Zum Hauptmenü Zum Inhalt

Legal obligation to set up a whistleblowing system

Whistleblower Protection Act passed – what does that mean for you?

After a one-year delay, the Austrian National Council passed the long-awaited Whistleblower Protection Act (HSchG) on Wednesday. It is expected to enter into force shortly. Find out below what needs to be done now and how we can support you.

What obligations arise from the law?

The core of the HSchG is the obligation to set up an internal whistleblowing system for businesses employing 50 or more employees. Moreover, it must be possible to submit reports in writing or verbally. The internal departments must be provided with the necessary financial and human resources to fulfill their tasks. Due to their ease of use, digital whistleblowing systems in the form of platform solutions have become established in practice.

The handling of internal repots must always be impartial and unbiased. Employees of the internal department must not be subject to instructions when receiving and following up on reports. To guarantee this, companies must take appropriate organizational precautions. Companies also have the option of commissioning external consultants (e.g. lawyers) with the tasks of the internal reporting department.

By when must the internal whistleblower system be set up?

For the setup of an internal whistleblowing system, the affected companies and legal entities in the public sector are generally granted a deadline of (only) six months once the law comes into force. Companies and legal entities in the public sector with 50 to 249 employees are granted an extended implementation period until December 17th, 2023.

Existing whistleblowing systems must be checked for their conformity with the requirements of the HSchG during these periods and, if necessary, be adapted accordingly.

Which legal violations are covered by the law?

The law generally applies to whistleblowing regarding violations of regulations in the following areas:

  • Legal violations in specific areas of law, such as public procurement, financial services, environmental protection, public health, consumer protection, privacy and personal data protection, etc.;
  • Prevention and punishment of criminal offenses under Sections 302 to 309 of the Criminal Code (e.g. abuse of official authority, bribery and gift acceptance);
  • Violations of Union rules on competition and state aid and other selected internal market rules.

Despite extensive criticism, the Austrian legislature has not expanded the material scope of application, so that practically relevant violations of labor law, as well as offenses such as theft, fraud, embezzlement, bullying, sexual harassment or discrimination, are not covered.

“The law undoubtedly has certain weaknesses. Nevertheless, it is now up to the companies what they make of it. The law provides a basic framework with minimum requirements, but does not prohibit companies from going beyond and independently remedying the existing weaknesses through clear and transparent internal company regulations. Companies should see the law as an opportunity to bring about sustainable changes in their corporate culture. The days of looking the other way must now be finally over.”

Thomas Baumgartner, Attorney-at-Law and certified compliance officer

Which confidentiality regulations must be observed?

The law contains corresponding regulations to ensure the protection of the identity of the persons involved in the whistleblowing or affected by it as well as the protection of their personal data. Beyond the group of people directly involved in a whistleblowing, the identity of whistleblowers or persons affected may only be disclosed if this is reasonable in the context of official investigations or administrative or judicial proceedings with regard to the validity and seriousness of the allegations made and with regard to a potential endangerment of the person.

Violation of the provisions on the protection of confidentiality is punishable by heavy fines. Particular attention must therefore be paid to appropriate precautions to ensure confidentiality.

What are the penalties?

(Attempting) to obstruct or coerce a whistleblower, taking retaliatory measures (e.g. demotion or denial of a promotion, denial of participation in further training, disciplinary sanctions), violating confidentiality provisions or making a knowingly false report will result in an administrative penalty of up to EUR 20,000 (in repeated cases up to EUR 40,000).

How is this implemented in practice?

When setting up a whistleblowing system and processing the information received, there are not only exciting legal questions (especially in the area of data protection, labor law, etc.), but also questions about the successful practical implementation of the legal requirements. The challenges are diverse and include the following topics:

  • How do I ensure that the whistleblowing system is actually accepted in the company? How do I prevent abuse?
  • What resources do I need to process the reports? Who should process which reports? How do I ensure confidentiality?
  • How do I prevent retaliation? And how do I communicate this assurance to potential whistleblowers? What measures should I take in the event of confirmed misconduct – keyword “zero tolerance“?

How can we support you?

In order to ensure a legally compliant and practically successful implementation, interdisciplinary work is required. Our team of experts, with lawyers from different areas of law (labor law, criminal law, data protection, compliance), will be happy to support you in finding the solution that is precisely tailored to your individual requirements and needs.

Try our „Whistleblowing-System“!

With our broad practical experience, we can assist you in particular with the following tasks:

Support with the introduction of an internal whistleblowing system: Our experts support you with the conception and implementation of a whistleblowing system that meets the requirements of the HSchG, but is also tailored to your individual needs. In addition, we support you in dealing with whistleblowers and incoming reports correctly, make suggestions for internal communication measures, and conduct training for affected employees.

Legal review of existing whistleblowing systems: Our experts examine whether the existing whistleblowing system in your company meets the requirements of the HSchG. As part of the process analysis, we identify weaknesses and provide suggestions for the further development and improvement of existing structures (“Health Check”).

Support in the processing of reports received: With our interdisciplinary, case-specific teams of experts, we support you in the legally compliant processing of reports received from all areas (criminal law, labor law, environmental violations, diversity, discrimination, sexual harassment, etc.). If legal violations are identified, we advise you on the enforcement or defense of any claims for compensation.

Contact our expert team!

We will be happy to support you.


This article is for general information only and does not replace legal advice. Haslinger / Nagele Rechtsanwälte GmbH assumes no liability for the content and correctness of this article.


3. February 2023

Go back to News
  • Referenz | Haslinger / Nagele, Logo: JUVE Awards
  • Logo JUVE
  • Promoting the best. Women in Law Award