The topic of whistleblower protection, which has been intensively discussed by Czech society and the professional public, has been resonating for some time now, as well as the new draft law on whistleblower protection, by which the Czech Republic was to implement Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law (hereinafter as the “Directive“) by 17 December 2021 at the latest.
In this article, we focus on selected topics related to the forthcoming Czech whistleblower protection legislation, taking into account legislative developments.
Legislative development
The government’s first Whistleblower Protection Act failed to be dealt with in time by the previous government during its term in office. In light of the 2021 elections and the overall change in the balance of political power, the current government has prepared its own Whistleblower Protection Act draft (hereinafter as the “Draft Act“), which differs in many ways from the original draft.
The Draft Act has not yet been referred to the Chamber of Deputies of the Czech Republic, but it is available at government level and has been subject to a comment procedure.
As a rough estimate, the Draft Act could be passed in early 2023 with a planned entry into force on 1 July 2023.
Key changes in the Draft Act
In accordance with the text of the Directive, the Draft Act proposes to impose an obligation to introduce an internal reporting channels, inter alia, on those employers with 50 or more employees (obliged entity). This is a departure from the original proposal, which tightened the threshold beyond the European standard set by the Directive, by requiring all employers with 25 or more employees to establish internal reporting channels.
Another significant change that distinguishes the Draft Act from what was originally proposed is the modified definition of report, meaning the scope of topics to be covered. The original (broad) definition of report included any felony and any misdemeanor. However, the Draft Act narrows the definition of report so that a (protected) report may relate to any criminal offence or breach of EU law or regulation only in selected areas for which the Directive foresees protection (e.g. financial institutions, corporate tax, AML procedures, consumer protection, product safety, transport and road safety, environment, personal data, etc.).
The Draft Act also now explicitly provides for the possibility to submit reports anonymously as part of the proposed amendment.
Protection from retaliation
The Directive and related national legislation aim to protect persons who report threats or infringements in connection with their work from so-called retaliation.
The primary protected persons will include only natural persons, specifically, for example, employees, volunteers, self-employed persons, shareholders, members of a company’s statutory body or supervisory board, contractors or their employees. The draft law provides for the protection of both former and future employees, as well as job applicants.
Last but not least, according to the Draft Act, in addition to the whistleblower, other persons listed in the provisions of Section 4(1) of the Draft Act, so-called secondary protected persons, such as persons close to the whistleblower, colleagues of the whistleblower, persons assisting the whistleblower with the submission of the report, persons controlled by the whistleblower, persons for whom the whistleblower performs work or other similar activities, or legal entities in which the whistleblower has a participation, are protected from retaliatory measures.
Retaliatory measures may include, in particular, termination of the employment relationship or non-renewal of the fixed-term employment relationship, termination of a legal relationship based on an agreement to perform work or an agreement to work, discrimination or reduction of wages, salary or remuneration.
The right to protection against retaliation cannot be waived and protected persons may claim compensation for damages in the event of retaliation and, if they have suffered non-pecuniary damage, appropriate compensation.
However, the protection of whistleblowers is not absolute, especially if the whistleblower knowingly makes a false report, in which case the protection will obviously not apply. Moreover, such conduct may be classified as a misdemeanor under the Draft Act, for which a fine of up to CZK 50,000 may be imposed.
Anonymous whistleblowers
Protection is also to be provided to anonymous whistleblowers, but with certain limits and restrictions. The Draft Act leaves it to the discretion of the individual obliged entities whether to register an anonymous report received by the internal report channel and to further assess it.
If an anonymous whistleblower wants to be protected from retaliation and submits a report through the internal reporting channel, he or she will have to be additionally identified.
However, if obliged entities choose to accept anonymous whistleblowing, they may encourage employees to make anonymous whistleblowing reports and thus be more likely to prevent violations in their companies. The inability to contact the whistleblower may negatively affect the investigation of the report. Therefore, when implementing an internal reporting channel, it is advisable to choose a technical solution for receiving reports that allows the obliged entity to continue to communicate with the whistleblower while preserving the anonymity of the whistleblower.
Form of report and time for processing
The report may be made orally or in writing, or, at the request of the whistleblower, in person. The report must be generally specific and comprehensible and must make it clear which person it is directed against and what conduct it concerns, so that it can be properly investigated.
The reporting person can make a report in three ways – the internal reporting channel set up by the obliged entity, the external reporting channel at the Ministry of Justice and, last but not least, publication, which is particularly important in urgent situations requiring prompt action on the infringement in question or in situations where the internal reporting channel is not functioning properly.
In the event that the reporting person chooses or is able to choose a report route other than report via the internal reporting channel, there is a real risk of the obliged person being subject to control by the public authorities, as a report made via the external reporting channel or published may be the basis for initiating an inspection or administrative proceedings. It is therefore appropriate to recommend that the internal reporting channel should be set up in such a way that employees are motivated to make any reports through it and that it is sufficiently transparent, secure and trustworthy.
The time limit for handling reports is to be set differently for the internal reporting channel and the external reporting channel of the Ministry of Justice, according to the Draft Act. The Draft Act sets a deadline of 30 days for the internal reporting channel, with a possible extension of up to 90 days, but such extension must be sufficiently justified together with the issuance of a written notice to the reporting person. For the external reporting channel, the Draft Act sets a time limit of 3 months.
Overview of the obligations of the obliged entity
The obliged entities according to the Draft Act are contracting authorities, selected public authorities and in particular employers who employed on average at least 50 employees in the last calendar quarter, as well as other employers meeting the conditions set out in the Draft Act.
The main obligations of the obliged entity according to the Draft Act include, in particular, the effective establishment of an internal reporting channel, the authorisation and proper informing of the competent person (see further in the article) and the provision of the possibility to submit a report in the manner and under the conditions provided for by the law.
Competent person and its responsibility
The current wording of the Draft Act provides that only a natural person is to be the competent person. The competent person may also be an externally contracted person. The requirement for a natural person to be the competent person complicates cooperation with external service providers and consultants operating as legal entities, but it is not an insoluble problem.
The choice of a competent person is not limited by qualifications, expertise or ability according to the legislative text, although it is strongly recommended not to neglect these when choosing a competent person.
Offences committed by the competent person and their sanctioning are also an important practical issue. In the private sector, where the function of the competent person is likely to be carried out directly by an employee, it is the competent person himself who will be liable, not his employer, who should have effectively introduced an internal reporting channel. A competent person may commit an offence by refusing to receive a report or failing to assess its validity, by failing to inform the reporting person of the outcome of the assessment of the report within the statutory time limit, by providing information which could defeat or undermine the purpose of the report or anonymous report, or by failing to notify that he or she no longer meets the conditions of integrity under the Draft Act. The competent person may then be fined up to CZK 100,000 in accordance with the provisions of Section 25 of the Draft Act
The Draft Act also contains a list of duties and the content of the activities of the competent person, who is to (i) receive and assess the validity of the report, (ii) propose remedial measures to the obliged entity, (iii) maintain confidentiality, (iv) act impartially in the performance of his/her activities, and (v) comply with the instructions of the obliged entity within the limits set by law.
Penalties for offences committed by obliged entities
For an offence where the obliged entity fails to publish relevant information in a manner allowing remote access or fails to take corrective action within a specified period of time, the entity may be fined up to CZK 400,000 or 3 % of the net turnover achieved by the obliged entity for the last completed accounting period. The maximum fine for obliged entities is set at CZK 1,000,000 or up to 5 % of the obliged entity’s net turnover for the most recently completed accounting period, for example, if the obliged entity fails to prevent the reporting person from being subjected to retaliatory measures or if the obliged entity fails to ensure that the competent person properly assesses the reasonableness of the report (Article 26 of the Draft Act).
Recommendations and conclusion
Persons who will be obliged to comply with the Directive and the Draft Act, in particular persons from the private sector, should already now gradually begin to focus on the preparation of the implementation of the basic and core obligations already defined in the Directive and further elaborated in the Draft Act.
However, in order for the internal reporting channel to function properly, it will be necessary to take steps beyond the preparation of specific documentation and the nomination of the competent person. Thus, in the future, obliged entities should also expect that they will have to, for example, carry out sufficient awareness-raising of the solution, training of employees, training of the competent person, adjust their internal regulations and choose appropriate technical and advisory solutions to ensure the transparent and secure functioning of the internal report channel.
We will keep you informed of further legislative developments on the draft Whistleblower Protection Act in the Czech Republic.
For more general information on the topic of whistleblowing, please refer to our previously published articles available here.
Mgr. Tomáš Maux, junior lawyer – maux@plegal.cz
Mgr. Jakub Málek, managing partner– malek@plegal.cz
30.8.2022