How-to guide: Understanding the role of effective whistleblowing in fostering an ethical and open workplace culture

Updated as of: 02 December 2025 Recently updated

Introduction

This How-to guide will assist in-house lawyers, private practice lawyers and compliance professionals to support effective whistleblowing and to understand the role of whistleblowing procedures in fostering an ethical and open workplace culture. It includes an overview of whistleblower protections in the UK, the EU and the USA and some key issues for organisations to consider when establishing effective whistleblowing policies.

This guide covers the following:

  1. Understanding whistleblowing and why it is important
  2. The connection between effective whistleblowing and a workplace culture which supports open communication and ethical conduct
  3. An overview of whistleblowing legislation in the UK, EU and USA
  4. Scope of whistleblowing policies
  5. Applicability of whistleblowing policies
  6. Practical tips

It can be read in conjunction with How-to guides: How to develop a whistleblower policy and reporting program (USA) and Understanding the legal protections for whistleblowers (UK).

Section 1 – Understanding whistleblowing and why it is important

Whistleblowing is the term used to describe a scenario when a worker passes on information concerning certain types of wrongdoing. A whistleblowing policy is a written set of guidelines accompanied by a formal procedure to encourage and facilitate the reporting of wrongdoing within an organisation.

Whistleblowers have significant legal protections in many jurisdictions (see section 3 below), and failure by an organisation to properly deal with whistleblowers can result in legal claims.

As well as the legal implications, having an effective whistleblowing policy that is properly implemented has wider benefits for an organisation, and can be crucial to promoting and maintaining ethical behaviour. In a study by professors Stephen Stubben and Kyle Welch, Evidence on the Use and Efficacy of Internal Whistleblowing Systems, it was found that companies with whistleblowing systems earned greater returns on assets than firms with absent or undeveloped ones.

The environmental, social and governance (ESG) movement has resulted in growing pressure on organisations to take responsibility for the impact of their business and supply chain on the environment, workers and society in general. It is increasingly important to investors, who assess organisations’ ESG performance when deciding whether to invest or divest. Encouraging whistleblowers to raise their concerns is one way in which organisations can identify where they might be falling short on their ESG responsibilities and take early corrective action.

The benefits of an effective whistleblowing policy include:

  • fostering a culture of transparency and accountability;
  • ensuring compliance with applicable legal requirements;
  • enabling workers to raise concerns without fear of retaliation;
  • identifying and mitigating risks, as whistleblowers can provide early warning signs about issues before they escalate, including risks and opportunities associated with an ESG agenda;
  • enhancing reputation and building stakeholder trust; and
  • facilitating corrective action.

Section 2 – The connection between effective whistleblowing and a workplace culture that supports open communication and ethical conduct

The effectiveness of a whistleblowing policy relies on a supportive and non-retaliatory workplace culture. It is important that whistleblowers are confident that they will be protected when raising concerns, that their concerns will be taken seriously, and that they will not face retaliation by the organisation or their colleagues as a result of raising a concern. Encouraging workers to raise their concerns and resolving issues can improve employee relations and worker satisfaction, thereby leading to a more positive working culture and improved worker retention rates.

2.1 Promoting a whistleblower-friendly culture

The key steps an organisation should take to promote a whistleblower-friendly culture include:

  • having a robust and effective written whistleblowing policy (see sections 4, 5 and 6 below);
  • communicating the whistleblowing policy and any other relevant policies and procedures to its workforce;
  • regularly training its workforce on ethical behaviour, the organisation’s values or code of conduct, and the importance of reporting wrongdoing;
  • ensuring anonymity and whistleblower protection against retaliation;
  • demonstrating leadership from the top, through management actively modelling ethical behaviour, promoting the organisation’s whistleblowing mechanisms and establishing a ‘speak-up culture’;
  • regularly assessing and improving whistleblowing mechanisms and cultural attitudes towards reporting; and
  • using an appropriate third-party hotline partner for whistleblowers to contact with their concerns.

By implementing effective processes, policies and training, organisations can promote a ‘speak-up’ culture that demonstrates the organisation’s commitment to addressing any risks and preventing workplace retaliation.

2.2 Insights from ‘Dieselgate’

In 2015, the Environmental Protection Agency (EPA) found that many Volkswagen cars being sold in America had software in diesel engines that could detect when they were being tested, changing the performance to improve results. Following the EPA’s accusation, a former employee submitted a whistleblower case (see Guardian report) alleging that he was wrongfully dismissed after refusing to participate in deleting evidence. To settle the EPA allegations, Volkswagen agreed to spend up to US$14.7 billion, demonstrating the significant financial repercussions that the scandal had caused alongside the significant reputational damage (see Department of Justice press release).

Volkswagen launched an internal investigation into the fraud after being exposed, but due to the deeply ingrained ‘fear culture’ within the organisation, it took two months for employees to reveal any information to investigators (see Forbes report). Had the organisation had an effective whistleblowing mechanism in place, including an open and trusting culture, it is certain that the situation could have been handled more efficiently and it is possible that the scandal never would have occurred in the first place.

While the scandal took place almost 10 years ago, the breakdown of stakeholder trust has had a long-lasting impact within Volkswagen. In 2020, the organisation reformed its compliance culture and expanded its whistleblowing mechanism in the hope that it would help prevent another scandal and restore its reputation (see Wall Street Journal report).

2.3 Risks of getting it wrong

Failing to encourage and facilitate whistleblowing can not only impact upon an organisation’s internal culture, but it can also have significant implications for an organisation’s external reputation with consumers and brand value and can result in costly and lengthy litigation. If a whistleblower does not feel confident to raise their concerns directly with the organisation concerned, or if they do so but their concerns are ignored, the outcome may be that their concerns are only properly considered and investigated in the media or as part of litigation.

As well as the Dieselgate scandal referred to above, examples of high-profile whistleblowers in the media include Richard Roll, a former employee of Fujitsu who provided information about the Post Office Horizon scandal to BBC’s Panorama programme in 2015, and later gave evidence against the Post Office in High Court proceedings in 2019 (see BBC report, Whistleblower testifies in Post Office scandal). In 2021, whistleblower Frances Haugen resigned from her employment with Facebook, claiming that she had become exasperated with the company, and went on to leak a series of damaging internal documents to the Securities and Exchange Commission and The Wall Street Journal that became known as the ‘Facebook Files’ (see BBC report, Frances Haugen: Facebook whistleblower reveals identity).

Section 3 – An overview of whistleblowing legislation in the UK, EU and USA

Legislation governing whistleblowing varies significantly across different countries and regions but has the common aim of protecting whistleblowers who report wrongdoing by and/or within an organisation.

3.1 UK

In the UK, the Employment Rights Act 1996 (ERA) (as amended by the Public Interest Disclosure Act 1998) provides the right for a worker not to be subject to any ‘detriment’ (section 47B ERA) and for an employee not to be dismissed (section 103A ERA) on the basis that they have made a ‘protected disclosure’ (broadly meaning that they have 'blown the whistle').

For a disclosure to qualify for protection, a worker who makes a disclosure must reasonably believe that they are acting in the public interest and that the disclosure tends to show any of the following wrongdoings, listed under section 43B ERA:

  • criminal offences;
  • failure to comply with an obligation set out in law;
  • miscarriages of justice;
  • endangering someone’s health and safety;
  • damage to the environment; and/or
  • covering up wrongdoing in the above categories.

The proposed Employment Rights Bill, introduced to Parliament in October 2024, will add sexual harassment to the list of relevant wrongdoings under section 43B ERA that can form the subject-matter of a protected disclosure. As of November 2025, the Bill is in the last stage of the legislative process (consideration of amendments).

For further detailed information about whistleblower protection in the UK, see How-to guide: Understanding the legal protections for whistleblowers (UK).

3.2 The EU

In 2019, Directive (EU) 2019/1937 – the Whistleblowing Directive, came into force. The purpose of the Directive is to create a minimum level of protection for whistleblowers in all member states.

The Directive lays down common minimum standards that provide a high level of protection for persons reporting breaches of EU law and outlines the procedures for internal reporting and follow-up.

For more information on the Whistleblowing Directive, see Quick view: EU Whistleblowing Directive implementation tracker.

3.3 The USA

There are numerous federal and state laws in the United States that protect whistleblowers, including the US Department of Labor’s whistleblower protection laws, the federal False Claims Act, the Sarbanes Oxley Act (SOx) and the Dodd Frank Act. A number of whistleblower protections in the USA arose out of scandals such as the financial crisis of 2007–2008 and the Enron scandal of 2001. Many of the whistleblower provisions contained in federal law also provide for substantial rewards in the event that the whistleblower produces evidence that results in convictions, fines, or penalties against their employers.

In March 2025, the Congressional Whistleblower Protection Act 2025 was reintroduced to strengthen protections for federal employees who petition or furnish information to Congress. If enacted, it will, amongst other things, expand protection to include former employees, contractors, provide a framework for federal whistleblowers to seek corrective action if their right to share information with Congress is interfered with or denied, and give them the right to seek relief in federal court if corrective action is not taken within 180 days of filing an administrative complaint.

In addition to the federal laws, most States have whistleblower protection laws, many of which evolved from State court decisions that protected whistleblowers.

For further information about whistleblowing in the USA, see How-to guide: How to develop a whistleblower policy and reporting program (USA).

Section 4 – Scope of whistleblowing policies

In general terms, a whistleblower can be any individual or group of individuals that has access to information about wrongdoing within an organisation and chooses to report it. This includes a wide range of people within and associated with the organisation. The precise legal definition of a whistleblower varies across different jurisdictions.

The protective scope of the EU Whistleblowing Directive (at Article 4) has been cast particularly wide. It offers protection to a wide range of people working in the private and public sectors, including those who report after their work-based relationship has ended and includes:

  • employees, self-employed people, shareholders, persons belonging to the administrative, management and supervisory bodies of businesses, volunteers, trainees and job applicants;
  • persons who help whistleblowers in a confidential manner, persons connected to a whistleblower who might suffer retaliation at work, and legal entities linked to the whistleblower.

(see EU summary: Protection of persons who report breaches of EU law).

In the UK, the scope of whistleblower protection is narrower, with the protection afforded to ‘workers’ (which includes employees as well as other categories of worker, such as agency workers and casual workers).

The legal protection afforded to whistleblowers in the USA varies depending on the industry involved (eg, federal laws that apply to certain workers in the transport sector), type of conduct (eg, federal laws that apply to issues such as federal securities law and anti-money laundering) and the applicability of state laws.

Whistleblowers can be both internal and external parties. It is important that organisations ensure that their whistleblowing policy is appropriately communicated to all applicable stakeholders, for example, by publication on an intranet, supplier portal and/or external website.

Many organisations encourage whistleblowing from a wider range of parties than legally required, to foster a ‘speak-up’ culture and become aware of potential issues at an early stage. It is also common for organisations to have a whistleblowing policy aimed at those with specific legal protections (such as workers in the case of the UK), as well as a separate, streamlined mechanism for others (such as suppliers or members of the public) to raise any concerns in an appropriate, confidential manner.

As well as ensuring whistleblowing is sufficiently referenced in a policy, organisations should ensure that it is embedded into the organisation’s culture, and that sufficient training has been provided on the policy.

Section 5 – Applicability of whistleblowing policies

In addition to who can report under a whistleblowing policy, organisations must be clear on what can be reported.

Workers are protected under UK law if they report any of the following (subject to meeting the other legal tests for whistleblower protection):

  • a criminal offence, for example, fraud;
  • someone’s health and safety is in danger;
  • risk or actual damage to the environment;
  • a miscarriage of justice;
  • the organisation is breaking the law, for example, it does not have the right insurance; and
  • they believe someone is covering up wrongdoing.

The areas and topics covered by the Whistleblowing Directive include:

  • public procurement;
  • financial services, products and markets;
  • product safety and compliance;
  • transport safety;
  • protection of the environment;
  • radiation protection and nuclear safety;
  • food and feed safety, animal health and welfare;
  • public health;
  • consumer protection; and
  • protection of privacy and personal data.

There is no concise list of issues that attract whistleblower protection in the USA due to the numerous different federal and state laws that apply in different scenarios. The topics covered include:

  • violations of laws relating to discrimination, employee safety, wage and hours, consumer product and food safety, and fraud and other financial issues (US Department of Labor’s whistleblower protection laws);
  • fraud against federal programmes or contracts (False Claims Act); and
  • violations of Securities and Exchange Commission (SEC) provisions (Sarbanes Oxley Act and Dodd Frank Act).

The information above shows the broad range of issues that can be reported under whistleblowing mechanisms, supporting the premise that whistleblowing serves as a critical tool in identifying and addressing a wide range of risks within an organisation.

Section 6 – Practical tips

Some of the key roles in-house and private practice lawyers and compliance professionals can play in the development of an organisation’s whistleblowing policy include the following.

  • Drafting a whistleblowing policy including consideration of key issues outlined above, such as scope and applicability. Organisations should carefully consider who is protected under the whistleblowing policy. For example, individuals who are named in reports as potential witnesses might require protection from the organisation.
  • Ensuring the whistleblowing policy aligns with applicable laws and regulations in every relevant jurisdiction (noting that different policies may be required for each jurisdiction in which the organisation operates).
  • Consider whether to align whistleblowing procedures to international standards, such as ISO37002:2021.
  • Shaping and sustaining a positive whistleblowing culture beyond compliance, including considering whether the organisation needs an additional reporting mechanism or hotline for those who do not have legal whistleblower protection.
  • Supporting awareness-raising measures, such as regular employee training on ethical reporting, to increase internal reporting and reduce any incidents.
  • Advising on provisions to protect the confidentiality of whistleblowers. Organisations need to have plans for how personal data, including sensitive personal data, is processed, and consideration should be given to any relevant data protection laws. Organisations should consider any necessary security measures, including end-to-end encryption of reports and restricted access to investigation files.
  • Advising on the systems that need to be established to ensure effective anonymous reporting, as well as ensuring anonymous reporting is permitted in the jurisdictions the company operates in. The International Organization for Standardization’s ISO/DIS 37002 provides guidance to organisations for establishing, implementing, maintaining and improving an appropriate whistleblowing management system.
  • Providing guidance on provisions relating to non-retaliation against whistleblowers and advising on risks for the organisation in the event of retaliation. A checklist may be useful to set out the list of actions and considerations that should be triggered when a report of wrongdoing is made.
  • Ensuring periodic review of the whistleblowing policy and internal report-handling process to ensure their continued effectiveness and compliance with evolving legal and regulatory requirements.
  • Ensuring the whistleblowing policy and system provide a readily identifiable and realistic route through which harms can be remedied.

* This practical resource was produced in partnership with Ardea International.

Additional resources

GOV.UK, Whistleblowing for employees
UK Home Office, Whistleblowing and the Public Interest Disclosure Act 1998 (c.23)

Related Lexology Pro content

How-to guides:

Understanding ESG
What general counsel (GC) need to know about ESG
How to consider and navigate the consequences of ESG risks
How to understand and implement the ‘S’ in environmental, social and governance
How-to-guide: How to understand and avoid the risks of greenwashing
How to understand and implement the ‘G’ in environmental, social and governance (ESG)
How to approach and implement an ESG strategy
Understanding the legal protections for whistleblowers (UK)
How to assess suppliers for modern slavery risk (UK)
How to develop a whistleblower policy and reporting program (USA)
How to assess modern slavery risk in supply chains (USA) 

Checklists:

UK Modern Slavery Act reporting requirements: Section 54 (UK)
Modern slavery in supply chains (USA)
Conducting environmental, social and governance (ESG) due diligence in supply chains (UK)

Quick view:

EU Whistleblowing Directive implementation tracker

Other:

Global research hub - ESG

Reliance on information posted:

While we use reasonable endeavours to provide up to date and relevant materials, the materials posted on our site are not intended to amount to advice on which reliance should be placed. They may not reflect recent changes in the law and are not intended to constitute a definitive or complete statement of the law. You may use them to stay up to date with legal developments but you should not use them for transactions or legal advice and you should carry out your own research. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents.

Filed under

Topics

Organisations