Whistleblower Protection

The decisive provision is § 12 HinSchG: employers with, as a rule, at least 50 employees are obliged to establish and operate an internal reporting channel. Since 17 December 2023, this obligation has applied across all sectors without any further transitional period. For undertakings with 50 to 249 employees, § 14 HinSchG expressly permits the sharing of resources with other private-sector employers — for example within a group structure or in cooperation with affiliated companies. For certain regulated sectors (investment firms, capital management companies, insurance undertakings) the duty to establish a reporting channel under § 12 (3) HinSchG applies from the very first employee — here sector-specific requirements under the KWG (Banking Act), the WpHG (Securities Trading Act) and the VAG (Insurance Supervision Act) apply in addition to the general framework of the HinSchG.

The fine regime is anchored in § 40 HinSchG. Breaches of the duty to establish and operate an internal reporting channel are subject under § 40 (2) HinSchG to administrative fines of up to EUR 50,000. Decisive for the actual risk assessment, however, is the interplay with § 30 OWiG (Administrative Offences Act): through the corporate fine, the fine framework for legal persons and associations of persons can be multiplied tenfold — meaning fines of up to EUR 500,000 may be imposed on the undertaking itself. On top of this come civil-law damages claims of the reporting person under § 37 HinSchG in the event of reprisals, as well as the often more serious reputational damage that arises as soon as breaches of the prohibition of reprisals (§ 36 HinSchG) become public. The reversal of the burden of proof under § 36 (2) HinSchG further worsens the employer's position in any dispute.