We recommend that companies deal with the WPA's obligations at an early stage, while setting up a whistleblowing system suitable for their company. This also applies to small businesses employing fewer than 50 employees, in particular, in order to prevent internal information from being disclosed on external reporting channels. Employees should also be trained to understand the importance of using internal rather than external channels and to prevent retaliatory measures against whistleblowers from the start.
Whistleblowing in Austria
The WPA intends to motivate Austrian companies to do business in a legally compliant way in areas of public interest (e.g., money laundering, product safety, environmental protection). The WPA ensures this by implementing simple procedures for whistleblowers to report legal violations. Violations of the WPA can be very expensive; in the worst case, administrative fines of up to EUR 40,000 may be imposed.
Whistleblowers are persons with a connection to the company who recognize and report legal violations at the company, such as employees, temporary workers, applicants or other contractual partners. From the time of reporting, whistleblowers have a special protection against retaliatory measures, such as suspension or termination.
Whistleblowers can use external and internal reporting channels to report legal violations. The Federal Office for the Prevention of and Fight against Corruption (Bundesamt zur Korruptionsprävention und Korruptionsbekämpfung (BAK)) is an external reporting channel. The obligation to set up internal reporting channels applies to companies with 50 employees or more, but also to companies in certain industries irrespective of their size. Employers employing 250 or more employees have six months for the setup once the law comes into force; companies with 50 to 249 employees must meet the requirements at the latest by 17 December 2023.
Besides the channel, the company must set up a department within the company that is independent and provided with sufficient financial and human resources. The department must comply with minimum legal requirements, in particular data protection regulations. Once a whistleblower contacts the department, it must launch an internal investigation, thereby always keeping the identity of the whistleblowers confidential. The investigation must be carried out by individuals who are unbiased and independent.
Implementing an internal reporting channel and the relevant department may require agreement of the works council or even individual agreements with the employees. The relevant legal requirements must be assessed on a case-by-case basis and depend on the decision-making power of the internal body and the degree of control over employees implemented by the whistleblowing system.
Click here to access the German version.
1 Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law.