DIRECTIVE 2019/1937 on the protection of persons who report breaches of Union law

Directive (EU) 2019/1937


Article 1. Purpose

The purpose of this Directive 2019/1937 is to enhance the enforcement of Union law and policies in specific areas by laying down common minimum standards providing for a high level of protection of persons reporting breaches of Union law.

Article 2. Material scope

1. This Directive lays down common minimum standards for the protection of persons reporting the following breaches of Union law:

(a) breaches falling within the scope of the Union acts set out in the Annex that concern the following areas:

  • (i) public procurement;
  • (ii) financial services, products and markets, and prevention of money laundering and terrorist financing;
  • (iii) product safety and compliance;
  • (iv) transport safety;
  • (v) protection of the environment;
  • (vi) radiation protection and nuclear safety;
  • (vii) food and feed safety, animal health and welfare;
  • (viii) public health;
  • (ix) consumer protection;
  • (x) protection of privacy and personal data, and security of network and information systems;

(b) breaches affecting the financial interests of the Union as referred to in Article 325 TFEU and as further specified in relevant Union measures;

(c) breaches relating to the internal market, as referred to in Article 26(2) TFEU, including breaches of Union competition and State aid rules, as well as breaches relating to the internal market in relation to acts which breach the rules of corporate tax or to arrangements the purpose of which is to obtain a tax advantage that defeats the object or purpose of the applicable corporate tax law.

2. This Directive is without prejudice to the power of Member States to extend protection under national law as regards areas or acts not covered by paragraph 1.

Article 3. Relationship with other Union acts and national provisions

1. Where specific rules on the reporting of breaches are provided for in the sector-specific Union acts listed in Part II of the Annex, those rules shall apply. The provisions of this Directive shall be applicable to the extent that a matter is not mandatory regulated in those sector-specific Union acts.

2. This Directive shall not affect the responsibility of Member States to ensure national security or their power to protect their essential security interests. In particular, it shall not apply to reports of breaches of the procurement rules involving defense or security aspects unless they are covered by the relevant acts of the Union.

3. This Directive shall not affect the application of Union or national law relating to any of the following:

  • (a) the protection of classified information;
  • (b) the protection of legal and medical professional privilege;
  • (c) the secrecy of judicial deliberations;
  • (d) rules on criminal procedure.

4. This Directive shall not affect national rules on the exercise by workers of their rights to consult their representatives or trade unions, and on protection against any unjustified detrimental measure prompted by such consultations as well as on the autonomy of the social partners and their right to enter into collective agreements. This is without prejudice to the level of protection granted by this Directive.

Article 4. Personal scope of the Directive 1937 from 2019

1. This Directive shall apply to reporting persons working in the private or public sector who acquired information on breaches in a work-related context including, at least, the following:

  • (a) persons having the status of worker, within the meaning of Article 45(1) TFEU, including civil servants;
  • (b) persons having self-employed status, within the meaning of Article 49 TFEU;
  • (c) shareholders and persons belonging to the administrative, management or supervisory body of an undertaking, including non-executive members, as well as volunteers and paid or unpaid trainees;
  • (d) any persons working under the supervision and direction of contractors, subcontractors and suppliers.

2. This Directive shall also apply to reporting persons where they report or publicly disclose information on breaches acquired in a work-based relationship which has since ended.

3. This Directive shall also apply to reporting persons whose work-based relationship is yet to begin in cases where information on breaches has been acquired during the recruitment process or other pre-contractual negotiations.

4. The measures for the protection of reporting persons set out in Chapter VI shall also apply, where relevant, to:

  • (a) facilitators;
  • (b) third persons who are connected with the reporting persons and who could suffer retaliation in a work-related context, such as colleagues or relatives of the reporting persons; and
  • (c) legal entities that the reporting persons own, work for or are otherwise connected with in a work-related context.

Article 5. Definitions

For the purposes of this Directive, the following definitions apply:

(1) ‘breaches’ means acts or omissions that:

  • (i)are unlawful and relate to the Union acts and areas falling within the material scope referred to in Article 2; or
  • (ii) defeat the object or the purpose of the rules in the Union acts and areas falling within the material scope referred to in Article 2;

(2) ‘information on breaches’ means information, including reasonable suspicions, about actual or potential breaches, which occurred or are very likely to occur in the organisation in which the reporting person works or has worked or in another organisation with which the reporting person is or was in contact through his or her work, and about attempts to conceal such breaches;

(3) ‘report’ or ‘to report’ means, the oral or written communication of information on breaches;

(4) ‘internal reporting’ means the oral or written communication of information on breaches within a legal entity in the private or public sector;

(5) ‘external reporting’ means the oral or written communication of information on breaches to the competent authorities;

(6) ‘public disclosure’ or ‘to publicly disclose’ means the making of information on breaches available in the public domain;

(7) ‘reporting person’ means a natural person who reports or publicly discloses information on breaches acquired in the context of his or her work-related activities;

(8) ‘facilitator’ means a natural person who assists a reporting person in the reporting process in a work-related context, and whose assistance should be confidential;

(9) ‘work-related context’ means current or past work activities in the public or private sector through which, irrespective of the nature of those activities, persons acquire information on breaches and within which those persons could suffer retaliation if they reported such information;

(10)‘person concerned’ means a natural or legal person who is referred to in the report or public disclosure as a person to whom the breach is attributed or with whom that person is associated;

(11) ‘retaliation’ means any direct or indirect act or omission which occurs in a work-related context, is prompted by internal or external reporting or by public disclosure, and which causes or may cause unjustified detriment to the reporting person;

(12) ‘follow-up’ means any action taken by the recipient of a report or any competent authority, to assess the accuracy of the allegations made in the report and, where relevant, to address the breach reported, including through actions such as an internal inquiry, an investigation, prosecution, an action for recovery of funds, or the closure of the procedure;

(13) ‘feedback’ means the provision to the reporting person of information on the action envisaged or taken as follow-up and on the grounds for such follow-up;

(14) ‘competent authority’ means any national authority designated to receive reports in accordance with Chapter III and give feedback to the reporting person, and/or designated to carry out the duties provided for in this Directive, in particular as regards follow-up.

Article 6. Conditions for protection of reporting persons

1. Reporting persons shall qualify for protection under this Directive provided that:

  • (a) they had reasonable grounds to believe that the information on breaches reported was true at the time of reporting and that such information fell within the scope of this Directive; and
  • (b) they reported either internally in accordance with Article 7 or externally in accordance with Article 10, or made a public disclosure in accordance with Article 15.

2. Without prejudice to existing obligations to provide for anonymous reporting by virtue of Union law, this Directive does not affect the power of Member States to decide whether legal entities in the private or public sector and competent authorities are required to accept and follow up on anonymous reports of breaches.

3. Persons who reported or publicly disclosed information on breaches anonymously, but who are subsequently identified and suffer retaliation, shall nonetheless qualify for the protection provided for under Chapter VI, provided that they meet the conditions laid down in paragraph 1.

4. Persons reporting to relevant institutions, bodies, offices or agencies of the Union breaches falling within the scope of this Directive shall qualify for protection as laid down in this Directive under the same conditions as persons who report externally.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: