HomeGlossaryEU Whistleblower Directive (2019/1937)
Ethics, Compliance & Integrity

EU Whistleblower Directive (2019/1937)

EU Directive 2019/1937 on the protection of persons who report breaches of Union law establishes minimum standards for whistleblower protection across the EU, requiring organisations with 50 or more employees to create internal reporting channels and prohibiting retaliation against protected reporters.

Quick answer

EU Directive 2019/1937 on the protection of persons who report breaches of Union law establishes minimum standards for whistleblower protection across the EU, requiring organisations with 50 or more employees to create internal reporting channels and prohibiting retaliation against protected reporters.


The EU Whistleblower Directive (2019/1937) is the most significant piece of EU legislation on whistleblower protection and has reshaped compliance obligations for organisations operating across the European market. Its direct relevance to procurement lies in the fact that procurement fraud, corruption, and anticompetitive conduct affecting EU financial interests all fall squarely within its material scope.

What is the EU Whistleblower Directive (2019/1937)?

Directive 2019/1937, adopted in October 2019, establishes minimum standards for the protection of persons who report breaches of EU law. The Directive applies where the reported breach falls within one of several policy areas defined in the Directive, including public procurement, financial services, anti-money laundering, environmental protection, food and product safety, and the protection of EU financial interests.

In the procurement context, the Directive covers reports relating to corruption in public contracts, bid rigging and other anticompetitive conduct in procurement markets, fraud affecting the financial interests of the EU (including misuse of EU structural and cohesion funds), and breaches of Directive 2014/24/EU governing public contracts.

The Directive requires member states to ensure that legal entities in both the private and public sectors with 50 or more workers establish internal reporting channels. These channels must ensure confidentiality of the reporter's identity, acknowledge receipt of reports within seven days, and provide feedback on follow-up within three months. External reporting channels must be established by competent national authorities as alternatives or complements to internal channels.

The Directive prohibits a broad range of retaliatory acts against reporters, including dismissal, demotion, change of location, salary reduction, negative performance reviews, coercion, discrimination, and blacklisting. Member states must ensure effective remedies are available, including reinstatement and compensation. The burden of proof in retaliation proceedings is reversed: the employer must demonstrate that an adverse treatment was not related to the report.

The Directive's implementation deadline for member states was December 2021. However, several member states transposed late, and the practical application of national implementing legislation continues to develop through case law and regulatory guidance.

Why it matters for bidders

Suppliers operating across EU member states must assess their obligations under national laws implementing the Directive. Any legal entity with 50 or more workers must have a compliant internal reporting channel, which in practice means a confidential mechanism (digital, telephone, or in-person) for employees and, in many member states, for third parties such as subcontractors, consultants, and former employees to report concerns.

For suppliers engaging in public procurement, the Directive creates a legal infrastructure that makes it safer for employees to report concerns about procurement integrity. This is beneficial for honest market participants: whistleblowing protections make it more likely that bid rigging, corruption, and fraud will be detected and reported, levelling the playing field.

Suppliers should also be aware that the Directive extends protections to persons who assist reporters, facilitate reporting, or are associated with reporters. This broadens the scope of protection and the population of persons who might report concerns about procurement conduct.

Example

A project manager employed by an IT consultancy operating in Germany discovers that his company's sales director has been making informal payments to a regional government procurement officer in exchange for advance information about upcoming contract specifications. He reports the concern through the company's internal reporting channel. The company investigates, dismisses the sales director, and self-reports the matter to the competent authority. The project manager is legally protected under the German law implementing Directive 2019/1937 (Hinweisgeberschutzgesetz) from any retaliation. The company uses its cooperation as a mitigating factor in subsequent regulatory proceedings.

Frequently Asked Questions

Does the Directive apply to non-EU companies operating in Europe?

The Directive applies to legal entities operating within the EU, regardless of their country of incorporation. A non-EU company with employees or operations in an EU member state is subject to the relevant national implementing legislation if it meets the workforce threshold. UK companies operating in EU member states after Brexit are similarly subject to the implementing legislation of each member state where they operate.

What is the difference between internal and external reporting under the Directive?

Internal reporting means using a channel established by the reporter's employer or the organisation to which the reporter is connected (as a contractor, consultant, or similar). External reporting means reporting directly to a competent national authority. The Directive requires member states to ensure that both routes are available and that reporters can choose between them. Reporters who first use internal channels and do not receive satisfactory follow-up can escalate to external channels.

Does the Directive protect reports about national procurement law breaches, or only EU law?

The Directive directly covers breaches of EU law in the listed policy areas. However, most member states have implemented the Directive with a broader scope, extending protection to reports of national law breaches as well. Suppliers should check the national implementing legislation in each country where they operate to understand the full scope of protection.

How Bidovate helps

Bidovate puts EU Whistleblower Directive (2019/1937) to work inside your capture and proposal workflow.

Tender discovery

See Bidovate in action

Book a demo and we will show you the platform using your actual contract data.

Related terms

Whistleblowing (Procurement)

Whistleblowing in procurement refers to the act of reporting suspected wrongdoing, including corruption, fraud, bid rigging, or conflicts of interest, by employees, suppliers, or other parties, with legal protections available across Europe to shield reporters from retaliation.

View

Fraud Prevention in Procurement

Fraud prevention in procurement encompasses the policies, controls, and detection mechanisms that contracting authorities and suppliers use to identify and deter deceptive conduct, including document falsification, invoice inflation, misrepresentation of capacity, and collusion, that undermines the integrity of public spending.

View

Corruption in Public Procurement

Corruption in public procurement encompasses bribery, kickbacks, fraudulent manipulation of tenders, and abuse of office by public officials or private parties, distorting competition, inflating costs, and diverting public funds away from genuine value for money.

View

Conflict of Interest (Procurement)

A conflict of interest in procurement arises when a person involved in a contracting process has a personal, financial, or professional interest that could improperly influence their judgment, creating a risk of unfair treatment of tenderers or misuse of public funds.

View

Code of Conduct (Procurement)

A code of conduct in procurement is a formal statement of ethical standards and behavioural expectations that governs how contracting authorities and suppliers approach public tendering, covering integrity, conflicts of interest, anti-bribery, confidentiality, and fair competition.

View