EU Whistleblower Directive, Poison Pill No. 3: National security loophole

The EU Council proposal (Art. 12, at 47) bans any public disclosures “where competent authorities establish that this threatens essential national security interests.” In practice, this means intelligence agencies could ban any public freedom of expression. It replaces the public’s right to know with a government right to cover up. This open-ended national security loophole is unprecedented in whistleblower laws that protect public freedom of expression. No other whistleblower law permits those accused of misconduct the discretion to cancel protection for public disclosures in any context.


1. The loophole is incompatible with the Directive’s purpose. A fundamental purpose of whistleblower laws is to permit and encourage exposure of institutional misconduct that betrays the public trust. The recital repeatedly reinforces the vital importance of the media for that goal. Of course defined, lawfully-classified information must be kept secret. For non-classified information, however, the importance of public exposure applies the most for national security misconduct that can have the most severe destructive consequences.

2. The loophole is unnecessary. Para. 21 of the recital, at 10, makes clear that “[n]ational security remains the sole responsibility of each Member State, in the fields of both defence and security.” The text, at 33, reaffirms, “This Directive shall not affect the responsibility of Member States to ensure national security.” The same applies to protection of classified information. (Id.) Those laws establish well-defined boundaries restricting release of national security information. There is no basis to replace well-established national security laws with open-ended discretion by intelligence officials to impose secrecy.

3. The loophole will be abused. This subjective standard would allow any competent authority, such as an intelligence agency, to gag any public whistleblowing it chooses, based solely on its unreviewable judgment call that the disclosure threatens national security. In the U.S. experience, those agencies have candidly declared that “virtually anything” can affect national security. In practice, that has meant anything threatening agency self-interest is a national security threat as well. Further, their un-reviewed subjective judgments sometimes have been caricatures of genuine national security. To illustrate, U.S. competent authorities have gagged whistleblowers from disclosing their birthdays or the addresses of U.S. government buildings.

Solution: The subjective standard must be replaced by an objective boundary – information that has been designated as classified. That is the boundary to restrict the public’s right to know which has passed muster under the rule of law. The loophole above should be modified to read “where the report contains information that has been properly designated as classified.” This specific wording is necessary to avoid unmarked or after-the-fact classifications.

EU Whistleblower Directive, Poison Pill No. 2: Liability shield loophole

One of the draft Directive’s most significant features is the shield on civil and criminal liability when the whistleblower makes a protected report. The Council’s proposal (Article 15, at 50) qualifies that there only is immunity if the whistleblower “had reasonable grounds to believe that the reporting or disclosure was necessary for revealing a breach pursuant to this Directive.”

This unprecedented new requirement would mean it is not safe to have engaged in “protected” speech. The whistleblower also must properly guess whether his or her disclosure was indispensable, and then again whether a court would agree. Otherwise, the whistleblower will be defenseless against criminal or civil prosecution.


It would be unprecedented in global whistleblower law to impose a second test for protection against retaliation – the importance of the whistleblower. To date protected speech always and only has depended on the credibility and significance of the whistleblower’s disclosure.

Continue reading

EU Whistleblower Directive, Poison Pill No. 1: New “lawful methods” prerequisite for protected speech

WIN are pleased to publish the first of three video bulletins about serious problems with the EU draft Directive on whistleblowing put together by Tom Devine and the Government Accountability Project (GAP). These videos and the accompanying text summarise key issues in the proposed directive and offer robust solutions to improve the Directive and enhance whistleblower protection in Europe.

The remaining videos will be published throughout the day so keep your eye on our website and Twitter feed!


The Directive includes a new precondition to qualify for protected speech and trigger anti-retaliation rights. It no longer will be enough to prove a reasonable belief of disclosing misconduct. The employee also must first prove that the knowledge or evidence was “lawfully acquired in the context of his or her work-related activities.” (Article 3 Definition, at 36).

This additional requirement for protection would be unprecedented in global whistleblower laws. Normally the issue is considered as part of an employer’s independent justification in the reverse burden of proof. This new structure means the whistleblower’s methods will be put on trial as the opening issue in every retaliation case. Whistleblowers would have to win that battle first, even to challenge retaliation.

Continue reading

EU whistleblowers still at risk: An Update

flag-3370970_1920WIN’s Legal Briefs have been updated to include a response to the EU Council which is now scrutinising the draft directive. This update highlights growing concern that the much welcome improvements to the EU draft directive recently voted through the Parliamentary Committee will not replicated by the EU Council.

WIN is grateful to Tom Devine, Legal Director of the Government Accountability Project in Washington DC, for his assistance in drafting this latest update.

The main problem, which the EU Council seems set to embrace and which was recently rejected by the JURI Committee in its Report, is that the draft directive reinforces employer control over the reporting of wrongdoing. It does so by making it a requirement for all those in a work-based relationship to report their concern to their employer first. While reporting internally will remain the default for the vast majority of whistleblowers and it makes sense for employers to do all they can to encourage their staff to speak up early, it is dangerous to make it a legal obligation.

Further, making staff use the channels that employers “officially” set up is almost worse. The vast majority of whistleblowers raise concerns as a normal part of doing their jobs and typically it is only as a result of the response they get, that they realise that something is really wrong. Formal reports of wrongdoing via official employer channels set up for that purpose will only ever capture the tip of the information the Directive seeks to protect; the iceberg is the routine reports of discovered problems though the supervisory chain of command and in sensitive assignments such as audits, inspection reports and reports of investigations. Very few people who report problems are doing so specifically to denounce misconduct or as dissidents.

WIN has drafted this Legal Brief in response to the EU Council to help Council members understand why it is important to remedy these structural problems in the draft directive as a matter of urgency.

We are also pleased to offer it to anyone interested in the protection of whistleblowers and in the detail of the debates that are happening in Europe right now.

See WIN‘s other Legal Briefs, including briefs on anonymity and remedies, in the WIN blog posted on 17 October 2018.