Although whistleblowers undoubtedly play a key role in detecting and reporting violations, contributing to the protection of the public interest, the Polish legal system has not yet had a comprehensive regulation that would provide whistleblowers with protection in connection with their reporting or disclosure.

This situation is significantly changed by the Act of June 14, 2024 on the protection of whistleblowers, which was published in the Journal of Laws on June 24. This means that legal entities have time only until September 25 to prepare for the entry into force of the new regulations. The most important responsibility is to implement the internal reporting procedure.

In order to make it easier for your organization to adapt to new duties, please read our newsletter. We present answers to the most important questions that arise in connection with the protection of whistleblowers.

1. Who is a whistleblower?

A whistleblower is a person who reports a violation of the law in a work-related context, provided that he or she acts in good faith.

Acting in good faith means that, at the time the report is made, the person has reasonable grounds to believe that:

• the reported information is true;

• the reported information constitutes information about a violation of the law.

A whistleblower does not have to be an employee – it can be any person performing broadly understood work in a given organization, even unpaid work. Examples of persons other than employees include: a contractor, a subcontractor, a supplier, a shareholder or partner of a company, a volunteer or an intern.

2. What is retaliation?

No retaliatory actions, attempts or threats of such actions may be taken against a person who has obtained whistleblower status.

Retaliation is any undesirable act or omission resulting from a report or public disclosure that may violate a whistleblower’s rights or cause harm to the whistleblower.

The Whistleblower Protection Act contains an open catalog of retaliatory actions, which means that the behaviors listed therein are only examples of retaliatory actions and other actions may also be considered such actions.

In the case of whistleblowers who are employees, retaliatory actions may include, among others: termination of employment, reduction of remuneration, withholding promotion or being passed over for promotion, discrimination or mobbing. If the whistleblower is not an employee, retaliatory actions may include, for example, stopping using the whistleblower’s services or issuing a negative opinion about the services he provides.

3. Who is obliged to implement the internal reporting procedure?

A legal entity for which at least 50 people work is obliged to implement the internal reporting procedure.

When determining the crew size, you should take into account:

• full-time employees, regardless of the basis of their employment or temporary absence, e.g. due to parental leave;

• people employed on a different basis, for example B2B contractors and contractors.

Please remember that a legal entity is obliged to verify the number of employees on January 1 and July 1 each year.

4. Is it mandatory to accept anonymous reports from whistleblowers?

The employer is not obliged to accept anonymous reports. However, the internal reporting procedure should include information on the procedure for dealing with anonymous reports, i.e. whether they will be subject to acceptance and verification.

When deciding whether to allow anonymous reporting, you should consider the benefits and risks associated with doing so. Failure to accept anonymous reports may cause the whistleblower to refrain from reporting a breach within the organization for fear of stigmatization from co-workers, which will prevent early detection and resolution of the problem and, consequently, lead to its escalation. Moreover, failure to accept anonymous reports within an organization may involve the risk of disclosing the violation externally, e.g. in the media or on the Internet, and undermining the reputation of a given entity on the market.

On the other hand, accepting anonymous reports requires allocating additional human and financial resources to handle false reports. However, practice shows that false anonymous reports constitute a significant minority of all reports.

5. Is it possible within the capital group to jointly regulate the procedure for internal notifications, jointly accept them and take follow-up actions?

Entities belonging to one capital group may establish a common procedure for internal notifications and decide that one company from the group, e.g. the parent company, will deal with accepting applications. However, it should be remembered that under the Whistleblower Protection Act, the parent company is an external entity in relation to the daughter company, and therefore the parent company and the daughter company must conclude an appropriate agreement authorizing the parent company to accept reports regarding the daughter company.

Although it is possible to establish a common procedure for internal reporting and authorize one company from the group to accept these reports, each company in the capital group is obliged to undertake follow-up actions on its own, which means that the daughter company cannot commission the parent company to carry out investigation because it must conduct it internally.