Confidly
Start free trial

🇮🇪 Ireland compliance

Whistleblower software for Ireland

In Ireland, Protected Disclosures (Amendment) Act 2022 transposes EU Directive 2019/1937 and requires companies with 50+ employees to operate a confidential internal whistleblowing channel. Reports must be acknowledged within 7 days and answered substantively within 3 months. Administrative fines for non-compliance can reach €250,000.

Confidly is a GDPR-compliant whistleblowing channel built for companies in Ireland (Ireland) operating under Protected Disclosures (Amendment) Act 2022 (PDAA 2022). The intake form is auto-configured with the categories and disclosures PDAA 2022 requires. Reporters can attach audio or video oral statements to a web submission; a native phone-hotline or voicemail channel is on roadmap. The mandatory 7-day acknowledgement and 3-month feedback updates are automated. Set up in 15 minutes. Hosted in the EU. Used by compliance teams from 50 to 5,000 employees.

Law Protected Disclosures (Amendment) Act 2022
In force since 1 January 2023
Who must comply 50+ employees
Enforcement Office of the Protected Disclosures Commissioner
Max fine €250,000
Companies affected ~8,000 companies with 50+ employees

What PDAA 2022 requires you to do

Protected Disclosures (Amendment) Act 2022 transposes the EU Whistleblower Directive 2019/1937 into Ireland national law. The core obligations for companies above the threshold (50+ employees):

In Ireland, enforcement sits with Office of the Protected Disclosures Commissioner. Maximum fines for non-compliance reach €250,000.

Estimate your exposure under PDAA 2022 with the fines calculator.

How Confidly covers PDAA 2022

What does Confidly cost in Ireland?

Three plans, EUR-priced (VAT reverse-charged for EU B2B). Pick a tier by company size; everything else is included.

Frequently asked questions: PDAA 2022

What is reportable under a whistleblowing policy?
Under PDAA 2022, a whistleblowing channel covers breaches acquired in a work-related context: corruption and fraud, breaches of EU law (public procurement, financial services, product and transport safety, environmental protection, food safety, public health, consumer protection, data protection), and serious risks to health, safety, or the public interest. Personal workplace grievances fall outside the channel and belong in a grievance procedure. Confidly's intake form lets reporters categorise the breach so the case handler can triage it.
What should a whistleblowing policy include?
A compliant whistleblowing policy under PDAA 2022 should set out who can report, the breaches covered, how to reach the internal channel, the external authority alternative (Office of the Protected Disclosures Commissioner), the 7-day acknowledgement and 3-month feedback commitments, the named case handler, confidentiality and data-protection terms, and the prohibition of retaliation. Our whistleblowing policy guide covers the full ten-element checklist.
What is not covered under whistleblowing?
Personal grievances (individual disputes about your own pay, conditions, or treatment) are generally not covered by PDAA 2022 unless the matter is also in the public interest. Those belong in your employer's grievance procedure. The channel is for breaches of EU or national law acquired in a work-related context, not interpersonal conflict on its own.
What are common whistleblower policy mistakes?
The most common whistleblowing policy mistakes: a policy that exists but was never communicated to staff, a named case handler who has since left, a policy that contradicts the live channel (promising anonymity while the form demands an email), hedged retaliation wording instead of the statutory prohibition, and failing to name the external authority (Office of the Protected Disclosures Commissioner). Confidly keeps the policy and the channel consistent so these gaps do not open up.
Is a whistleblowing channel mandatory in Ireland?
Yes. Protected Disclosures (Amendment) Act 2022 (PDAA 2022), the Ireland transposition of EU Directive 2019/1937, requires companies with 50+ employees to operate a confidential internal whistleblowing channel. The law has been in force since 1 January 2023.
What are the fines for non-compliance with PDAA 2022?
Maximum administrative fines under PDAA 2022 reach €250,000. Enforcement is carried out by Office of the Protected Disclosures Commissioner. Fines apply both for failing to establish a channel and for retaliation against reporters.
Does PDAA 2022 require anonymous reporting?
PDAA 2022 permits anonymous reporting where Ireland national law allows. Confidly's reporter UI issues a server-side case code and reporter-only secret (no email, IP address, or browser identifier is stored), so reporters can submit and follow up entirely anonymously.
What are the timelines under PDAA 2022?
Companies must acknowledge a report within 7 days of receipt and provide substantive feedback to the reporter within 3 months. Confidly's dashboard tracks both SLAs with automatic reminders.

Starter

Legally compliant on day one. For up to 100 employees.

€ 39 /mo
Billed annually (€468/yr)
  • 1 channel, up to 100 employees
  • Country-specific intake (HinSchG, Loi Sapin II, D.lgs 24, Ley 2, Wbk)
  • Audio and video attachments (oral statements upload alongside documents)
  • Auto reporter status updates at 7 days and 3 months (Directive Art. 9)
  • AI summary + severity hint, anonymous two-way chat
  • EU data hosting, GDPR DPA, metadata-stripped uploads
Start free trial
Most popular

Pro

Investigations, not just intake. For 100 to 500 employees.

€ 124 /mo
Billed annually (€1488/yr)
  • Everything in Starter
  • Up to 500 employees, AI in 25+ languages, SSO (SAML / Google / M365)
  • AI case clustering: surfaces when multiple anonymous reports describe the same pattern
  • Custom investigation playbooks + auto-escalation rules + conflict-of-interest detector
  • Native HRIS sync (Personio, BambooHR) + Slack and Teams alerts
  • WhatsApp + SMS intake, auto-generated annual compliance report (country-tailored PDF)
Start free trial

Enterprise

Group structures, sovereign data, your brand.

€ 332 /mo
Billed annually (€3984/yr)
  • Everything in Pro
  • Up to 5 channels, 2,000 employees, per-channel EU residency (DE→DE, FR→FR) + custom retention
  • White-label intake on your domain (speakup.acme.com) with custom DPA and branding
  • Multi-entity console for holdings: isolated audit trails per subsidiary
  • External ombudsperson seats: time-boxed lawyer or auditor access per case
  • SCIM, REST API, webhooks, BYOK encryption, dedicated CS, 99.9% SLA
Start free trial

Coverage

Compliant across the whole EU.

Every EU member state has transposed Directive 2019/1937. Pick yours to read the local law.

IS Iceland - read the local law NO Norway - read the local law SE Sweden - read the local law FI Finland - read the local law EE Estonia - read the local law LV Latvia - read the local law LT Lithuania - read the local law DK Denmark - read the local law IE Ireland - read the local law UK United Kingdom - read the local law NL Netherlands - read the local law BE Belgium - read the local law LU Luxembourg - read the local law FR France - read the local law DE Germany - read the local law PL Poland - read the local law CZ Czech Republic - read the local law SK Slovakia - read the local law AT Austria - read the local law HU Hungary - read the local law SI Slovenia - read the local law HR Croatia - read the local law PT Portugal - read the local law ES Spain - read the local law IT Italy - read the local law MT Malta - read the local law RO Romania - read the local law BG Bulgaria - read the local law GR Greece - read the local law CY Cyprus - read the local law
Nordics & Baltics British Isles Western Europe Central Southern South-East Non-EU You are here

Other EU countries

Compliance guides for the other 26 EU + EEA member states:

Get PDAA 2022-compliant in 15 minutes

14-day free trial. EU-hosted. No credit card. Cancel anytime.

Start free trial See pricing

Multi-entity? Talk to us →