Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law
Directive (EU) 2019/1937 establishes minimum standards for protecting individuals who report breaches of Union law. It applies to areas including public procurement, financial services, product safety, environmental protection, public health, consumer and data protection, corporate tax, and more. Member States must ensure safe and effective reporting channels and protection against retaliation.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (4)
Chapter II — Internal Reporting
Requirements for internal reporting channels within organisations
| Code | Title |
|---|---|
| WPD-INT-01 | Internal Reporting Channel Obligation |
| WPD-INT-02 | Channel Design Requirements |
| WPD-INT-03 | Acknowledgement and Follow-up |
| WPD-INT-04 | Confidentiality of Identity |
| WPD-INT-05 | Record-Keeping |
Chapter III — External Reporting
Requirements for external reporting channels operated by competent authorities
| Code | Title |
|---|---|
| WPD-EXT-01 | External Reporting Channel Establishment |
| WPD-EXT-02 | External Channel Procedures |
| WPD-EXT-03 | Information Published by Authorities |
Chapter IV — Public Disclosure
Conditions under which public disclosure is protected
| Code | Title |
|---|---|
| WPD-PUB-01 | Conditions for Protected Public Disclosure |
| WPD-PUB-02 | Media Protection |
Chapter V-VI — Protection Measures and Penalties
Whistleblower protection measures and penalty provisions
| Code | Title |
|---|---|
| WPD-PEN-01 | Penalties for Retaliation |
| WPD-PEN-02 | Penalties for Malicious Reporting |
| WPD-PROT-01 | Prohibition of Retaliation |
| WPD-PROT-02 | Support Measures |
| WPD-PROT-03 | Protection Against Retaliation |
| WPD-PROT-04 | Reversal of Burden of Proof |
Your Compliance Coverage
If you comply with Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law, you already cover:
SEC Cybersecurity Disclosure Rules
13%
2 controls mapped
Compare →EU Digital Services Act
13%
2 controls mapped
Compare →Singapore Payment Services Act (PSA) — Digital Payment Token Regulation
13%
2 controls mapped
Compare →+ 73 more: UAE Virtual Asset Regulatory Authority (VARA) Regulations (13%), UK Online Safety Act 2023 (13%)
See all 76 mapped frameworks ↓Maps to 76 other frameworks
Frequently Asked Questions
What is Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law?
Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law is a compliance framework from European Union with 4 domains and 16 controls. Directive (EU) 2019/1937 establishes minimum standards for protecting individuals who report breaches of Union law. It applies to areas including public procurement, financial services, product safety, environmental protection, public health, consumer and data protection, corporate tax, and more. Member States must ensure safe and effective reporting channels and protection against retaliation. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law have?
Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law has 16 controls organised across 4 domains. The largest domains are Chapter V-VI — Protection Measures and Penalties (6 controls), Chapter II — Internal Reporting (5 controls), Chapter III — External Reporting (3 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law map to?
Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law maps to 76 other compliance frameworks. The top mapping partners are SEC Cybersecurity Disclosure Rules (13% coverage), EU Digital Services Act (13% coverage), Singapore Payment Services Act (PSA) — Digital Payment Token Regulation (13% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law compliance?
Start your Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 16 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 693 frameworks.
Get Started Free →Free forever — no credit card required