Act 20/2 The Law has already been published in the BOE.
Last week, the Government approved the draft Law on the Protection of Persons Reporting Regulatory Violations and the Fight against Corruption. It is a law transposing the European directive 2019/1937 on whistleblower protection. You can see all the details of the law here.
The purpose of the regulation is to protect persons who, in an occupational or professional context, detect serious or very serious criminal or administrative offenses and report them through the mechanisms regulated therein.
In its scope of application, in addition to protecting those who report on the infringements of Union law provided for in Directive 2019/1937 of the European Parliament, the law also covers serious and very serious criminal and administrative infringements of the national legal system, thus extending the material scope of the Directive.
The new law establishes a series of obligations for public and private organizations, the main ones being:
- Appoint an Internal Information System Manager.
- Define a policy or strategy that sets out the general principles of the internal information system and whistleblower protection.
- Establish an information management procedure.
- Implement an internal information channel or whistleblower channel.
- Establish guarantees for the protection of the whistleblower within the organization or body itself.
There will also be external reporting channels. These will be provided by the new Independent Authority for Whistleblower Protection or by entities at the regional level. It is recommended that internal channels be used as the first means of reporting, but the reporter may decide which channel to use.
The law is pending parliamentary procedure. At the time it comes into force companies with 250 employees or more will have 3 months to implement an internal channel or 6 months to adapt the current one if they already have one. Organizations with between 50 and 249 employees will have until December 1, 2023.
In short, the draft Law regulating the protection of persons who report regulatory infringements and the fight against corruption transposes and extends European Directive 2019/1937. With its entry into force, public and private organizations will have to make a series of changes in their organizations to comply with the new regulations.
If you do not yet have a secure and confidential reporting channel to comply with regulations, you can try ithikios. The saas whistleblower channel designed to efficiently comply with the law.