Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law

Published date26 November 2019
Subject MatterGeneral principles of Community law,Protective measures
Official Gazette PublicationOfficial Journal of the European Union, L 305, 26 November 2019
Consolidated TEXT: 32019L1937 — EN — 10.11.2021

02019L1937 — EN — 10.11.2021 — 001.001

This text is meant purely as a documentation tool and has no legal effect. The Union's institutions do not assume any liability for its contents. The authentic versions of the relevant acts, including their preambles, are those published in the Official Journal of the European Union and available in EUR-Lex. Those official texts are directly accessible through the links embedded in this document

►B DIRECTIVE (EU) 2019/1937 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 October 2019 on the protection of persons who report breaches of Union law (OJ L 305 26.11.2019, p. 17)

Amended by:

Official Journal
No page date
►M1 REGULATION (EU) 2020/1503 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 7 October 2020 L 347 1 20.10.2020



of 23 October 2019

on the protection of persons who report breaches of Union law



Article 1


The purpose of this Directive is to enhance the enforcement of Union law and policies in specific areas by laying down common minimum standards providing for a high level of protection of persons reporting breaches of Union law.

Article 2

Material scope


This Directive lays down common minimum standards for the protection of persons reporting the following breaches of Union law:


breaches falling within the scope of the Union acts set out in the Annex that concern the following areas:


public procurement;


financial services, products and markets, and prevention of money laundering and terrorist financing;


product safety and compliance;


transport safety;


protection of the environment;


radiation protection and nuclear safety;


food and feed safety, animal health and welfare;


public health;


consumer protection;


protection of privacy and personal data, and security of network and information systems;


breaches affecting the financial interests of the Union as referred to in Article 325 TFEU and as further specified in relevant Union measures;


breaches relating to the internal market, as referred to in Article 26(2) TFEU, including breaches of Union competition and State aid rules, as well as breaches relating to the internal market in relation to acts which breach the rules of corporate tax or to arrangements the purpose of which is to obtain a tax advantage that defeats the object or purpose of the applicable corporate tax law.

This Directive is without prejudice to the power of Member States to extend protection under national law as regards areas or acts not covered by paragraph 1.

Article 3

Relationship with other Union acts and national provisions

Where specific rules on the reporting of breaches are provided for in the sector-specific Union acts listed in Part II of the Annex, those rules shall apply. The provisions of this Directive shall be applicable to the extent that a matter is not mandatorily regulated in those sector-specific Union acts.
This Directive shall not affect the responsibility of Member States to ensure national security or their power to protect their essential security interests. In particular, it shall not apply to reports of breaches of the procurement rules involving defence or security aspects unless they are covered by the relevant acts of the Union.

This Directive shall not affect the application of Union or national law relating to any of the following:


the protection of classified information;


the protection of legal and medical professional privilege;


the secrecy of judicial deliberations;


rules on criminal procedure.

This Directive shall not affect national rules on the exercise by workers of their rights to consult their representatives or trade unions, and on protection against any unjustified detrimental measure prompted by such consultations as well as on the autonomy of the social partners and their right to enter into collective agreements. This is without prejudice to the level of protection granted by this Directive.

Article 4

Personal scope


This Directive shall apply to reporting persons working in the private or public sector who acquired information on breaches in a work-related context including, at least, the following:


persons having the status of worker, within the meaning of Article 45(1) TFEU, including civil servants;


persons having self-employed status, within the meaning of Article 49 TFEU;


shareholders and persons belonging to the administrative, management or supervisory body of an undertaking, including non-executive members, as well as volunteers and paid or unpaid trainees;


any persons working under the supervision and direction of contractors, subcontractors and suppliers.

This Directive shall also apply to reporting persons where they report or publicly disclose information on breaches acquired in a work-based relationship which has since ended.
This Directive shall also apply to reporting persons whose work-based relationship is yet to begin in cases where information on breaches has been acquired during the recruitment process or other pre-contractual negotiations.

The measures for the protection of reporting persons set out in Chapter VI shall also apply, where relevant, to:




third persons who are connected with the reporting persons and who could suffer retaliation in a work-related context, such as colleagues or relatives of the reporting persons; and


legal entities that the reporting persons own, work for or are otherwise connected with in a work-related context.

Article 5


For the purposes of this Directive, the following definitions apply:


‘breaches’ means acts or omissions that:


are unlawful and relate to the Union acts and areas falling within the material scope referred to in Article 2; or


defeat the object or the purpose of the rules in the Union acts and areas falling within the material scope referred to in Article 2;


‘information on breaches’ means information, including reasonable suspicions, about actual or potential breaches, which occurred or are very likely to occur in the organisation in which the reporting person works or has worked or in another organisation with which the reporting person is or was in contact through his or her work, and about attempts to conceal such breaches;


‘report’ or ‘to report’ means, the oral or written communication of information on breaches;


‘internal reporting’ means the oral or written communication of information on breaches within a legal entity in the private or public sector;


‘external reporting’ means the oral or written communication of information on breaches to the competent authorities;


‘public disclosure’ or ‘to publicly disclose’ means the making of information on breaches available in the public domain;


‘reporting person’ means a natural person who reports or publicly discloses information on breaches acquired in the context of his or her work-related activities;


‘facilitator’ means a natural person who assists a reporting person in the reporting process in a work-related context, and whose assistance should be confidential;


‘work-related context’ means current or past work activities in the public or private sector through which, irrespective of the nature of those activities, persons acquire information on breaches and within which those persons could suffer retaliation if they reported such information;


‘person concerned’ means a natural or legal person who is referred to in the report or public disclosure as a person to whom the breach is attributed or with whom that person is associated;


‘retaliation’ means any direct or indirect act or omission which occurs in a work-related context, is prompted by internal or external reporting or by public disclosure, and which causes or may cause unjustified detriment to the reporting person;


‘follow-up’ means any action taken by the recipient of a report or any competent authority, to assess the accuracy of the allegations made in the report and, where relevant, to address the breach reported, including through actions such as an internal enquiry, an investigation, prosecution, an action for recovery of funds, or the closure of the procedure;


‘feedback’ means the provision to the reporting person of information on the action envisaged or taken as follow-up and on the grounds for such follow-up;


‘competent authority’ means any national authority designated to receive reports in accordance with Chapter III and give feedback to the reporting person, and/or designated to carry out the duties provided for in this Directive, in particular as regards follow-up.

Article 6

Conditions for protection of reporting persons


Reporting persons shall qualify for protection under this Directive provided that:


they had reasonable grounds to believe that the information on breaches reported was true at the time of reporting and that such information fell within the scope of this Directive; and


To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT