The Polish Whistleblower Protection Act, adopted on June 14, 2024, and entering into force on September 25, 2025, aims to safeguard individuals who report legal violations encountered in a professional context. Implementing the EU Directive 2019/1937, the law establishes a framework for secure and confidential reporting channels, protects whistleblowers from retaliation, and outlines the responsibilities of employers and public authorities. It marks a significant step toward strengthening transparency, accountability, and the rule of law in Poland.
Who is considered a whistleblower under the new law?
A whistleblower is an individual who reports or publicly discloses information about a breach of the law obtained in a work-related context (including prior to the employment relationship) and has a legitimate basis for doing so. The catalogue of persons covered by protection is wide. The protection is available among others to both employees and former employees, as well as to individuals providing work on various bases, such as civil law contracts, B2B, volunteering, internships or apprenticeships as well as shareholders or partners of the company and members of the company's governing bodies.
What types of violations can be reported?
The Act covers a wide range of breaches, including Violations of EU and national law in areas such as public procurement, financial services, product safety, environmental protection, public health, consumer rights, and data protection. However:
1) the Act excludes reports concerning classified information, professional secrecy (e.g. medical or legal), judicial deliberations, and certain national security matters.
2) the regulation does not cover reports of labour law breaches (e.g. bullying, underpayment, parental discrimination or failure to comply with health and safety at work) and whistleblowers in this area are not protected under the Act.
What obligations does the Act impose on employers?
Entities employing at least 50 individuals (including those under civil-law contracts) are required to:
1) Establish internal procedures for reporting breaches of law;
2) Ensure confidentiality and protection against retaliation;
3) Provide accessible reporting channels;
4) Inform employees about their rights and the procedures in place.
Entities operating in sensitive sectors (e.g. financial services, transport safety, environmental protection) must comply regardless of headcount.
How are whistleblowers protected?
The legislator assumes that the whistleblower is potentially at risk of retaliation, in particular by the employer or persons acting on behalf of the employer. Retaliation is any direct or indirect action or omission in a work-related context that is taken in response to a whistleblower's report or public disclosure. Such actions violate the whistleblower's rights or cause harm to the whistleblower.
Protection to the whistleblowers is granted from the moment a report is submitted or a public disclosure is made, provided the whistleblower had reasonable grounds to believe the information was true and concerned a legal violation. Protective measures include:
1) Prohibition of retaliation (e.g. dismissal, demotion, harassment);
2) Prohibition of disciplinary measures for reporting or public disclosure unless the report was unjustified;
3) Access to legal remedies and compensation;
4) Confidentiality of identity and report content.
Summary
The Act provides whistleblowers with protection against retaliation and promotes the safe reporting of breaches of the law. Regular monitoring of the number of employees, the development and implementation of internal reporting procedures (if needed), and the protection of personal data are key obligations that must be met. Employers must also adapt their procedures to the new legislation to ensure compliance with the Whistleblower Protection Act.
For further information on this topic please contact Paweł Sikora at KKG Legal by telephone (+48 22 206 83 00) or email (pawel.sikora@kkg.pl).