We implement the internal information system your organization needs to comply with European and Spanish regulations, protecting whistleblowers and informants.
Current legal framework: Law 2/2023, of February 20, published in the BOE, transposes Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019 — known as the Whistleblowing Directive — and establishes the obligation for certain organizations to have a Whistleblowing Channel.
→ Download the complete LegalMit Dossier
A Whistleblowing Channel —also known as a WhistleBlower Channel or internal information system— is a communication channel used both internally and externally by organizations to report unusual or criminal behavior detected within the organization itself or by third parties related to it.
In this regard, it is a tool that allows for confidential reporting, through a simple form, of activities or conduct that may involve a violation of the Code of Conduct or the commission of a criminal offense. Furthermore, it facilitates the early detection of risks and strengthens the culture of compliance within the company.
Generally, this system is managed through a Compliance Officer or a Compliance Committee. This ensures that only these figures know the identity of the whistleblower and the details of the reported incident, allowing for a private investigation in the initial phase. Likewise, the informant is protected against possible retaliation.
The regulations establish that legal entities with 50 or more employees, as well as those operating in certain areas, must have an internal Whistleblowing Channel. The organizations currently obliged are:
Companies with 50 or more employeesDirect obligation due to workforce size
Administrations and public sectorAll public sector entities, without exception
Financial sectorCompanies of any size operating in this area
Turnover ≥ €10MRegardless of the number of employees
Parties, unions, and foundationsPolitical parties, trade unions, employers' associations, and foundations
Unsure if it applies to you?Consult us without obligation →
Three clear, secure phases compliant with Law 2/2023.
The whistleblower accesses the channel —identified or anonymously— and completes a confidential form describing the irregular conduct detected.
The Compliance Officer receives the report, acknowledges receipt within 7 days, and conducts a private investigation. Only they know the informant's identity.
Within a maximum period of 3 months, the whistleblower is informed of the actions taken. If applicable, it is escalated to the competent authorities.
It's not just a form. It's a complete compliance system, managed and adapted to your organization.
Secure and encrypted platform for receiving, managing, and tracking all reports.
Restricted access only to the Compliance Officer. Full compliance with GDPR and LOPDGDD.
We draft the internal regulations and the report management procedure adapted to your organization.
Independent figure who manages reports impartially, avoiding internal conflicts of interest.
Awareness sessions so your team knows the channel, how to use it, and what protections it offers.
Periodic reporting on the status of reports and evidence of compliance for inspections or audits.
If you want to change the world, change yourself.— Mahatma Gandhi
Law 2/2023 contemplates significant financial penalties for obligated organizations that do not have an internal whistleblowing channel. Fines can be very substantial, in addition to the associated reputational damage.
Yes. The law allows and the channel must accept anonymous reports. However, the law also protects whistleblowers who identify themselves, explicitly prohibiting retaliation against them.
Any person who has or has had a labor or professional relationship with the organization: current and former employees, collaborators, suppliers, contractors, shareholders, and members of governing bodies.
With LegalMit, the channel can be fully operational in a very short time. We handle the technical configuration, the drafting of the internal policy, and communication to employees.
Infringements of European Union law, violations of the internal Code of Conduct, criminal offenses (corruption, fraud, money laundering…), labor, tax, environmental, and data protection infringements, among others.
Comply with Law 2/2023 and protect your organization. Our team advises you without obligation.