Recent data show that 42% of employees in Spain say their company does not have an effective whistleblowing channel. This poses a direct legal risk for businesses, as Law 2/2023 on the protection of whistleblowers requires all companies with more than 50 employees to implement a secure, confidential system for reporting irregularities.

Legal obligation under Law 2/2023

Since 1 December 2023, all companies with more than 50 employees, as well as public entities and organisations managing EU funds, must have an internal whistleblowing channel. It must guarantee confidentiality, data protection and non-retaliation in line with EU Directive 2019/1937.

Penalties for non-compliance

Failure to comply may lead to fines of up to €1,000,000 for companies and €300,000 for managers. In addition, the absence of an adequate whistleblowing channel may entail criminal liability and disqualification from public contracts or grants.

Key requirements for an effective internal whistleblowing channel

  • Anonymous and confidential reporting.
  • Independent compliance officer.
  • Traceability and secure record-keeping.
  • Established deadlines and follow-up procedures.
  • Whistleblower protection policy and staff training.

Risks of not implementing a whistleblowing channel

  • High financial penalties.
  • Reputational damage.
  • Direct liability of management.
  • Legal claims from employees or clients.

Implementing a whistleblowing channel as a legal safeguard

Setting up an internal whistleblowing channel is no longer optional — it’s a legal obligation that protects both the company and its employees, fostering transparency and compliance.

Contact our Legal Department to implement an internal whistleblowing channel compliant with Law 2/2023 and tailored to your company’s needs.

SEND ENQUIRY