A female lawyer stands in a bright, classically furnished room that reflects the charm of a courtroom or a time-honoured law firm

Whistleblower Protection Act: what may be reported by whistleblowers?

The Whistleblower Protection Act (HinSchG) is a significant instrument that ensures the protection of whistleblowers in Germany. It serves to implement the EU Whistleblower Directive and aims to uncover and combat violations of the law by protecting those who report such violations from disadvantages, reprisals or discrimination. But what exactly are the violations covered by this law? In this article, we shed light on the scope of the Whistleblower Protection Act.

Material scope of application - reporting and disclosure of information on violations

Whistleblowers have the possibility under the HinSchG to report various types of infringements. Violations within the meaning of the Act are unlawful acts and omissions in the course of a professional, entrepreneurial or official activity. Information about violations and thus reportable are "reasonable suspicions or knowledge about actual or possible violations" (§3 para. 3 HinSchG). The decisive point is that information about private misconduct without a professional, corporate or official connection is not recorded, even if it was obtained in a professional context. The law only applies to information about violations if they are related to the whistleblower's employer or another entity with which the whistleblower has had professional contact and they have already been committed or are very likely to be committed, as well as to attempts to conceal such violations (section 3(3) HinSchG). This applies to both internal and external reports. Only if a report falls within the material scope of application of the HinSchG do the protective effects of the law also apply to the reporting person. The material scope of application is governed by section 2 of the Whistleblower Protection Act, which specifies an exhaustive list.

Scope of the Whistleblower Protection Act

Violations subject to penalties*: Initially, all violations of any criminal norm of national law, including punishable forms of corruption, fraud and increasingly also environmental crime, become reportable.

Infractions punishable by fines: Violations that are punishable by fines comprise two sides. On the one hand, if the violated standard serves to protect the life, limb or health of employees. The category of violations subject to fines accordingly includes violations of requirements in areas such as occupational health and safety, health protection or violations of provisions from the Employee Leasing Act or the Minimum Wage Act, whereby obligations under occupational health and safety law to notify, permit, inspect, appoint, instruct, document and report are also covered. Thus, this category also covers fine provisions that serve to protect the rights of employees or their representative bodies, such as violations of information and disclosure obligations vis-à-vis works constitution bodies such as works councils.

Other breaches of legal provisions: In addition, all breaches of federal and state legislation taken to implement certain European regulations as well as breaches of directly applicable legal acts of the EU and the European Atomic Energy Community are included.

a)to combat money laundering and terrorist financing, see also
b)with specifications on product safety and conformity: These are standards that regulate the manufacture and sale of safe products.
c-g)Regulations on transport safety (road, sea, air): This concerns comprehensive regulations in the areas of road, sea and air transport and specifications for ensuring railway operational safety as well as ensuring safety in road tunnels and the licensing of transport companies as well as specifications for the safe transport of dangerous goods by road, rail and inland waterway (§2 para. 3 c-g HinSchG).
h)with requirements for environmental protection: This includes requirements for environmental protection, which cover both national and European objectives for the preservation and maintenance of the environment.
i)with requirements on radiation protection and nuclear safety: This includes provisions aimed at protecting persons from radiation exposure and ensuring safety in nuclear installations, complemented by radiation protection, and the application of effective and efficient safeguards on nuclear material in third countries
j)to promote the use of energy from renewable sources and energy efficiency: These include provisions to increase the share of renewable energy, diversify the EU's energy sources, promote research into low-carbon and clean energy technologies, energy security and to improve energy efficiency.
k)on food and feed safety: In addition to "regulations on organic production and labelling of organic products", this concerns, among other things, regulations on the "placing on the market and use of plant protection products" as well as on animal health and welfare: this includes specifications on the protection of animals in agricultural and scientific contexts, according to the HinSchG "insofar as they concern the protection of farm animals, the protection of animals at the time of killing, the keeping of wild animals in zoos, the protection of animals used for scientific purposes, and the transport of animals and related operations." (§2 para. 3k HinSchG) For the implementation of EU food and feed law, see also Link1 and Link2
l)on quality and safety standards for organs and substances of human origin, medicinal products for human and veterinary use, medical devices and cross-border patient care. The responsibility for the development of health policy and for the organisation and delivery of health services and medical care lies with the Member States. In this area, the EU has a complementary role.
m)for the manufacture, presentation and sale of tobacco products and related products,
n)*to regulate consumer rights and consumer protection: This includes, in addition to regulations on consumer protection in connection with contracts between traders and consumers, the protection of consumers in the field of payment accounts and financial services, price indications and against unfair commercial practices
o)*on privacy protection in electronic communications, the protection of confidentiality of communications and the protection of personal data in the electronic communications sector. This includes, for example, protection against unreasonable harassment by advertising by means of telephone calls, automatic calling machines, fax machines or electronic mail (section 2(3o) HinSchG).
p)for the protection of personal data and for the protection of natural persons with regard to the processing of personal data, for the free movement of data,
q)on security in information technology,
r)regulating the rights of shareholders in public limited liability companies,
s)on the statutory audit of public interest entities,
t)*for accounting, including bookkeeping, of companies which are capital market-oriented [...] and, under certain circumstances, of credit institutions, financial services institutions, securities institutions, insurance companies and pension funds cf. section 2 para. 3t HinSchG

A whistleblower in an underexposed room carrying documents

In addition, the law covers offences in connection with:

Public contracts and concessions: Violations of federal and uniform regulations applicable to contracting entities on the procedure for awarding public contracts and concessions

Violations of section 4d (1) sentence 1 of the Financial Services Supervision Act,

fiscal legal norms for corporations and commercial partnerships: Violations of legal tax norms applicable to corporations and commercial partnerships,

Violations in the form of agreements aimed at improperly obtaining a tax advantage contrary to the objective or purpose of the tax law applicable to corporations and partnerships,

regulations in the field of competition law: Violations of the laws against restraints of competition,

offences against the duty of loyalty to the constitution (e.g. statements made by civil servants) are also included.

violations at EU level: Finally, the law also applies to breaches of the protection of the EU's financial interests, breaches of EU financial rules, and breaches of internal market rules, including EU rules on competition and state aid.

An office space in the evening light, which has a protected and unsafe appearance at the same time


The Whistleblower Protection Act provides comprehensive protection for those who report violations of a wide range of legal standards. This ranges from violations under criminal law and those subject to fines, to environmental and consumer protection, to competition and tax law. A violation within the meaning of the HinSchG also exists in the case of abusive acts or omissions of acts that contradict the intentions and objectives of the relevant regulations. This serves to take into account abusive practices that the legislator may not have foreseen but would have considered had it been aware of the potential circumvention possibilities. In principle, the person providing a whistleblower should have sufficient reason to believe at the time of the communication that the information provided is accurate and in the context of the Whistleblower Protection Act. Under Section 6 of the Whistleblower Protection Act, it is permissible to disclose a trade secret to an appropriate body if the person had sufficient reason to believe that the disclosure was necessary to expose a breach of the rules and that the reported facts of the reportable matter are true.

External Reporting System: The Federal Office of Justice is the central office for receiving tips, which are then forwarded to the relevant competent authorities. Every external report triggers a formal authority review!

Internal reporting procedures: Notices can be submitted in various forms, such as in person, by telephone or electronically. The companies with 50 or more employees that are obliged to set up an internal reporting office, but also smallest companies, should now urgently take care of the implementation of the requirements of the HinSchG and inform about the establishment of the reporting office and reporting possibilities via website or intranet.

*Processing: Incoming reports must be acknowledged within seven days. The whistleblower must be informed of the action taken within three months. The entire process should be documented and deleted after two years. To comply with deadlines and documentation requirements as well as DSGVO guidelines, it is recommended to use a whistleblower software whistleblower software, which helps you to quickly set up the reporting channel required by HinSchG with just a few clicks.

Dealing with whistleblowers: The identity of the whistleblower should be kept confidential. Whistleblower protection applies to different groups such as employees, customers and suppliers. Whistleblowers should be protected from professional reprisals.

Sanctions: Failure to implement or contravene the legal requirements of the Whistleblower Protection Act may result in a fine of up to €50,000 for violations.

Simply set up an internal reporting office with confidal: Companies can directly set up a reporting office with konfidal's software to comply with the legal requirements of the Whistleblower Protection Act. The konfidal offer: Uncomplicated, at fixed prices and DSGVO-compliant.


Determining whether the scope of the Whistleblower Protection Act is open can be complicated due to the extensive provisions outlined above. In case of uncertainty, the reported facts should be subjected to a foundation check, which we will gladly take over for you, and treated as falling under the scope of the law, also in order to comply with documentation and action obligations such as the receipt of reports. All topics related to the Whistleblower Protection Act can be found at our blog.