NewTechLaw.eu sp. z o.o.
ul. Telimeny 38/5
30-838 Kraków
KRS 0001059923
NIP/VAT PL6793277655
REGON 52646618000000
Szczepan WATRAS - członek zarządu
Tomasz IZYDORCZYK - członek zarządu


NewTechLaw.eu sp. z o.o.
ul. Telimeny 38/5
30-838 Kraków
KRS 0001059923
NIP/VAT PL6793277655
REGON 52646618000000
Szczepan WATRAS - Member of the Board
Tomasz IZYDORCZYK - Member of the Board

The second version of the act implementing the Directive on whistleblower protection.

Source: https://www.rp.pl/rzecz-o-prawie/art36252241-miroslaw-gumularz-drugie-podejscie-do-sygnalistow

On May 10, 2022, the text of our expert, Mirosław Gumularz Ph.D., was published in Rzeczpospolita newspaper on the draft (version 2 – of April 6, 2022) of the act implementing the Directive on the protection of whistleblowers.

Below we present the most important fragments of the text:


The provisions of the draft indicate that the obligations related to internal reporting will apply to entities for which at least 50 people perform work. In the previous draft, the indicated threshold concerned only employees, which raised doubts in the context of the content of the directive and its recitals (including 39). Currently, there is no doubt that when calculating the “entry threshold” into the subjective scope of the regulation, not only people working on the basis of an employment relationship as well as other legal relationship constituting the basis for the performance of work or services or performance of a function (eg B2B associates) should be taken into account. At the same time, it should be noted that regardless of the number of people employed, the Act will be applied by the entities indicated in Art. 23 sec. 2 of the project, incl. obligated on the basis of AML, e.g. accounting offices.

The current version of the draft makes it clear that the whistleblower can be not only an employee, but also any person making a report in the context of employment. On the basis of the draft of April 6, 2022, the term “work context” includes, among others:
(-) employees,
(-) temporary employees,
(-) a person providing work on a basis other than an employment relationship, including a civil law contract,
(-) entrepreneurs,
(-) shareholder or partner.

Access to the data

The directive requires that the problem of access to information on notification and on follow-up be addressed. In this regard, the directive distinguishes between two levels of access:

(-) the narrowest – concerns the data of the whistleblower himself;
(-) broader – applies to the data of other people, including the one to which the application relates.

The published draft equates the rules for the protection of the data of the whistleblower and other persons. This may make it impossible, for example, to draw any consequences for the persons concerned by the report.

Other matters

Finally, pay attention to keeping the criminal provisions (and not as postulated the introduction of liability under administrative law) and application date of the requirements.

The obligation to establish an internal procedure by private entities for which at least 50 and fewer than 250 people work, takes place by 17 December 2023.

Fulfillment of the obligation to establish:

1) internal policy – private entities for which at least 250 people perform work,
internal procedures by private entities referred to in Art. 23 sec. 2 (e.g. using AML);
2) internal policy – public entities,
3) policy for receiving external reports or external procedures by the polish Ombudsman or a public body
– takes place within 1 month from the date of entry into force of the Act.

June 17, 2022