Skip to content Skip to sidebar Skip to footer
Close
Tips

Whistleblowing

Whistleblowing

The term “whistleblowing” refers to the reporting of wrongdoing or irregularities that an individual, the “whistleblower” encounters in a company or public entity while carrying out their own work activities.

The Legislative Decree No. 24 of March 10, 2023, transposed EU Directive 2019/1937 on “Protection of individuals who reports breaches of EU law”. The Decree brings together in a single regulatory text all the regulations on the protection of whistleblowers.

The regulation applies to:

  • Entities that adopt their own Organization, Management and Control Model (i.e. “Model 231”);
  • Private entities which employ at least 50 workers in the last year.

 

Who is the whistleblower?

Protection applies to all individuals generally connected to the whistleblower’s organization and/or person:

  • public and private employees
  • self-employed workers; 
  • collaborators and consultants;
  • volunteers and trainees (both paid and unpaid);
  • shareholders and individuals with administrative, management, control, supervisory or representative functions; 
  • facilitators, individuals who have a regular relationship with the whistleblower, or are related to the whistleblower by an emotional or kinship stable relationship.

What can you report?

  • violations of Italian or European regulatory provisions that harm the public interest or the integrity of the public administration or the private entity, of which the whistleblower become aware in the working environment.
  • misconducts which can be related to the commission of one or more relevant crimes under Legislative Decree 231/01 or constitute a violation of the “Model 231”.

Instead, shall be considered EXCLUDED the reports which: 

  • can be related to an personal interest of the reporting person;
  • concern violations which are already mandatorily regulated by specific EU or national acts or national acts that constitute implementation of EU acts;
  • concern violations related to national security matter, as well as related to defense or national security procurements.

Means of reportin

  • Orally, through telephone calls, voice messaging systems or, at the request of the reporting person, through a face-to-face meeting;
  • in a written form, including electronic mail.

 

Through 3 different reporting channels

1. Internal Channel

It can be established by the company itself in order to receive reports. Such channel must be able to guarantee the confidentiality on the identity of the reporting person, the person involved and the person otherwise mentioned in the report.

The TASK of managing the reporting channel may be assigned, alternatively:

  • to an internal, autonomous person or department;
  • to an autonomous external person.

Anonymous reports are also allowed.

 

2.External Channel

Managed by A.N.A.C. (Italian Anti-bribery National Authority), when:

  • in the whistleblower’s working environment, the activation of an internal reporting channel is not mandatory;
  • the whistleblower has already made an internal report and the same has not been followed up; 
  • the whistleblower has reasonable grounds to believe that his report may result in a retaliation; 
  • the whistleblower has reasonable grounds to believe that the violation may put in danger the public interest in an imminent or obvious way.

 

3. Through a also-called “PUBLIC DISCLOSURE”

It means that the report can be made through the press or electronic media, when:

  • the whistleblower has previously made an internal and external report but no response has been given within the prescribed time;
  • the whistleblower has reasonable grounds to believe that the violation may put in danger the public interest in an imminent or obvious way;
  • the whistleblower has well-founded reasons to believe that the external report may result in a retaliation or may not be followed up effectively.

Report Management Timelines

  • A notice of receipt must be issued within 7 days from the report;
  • the process must be concluded, providing feedback, within 3 months from the date of the notice.

The new provisions will take effect:

  • from July 15th 2023 for private sector entities with more than 250 employees.
  • from December 17th 2023 for private sector entities that employed from 50 to 249 employees;

Assistance to companies

IUXTA offers:

  • assistance to private entities that already have a “Model 231”, in updating the reporting system already implemented, assessing its adequacy to the regulations and, in necessary, implementing what is necessary to meet internal, external and public reporting requirements;
  • assistance in outlining simple and immediate internal reporting channels, including through third-party IT platform providers;
  • implementation of procedures and tools that enable entities to process the reports received, in compliance with privacy regulations and within due timelines;
  • managing internal reporting channels, ensuring they are GDPR-compliant as well as constantly updated to meet current regulations duties at all times;
  • ensuring that the protection provided for the whistleblower (such as retaliation prohibitions and confidentiality duties) are observed, in compliance with the regulation.
INDIRIZZO

Via Larga, 8
20122 MIlano (MI)
tel. +39 02 86461 786

MENU
CONTATTI

taxlegal@iuxta.net

© Iuxta 2025. Tutti i diritti riservati. Privacy PolicyCookie Policy Credits

Il presente sito ha lo scopo di mostrare l’attività svolta dallo Studio. Tutte le informazioni ed i materiali in esso contenuti, accessibili e fruibili dall’utente a titolo gratuito, hanno unicamente scopo divulgativo e non possono ritenersi sostitutivi di una consulenza legale personalizzata, modellata sulle specifiche esigenze del singolo utente. Lo Studio pertanto non potrà essere ritenuto in alcun modo responsabile dell’utilizzo da parte dell’utente delle informazioni e dei materiali reperibili nel sito, né per eventuali danni subiti, anche indirettamente, per effetto dell’utilizzo delle suddette risorse.