Poland approves Whistleblower Protection Act

The Whistleblower Protection Act (Act) was published in Poland’s Journal of Laws on 24 June 2024.

The Act applies to all companies with 50 or more people and establishes a comprehensive framework for whistleblower rights in Poland. Entities with fewer than 50 individuals may voluntarily implement procedures.

However, the above threshold does not apply to legal entities conducting financial, transport safety and environmental protection activities. All of these entities, regardless of the number of employees, are required to have an internal whistleblowing procedure in place.

Moreover, private entities employing between 50 and 249 people may jointly establish rules for the acceptance and verification of internal whistleblowing reports and the conduct of investigations.

Key provisions of the bill

Under the new law, reporting irregularities will be permitted via different reporting channels:

• internal channels: entities (both private companies and public bodies) that employ at least 50 individuals will be required to establish an internal channel for notifications of any violations of the law;
• external channels (e.g. Ombudsman and public authorities);
• public disclosure (e.g. reporting to the media).

Companies should consult with their trade union on the implementation of the internal reporting procedure. If there is no organisation for employee representation at the company, the company should organise an election of employee representatives for consultations. The consultations should last between 5 and 10 days and the procedure itself enters into force seven days after being communicated to the employees.

Anonymous reporting is permitted through internal and external channels. Entities must establish procedures for dealing with anonymous reports, however they can independently decide whether to consider anonymously submitted reports.

The subject of whistleblower notifications can include violations of law or unlawful activities concerning services, products, financial markets, corruption, public procurement, anti-money laundering, product safety and compliance, consumer protection, privacy and personal data protection, the internal market of the European Union and constitutional freedoms and human and citizen rights. The catalogue of violations that can be reported under the Polish Whistleblower Protection Act is wider than the scope of these violations indicated in the Directive (EU) 2019/1937 of the European Parliament and of the Council on the protection of persons who report breaches of Union law.

The Parliament decided not to include labour law violations in the list of violations which may be subject to whistleblower reports. Employers who wish to accept such reports can expand this list in their internal procedures.

The bill provides for penalties. Failure to establish internal reporting procedures or significant violations in implementing such procedures constitutes an offense punishable by a fine. The maximum amount of the fine is PLN 1,080,000 (approx. EUR 249,000).

Timeline

Legal entities with more than 50 employees (working under employment contracts or civil law contracts) and those operating in specific sectors as listed in the law must implement an internal reporting policy by 25 September 2024.

Public bodies responsible for receiving external reports are given more time to implement new policies: For them the respective provisions will come into force six months after the publication, i.e. on 25 December 2024.

Recommendation to employers

As the entry into force of the law is fast approaching employers should, without delay, start implementing required measures, including:

• Setting up internal reporting channels;
• Developing or reviewing internal policies regarding reporting irregularities;
• Establishing internal reporting procedures (which must also comply with GDPR);
• Designating individuals responsible for managing reports and providing them with appropriate training.