Must manufacturing companies employing more than 50 persons implement a whistleblower reporting procedure in accordance with the (draft) Act on the protection of persons reporting breaches of law?

ANSWER

According to the assumptions for the implementing Act, "the provisions of the Act, as regards the obligation to establish internal reporting channels, will apply to entities in the public and private sectors employing at least 50 employees." Further in the assumptions: "Actions and omissions constituting violations of law in the areas specified in the Act will be subject to reporting. The Act will define a broader substantive scope of 'violation' than the substantive scope of the transposed Directive 2019/1937" […] "The statutory definition of a violation will therefore not be limited to cases where, in a given area of law, a violation is regulated exclusively by a specific provision of EU law. This broader approach is justified on practical grounds, i.e., the clarity and predictability of the scope of the provisions from the perspective of the reporting person, the employer, public authorities, and other entities applying the law. There are also no rational grounds for assuming that only a breach of certain EU provisions should be subject to disclosure, and the reporting person entitled to protection. The same considerations speak in favour of the justification for disclosing a violation and extending protection to the reporting person in the case of a breach of national provisions."

At present, we do not therefore know how a violation will be defined in the Polish Act. Nevertheless, it is clearly indicated that it will be defined more broadly than in the Directive itself. Please note that the Directive already sets out a broad substantive scope of violation (Article 2):

1. breaches falling within the scope of the Union acts set out in the Annex, relating to the following areas:

• public procurement;
• financial services, products and markets, and prevention of money laundering and terrorist financing;
• product safety and compliance;
• transport safety;
• environmental protection;
• radiation protection and nuclear safety;
• food and feed safety, animal health and welfare;
• public health;
• consumer protection;
• protection of privacy and personal data and security of network and information systems;

1. breaches affecting the financial interests of the Union as referred to in Art. 325 TFEU as specified in relevant Union measures;
2. breaches relating to the internal market as referred to in Art. 26(2) TFEU, including breaches of Union competition and State aid rules, as well as breaches relating to the internal market in relation to acts that constitute a breach of corporate tax rules or arrangements intended to obtain a tax advantage contrary to the object or purpose of the applicable corporate tax law.

In summary, given how broad the substantive scope set out in the Directive already is, and the fact that it is to be further extended in the implementing Act, in my assessment it will be difficult to identify an entity employing more than 50 employees that will not, in some aspect, be subject to the obligation to establish a whistleblower reporting procedure.