World Whistleblowers Day



World Whistleblowers Awareness Day is today, the 23rd June 2022, and it is a day dedicated to raising awareness on combating fraud, corruption and any other illegal activity and celebrating the individuals who have spoken up against it.

The act of ‘whistleblowing’ occurs when an employee, in the public or private sector, reports or discloses information which concerns immoral and/or illegal practices, (also referred to as ‘blowing the whistle’). The EU Whistleblower Protection Directive (EU) 2019/1937 (the ‘’Directive’’) aims to build an environment which protects and thereby encourages whistleblowers throughout the EU. Cyprus has recently transposed the Directive in its national law through the Protection of Persons Reporting Breaches of Union and National Law of 2022 (N.6(I)/2022) (the ‘’Law’’).


a)       Persons working in the private or public sector who acquired information on breaches in a work-related context are protected if they:

  • have the status of a ‘’worker’’, including civil servants;
  • have the ‘’self-employed’’ status;
  • are shareholders;
  • belong to the administrative, management or supervisory body of an undertaking, including non-executive members, as well as volunteers and paid or unpaid trainees;
  • are working under the supervision and direction of contractors, subcontractors and suppliers.

b)      persons are protected if they report or publicly disclose information on breaches acquired in a work-based relationship which has since ended.

c)       persons are protected if their work-based relationship is yet to begin in cases where information on breaches has been acquired during the recruitment process or other pre-contractual negotiations.

Where relevant, the following persons also enjoy the protection afforded under the law:

d)      facilitators

e)      third persons who are connected with the reporting persons and who could suffer retaliation in a work-related context, such as colleagues or relatives of the reporting persons; and

f)        legal entities that the reporting persons own, work for or are otherwise connected with in a work-related context.

The above persons qualify for protection provided that:

  1. they had reasonable grounds to believe that the information on breaches reported was true at the time of reporting and that such information fell within the scope the Law as set out below, and
  2. they reported either internally, externally, or made a public disclosure in accordance with the relevant sections of the Law in each case.


Breaches can be reported if they:

a)       fall within the scope of the Union acts set out in the Annex that concern the following areas:

  • public procurement;
  • financial services, products and markets, and prevention of money laundering and terrorist financing;
  • product safety and compliance;
  • transport safety;
  • protection of the environment;
  • radiation protection and nuclear safety;
  • food and feed safety, animal health and welfare;
  • public health;
  • consumer protection;
  • protection of privacy and personal data, and security of network and information systems;

b)      affect the financial interests of the Union as referred to in Article 325 TFEU (such as Fraud and other illegal activities) and as further specified in relevant Union measures;

c)       relate to the EU internal market, including breaches of Union competition and State aid rules, as well as breaches in relation to acts which breach the rules of corporate tax or to arrangements the purpose of which is to obtain a tax advantage that defeats the object or purpose of the applicable corporate tax law.


Legal entities in the private sector with 50 or more employees and all legal entities of the public sector must establish channels and procedures for internal reporting and for follow-up, following consultation and in agreement with the social partners where this is required by national law.


The identity of the whistle-blower and any other information from which his identity may be inferred, either directly or indirectly, shall not be disclosed to anyone, without the express consent of that person, other than with authorised staff members who are sanctioned to receive or monitor the reports.

By way of derogation of the above, the identity may be disclosed only where this is a necessary and proportionate obligation imposed by the Union or national law in the context of investigations by national authorities or judicial proceedings, including with a view to safeguarding the rights of defence of the person concerned.

Any processing of personal data carried out pursuant to the Law is subject to, amongst other legislation, the General Data Protection Regulation.

The content of this press release is valid as at the date of its first publication. It is intended to provide a general guide to the subject matter and does not constitute legal advice. We recommend that you seek professional advice on your specific matter before acting on any information provided. For further information or advice, please contact Christina Tifa at 0035725363685 or via email at christina.tifa@kyprianou.com