Glossary
Internal Reporting Channel
A confidential mechanism inside an organisation through which employees and other workers can report breaches. EU Directive 2019/1937 Article 8 requires every legal entity with 50 or more employees to operate one, accept reports in writing, orally, or through a physical meeting, acknowledge within 7 days, and provide substantive feedback within 3 months.
Full definition
Article 8 of EU Directive 2019/1937 requires every legal entity with 50+ employees to establish and operate an internal reporting channel that is (a) confidential, (b) accessible to all persons in the protected scope, (c) operated by a designated person or department independent of the persons it might be reporting on, and (d) capable of receiving reports in writing, orally, or through a physical meeting if requested. The channel must acknowledge receipt within 7 days and provide substantive feedback within 3 months.
Related terms
- External Reporting Channel A reporting route operated by a national competent authority, available as an alternative to internal channels. EU Directive 2019/1937 Article 11 requires each member state to designate authorities that receive reports directly, bypassing the employer. Reports made externally carry the same protection from retaliation as internal reports. Examples include Germany's Bundesamt für Justiz and France's Défenseur des droits.
- Designated Person The individual or department formally responsible for handling whistleblower reports inside an organisation. EU Directive 2019/1937 Article 8(5) requires the designated person to be impartial and trained. The role can be the compliance officer, DPO, an external ombudsperson, or a dedicated investigator, and may be outsourced, though legal responsibility stays with the organisation.
- Protected Disclosure A protected disclosure is a report of an EU or national law breach that triggers automatic protection from retaliation under EU Directive 2019/1937 Articles 5 to 15. The reporter must have had reasonable grounds to believe the information was true at the time of reporting. False or malicious reports are not protected.