New Croatian “Whistleblower Act”

Croatia

A new Law on protecting people who report irregularities or, as it’s more popularly known, “the Whistleblower Act” come into force in Croatia on 23 April 2022. Since, back in 2019, the Parliament passed the first Whistleblower Act a few months before the publication of the EU Directive on the protection of persons who report breaches of Union law (EU 2019/1937), it was now necessary to harmonize it with the European legislation. Given that there have been so many changes in the text of the law, a completely new law was adopted. Moreover, because the original Whistleblower Act had been subject to much criticism for its vagueness and illogical propositions, the creation of a new law was a great opportunity to pass a better law that is clearer and more logical.

The most important changes in the new law are as follows:

  • The scope of the law is now clearly defined. Specifically, it refers to the areas of public procurement, financial services, products and markets, as well as the prevention of money laundering and terrorist financing. It also relates to areas of product safety and compliance, transport safety, environmental protection, radiation protection and nuclear safety, food and feed safety, animal health and welfare, public health, consumer protection, protection of privacy and personal data, and security of network and information systems. Also, the scope applies to areas affecting the EU's financial interests and to areas related to the internal market, competition, and state aid.
  • A specialised legal act will have to be adopted that will regulate the protection of whistleblowers and the procedure for reporting irregularities in the sectors of national security and defence.
  • The list of potential reporting persons is broadened. It now includes employees, self-employed persons, shareholders, members of the administrative, management or supervisory body, volunteers and trainees, persons who work under the supervision and direction of contractors, subcontractors, and suppliers, as well as persons participating in an entity’s activities in any way
  • The designated person (i.e. a person authorized to receive reports) now doesn't necessarily have to be one of the employees, but can also be a third person who doesn’t work at the company (it must be a natural person)
  • The procedure for naming the designated person has also changed. The mechanism stating that the employer names the person of confidence based on the proposal of 20% of workers is still in use. However, if a company has a works council (or, if there is no a works council, a union representative), then these bodies propose the designated person.
  • The new law also introduces whistleblowers’ right to free legal aid and emotional support.
  • There is now a clear explanation of whistleblowers’ identity protection. The new law states that reports on irregularities cannot be anonymous, but the information from the reports must be available to a limited number of persons only.
  • The new law also protects the identity of the person concerned (i.e. the person who is the subject of the report).
  • All employers with 50 or more employees must still implement internal reporting channels. Moreover, employers that are operating in the field of financial services, products and markets, and prevention of money laundering and terrorist financing are obliged to have an internal reporting channel even if they have fewer than 50 employees.
  • Reporting on irregularities is now also possible by phone or voicemail, which opens the door for so-called whistleblower hotlines
  • When it comes to external reporting, a whistleblower can now report on irregularities directly through the ombudsman, without any previous internal reporting.
  • Public disclosure is only possible if the whistleblower has reported through the internal and external reporting channels first, but no appropriate action was taken. However, public disclosure without prior internal or external reporting is permitted if the whistleblower has reasonable grounds to believe that the breach may constitute an imminent or manifest danger to the public interest or if there is a risk of retaliation in case of external reporting.

Overall, although there are still some shortcomings and ambiguities, the new law is much more complex, better, and clearer than the old one. However, it remains to be seen whether this will be enough to improve its operation in practice.