Whistlechannel
Login
NIS 2 · GDPR · EU Directive 2019/1937

Secure, anonymous whistleblower platform for EU companies

Comply with the EU Whistleblower Protection Directive in minutes. End-to-end encrypted reporting in 24 languages, hosted entirely within the EU.

Start free trialSign in
End-to-end encrypted
GDPR compliant
24 EU languages
EU hosted

Legal requirements

Does your organization need a whistleblower channel?

Since 17 December 2021 every EU employer with 50 or more employees must operate a confidential internal reporting channel under Directive (EU) 2019/1937. Each Member State has transposed the directive into national law with its own deadlines and penalties.

Threshold
50 employees
Deadline
In force since 17 December 2021 across the EU (extended to 50–249 employees on 17 December 2023)
Sanctions
National sanctions vary — fines up to €1M and personal liability for management in several Member States.

What the directive requires

  • An internal reporting channel guaranteeing anonymity and confidentiality
  • Acknowledgement to the reporter within 7 days
  • Feedback on follow-up actions within 3 months
  • Protection against retaliation for reporters, facilitators and family
  • Documentation and case-tracking compliant with GDPR
  • An external reporting route to the competent national authority
EU Whistleblower Protection Directive 2019/1937

How it works

Three steps from report to resolution — without revealing the reporter's identity

1

1. Reporter submits anonymously

Encrypted form available 24/7 in 24 EU languages. No personal data required. Attachments accepted (PDF, documents, images).

2

2. Compliance officer handles securely

Authorized case handler receives, categorises and communicates with the reporter via encrypted two-way chat — without ever seeing the reporter's identity.

3

3. Full audit trail

Automatic event logging, statistics and an immutable audit chain that satisfies the documentation requirements of EU Directive 2019/1937 and NIS 2.

Everything you need for compliance

A professional whistleblower platform, ready to use out of the box

Anonymous two-way communication

Encrypted chat with the reporter without disclosing identity — meets the dialogue requirement of the EU directive.

End-to-end encryption

AES-256-GCM encrypts every byte in transit and at rest. Zero-knowledge architecture — not even we can read the contents.

24 EU languages included

All official EU languages. Reporters choose their language; case handlers receive in theirs.

GDPR automation

Built-in data minimisation, retention schedules, consent tracking and right-to-erasure — by design, not bolt-on.

Audit log

Immutable, time-stamped record of every event — required for documentation and external review.

EU hosted, EU owned

All data stays inside the EU. No US cloud providers, no FISA exposure, no Cloud Act risk.

🇪🇺

Genuine EU sovereignty

Post-Schrems II and the EU AI Act, EU data residency is no longer a preference — it is a requirement. Whistlechannel is hosted in Sweden and Germany, owned by an EU entity, and your data never leaves the EU.

  • Servers in Stockholm and Frankfurt — no US regions
  • No sub-processors outside the EU/EEA
  • Standard Contractual Clauses unnecessary — we don't need them
  • Source code reviewable for enterprise customers

Compliant with

EU Directive 2019/1937
Whistleblower Directive
GDPR
EU 2016/679
NIS 2
EU 2022/2555
ISO 27001
Aligned
EU AI Act
Ready

Frequently asked questions

Does my company need a whistleblower channel?
Yes, if you have 50 or more employees in any EU Member State. Directive (EU) 2019/1937 applies to private and public sector employers. Companies in financial services, aviation safety or other regulated sectors are covered regardless of size.
What's the difference between internal and external reporting?
Internal reporting goes to the employer's own channel — that's what Whistlechannel provides. External reporting goes to the competent national authority. The directive requires both routes to be available, with internal preferred but never mandatory.
How is anonymity guaranteed?
We don't log IP addresses, we use zero-knowledge encryption where only authorised case handlers can decrypt, and the two-way chat operates over a pseudonymous channel. Reporters can choose to provide no identifying information at all.
What does it cost?
From €9/month for up to 1,000 employees (Basic). Standard €29/month for 5,000 employees. Premium €89/month unlimited. No setup fee, no minimum term.
How long does implementation take?
About 10 minutes. Create an account, customise categories and languages, share the reporting link with staff. No IT installation — it's a SaaS service.
Where is data stored?
Inside the EU — primarily in Swedish and German data centres. We use no US cloud providers, which means no Cloud Act or FISA 702 exposure for your reporters' data.

Simple, transparent pricing

No long-term contracts. Cancel anytime. All plans include 24 EU languages.

Basic

9/mo
  • Up to 1,000 employees
  • Unlimited reports
  • 24 EU languages
  • Email support
Start free
Most popular

Standard

29/mo
  • Up to 5,000 employees
  • Unlimited reports
  • 24 EU languages
  • Priority support
  • Custom branding
Start free

Premium

89/mo
  • Unlimited employees
  • Unlimited reports
  • 24 EU languages
  • 24/7 support
  • SSO integration
  • Dedicated CSM
  • SLA guarantee
Start free

Ready to comply with EU Directive 2019/1937?

Get started in minutes. No installation, no commitment, no credit card required for trial.

Create accountSign in