An Employer’s Guide to Implementing EU-Compliant Whistleblowing Hotlines


Under the Sarbanes-Oxley Act, companies listed on U.S. stock exchanges are required to establish a system, often called a “whistleblowing hotline,” for employees to internally report concerns over questionable auditing or accounting matters. However, some European Union jurisdictions previously concluded that the EU privacy regime prohibited such hotlines. Over past few years, the EU and its Member States have articulated a framework for how to lawfully implement such a hotline throughout most of the European continent. This newsletter outlines a checklist of basic principles that multinational public company employers can follow to stay within this framework and mitigate the risk of an enforcement action on both sides of the pond.


The corporate compliance, or “whistleblowing,” hotlines required to fulfill obligations under the Sarbanes-Oxley Act of 2002 (SOX) do not sit easily within the framework of European Union data privacy laws. Regulatory decisions in France cast doubt on the legality of whistleblowing hotlines within the EU, and companies listed on U.S. stock exchanges appear to face a difficult choice between two seemingly contradictory regulatory regimes. This newsletter explains the current compromises enabling companies to satisfy requirements on both sides of the pond, and to meet their obligations under the law.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.