The implementation of the EU whistleblowing Directive into Belgian Law

by Lucie Fournier¹ associate at Jones Day 

On December 16, 2019, the EU adopted the Whistleblowing Directive² (the “Directive”), requiring all European Union (“EU”) Member States to implement national legislation imposing certain minimum standards on legal entities (both in the private and public sector) with respect to the protection of persons reporting breaches of EU law (“Whistleblowers”). The Directive requires EU Member States to implement certain defined rights and obligations concerning Whistleblowers, legal entities and the EU Member States themselves in national law.  

The specific Belgian laws implementing the Directive (together, the “Belgian Whistleblowing Law”) are: 

• The Law of 28 November 2022 on the protection of persons who report violations of Union or national law within a private-sector legal entity, which entered into force on February 16, 2023 (available in French and Dutch); and  
• The Law of 8 December 2022 on reporting channels and protection of whistleblowers in federal public-sector bodies and the integrated police, which entered into force on January 2, 2023 (available in French and Dutch). 

This article sets out (1) the material scope of the Belgian Whistleblowing Law; (2) a description of the required reporting channels; and (3) a high-level overview of selected mandatory requirements for legal entities in the private and public sector.
  

1. Material Scope
The Belgian Whistleblowing Law applies to breaches of both national statutory and regulatory provisions, as well as breaches of EU law.

a. Private Sector

The following private-sector areas are covered by the Belgian Whistleblowing Law: (i) public procurement; (ii) financial services, products and markets, and prevention of money laundering and terrorist financing; (iii) product safety and compliance; (iv) transport safety; (v) protection of the environment; (vi) radiation protection and nuclear safety; (vii) food and feed safety, animal health and welfare; (viii) public health; (ix) consumer protection; (x) protection of privacy and personal data, and security of network and information systems; (xi) fight against tax fraud; (xii) fight against social fraud; (xiii) violations affecting the financial interests of the EU; and (xiv) violations concerning the internal market. 

By contrast, the Belgian Whistleblowing Law does not apply to (i) matters relating to national security; (ii) classified information; (iii) professional or medical secrecy; and (iv) information covered by the confidentiality of judicial deliberations. 

b. Public Sector 

As for the public sector, the Belgian Whistleblowing Law is applicable to “integrity breaches”,  which is defined as follows:  

• An act or a failure to act that is a threat to or violates the public interest, and which (i) infringes directly applicable European provisions, laws, decisions, circulars, internal rules and internal procedures applicable to federal government agencies and their personnel; and/or (ii) presents a risk to the life, health of safety of persons or to the environment; and/or (iii) demonstrates a serious deficiency in the professional duties or good management of a federal government agency; and 

• Knowingly ordering or advising to commit an integrity breach. 

Similarly, certain areas are also excluded from the Belgian Whistleblowing Law applicable to the public sector (i.e., (i) classified information; (ii) medical secrecy and client – attorney confidentiality; (iii) information covered by the secrecy of judicial deliberations; (iv) rules relating to criminal procedural law; and (v) national security). 

2. Reporting Channels

 a. Private Sector  

According to the Belgian Whistleblowing Law, companies with 50 workers or more in the private sector are required to establish channels and procedures for internal reporting and follow-up with Whistleblowers, subject to certain conditions. Moreover, companies are required to provide Whistleblowers with the opportunity to report breaches in writing or orally, or both. Oral reporting should be possible by telephone or other voice messaging systems and, at the request of the Whistleblower, by a physical meeting. 

The Belgian Whistleblowing Law also regulates anonymous reporting. In particular, companies with more than 250 employees are required to set up an internal anonymous reporting system. However, the establishment of an internal anonymous reporting system is optional for companies employing 50 to 249 employees.  

Whistleblowers can also use an external reporting system to report a breach (i.e., outside the company he/she works for). The two Federal Ombudsmen (i.e., one French-speaking and the other Dutch-speaking) are authorized to receive external reports and transfer them to the competent authorities. In total, 24 competent authorities have been appointed in Belgium to cover a large spectrum of sectors (e.g., the Economy, SMEs, Self-employed and Energy Federal Public Service; the Finance Federal Public Service; the Mobility and Transport Federal Public Service, etc.). These authorities are responsible for receiving and following-up on whistleblowing reports, as well as monitoring legislation in the area within which the breach occurred.

b. Public Sector 

According to the Belgian Whistleblowing Law, each entity of the federal public sector is required to establish an internal reporting system and an external anonymous reporting system. This includes developing and implementing internal whistleblowing and follow-up procedures.  

The internal reporting system may be used by staff members and other specified persons (e.g., persons with a self-employed status) who are in contact with any public administration in a professional capacity. The reporting system may be managed internally by a person or department designated for this purpose, or provided externally by third parties. 

The aforementioned Federal Ombudsmen are also competent to receive external reports regarding integrity breaches within the public sector, which they are then to transfer to the relevant authorities. However, the “Comité P” (i.e., the Standing Police Oversight Committee) has jurisdiction for handling integrity breaches committed within the “Threat Analysis Coordination Body” (i.e., the entity responsible for processing all relevant information and intelligence on terrorism, extremism and radicalization).

3. Selected Mandatory Requirements  

 The Belgian Whistleblowing Law provides the following requirements regarding reporting channels, procedures and follow-up applicable to both the private and public sector:  

• Reporting channels must be designed, established and operated in a secure manner, ensuring the confidentiality of the identity of the Whistleblower and of any third party mentioned in the report to prevent access thereto by non-authorized staff members.
  
  
• An acknowledgement of receipt of the report must be sent to the Whistleblower within seven (7) days from the date of receipt of the report itself.
• An impartial person or department has to be designated for diligently following-up on the reports (which may be the same person or department as the one that receives the reports), maintaining and communicating with the Whistleblower and, if necessary, asking for further information.
• A process for diligent follow-up must be implemented, including for anonymous reporting.
• Feedback must be provided in a timeframe that does not exceed 3 months from the acknowledgment of receipt, or if no acknowledgement of receipt was sent, 3 months from the expiry of the 7-day period after the report was made.
• The person in charge of operating the reporting channel must also provide clear and easily accessible information regarding the procedures for external reports to competent authorities (e.g., institutions, bodies, etc.).  

Furthermore, the Belgian Whistleblowing Law imposes specific documentation and retention obligations on a company that has received the report. These obligations are contingent upon the communication method chosen by the Whistleblower.  

More information to come on this topic in our next publication. Stay tuned! 

Legal disclaimer: This article is intended for informational purposes only. Nothing in this article is to be considered as a legal opinion or the rendering of legal advice. Readers are responsible for obtaining such advice from their own legal counsel. Transparency International accepts no responsibility for loss, which may arise from relying on information contained in this article.