Whistleblower rules, when mandatory and how?
Under the Wet bescherming klokkenluiders an employer with 50+ staff must have an internal reporting procedure. The whistleblower may not be disadvantaged.
Try this first
- 1Define a reporting procedure: who receives reports, how confidentiality is ensured, within what timelines follow-up happens.
- 2Appoint an independent recipient or committee. Someone without interest in the matter. External or an internal role both work.
- 3Protect confidentiality. The reporter identity may only be shared with explicit consent or where law requires.
- 4Communicate the procedure. Handbook, intranet, annual reminder. Silent policies do not count.
- 5Log reports and follow-up anonymously in a register. The labour inspectorate or supervisor can request it.
When to bring us in
Receive a report about fraud, financial irregularity, or harassment? Stop on IT and call employment law or forensic investigators. Do not self-handle.
See also
- Does NIS2 apply to my company?Two questions decide it: are you in a listed sector, and do you meet the threshold from Recommendation 2003/361/EC (more than 50 FTE and more than EUR 10M turnover or balance sheet). Below that you are only indirectly in scope, via your customers. The threshold determines whether you are an important or essential entity depending on sector.
- What changes with the Dutch Cyber Security Act?The Cyberbeveiligingswet is the Dutch implementation of NIS2. Track NCSC for the exact effective date and the lower regulations.
- Am I personally liable as a director under NIS2?Yes. The board is accountable for approving and overseeing the cyber measures. Severe negligence can become personal.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.