Confidly
Start free trial

🇦🇹 Austria compliance

Hinweisgebersystem für Österreich

In Österreich setzt HinweisgeberInnenschutzgesetz die EU-Hinweisgeber-Richtlinie 2019/1937 in nationales Recht um. Unternehmen mit 50+ Mitarbeitenden müssen ein vertrauliches internes Hinweisgebersystem betreiben, Meldungen innerhalb von 7 Tagen bestätigen und innerhalb von 3 Monaten substantiell beantworten. Bußgelder bei Nichteinhaltung erreichen bis zu €20,000.

Confidly is a GDPR-compliant whistleblowing channel built for companies in Austria (Österreich) operating under HinweisgeberInnenschutzgesetz (HSchG). The intake form is auto-configured with the categories and disclosures HSchG requires. Reporters can attach audio or video oral statements to a web submission; a native phone-hotline or voicemail channel is on roadmap. The mandatory 7-day acknowledgement and 3-month feedback updates are automated. Set up in 15 minutes. Hosted in the EU. Used by compliance teams from 50 to 5,000 employees.

Law HinweisgeberInnenschutzgesetz
In force since 25 February 2023
Who must comply 50+ employees
Enforcement Bundesamt zur Korruptionsprävention
Max fine €20,000
Companies affected ~12,000 companies with 50+ employees

What HSchG requires you to do

HinweisgeberInnenschutzgesetz transposes the EU Whistleblower Directive 2019/1937 into Austria national law. The core obligations for companies above the threshold (50+ employees):

In Austria, enforcement sits with Bundesamt zur Korruptionsprävention. Maximum fines for non-compliance reach €20,000.

Estimate your exposure under HSchG with the fines calculator.

How Confidly covers HSchG

What does Confidly cost in Austria?

Three plans, EUR-priced (VAT reverse-charged for EU B2B). Pick a tier by company size; everything else is included.

Frequently asked questions: HSchG

Ist ein Hinweisgebersystem Pflicht?
Yes. For companies with 50+ employees in Austria, an internal whistleblowing channel is legally mandatory under HinweisgeberInnenschutzgesetz (HSchG). The law has been in force long enough that Bundesamt zur Korruptionsprävention now actively investigates non-compliance, with maximum administrative fines of €20,000.
Wer kann Hinweisgeber sein?
Under HSchG, the channel must accept reports from current and former employees, applicants, suppliers, contractors, shareholders, and members of administrative or supervisory bodies. Any person who acquired the information in a work-related context is protected. Confidly's reporter UI requires no email, no IP capture, and no account, so anyone in scope can submit.
Welche Anforderungen gibt es an ein Hinweisgebersystem?
Core requirements under HSchG: (a) the channel must be confidential and accessible to all relevant persons; (b) acknowledgement of every report within 7 days; (c) substantive feedback to the reporter within 3 months; (d) protection from retaliation; (e) an audit-ready record of every action. Confidly implements all five out of the box.
Wie funktioniert ein Hinweisgebersystem?
A whistleblowing channel works in three steps: (1) the reporter submits a confidential report through a public-facing form, receiving a server-issued case code plus their own 6-digit secret to follow up. (2) The designated case handler triages the report inside the admin dashboard, acknowledging within 7 days as required by HSchG. (3) Investigation, communication, and resolution are tracked in an append-only audit log that satisfies Bundesamt zur Korruptionsprävention inspections.
Kann man in Österreich eine anonyme Anzeige machen?
Yes. Anonymous reporting is supported by Confidly in Austria. The reporter UI never asks for an email, never stores an IP, and uses a server-issued case code plus reporter-only 6-digit secret so the reporter can submit and follow up without revealing identity. HSchG permits anonymous reporting where Austria national law allows.
Is a whistleblowing channel mandatory in Austria?
Yes. HinweisgeberInnenschutzgesetz (HSchG), the Austria transposition of EU Directive 2019/1937, requires companies with 50+ employees to operate a confidential internal whistleblowing channel. The law has been in force since 25 February 2023.
What are the fines for non-compliance with HSchG?
Maximum administrative fines under HSchG reach €20,000. Enforcement is carried out by Bundesamt zur Korruptionsprävention. Fines apply both for failing to establish a channel and for retaliation against reporters.
Does HSchG require anonymous reporting?
HSchG permits anonymous reporting where Austria national law allows. Confidly's reporter UI issues a server-side case code and reporter-only secret (no email, IP address, or browser identifier is stored), so reporters can submit and follow up entirely anonymously.

Starter

Legally compliant on day one. For up to 100 employees.

39 /mo
Billed annually (€468/yr)
  • 1 channel, up to 100 employees
  • Country-specific intake (HinSchG, Loi Sapin II, D.lgs 24, Ley 2, Wbk)
  • Audio and video attachments (oral statements upload alongside documents)
  • Auto reporter status updates at 7 days and 3 months (Directive Art. 9)
  • AI summary + severity hint, anonymous two-way chat
  • EU data hosting, GDPR DPA, metadata-stripped uploads
Start free trial
Most popular

Pro

Investigations, not just intake. For 100 to 500 employees.

124 /mo
Billed annually (€1488/yr)
  • Everything in Starter
  • Up to 500 employees, AI in 25+ languages, SSO (SAML / Google / M365)
  • AI case clustering: surfaces when multiple anonymous reports describe the same pattern
  • Custom investigation playbooks + auto-escalation rules + conflict-of-interest detector
  • Native HRIS sync (Personio, BambooHR) + Slack and Teams alerts
  • WhatsApp + SMS intake, auto-generated annual compliance report (country-tailored PDF)
Start free trial

Enterprise

Group structures, sovereign data, your brand.

332 /mo
Billed annually (€3984/yr)
  • Everything in Pro
  • Up to 5 channels, 2,000 employees, per-channel EU residency (DE→DE, FR→FR) + custom retention
  • White-label intake on your domain (speakup.acme.com) with custom DPA and branding
  • Multi-entity console for holdings: isolated audit trails per subsidiary
  • External ombudsperson seats: time-boxed lawyer or auditor access per case
  • SCIM, REST API, webhooks, BYOK encryption, dedicated CS, 99.9% SLA
Start free trial

Coverage

Compliant across the whole EU.

Every EU member state has transposed Directive 2019/1937. Pick yours to read the local law.

IS Iceland - read the local law NO Norway - read the local law SE Sweden - read the local law FI Finland - read the local law EE Estonia - read the local law LV Latvia - read the local law LT Lithuania - read the local law DK Denmark - read the local law IE Ireland - read the local law UK United Kingdom - read the local law NL Netherlands - read the local law BE Belgium - read the local law LU Luxembourg - read the local law FR France - read the local law DE Germany - read the local law PL Poland - read the local law CZ Czech Republic - read the local law SK Slovakia - read the local law AT Austria - read the local law HU Hungary - read the local law SI Slovenia - read the local law HR Croatia - read the local law PT Portugal - read the local law ES Spain - read the local law IT Italy - read the local law MT Malta - read the local law RO Romania - read the local law BG Bulgaria - read the local law GR Greece - read the local law CY Cyprus - read the local law
Nordics & Baltics British Isles Western Europe Central Southern South-East Non-EU You are here

Other EU countries

Compliance guides for the other 26 EU + EEA member states:

Get HSchG-compliant in 15 minutes

14-day free trial. EU-hosted. No credit card. Cancel anytime.

Start free trial See pricing

Multi-entity? Talk to us →