- Is it mandatory to use a digital whistleblowing system?
- What is the difference between a whistleblower channel and a whistleblower system?
- What do the regulatory authorities check?
- Why use ANON::form for whistleblowing?
- How does ANON::form ensure anonymity for reporters?
- Can attachments be submitted securely in whistleblower reports?
- Is ANON::form compliant with whistleblowing legal requirements?
- How are reports delivered to the intended recipient?
- Can multiple anonymous reports be submitted from the same website?
- Can I have two-way encrypted communication with people who submit whistleblower reports?
- Where can I find more information about this?
Is it mandatory to use a digital whistleblowing system?
No. According to the EU Whistleblower Directive (EU) 2019/1937, organizations must provide internal reporting channels, but the law does not require these to be digital. Reporting should be done in writing or orally, for example by phone, letter, meeting or a web-based system.
Many organizations use digital solutions because they make it easier to ensure confidentiality, documentation and follow-up within the legal deadlines. However, the important thing is not the technology, but that the channel is secure, confidential and managed according to the processes required by the law.
But complete whistleblower systems are often costly and completely unnecessary for small organizations that can solve it with very simple methods where only secure reporting channels (like ANON::form) are procured.
What is the difference between a whistleblower channel and a whistleblower system?
A whistleblower channel (like ANON::form) is the actual way to submit a report of misconduct. It can be, for example, a web form, a telephone line, an email address or a dedicated postal address.
A whistleblower system is the overall solution for receiving, handling and following up on reports. It usually includes both the technology (for example, a digital platform) and the organizational processes, such as reception, investigation, documentation and feedback to the whistleblower.
What do the regulatory authorities check?
When reviewing, regulators typically look at:
- Is there an internal reporting channel?
- Is it secure and confidential?
- Are there documented procedures?
- Are deadlines being met?
- Is personal data being handled correctly?
So technology is only part of compliance.
Why use ANON::form for whistleblowing?
ANON::form provides secure, encrypted forms that preserve anonymity. Submissions cannot be read by unauthorized parties, making it a safe channel for reporting unethical behavior, sensitive issues, or legal violations.
How does ANON::form ensure anonymity for reporters?
Submissions are encrypted in the browser, and unnecessary metadata is removed. This means that even the organization hosting the form cannot identify who submitted a report unless the sender chooses to reveal their identity.
Can attachments be submitted securely in whistleblower reports?
Yes. Files and documents included in whistleblower submissions are encrypted along with the text content. Only the intended recipient with the correct decryption key can access the attachments.
Is ANON::form compliant with whistleblowing legal requirements?
ANON::form’s architecture supports compliance with legal expectations for secure reporting, such as confidentiality and data protection principles. Organizations can use it to implement safe reporting channels while following local regulations.
How are reports delivered to the intended recipient?
Encrypted submissions are transmitted directly to the recipient. ANON::form does not store or log the content, ensuring that the report remains private and can only be read by the authorized recipient.
Can multiple anonymous reports be submitted from the same website?
Yes. Multiple reporters can submit secure, independent reports from the same website. Each submission is treated individually and remains fully encrypted and anonymous.
Can I have two-way encrypted communication with people who submit whistleblower reports?
To enable secure two-way communication, the whistleblower form must include a reply email field so the recipient knows where to send a response. Recipients can reply securely using an encrypted email client such as Proton Mail , which supports end-to-end encrypted replies. Password-protected messages can also be used for communication with recipients outside Proton Mail, while full encryption works when both sides use compatible secure clients.