🇵🇱 Poland compliance
Whistleblower software for Poland
In Polska, Ustawa o ochronie sygnalistów transposes EU Directive 2019/1937 and requires companies with 50+ employees to operate a confidential internal whistleblowing channel. Reports must be acknowledged within 7 days and answered substantively within 3 months. Administrative fines for non-compliance can reach PLN 1,000,000.
Confidly is a GDPR-compliant whistleblowing channel built for companies in Poland (Polska) operating under Ustawa o ochronie sygnalistów (Whistleblower Act 2024). The intake form is auto-configured with the categories and disclosures Whistleblower Act 2024 requires. Reporters can attach audio or video oral statements to a web submission; a native phone-hotline or voicemail channel is on roadmap. The mandatory 7-day acknowledgement and 3-month feedback updates are automated. Set up in 15 minutes. Hosted in the EU. Used by compliance teams from 50 to 5,000 employees.
| Law | Ustawa o ochronie sygnalistów |
| In force since | 25 September 2024 |
| Who must comply | 50+ employees |
| Enforcement | Państwowa Inspekcja Pracy |
| Max fine | PLN 1,000,000 |
| Companies affected | ~30,000 companies with 50+ employees |
What Whistleblower Act 2024 requires you to do
Ustawa o ochronie sygnalistów transposes the EU Whistleblower Directive 2019/1937 into Poland national law. The core obligations for companies above the threshold (50+ employees):
- Maintain a confidential internal reporting channel
- Acknowledge every report within 7 days
- Provide feedback to the reporter within 3 months
- Designate a person or unit to handle reports
- Protect the reporter from retaliation
- Keep records for the case duration + the audit window
In Poland, enforcement sits with Państwowa Inspekcja Pracy. Maximum fines for non-compliance reach PLN 1,000,000.
Estimate your exposure under Whistleblower Act 2024 with the fines calculator.
How Confidly covers Whistleblower Act 2024
- Country-specific intake template for Whistleblower Act 2024: the form is auto-configured with the categories, disclosures and fields the Poland transposition requires. No manual setup per channel.
- Anonymous intake available where Poland law permits. Reporters get a server-issued case code and their own 6-digit secret. No email, no IP, no identifier stored.
- Oral-statement attachments on every plan: reporters upload audio or video oral statements directly into the web form, with EXIF/metadata stripping. A staffed phone hotline or AI-transcribed voicemail channel is on roadmap, in support of the oral-reporting requirement that Whistleblower Act 2024 carries from EU Directive 2019/1937 Art. 16.
- Form pre-translated into PL, EN. AI translates incoming reports to your working language on the admin side.
- Auto reporter status updates at 7 days (acknowledgement) and 3 months (status), in the reporter's language. Whistleblower Act 2024 feedback obligation satisfied by default.
- AI investigation copilot (Pro): AI summarises, classifies severity, drafts neutral replies, and clusters multi-reporter patterns to surface systemic issues.
- Append-only audit log required for Państwowa Inspekcja Pracy audits. Every action recorded with actor, timestamp and metadata.
- EU data residency: all data stored in EU data centres. Per-channel residency on Enterprise (data for Poland entities stays in Poland). No third-country transfers.
- Native HRIS sync (Pro): Personio, BambooHR. Auto-revoke channel access on offboarding; flag when a named-in-report person leaves the company.
What does Confidly cost in Poland?
Three plans, EUR-priced (VAT reverse-charged for EU B2B). Pick a tier by company size; everything else is included.
Frequently asked questions: Whistleblower Act 2024
- Is a whistleblowing channel mandatory in Poland?
- Yes. Ustawa o ochronie sygnalistów (Whistleblower Act 2024), the Poland transposition of EU Directive 2019/1937, requires companies with 50+ employees to operate a confidential internal whistleblowing channel. The law has been in force since 25 September 2024.
- What are the fines for non-compliance with Whistleblower Act 2024?
- Maximum administrative fines under Whistleblower Act 2024 reach PLN 1,000,000. Enforcement is carried out by Państwowa Inspekcja Pracy. Fines apply both for failing to establish a channel and for retaliation against reporters.
- Does Whistleblower Act 2024 require anonymous reporting?
- Whistleblower Act 2024 permits anonymous reporting where Poland national law allows. Confidly's reporter UI issues a server-side case code and reporter-only secret (no email, IP address, or browser identifier is stored), so reporters can submit and follow up entirely anonymously.
- What are the timelines under Whistleblower Act 2024?
- Companies must acknowledge a report within 7 days of receipt and provide substantive feedback to the reporter within 3 months. Confidly's dashboard tracks both SLAs with automatic reminders.
- Is GDPR satisfied by Whistleblower Act 2024 compliance?
- Whistleblower Act 2024 compliance and GDPR are complementary, not equivalent. Confidly is hosted entirely in the EU, signs a GDPR-compliant Data Processing Agreement, and runs an append-only audit log that satisfies both Państwowa Inspekcja Pracy inspections and Article 30 GDPR records.
- How long does it take to deploy a whistleblowing channel for Poland?
- 15 minutes for the channel itself. Branding, PL, EN translations, and policy import take an additional 1-2 hours. Most Poland customers go live the same day they sign up.