transposition
  • Clarify key provisions, particularly on remedies (including full compensation), the burden of proof (ensuring no link to the whistleblower’s motive or reporting pathway), effective, proportionate and dissuasive penalties, access to confidential advice
  • Strengthen transparency and oversight by publishing annual Member State data under Article 27, promoting more granular and gender-disaggregated data collection, and integrating whistleblowing into the EU Rule of Law Cycle
  • Support implementation in practice by adequately resourcing the Commission services responsible for monitoring the Directive, and funding civil society organisations that provide advice and assistance to whistleblowers

In short, the focus should be on delivery, not dilution.

Why Your Input Matters

The Commission’s evaluation is not a purely technical exercise, it is a political process shaped by the voices that participate. Initial feedback already highlights serious concerns. Of the 74 submissions received during the call for evidence, more than half came from individual whistleblowers, many describing negative experiences when reporting wrongdoing (most of which were from Ireland).

Without strong input from civil society, practitioners, and affected individuals, there is a real risk that the narrative will shift toward deregulation rather than protection.

A Directive Worth Defending

The EU Directive on the protection of persons reporting breaches of Union law (Dir(EU)2019/1937) was adopted in late 2019. Despite a two-year deadline for Member States to transpose its minimum standard requirements into national law, it took almost four years and several months for all 27 countries to adopt new legislation – a process that required infringement proceedings, court referrals and, in some cases, financial conditionality to complete.

Read more: Are you EU Governments taking whistleblower protection seriously?

Transposing ‘Groundbreaking’ Rules across Diverse Systems

To track progress and enable EU citizens to hold their governments to account, the Whistleblowing International Network created the EU Whistleblowing Monitor in 2020. Civil society advocates, unions and others published tools and guides from legal memos (see WIN legal briefing series) on key issues to comprehensive assessment frameworks (see Transparency International’s Methodology for Assessing Whistleblower Protection Legislation) – and NGOs produced draft template laws (see Xnet template whistleblowing law) reflecting best practice. The EU convened a Commission Expert Group, which met ten times between 2020 and 2024 to support Member States through the process.

The Commission acted swiftly on delays, initiating infringement proceedings against most Member States and referring multiple countries to the Court of Justice of the EU. In July 2024, it published its first assessment of implementation, identifying significant areas of non-compliance: member states had restricted the material and personal scope of the law, narrowly interpreted key standards, imposed conditions limiting the freedom to report directly to external authorities, and – in direct contravention of the Directive’s text – made protection conditional on the whistleblower’s motive for reporting.

Read more: Conformity Check: Official Report on EU Whistleblower Protection Directive

Enforcement by way of further infringement proceedings (to the CJEU) could be initiated at any time. Separately from official infringement proceedings to address non-conformity, the Commission has been able to address key flaws in national laws by other methods, from informal feedback to withholding funds, where whistleblower protection was required under national recovery plans, as it reportedly was in Slovakia and Romania

Civil societies respond to EU governments’ efforts

As laws were adopted, analysis of these efforts began. There was somewhat scathing criticism by some, and quiet optimism by others. Generally, there was disappointment that recommendations made by advocates were not heeded, and the list of concerns built up. Eventually, some took matters into their own hands, with NGOs in Germany and Hungary making formal complaints to the European Commission.

Read more: Blowing the Whistle to protect Whistleblowers in Europe

Read more: How well do EU countries protection whistleblowers: Assessing the transposition of the EU Directive on whistleblowing

Despite the uneven picture, there is genuine progress worth acknowledging. The Directive is generally regarded as a landmark achievement. The International Bar Association 2021 assessment of global whistleblowing laws found it in joint first place with Australia and the US scoring 16 out of 20 best practice criteria. Impressive, yet still some improvement to me made to make up those four lost points.

Six years on, all 27 member states have adopted transposing legislation — a feat that required infringement proceedings, court referrals and, in some cases, financial conditionality, but which has nonetheless resulted in a common legal baseline where none existed before (only eight Member States had previously adopted comprehensive dedicated legislation.)

So what makes it strong? The Directive casts a deliberately wide net. It covers both the public and private sectors, and extends protection well beyond the traditional employee-employer relationship – reaching contractors, volunteers, board members, former workers and even job applicants. Crucially, it also protects those who assist whistleblowers, and individuals or legal entities connected with them.

Protection under the Directive does not hinge on why someone reported. Motive is irrelevant (contrary to many laws and institutional policies around the globe) – a deliberate and important design choice. Confidentiality is strongly protected, with clear and limited exceptions and a requirement to notify the whistleblower in advance if their identity must be disclosed. Anonymity is also protected: Whilst the EU political stopped short of mandating anonymous reports (which are controversial in post-authoritarian countries for obvious reasons), individuals who report anonymously and are subsequently identified retain their right to protection.

The Directive prohibits any form of retaliation – including threats and attempts – and provides a long, non-exhaustive list of what that covers. It creates a presumption of retaliation when a whistleblower suffers detriment, and provides for interim relief to maintain their professional and financial position while proceedings are ongoing. It also prevents employers from contracting out of these rights through loyalty clauses or non-disclosure agreements.

On the remedies side, the framework foresees legal and financial assistance, as well as access to free, comprehensive and independent advice. Whistleblowers can report internally or go directly to a competent authority – and in certain circumstances, are protected for going public. Organisations and authorities are obliged to follow up on reports and keep the whistleblower informed within a reasonable timeframe.

And, in practice – from the flavor of implementation we currently have – including through the collaboration of TI chapters and country editors supporting the EU Whistleblowing Monitor – the picture is not uniformly bleak. Internal reporting systems have become significantly more widespread across both the public and private sectors, with evidence from some member states pointing to real increases in reporting volumes since the Directive came into force. A small number of countries have developed institutional models that go beyond minimum requirements – establishing dedicated whistleblower protection authorities, integrating civil society into the support ecosystem, and publishing detailed annual data that enables meaningful public scrutiny. Some courts have begun to interpret protections expansively, operationalising the Directive’s intent even where national legislation falls short of its letter. Public support for whistleblowing authorities also seems to be growing, at least in some countries. And in a handful of notable cases, significant penalties for retaliation have been handed down – demonstrating that the framework can have real teeth when correctly applied.

The bad – where protection falls short

No framework is perfect, and the Directive is no exception. Those four missing points in the IBA assessment point to real gaps in the text itself – gaps that have consequences for how protection operates even where transposition has been carried out with good intent.

The Directive’s material scope is tied to breaches of EU law, which leaves significant areas of potential wrongdoing outside its reach. National corruption, misconduct that falls outside the enumerated policy areas, and many of the issues that whistleblowers in practice most commonly encounter – workplace fraud, misuse of public funds at the local level, or breaches of purely national law – may not be covered. Member states can go further, but are not required to.

On remedies, the Directive stops short of mandating reinstatement or specifying what full compensation must look like in practice. The “make-whole” principle is implied rather than spelt out, leaving member states with significant discretion – and in several cases, that discretion has been used to limit rather than extend redress. The Directive encourages financial assistance and psychological support for whistleblowers but does not make them mandatory, meaning these protections exist at the margins of the framework rather than at its core.

The reversal of the burden of proof – one of the Directive’s most important innovations – is framed in language loose enough to be misread or misunderstood. The requirement that retaliatory measures be based on “duly justified grounds” has proven ambiguous in practice, and could leave unfair dismissal protection weak-if-not empty in practice (where the employer can create another reason to dismiss) and whistleblowers still carrying a significant evidential burden.

The Directive also stops short of requiring member states to protect legal persons – such as civil society organisations – that provide advice and support to whistleblowers. Only natural persons acting as facilitators are explicitly covered, leaving the CSOs that fill critical gaps national systems without guaranteed protection (at least in most member states.)

Finally, the Directive does not require the designation of a single national authority responsible for oversight and enforcement. The result, across much of the EU, is a fragmented institutional landscape with unclear mandates, inconsistent practice and limited accountability – a structural weakness that the text itself created space for.

These are not arguments for abandoning the Directive. They are arguments for being precise about what needs fixing – and honest that the text, however groundbreaking, left some doors open that have since been walked through in the wrong direction.

The Ugly: The Risk of Getting This Wrong

So where does this leave us? The Directive is imperfect – but it is genuinely groundbreaking, hard-won and, for many whistleblowers across Europe, the only meaningful protection that exists. The gaps in the text are real, but they are secondary to the much larger problem of how the Directive has been transposed and applied in practice. Fragmented institutions, inaccessible remedies, ambiguous burden of proof provisions, absent data and underfunded civil society support – these are failures of implementation, not of the framework itself.

The evaluation now underway is an opportunity to address all of this. But it is also a risk. In the current political climate – with pressure to reduce regulatory burdens and a changed Commission, there is a real possibility that the evaluation becomes a vehicle for weakening protections rather than strengthening them. Raising the threshold for internal reporting channels, narrowing the scope, reducing compliance obligations: these are not hypothetical threats. They are already being discussed.

The evidence does not support revision. It supports enforcement. It supports clearer guidance. It supports adequate resourcing of the institutions and civil society organisations that make the law real for the people it is supposed to protect.

The public consultation closes on 22 April 2026. That is the moment to make this case – loudly, clearly and with evidence. The Directive is worth defending. But it will only be defended if the right voices show up.

👉 Have your say here: https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14468-Whistleblower-Protection-Directive-evaluation/public-consultation_en

 

Check out WIN’s Substack!