Whistleblower compliance for manufacturing and supply chain #
Manufacturers face whistleblower obligations from two directions: the EU Whistleblower Directive (2019/1937) for internal reporting, and supply chain due diligence laws that explicitly require grievance mechanisms covering employees and third parties.
Regulations that require reporting channels #
- EU Directive 2019/1937 — applies to all manufacturers with 50+ employees. Internal channels for employees.
- German Supply Chain Act (LkSG) — in force since January 2023. Requires companies with 1,000+ employees (and their direct suppliers) to establish a complaints procedure accessible to affected persons in the supply chain — not just employees. Section 8 LkSG
- EU Corporate Sustainability Due Diligence Directive (CSDDD) — adopted 2024, phased implementation from 2027. Requires companies with 1,000+ employees and €450M+ turnover to establish complaints mechanisms for human rights and environmental violations in their value chains.
- EU Product Safety Regulation (2023/988) — requires manufacturers to have internal channels for reporting product safety concerns.
LkSG vs. Whistleblower Directive #
| Whistleblower Directive | LkSG | |
|---|---|---|
| Who can report | Employees, contractors | Employees, suppliers, affected third parties |
| Scope | Breaches of EU/national law | Human rights, environmental violations in supply chain |
| Anonymity required | Varies by country | Not required but recommended (BAFA guidance) |
| Enforcement | National whistleblower authorities | BAFA (German Federal Office for Economic Affairs) |
| Penalties | Varies by country | Up to 2% of annual global turnover |
Companies subject to both laws need a channel that serves dual obligations — internal whistleblowing and supply chain grievance. A single reporting channel can cover both if configured correctly.
What gets reported #
- Workplace safety violations in production facilities
- Environmental non-compliance (emissions, waste disposal)
- Forced labor or exploitative conditions at supplier sites
- Product safety defects concealed from regulators
- Bribery in procurement or supplier relationships
- Circumvention of export controls or sanctions
Why this matters now #
The CSDDD extends supply chain due diligence obligations across the EU, not just Germany. Companies preparing for 2027 compliance need grievance mechanisms in place. Waiting means retrofitting under deadline pressure — the same pattern that led to five member states being fined for late Directive transposition.