HinSchG External Reporting Channel: Provider Comparison 2026

· Category: Whistleblower Protection· As of: 2026-05-02· Reading time: ~6 min
Practitioner note: This is not legal advice. For specific situations, consult a qualified attorney or compliance officer.

TL;DR

  • From 50 employees, organizations may freely choose internal or external reporting channels under the Whistleblower Protection Act (HinSchG)
  • External often 30-50% cheaper than running an internal channel and provides higher confidentiality
  • Top 3 for SMEs: EQS Integrity Group, Whistlelink, specialist law firms
  • Federal Office of Justice (BfJ) channel is supplementary only — does not replace the internal obligation
  • Switching providers requires data migration under Art. 20 GDPR + Section 11 HinSchG (3-year retention)

1. Specialist Law Firm (Classic Choice)

Price: 1,500-5,000 EUR/year. Pros: high confidentiality, attorney-client privilege. Cons: limited capacity, often without HinSchG specialization.

2. EQS Integrity Group (DACH Market Leader)

Price: 990-3,500 EUR/year. Pros: specialist platform, anonymous return channel, documented training, audit reports included. Cons: software-centric, no dedicated investigator.

3. Federal Office of Justice (BfJ) Channel

Price: free. Pros: state-run, no cost. Cons: only an additional channel under Section 19 HinSchG, not a substitute for the internal obligation under Section 12; median processing 6-9 months.

4. Whistlelink (Sweden, EU Hosting)

Price: 800-2,500 EUR/year. Pros: affordable, open-source-based, EU hosting. Cons: limited DACH localization.

5. NAVEX EthicsPoint (US Market Leader)

Price: 3,000-15,000 EUR/year. Pros: enterprise features, multi-tenant. Cons: third-country transfer risk, dependence on Data Privacy Framework (DPF) status, higher cost.

6. EthicsCheck

Price: 1,200-3,000 EUR/year. Pros: German specialist software. Cons: smaller market base.

7. Recommendation Matrix

ProfileRecommendation
SME 50-250 employees, standard sectorEQS or Whistlelink
Highly sensitive sector (pharma, finance, defense)Specialist law firm
Multinational with US parentNAVEX with EU-hosted instance
Public-sector adjacentBfJ supplementary + internal

Summary

External reporting channels usually beat internal setups on price and confidentiality. EQS leads the DACH SME market; specialist law firms remain the gold standard for sensitive sectors. The BfJ channel is a useful safety-valve for whistleblowers but never replaces the internal obligation.

View Whistleblower Kit →

Frequently Asked Questions

Which external reporting channel is best for DACH SMEs?

Top 3 for SMEs with 50-250 employees: 1) EQS Integrity Group (DACH market leader, EUR 990-3,500/year) — complete, works council compliant, German language, audit reports included. 2) Whistlelink (SE, EU hosting, EUR 800-2,500/year) — cheaper, open-source based, sufficient for standard cases. 3) Law firm (EUR 1,500-5,000/year) — highest confidentiality, attorney-client privilege, but limited software functionality. Recommendation: EQS for mid-sized companies, law firm for highly sensitive sectors (pharma, finance, defense).

Is the state BMJ federal reporting office sufficient as an external channel?

No, not as a substitute for the mandatory internal reporting channel. The BMJ reporting office (for federal authorities + supplementary for citizens/employees) is, under Section 19 German Whistleblower Protection Act (HinSchG), only an ADDITIONAL channel, not a substitute for the mandatory internal reporting channel (Section 12 HinSchG). It is free of charge but slow (median processing time 6-9 months). In practice: whistleblowers may choose between the internal channel and the BMJ — your company must nonetheless operate the mandatory internal channel. Communicate the BMJ reporting office as a 'safe harbor' for whistleblowers — this eases the climate.

How much does an external reporting channel cost per year?

Price range 2026: Software-only (Whistlelink, Whispli): EUR 800-2,500/year for SMEs with 50-250 employees. Software + investigation service (EQS, NAVEX): EUR 1,500-3,500/year. Full-service law firm: EUR 1,500-5,000/year flat fee + hourly rate for investigations (EUR 200-400/h). Comparison: an internal reporting channel effectively costs EUR 5,000-15,000/year (personnel share + software + training). External solution typically 30-50% cheaper AND offers higher confidentiality.

What happens to reports when switching providers?

Data migration obligation under GDPR Art. 20 + Section 11 HinSchG (3-year retention). In practice: 1) Active cases: handover phase 1-3 months with the current provider. 2) Archive: export in standardized format (PDF + JSON metadata). 3) End of contract term: 30-90 day data return deadline. 4) Obtain destruction confirmation from the previous provider. Note: whistleblower identity remains protected — even when switching providers. For Whistlelink/EQS: migration typically in 4-8 weeks, free of charge.

Sources

  • Whistleblower Protection Act (HinSchG), Sections 12 (internal channel), 14 (third party), 19 (BfJ), 21 (BaFin), 22 (Federal Cartel Office), gesetze-im-internet.de/hinschg (As of: 2026-05-02)
  • Federal Office of Justice — Federal external reporting channel, bundesjustizamt.de (As of: 2026-05-02)
  • GDPR Art. 28 (processor) in conjunction with Section 11 HinSchG (3-year retention), eur-lex.europa.eu (As of: 2026-05-02)
  • Directive (EU) 2019/1937 (Whistleblower Directive), eur-lex.europa.eu (As of: 2026-05-02)

Related Reading

Tools & self-assessments

Fining Calculator Calculate the potential fining risk for your organisation. Whistleblower Act Self-Assessment Check your whistleblower reporting office for conformity with the 2026 amendment.