Confidly
Start free trial

🇩🇪 Germany compliance

Hinweisgebersystem für Deutschland

In Deutschland setzt Hinweisgeberschutzgesetz (HinSchG) die EU-Hinweisgeber-Richtlinie 2019/1937 in nationales Recht um. Unternehmen mit 50+ Mitarbeitenden (seit 17. Dezember 2023) müssen ein vertrauliches internes Hinweisgebersystem betreiben, Meldungen innerhalb von 7 Tagen bestätigen und innerhalb von 3 Monaten substantiell beantworten. Bußgelder bei Nichteinhaltung erreichen bis zu €50,000.

Confidly is a GDPR-compliant whistleblowing channel built for companies in Germany (Deutschland) operating under Hinweisgeberschutzgesetz (HinSchG) (HinSchG). The intake form is auto-configured with the categories and disclosures HinSchG requires. Reporters can attach audio or video oral statements to a web submission; a native phone-hotline or voicemail channel is on roadmap. The mandatory 7-day acknowledgement and 3-month feedback updates are automated. Set up in 15 minutes. Hosted in the EU. Used by compliance teams from 50 to 5,000 employees.

Law Hinweisgeberschutzgesetz (HinSchG)
In force since 2 July 2023
Who must comply 50+ employees (since 17 Dec 2023)
Enforcement Bundesamt für Justiz
Max fine €50,000
Companies affected ~75,000 companies with 50+ employees

What HinSchG requires you to do

Hinweisgeberschutzgesetz (HinSchG) transposes the EU Whistleblower Directive 2019/1937 into Germany national law. The core obligations for companies above the threshold (50+ employees (since 17 Dec 2023)):

In Germany, enforcement sits with Bundesamt für Justiz. Maximum fines for non-compliance reach €50,000.

Estimate your exposure under HinSchG with the fines calculator.

How Confidly covers HinSchG

What does Confidly cost in Germany?

Three plans, EUR-priced (VAT reverse-charged for EU B2B). Pick a tier by company size; everything else is included.

Frequently asked questions: HinSchG

Wie funktioniert ein Hinweisgebersystem?
A whistleblowing channel works in three steps: (1) the reporter submits a confidential report through a public-facing form, receiving a server-issued case code plus their own 6-digit secret to follow up. (2) The designated case handler triages the report inside the admin dashboard, acknowledging within 7 days as required by HinSchG. (3) Investigation, communication, and resolution are tracked in an append-only audit log that satisfies Bundesamt für Justiz inspections.
Was ist ein Hinweisgebersystem?
Ein Hinweisgebersystem (whistleblowing system) is a confidential channel through which employees, suppliers, and other persons connected to a company can report violations of EU or national law without fear of retaliation. In Germany, Hinweisgeberschutzgesetz (HinSchG) (HinSchG) makes such a channel mandatory for companies with 50+ employees (since 17 Dec 2023).
Wer braucht ein Hinweisgebersystem?
Under HinSchG, the channel must accept reports from current and former employees, applicants, suppliers, contractors, shareholders, and members of administrative or supervisory bodies. Any person who acquired the information in a work-related context is protected. Confidly's reporter UI requires no email, no IP capture, and no account, so anyone in scope can submit.
Was passiert nach einer Hinweisgebermeldung?
After receipt, the designated internal reporting office in Germany reviews the report for plausibility and credibility within 7 days, then opens an investigation if warranted. The reporter receives substantive feedback within 3 months of acknowledgement. Confidly's dashboard runs both SLA timers automatically and logs every action to an append-only audit trail for Bundesamt für Justiz.
Was ist ein Hinweisgeber?
Ein Hinweisgeber (englisch: whistleblower) ist eine natürliche Person, die im beruflichen Kontext erlangte Informationen über Rechtsverstöße (etwa Korruption, Betrug, Verstöße gegen Datenschutz-, Geldwäsche- oder Produktsicherheitsvorschriften) über eine interne oder externe Meldestelle weitergibt. Geschützt sind Beschäftigte, ehemalige Mitarbeitende, Bewerber:innen, Lieferanten, Auftragnehmer:innen und Anteilseigner:innen. In Germany schützt Hinweisgeberschutzgesetz (HinSchG) (HinSchG) Hinweisgeber:innen ausdrücklich vor jeglichen Repressalien wie Kündigung, Versetzung oder Mobbing.
Is a whistleblowing channel mandatory in Germany?
Yes. Hinweisgeberschutzgesetz (HinSchG) (HinSchG), the Germany transposition of EU Directive 2019/1937, requires companies with 50+ employees (since 17 Dec 2023) to operate a confidential internal whistleblowing channel. The law has been in force since 2 July 2023.
What are the fines for non-compliance with HinSchG?
Maximum administrative fines under HinSchG reach €50,000. Enforcement is carried out by Bundesamt für Justiz. Fines apply both for failing to establish a channel and for retaliation against reporters.
Does HinSchG require anonymous reporting?
HinSchG permits anonymous reporting where Germany national law allows. Confidly's reporter UI issues a server-side case code and reporter-only secret (no email, IP address, or browser identifier is stored), so reporters can submit and follow up entirely anonymously.

Starter

Legally compliant on day one. For up to 100 employees.

39 /mo
Billed annually (€468/yr)
  • 1 channel, up to 100 employees
  • Country-specific intake (HinSchG, Loi Sapin II, D.lgs 24, Ley 2, Wbk)
  • Audio and video attachments (oral statements upload alongside documents)
  • Auto reporter status updates at 7 days and 3 months (Directive Art. 9)
  • AI summary + severity hint, anonymous two-way chat
  • EU data hosting, GDPR DPA, metadata-stripped uploads
Start free trial
Most popular

Pro

Investigations, not just intake. For 100 to 500 employees.

124 /mo
Billed annually (€1488/yr)
  • Everything in Starter
  • Up to 500 employees, AI in 25+ languages, SSO (SAML / Google / M365)
  • AI case clustering: surfaces when multiple anonymous reports describe the same pattern
  • Custom investigation playbooks + auto-escalation rules + conflict-of-interest detector
  • Native HRIS sync (Personio, BambooHR) + Slack and Teams alerts
  • WhatsApp + SMS intake, auto-generated annual compliance report (country-tailored PDF)
Start free trial

Enterprise

Group structures, sovereign data, your brand.

332 /mo
Billed annually (€3984/yr)
  • Everything in Pro
  • Up to 5 channels, 2,000 employees, per-channel EU residency (DE→DE, FR→FR) + custom retention
  • White-label intake on your domain (speakup.acme.com) with custom DPA and branding
  • Multi-entity console for holdings: isolated audit trails per subsidiary
  • External ombudsperson seats: time-boxed lawyer or auditor access per case
  • SCIM, REST API, webhooks, BYOK encryption, dedicated CS, 99.9% SLA
Start free trial

Coverage

Compliant across the whole EU.

Every EU member state has transposed Directive 2019/1937. Pick yours to read the local law.

IS Iceland - read the local law NO Norway - read the local law SE Sweden - read the local law FI Finland - read the local law EE Estonia - read the local law LV Latvia - read the local law LT Lithuania - read the local law DK Denmark - read the local law IE Ireland - read the local law UK United Kingdom - read the local law NL Netherlands - read the local law BE Belgium - read the local law LU Luxembourg - read the local law FR France - read the local law DE Germany - read the local law PL Poland - read the local law CZ Czech Republic - read the local law SK Slovakia - read the local law AT Austria - read the local law HU Hungary - read the local law SI Slovenia - read the local law HR Croatia - read the local law PT Portugal - read the local law ES Spain - read the local law IT Italy - read the local law MT Malta - read the local law RO Romania - read the local law BG Bulgaria - read the local law GR Greece - read the local law CY Cyprus - read the local law
Nordics & Baltics British Isles Western Europe Central Southern South-East Non-EU You are here

Other EU countries

Compliance guides for the other 26 EU + EEA member states:

Get HinSchG-compliant in 15 minutes

14-day free trial. EU-hosted. No credit card. Cancel anytime.

Start free trial See pricing

Multi-entity? Talk to us →