Search for:

What lies ahead for companies and what to do now

In brief

The German Bundestag passed the German Whistleblower Protection Act on 16 December 2022. After initially not being expected to be passed this year, the bill did make it onto the agenda of the last session day of the year at short notice and was passed in a version amended by the Legal Affairs Committee (Rechtsausschuss) with the coalition’s majority. The next step is for the Bundesrat to approve the bill. However, this is not expected until the first plenary session in February 2023 at the earliest.


Key points of the law

  • Companies with at least 250 employees are obliged to set up an internal reporting system when the law comes into force. For companies with 50 to 249 employees, this obligation will apply from 17 December 2023.
  • Whistleblowers shall be comprehensively protected, in particular against reprisals. Any discrimination against a whistleblower in connection with a report is prohibited. The burden of proof lies with the companies.
  • Whistleblowers are free to choose whether to report internally or externally. Public disclosures are only permitted in exceptional cases.
  • Corporate groups can implement an internal reporting office at the group level.
  • Companies must now also provide reporting channels for anonymous reports and process anonymous incoming reports – but here there is a longer implementation deadline of 2025, regardless of the size of the companies.
  • The law enters into force three months after promulgation.

Click here to access the full alert.

German version

Author

Nicolai is a partner in the Dispute Resolution group of Baker McKenzie, a member of the Global Investigations, Compliance and Ethics Steering Committee and co-heads the Investigations, Compliance and Ethics practice in Germany. Nicolai is a regular speaker and author on compliance, white collar crime, innovation and legal tech topics. He is the inventor of the automated risk assessment and risk monitoring platform Compliance Cockpit and the founder of Global Compliance News. Nicolai is the editor of the knowledge platforms Compliance Lexikon and Litigation Lexikon.

Author

Katja Häferer joined the Munich office of Baker McKenzie in January 2009. She is a member of the Firm’s European and Global Labor Law practice groups. She advises domestic and multinational companies on employment law matters, including outsourcing and other transactions. Katja frequently speaks at in-house and external seminars, and conducts training on a wide range of employment matters. She also practiced in the Firm’s San Francisco and Palo Alto offices.

Author

Christian Koops joined the Munich office of Baker McKenzie in 2015. He is a member of the Firm’s European and Global Labor Law practice groups. Christian advises domestic and multinational companies on employment law matters, including outsourcing and other transactions. He frequently speaks at in-house and external seminars, and conducts training on a wide range of employment matters. He also practiced in the Firm’s Berlin office.

Author

Dr. Michaela Nebel is a partner in the Frankfurt office of Baker McKenzie. Prior to joining Baker McKenzie she studied law at the University of Passau. She obtained her Doctor of Law degree on a topic related to privacy in the Web 2.0. From July until December 2014 she practiced at the San Francisco office of Baker McKenzie. She is a member of the International Association of Privacy Professionals (IAPP), since May 2015 a Certified Information Privacy Professional/Europe (CIPP/E) and since May 2017 a Certified Information Privacy Professional/United States (CIPP/US). She is also the author of numerous articles on information technology law, in particular on data protection law and e-commerce law, and the co-author of an English language commentary on the EU General Data Protection Regulation.

Author

Florian Tannen is a partner in the Munich office of Baker McKenzie with more than 10 years of experience. He advises on all areas of contentious and non-contentious information technology law, including internet, computer/software and in particular data privacy law. Before joining the Firm, Florian worked for two major law firms and a large US-based technology company.

Author

Dr. Robin Haas is a Counsel in Baker McKenzie's Munich office. Robin has more than seven years of professional experience as a lawyer (Rechtsanwalt) and inhouse counsel (Syndicus). He is a member of our Compliance and Investigation Group and one of our Munich innovation ambassadors. Robin joined the Firm in 2015 after studying law in Mannheim (Dr. jur.), Swansea (University of Wales, Erasmus) and New York (Columbia University, LLM). Robin went inhouse for a year in 2021 and joined a DAX 40 company as a compliance manager (Syndicus) responsible for the whistleblowing system and internal investigations. He rejoined Baker McKenzie in October 2022. He has previously worked in our offices in Frankfurt, Zurich and New York.

Author

Marleen Kristin Ellinger is an associate in the Baker McKenzie office in Munich. She joined Baker McKenzie’s Dispute Resolution Practice Group in 2021 and focuses on internal investigations, compliance and ethics as well as commercial litigation. During her legal clerkship, Marleen worked at the Permanent Mission to the United Nations in Geneva and renowned international law firms in Dusseldorf.