Clifford Chance

On 14 June 2024, after long-lasting discussions and subsequent draft bills, Poland finally enacted the Whistleblower Protection Act to transpose the EU Whistleblowing Directive into national law.

Background of the Act

The implementation of the Polish Whistleblower Protection Act (the "Act") faced delays of over three years, due to extensive discussions on key issues such as the scope of protection and the designation of the competent authority. As a result of these delays, Poland incurred a daily penalty of EUR 40,000, imposed by the EU.

Scope of the breaches covered by the Act

Following the EU Whistleblowing Directive, Polish law will provide protection for whistleblowers who report breaches concerning, among others: public procurement, financial services, product and transport safety, public health, consumer protection, and protection of privacy and personal data.

However, the Act goes beyond the standard provided for under the EU Whistleblowing Directive. The scope of breaches covered by the Act also covers, among others: corruption, financial interests of the State Treasury and constitutional human and civil rights and freedoms. Also, the reportable breaches may relate to "violations of law" in general, and not only to violations of EU law.

The issue of inclusion of breaches of labour law in the catalogue provided for in the Polish Act was particularly controversial at the legislative stage. Despite robust advocacy for such inclusion from labour associations, NGOs and the Polish Government, the finalised Act ultimately excluded the reporting of labour law breaches from its protective scope. However, it may still be subject to an individual decision of a given organisation as to whether or not labour law breaches should be covered by relevant internal policies and procedures.

The definition of a whistleblower and the scope of protection

According to the Act, a whistleblower is a person who reports or makes public disclosures about illegal activities encountered in a work-related context. This includes, in particular, employees, temporary workers and those engaged under civil law contracts. Additionally, it covers interns, volunteers, trainees, officers defined by specific laws related to public services and soldiers, as per the national defence law, as well as those working under the supervision of contractors.

Whistleblowers are protected from any form of retaliation. This means that whistleblowers are protected against unfair treatment such as refusal to hire, termination of employment, demotion, suspension, negative performance evaluations and any other form of discrimination or harassment. If a whistleblower does suffer from retaliatory actions, they are entitled to compensation.

The law also ensures that public disclosure cannot be used as a basis for the whistleblower's liability, including disciplinary or damage liability, provided that the whistleblower had reasonable grounds to believe that the disclosure was necessary to expose the violation according to the law.

Rights outlined for the protection of whistleblowers cannot be waived, and any legal provisions or agreements that directly or indirectly limit the right to report or disclose information or that prescribe retaliatory measures are considered invalid.

In the case of external reporting, a whistleblower may request certification from the competent authority to confirm their status.

Anonymous reporting

Under the Act, a corporate entity may allow anonymous reporting, in which case the anonymous whistleblower is protected. There is no obligation for the corporate entity to handle such reports.

An obligation to implement internal reporting channels and procedures

Basically, the Act imposes an obligation on corporate entities with at least 50 employees (the threshold does not apply i.a. to entities from financial and environment protection sectors), both in the private and public sectors, to set up an internal procedure for collecting and handling whistleblower notifications. The Act establishes a framework according to which such an internal procedure should be implemented. This includes provisions that require, inter alia:

• designating an internal organisational unit or person, or an external entity to receive internal reports;
• specifying methods for whistleblowers to submit internal reports;
• appointing an impartial internal unit or person within the organisation, authorised to verify the report and communicate with the whistleblower;
• outlining the procedure for dealing with anonymous reports;
• requiring due diligence in verifying the reports;
• setting a maximum of three months to provide feedback to the whistleblower;
• providing clear and easily accessible information about external reporting to the Ombudsman for Civil Rights or public authorities and, where appropriate, to EU institutions, bodies or organisational units.

The Act specifies that internal notifications can be made either orally (by telephone or electronic communication means) or in writing. Oral reports made through a recorded line or voice communication system must be documented with the whistleblower’s consent, either as a recording or a complete and accurate transcript. If the report is made through a non-recorded line, it should be documented as a conversation record that accurately reflects the discussion. Whistleblowers have the right to review, correct and approve the transcript or record by signing it. Written notifications can be submitted in hard copy or electronic form. This comprehensive procedure ensures that whistleblowers have multiple avenues to report concerns, while maintaining confidentiality and integrity throughout the process.

To ease corporate entities' efforts in handling internal notifications, the Act provides a framework for the responsible outsourcing of this task to external entities.

For entities within a capital group, the Act foresees relief by allowing them to set up a common internal notification procedure, which may be supervised collectively by one or several entities within the group, while the responsibility of its enforcement lies with each of them (including appointing a person responsible for dealing with internal reports) If a group of entities hires less than 250 persons, it may introduce a common internal reporting channel and appoint one person responsible for dealing with reports.

Criminal liability

The Act imposes criminal penalties for infringements of whistleblowers' rights. In particular, the Act imposes:

• fines, restrictions of liberty or imprisonment for up to one year for preventing or significantly hindering a person from reporting or for unlawfully disclosing the identity of a whistleblower or related persons (with offenders using violence, unlawful threats or deceit facing up to three years of imprisonment);
• fines, restrictions of liberty or imprisonment for up to two years for retaliatory actions against a whistleblower, a person assisting a whistleblower, or a related individual, with persistent offenders facing up to three years of imprisonment; and
• a fine for those obliged to establish internal reporting procedures who fail to do so or who significantly violate the statutory requirements.

What's next?

The Act enters into force on 25 September 2024, thus giving corporate entities three months to prepare and successfully implement internal reporting channels.