From the 17th of December 2023, all private companies with more than 50 employees are, by law, obligated to apply a whistleblower solution. With the Zoios Whistleblower Solution and by following the guide below, you will be completely compliant with the law and you also create a space for employees to submit occurrences safely.

Terms that we use in this walk-through such as whistleblower responsible are explained under terminology meanings towards the bottom of the page.

The Zoios Whistleblower solution is a whistleblower channel for employees of your company and/or relevant stakeholders to report on serious matters, serious offenses or acts relating to breaching EU Laws.

The solution is simple, in Zoios you will get a link to post on your internal pages or similar making it available to the people you want. Through this link, people can now start reporting cases through this whistleblower channel. When people report cases, the designated whistleblower responsible for the company will be notified and can handle the reported cases in Zoios, sending feedback, updating, and evaluating the submitted cases.

Below are the four simple steps you need to become compliant.

Once those 4 simple steps are completed, your whistleblower solution and reporting channel is live and ready to be used. You now have a compliant solution live.

The link to use the whistleblower channel and report a case is now live and available. What happens then? When a whistleblower reports an occurrence, they can choose to report anonymously or confidentially, more on that below (link to it here).

When a report is submitted, two things happen:

The case has been reported. Now, it is up to the designated whistleblower responsible(s) to evaluate the reported case and determine whether it falls within the scope of the Whistleblower Directive or other defined criteria by the whistleblower unit.

The designated whistleblower responsible(s) needs to give feedback to the whistleblower within 90 days of receiving the report. If this is not possible, then the designated whistleblower responsible(s) needs to give the whistleblower notice of why they are not able to deliver this feedback yet (e.g. due to an ongoing internal investigation).

The whistleblower unit (designated whistleblower responsible(s)) will receive reminders of an open and unfinished case three times: 30 days, 14 days, and 7 days before the final deadline - to make sure cases are not overlooked.

Disclaimer: The cases can be tricky, so we must disclaim that we, in Zoios, do not take responsibility for case handling. We build the tool so that you are compliant and create a safe space for employees to submit their occurrences. You are always welcome to talk to your designated Zoios consultant to seek advice on general subjects, but we in Zoios cannot case-handle - we do not even allow ourselves to see the cases. Also: We are not experts or properly educated in the field of law, and these cases sometimes require this type of knowledge. Just like in all other cases where employees go to HR and explain a serious event that has happened.

We fully recommend building a process for how you will handle the cases internally, and then you need to communicate this clearly to all employees. A process could be:

Below are specific questions that many would ask.

Click the arrow on the left to open the answer to the question.

Who has access to the whistleblower module in Zoios?

People with the access “admin” has access to the whistleblower module. We are working on a solution to make an even more customized access only for the Whistleblower module.

Is it safe to be a whistleblower?

Yes, this is the whole point. You have certain rights as a whistleblower. The EU-laws outline these, so we refer to the Ministry of Justice for the specifics.

Who do you suggest to be the designated whistleblower responsible(s)?

We strongly suggest that this whistleblower-unit is composed of your current Zoios admins.

What if a case is not reported within the 3 months deadline?

It is best not to find out what will happen. It seems the law is - as of November 2023 - not clear on the, if any, potential negative consequences occurring due to not providing feedback within the 3 months deadline. We recommend to read the guidelines from the Ministry of Justice.

What if the submitted case is not deemed relevant, falls within the law, or is nonsense?

The whistleblower unit can reject reports that do not fall within the scope of the law and whistleblower directive. If possible, then always deliver this feedback to the whistleblower.

Can I refresh or update the reporting link?

No, you need to keep the link, you have.

Does the status update automatically?

No, you have to change the status yourself.

Will whistleblowers automatically get a receipt?

Yes, the whistleblower will automatically receive a confirmation via email, that their submitted case has been received. (The law prescribes that a confirmation must be sent to the whistleblower within 7 days of receiving the reported case. This automatic confirmation complies with the law, and alleviates the whistleblower responsible from this 7-day deadline.)

Can I delete a submitted case?

No, for compliance reasons and your own best, we keep all cases submitted in the solution, so you can always find them again.

Below are special terms used that might require an explanation or some context.

Click the arrow on the left to open the description of the term.

Whistleblower unit

The appointed department or people responsible for handling the whistleblower policy and the work related to the whistleblower solution.

Designated whistleblower responsible(s)

These are the appointed people from the company that are a part of or make up the company’s whistleblower unit.

Reporting Confidentially

Reporting confidentially as a whistleblower means that the whistleblower provides their email and agrees to share this with the designated whistleblower responsible.

Reporting Anonymously

Reporting anonymously as a whistleblower means that the whistleblower will remain fully anonymous for the whistleblower unit. Note, that the whistleblower still shares their email with the system to receive confirmation and feedback regarding their case.

Deadline for confirming that a report was received

The Zoios system will automatically send a confirmation that a report has been received. So, you will not even experience this. Nonetheless, it can be nice to know the law. The law states that the whistleblower unit (the designated whistleblower responsible(s)) need to confirm that the case has been received within 7 days of the case being reported.

Deadline for providing feedback on a case

The Zoios system will tell you all about the deadlines. But it is worth to know that the whistleblower directive (the law) states that feedback must be given on a case within 3 months of confirming that the report was received. The Zoios system confirms that the case was received automatically, so feedback to a case should be delivered within 3 months.