On December 15, 2022, the Belgian legislator published the Whistleblower Act (transposition of EU Directive 2019/1937). The law is designed to protect employees and other stakeholders who report serious misconduct within companies and public institutions, and applies to all companies with more than 50 employees and public authorities.
The law protects anyone who reports information about wrongdoing in a professional context, such as:
- Employees (currnet and former)
- Self-employed individuals
- Shareholders and directors
- Freelancers and subcontractors
- Interns and applicants
It also extends protection to those who assist a whistleblower (such as colleagues or trusted persons).
Possible reports may include financial fraud and corruption, product safety, public health, data protection (GDPR), and more.
A report can be made in three different ways:
1. An internal report within the company or organization
- Large companies and public authorities must set up a secure internal reporting channel, with the possibility for anonymous reports.
- The report can be made in writing, orally, or through an anonymous system.
- The company must confirm receipt of the report within 7 days and follow up within 3 months.
2. An external report to an official body
- The Federal Ombudsman for government-related matters
- The Federal Public Service (FPS) Economy, the National Bank, or other regulators for the private sector.
3. A public report (e.g., through media or social networks)
- This can only happen if there is immediate danger or if the above steps do not lead to action.
The law provides legal protection for whistleblowers, including a ban on retaliation (e.g., dismissal or sanctions). Companies that do not comply with these rules can face fines of up to €24,000 for failing to provide a reporting point, and up to €120,000 for companies that harm whistleblowers.
For reports received under the whistleblower legislation where the investigation goes beyond the jurisdiction of the HR department, CORP-D is pleased to offer professional support in line with the Private Investigation Law and the General Data Protection Regulation (GDPR). Our extensive expertise in large corporations ensures that we respect your corporate culture and can act swiftly, always in consultation with the relevant internal department.