After several unsuccessful attempts, the Czech Republic has finally adopted a law that introduces institutional protection for whistleblowers in accordance with European legislation. The Whistleblower Protection Act (Act) will come into force on August 1, 2023.
The Act introduces new obligations, such as launching an internal whistleblowing system, designating a competent person to handle reports, and publishing a range of information. The obliged entities are determined by the Act. In general, the Act prohibits the application of retaliatory measures by organizations against whistleblowers and other protected persons.
Who Is an Obliged Entity?
The above obligations apply to organizations with more than 50 employees, public contracting authorities with respect to public procurement (except for municipalities with up to 10,000 inhabitants), and other selected entities from regulated market areas and state organizations.
Large companies with 250 or more employees must comply by August 1, 2023, while smaller companies with between 50 and 249 employees must do so by December 15, 2023.
Implementing an Internal Whistleblowing System
First, the obliged entity needs to adopt an internal regulation governing the operation of an internal whistleblowing system to enable whistleblowers (usually employees) to safely report infringements that they become aware of in the context of their work activities. Like any other measure concerning a larger number of employees, the introduction of an internal whistleblowing system should be discussed with a trade union if one is active in the obliged entity.
Furthermore, the obliged entity will be obliged to designate a competent person(s) who will receive and assess the legitimacy of the reports submitted and propose measures to remedy or prevent the infringement following the submitted report. The competent person may be either an employee of the obliged entity or an external person (e.g., external legal counsel).
The obliged entity must inform the competent person of their rights and obligations under the Act, and a record must be made of this. The competent person must act impartially and must maintain the confidentiality of the facts of which they become aware in the performance of these activities. Given that the Act penalizes breaches of obligations not only by obliged entities but also by competent persons (fines of up to approximately EUR 4,000), it can be assumed that these persons will need to be properly motivated to take on this responsibility.
Obliged entities are also required by law to publish certain information in a way that allows remote access, typically via their websites. This includes information on the means of reporting via the internal reporting system, the identification of the competent person with contact details, and, where applicable, whether the receipt of anonymous reports is excluded.
When setting up the internal system, it will also be important to ensure that only the competent person can see the received reports and that the reporting system is technically secured (e.g., by means of encryption, etc.).
The Act allows obliged entities to use third-party services and products to operate the internal whistleblowing system (e.g., software). Some obliged entities (in the private sector with no more than 249 employees) may share the internal whistleblowing system with another obliged entity, usually a parent company or within the group if they designate a competent person for receiving reports. However, the use of these options does not affect the obliged entity’s liability for compliance with its obligations under the Act.
Voluntary Introduction of an Internal Whistleblowing System
Even if a company is not an obliged entity under the Act, it is a good idea to introduce a whistleblowing system voluntarily as it is an effective tool for preventing possible violations and can identify possible misconduct at an early stage. It is also of great importance toward nurturing a compliant corporate culture, strengthening the company’s integrity, and building a positive public image (e.g., in the context of ESG compliance). Lastly, companies may benefit when problematic conduct is communicated internally rather than notified to state authorities.
By Helena Hangler, Head of Labor and Employment, and Marie Gremillot, Attorney-At-Law, Schoenherr