REPUBLIC OF LITHUANIA LAW
ON THE PROTECTION OF WHISTLEBLOWERS
28 November 2017 No XIII-804
Vilnius
(As last amended on 20 December 2018 – No XIII-1850)
Article 1. Purpose and objectives of the Law
1. This Law defines rights and duties of persons reporting breaches at institutions, grounds for and forms of their legal protection, as well as measures for the protection, encouragement of and support to such persons, with the purpose of providing adequate possibilities for reporting breaches of law that pose a threat or cause harm to the public interest and to ensuring prevention and disclosure of such breaches.
2. In case of any contradictions between this Law and other laws, the rules of this Law shall apply.
3. In case of any contradictions between this Law and the Republic of Lithuania Code of Criminal Procedure, the rules of the Code of Criminal Procedure shall apply.
Article 2. Definitions
1. ‘Information on a breach’ means information on a breach which has the elements defined in paragraph 5 of this Article and which is provided by a person through an internal channel for providing information on breaches or directly to a competent authority, or in public.
2. ‘Institution’ means a public or private legal person, any other organisation, a branch of a foreign legal person or organisation at which a breach is being allegedly arranged, has been committed or is being committed.
3. ‘Competent authority’ means an entity which under this Law accepts, examines within its remit or forwards to other institutions to examine reports or provided information on breaches, as well as coordinates the process of protection of and support to whistleblowers under this Law.
4. ‘Confidentiality’ means a principle of activities of institutions and other entities and their employees, civil servants or officers securing that the data of a person who has provided information on a breach and other information that enables to identify him directly or indirectly shall be processed solely for the purpose of performing work or service functions and that this information shall not be disclosed to third parties, except for cases laid down in this Law.
5. ‘Breach’ means a criminal act, administrative offence, official misconduct or breach of work duties, as well as a gross violation of the mandatory norms of professional ethics or any other breach of law posing a threat or causing harm to the public interest which is being allegedly arranged, is being committed or has been committed at an institution and of which a whistleblower becomes aware through his present or former service or employment relationship or contractual relationship with this institution.
6. ‘Whistleblower’ means a person who provides information on a breach at an institution with which he has or had a service or employment relationship or contractual relationship (consultancy, contracting, internship, traineeship, volunteering relationship, etc.) and who is recognised by a competent authority as a whistleblower.
7. ‘Report’ means an application to a competent authority which meets formal requirements laid down in this Law and which contains specific information on a breach having the elements defined in this Law.
8. ‘Internal channel for providing information on breaches’ means a procedure developed and applied at an institution in a prescribed manner for providing information on breaches at this institution, investigating such information and notifying the person about the outcome.
Article 3. Provision of information on breaches
1. Information on breaches shall be provided with the purpose of protecting the public interest. Provision of information with the purpose of protecting purely personal interests shall not be regarded as a report.
2. Under this Law, information on breaches shall be provided because of:
1) a threat to public security or health, life or health of an individual;
2) environmental hazards;
3) impediment to or unlawful interference with investigations by law enforcement bodies or the administration of justice by courts;
4) financing of illegal activities;
5) illegal or non-transparent use of public funds or assets;
6) unlawfully acquired assets;
7) concealment of the effects of a committed breach, obstruction of quantification of the effects;
8) other breaches.
3. When a person provides in accordance with the procedure laid down in this Law information on a breach related to a commercial/industrial secret, professional secret, bank secret, confidential information of an institution or information about a person’s private life, such provision of information shall not be regarded as disclosure of a commercial/industrial secret, bank secret, confidential information or information about a person’s private life, save in exceptional cases referred to in Article 4(8) of this Law and the cases when provision of information constituting a professional secret to a competent authority would be contrary to laws regulating individual professional activities.
4. A person who provides information on a breach shall not, by this reason, be subject to any contractual or non-contractual liability, or any liability for defamation or slander if, at the time of the provision of information on the breach in accordance with the procedure laid down by this Law, he reasonably believed that he was providing true information.
5. A person shall be liable for the damage caused by providing information on a breach only if it is proven that the person could not reasonably believe that information provided by him was true.
6. Measures laid down in Article 8 of this Law shall apply to a person who provided information on a breach anonymously in cases when his identity has been disclosed and it is necessary to protect him from being adversely affected.
7. Provision of knowingly false information or information comprising a state secret or an official secret shall not offer a person guarantees under this Law. A person who has provided knowingly false information or disclosed a state secret or an official secret, or a professional secret shall be held liable under legal acts.
Article 4. Ways of providing information on breaches
1. A person may provide information on a breach:
1) at an institution through the internal channel for providing information on breaches;
2) to a competent authority directly;
3) by reporting such information in public.
2. At an institution, a person shall provide information on a breach through the internal channel for providing information on breaches, except for the cases referred to in this Article. The institution must, not later than within five working days from receipt of information on the breach, notify the person about the progress of the examination of information provided by him or refusal to examine this information. After examining information provided by the person, the institution must, without delay, communicate to the person the outcome of the examination.
3. A person shall directly refer to a competent authority regarding a breach in at least one of the following circumstances:
1) the breach is material to the public interest;
2) it is necessary to prevent or terminate the breach as soon as possible, as significant damage may arise;
3) managing persons, persons having an employment or service relationship or contractual relationship with the institution have likely committed or are committing the breach;
4) information on the breach has been provided through the internal channel for providing breaches, but no response has been received or no action has been taken in response to provided information or the measures taken have proved to be ineffective;
5) there are grounds for believing that the anonymity of the whistleblower or the person’s confidentiality may be compromised or the reported breach will be concealed after providing information on the breach through the internal channel for proving information on breaches;
6) the functioning internal channel for providing information on breaches is not in place at the institution;
7) the person may not make use of the internal channel for providing information on breaches because he no longer has an employment or service relationship or any other legal relationship with the institution.
4. When a person becomes aware of the elements of a criminal act that is being allegedly committed or has been committed, a report must be submitted to a competent authority.
5. A person shall provide information on a breach to a competent authority by submitting a report in the format approved by the Government of the Republic of Lithuania or an institution authorised by it. A person may also provide information on a breach to the competent authority by submitting a free-format report, indicating in it that the report is being submitted in compliance with this Law. Non-compliance with the requirements for a report laid down in this paragraph shall produce the effects referred to in Article 6(1) of this Law.
6. In a report, a person shall indicate the following information known to him:
1) specific factual circumstances of a breach;
2) the person who is arranging, is taking or has taken part in the commission of the breach;
3) whether the person has reported the breach and, if yes, who it has been reported to and whether a response has been received;
4) his forename, surname, contact data.
7. If possible, a person shall attach to a report written or other available data about a breach.
8. Information on a breach may be reported in public with the purpose of notifying about an imminent threat to human life, public health or environment where, in order to prevent such a threat, it is necessary to take urgent actions but due to lack of time it is impossible to report the breach by other means or, in case of reporting the breach by other means, timely actions have not been taken. In order to be granted guarantees applicable to whistleblowers as laid down by this Law, a person who reports information on the breach in public, must refer to a competent authority. The person who reports information on the breach in public shall not be subject to the measure referred to in Article 8(1)(2) of this Law, as well as to the provisions of Article 3(3) of this Law.
Article 5. Competent authority
1. In implementing this Law, a competent authority shall perform the following functions:
1) accepts persons’ reports;
2) assesses the conformity of information provided by a person on a breach to the requirements laid down in this Law and recognises the person who has provided information on the breach as a whistleblower;
3) investigates reports and information on breaches within its remit laid down in legal acts regulating its activities;
4) forwards reports and information on breaches to authorities for investigation within their remit;
5) takes decisions on application of measures to protect, encourage and support whistleblowers or initiates the taking of such decisions and coordinates implementation of such decisions;
6) coordinates actions of the authorities in investigating information on breaches;
7) summarises the practice of application of this Law, prepares and presents recommendations regarding the improvement of whistleblowers’ protection, collects and makes statistical data available to the public;
8) makes available to the public in an aggregated form information on the breaches which have been disclosed on the basis of information provided by whistleblowers;
9) consults persons and the authorities with regard to the application of this Law;
10) administers online information intended for whistleblowers;
11) performs other functions laid down in this Law.
2. Functions of a competent authority laid down in this Law shall be performed by the Prosecutor’s Office of the Republic of Lithuania.
Article 6. Examination of information on breaches provided to a competent authority
1. Having received a report meeting the requirements laid down in Article 4(5) of this Law, a competent authority shall ensure confidentiality of a person who submitted it from the moment of receipt of the report and shall, without delay, start assessing received information on the breach. If the person reports the breach without complying with the requirements for the format of a report laid down Article 4(5) of this Law but information included in the report meets other requirements laid down in this Law, the competent authority may recognise the person as a whistleblower. In these cases, the competent authority shall ensure the person’s confidentiality from the moment of the recognition of the person as a whistleblower.
2. Having assessed information on a breach and having established that information provided by a person in a report does not meet provisions of this Law, a competent authority shall take a decision not to recognise the person as a whistleblower and shall notify the person about that. If information included in the report gives a reason to believe that a breach of legal acts other than the one defined in Article 2(5) of this Law has allegedly been committed, the competent authority shall, within its remit and in accordance with the procedure laid down by legal acts, launch an investigation of its own motion or shall, without delay, forward the report to the authority empowered to investigate such breaches pursuant to the Law of the Republic of Lithuania on Public Administration or other legal acts and shall notify the person about that.
3. Having established that a person who submitted a report and information included by him about a breach meet requirements laid down in this Law, a competent authority must recognise the person as a whistleblower and shall notify him about that.
4. Where a competent authority is empowered to investigate breaches indicated in a report, it shall establish the fact of presence or absence of the breach and shall impose liability on persons who committed the breach or shall initiate imposition of liability on persons who committed the breach in accordance with the legal acts governing the respective liability.
5. Having established that it is not empowered to investigate breaches included in a report, a competent authority shall, no later than within five working days from receipt of the report, forward it to another authority according to its remit together with a decision to recognise a person as a whistleblower and shall notify the whistleblower about that. The authority to which the report has been forwarded shall communicate to the competent authority information about the course of the investigation of the report as well as its outcome.
6. Having completed an investigation of information on a breach provided by a whistleblower and having taken related decisions or having received information from another authority which examined the report about the outcome of the examination of the report, a competent authority shall notify the whistleblower about that.
7. A competent authority shall not investigate a report and shall notify a person who has submitted the report about it if:
1) the report is based on information which is manifestly untrue;
2) the person refers to the competent authority repeatedly regarding the same circumstances, where the information on a breach provided previously was examined in accordance with the procedure laid down in this Law and a decision regarding it was taken.
8. A competent authority shall have the right to receive information from natural persons and institutions which is necessary for the performance of functions of the competent authority laid down in this Law.
9. A decision of a competent authority not to recognise a person as a whistleblower may be appealed before a court in accordance with the procedure laid down by the Law of the Republic of Lithuania on Administrative Proceedings.
Article 7. Forwarding of reports to a competent authority
On receipt of a report which meets the requirements laid down in Article 4(5) of this Law or information provided in which has the elements laid down in this Law, a public administration entity shall, without delay, forward it to a competent authority but no later than within two working days from receipt of the report and shall notify the person who submitted the report about that.
Article 8. Measures to protect, encourage and support persons who have provided information on breaches
1. The main measures to protect, encourage and support persons who have provided information on breaches shall be as follows:
1) securing safe channels for providing information on breaches;
2) ensuring a person’s confidentiality;
3) prohibition from adversely affecting a person who has provided information on breaches;
4) right to remuneration for valuable information;
5) right to compensation;
6) ensuring free legal aid;
7) exemption from liability.
2. Measures referred to in points 2 and 3 of paragraph 1 of this Article shall apply from the moment of receipt by an institution or a competent authority of information on a breach provided by a person and shall apply to all persons (except for the cases referred to in Article 6(1) of this Law) who have provided information on breaches in accordance with the procedure laid down in this Law, irrespective of whether or not the person who provided information on the breach has been recognised as a whistleblower. Measures referred to in points 4, 5, 6 and 7 of paragraph 1 of this Article may be applied from the day on which the competent authority recognises the person who has provided information on the breach as a whistleblower.
Article 9. Ensuring of confidentiality
1. Confidentiality of persons who provide information on breaches must be ensured in the course of public administration procedures, procedures of investigation of an official/disciplinary misconduct or during administrative or criminal proceedings to the extent that it is objectively possible taking into account the presented data and its link to the whistleblower.
2. Each institution and person who receives or examines information on a breach must ensure confidentiality of the person who has provided information on the breach.
3. Data regarding a whistleblower which enable to identify him may be provided only to the person or institution who examines information on a breach.
4. If a competent authority has not recognised a person who has provided information on a breach as a whistleblower and has forwarded information on the breach to another authority according to Article 6(2) of this Law, the authority to which information on the breach has been forwarded shall ensure confidentiality.
5. The requirement to ensure confidentiality shall not apply when:
1) this is requested in writing by a person who is providing or has provided information on a breach;
2) a person provides knowingly false information.
6. Information about whistleblowers may not be provided to persons who do not take part in the investigation.
Article 10. Prohibition from adversely affecting persons who have provided information on breaches
1. It shall be prohibited to take any measures adversely affecting a person who has provided information on a breach from provision of this information, where these measures are taken because of the provision of such information: dismissal, demotion or change of location of work, intimidation, harassment, discrimination, threat of abuse, restriction of career opportunities, reduction in wages, change in working hours, doubts as to the person’s competence, communication of negative information about the person to third parties, withdrawal of the right to work with information comprising a state secret or an official secret, as well as application of any other measures adversely affecting him.
2. Prohibition from adversely affecting a person who has provided information on a breach shall apply to the employer and to other employees of the institution.
3. It shall be prohibited to adversely affect the family members of a person who has provided information on a breach, working at an institution or at any other legal person related to the institution by subordination, where a family member of the person who has provided information on the breach may suffer negative consequences as a result of the provision of information on the breach. Provisions of Articles 11 and 14 of this Law shall apply mutatis mutandis to the family members of the person who has provided information on a breach, adversely affected as a result of the provision of information on the breach.
4. If a person who has provided information on a breach has been adversely affected, his employer must, in case of a dispute, prove that the person who has provided information on the breach has suffered negative consequences not as a result of his submitting the report or providing information on the breach.
Article 11. Measures of legal defence
1. Where a whistleblower is being adversely affected, he shall notify a competent authority about that.
2. Where a person who has provided information on a breach in accordance with the procedure laid down by this Law through the institution’s internal channel for providing information on breaches is being adversely affected, he shall submit a report to a competent authority, which will decide on the recognition of the person as a whistleblower.
3. Having established that a whistleblower is being adversely affected, a competent authority shall refer to the institution specifying the guarantees applicable to whistleblowers.
4. A person who has provided information on a breach may appeal to a court with regard to negative consequences he is suffering. A person who is related to the institution by a service relationship shall, under the Law on Administrative Proceedings, have the right to challenge an administrative decision taken with regard to him or any other act or omission entailing negative consequences for him.
5. Negative consequences entailed by the submission of a report must be eliminated taking into account the procedures laid down in legal acts regulating employment or service relationships, unless otherwise provided for in this Law.
6. A whistleblower shall have the right to claim compensation for non-pecuniary damage or for negative consequences suffered.
Article 12. Remuneration for valuable information
1. Whistleblowers who have provided valuable information on breaches to a competent authority may be remunerated under the conditions and in accordance with the procedure laid down by the Government.
2. A decision on remuneration to a whistleblower for valuable information shall be taken, remuneration shall be calculated and paid in compliance with the following principles:
1) the whistleblower may be remunerated for information on a breach, irrespective of the type or character of the breach;
2) the remuneration to the whistleblower is proportionate to the damage that has been caused or could have been caused as a result of committing the breach, if it is possible to calculate it;
3) the maximal amount of remuneration to the whistleblower is not set;
4) the remuneration to the whistleblower is not linked to an effective court judgment.
Article 13. Compensation to whistleblowers
1. In the course of investigation of a report, a competent authority may, at the reasoned request of a whistleblower, grant him compensation in the amount of up to 50 base social benefits with the purpose of compensating for the adverse effect or potential consequences suffered by the whistleblower because of his submitting a report.
2. No compensation shall be granted if a whistleblower has been remunerated as provided for in Article 12 of this Law.
3. The procedure for granting compensation to whistleblowers shall be laid down by the Government.
Article 14. Legal aid to whistleblowers
1. At the request of a whistleblower, he shall be provided secondary state-guaranteed legal aid in accordance with the procedure laid down by the Law of the Republic of Lithuanian on State-guaranteed Legal Aid, regardless of the property and income levels established by the Government for receiving legal aid.
2. Secondary state-guaranteed legal aid shall be provided to a whistleblower following a decision of a competent authority to recognise a person as a whistleblower.
3. Entities taking a decision on providing secondary state-guaranteed legal aid and actually providing it must ensure confidentiality of a whistleblower to the extent possible.
Article 15. Exemption from liability
A whistleblower who has participated in the commission of breaches and has notified a competent authority about that in accordance with the procedure laid down by this Law may enjoy immunity from liability for participation in the commission of these breaches in accordance with the procedure laid down by legal acts.
Article 16. Establishment of internal channels for providing information on breaches
1. Institutions shall, under the conditions, according to the procedure and pursuant to the requirements laid down by the Government, establish internal channels for providing information on breaches and secure their functioning.
2. Confidentiality of persons who have provided information on breaches shall be ensured in internal channels for providing information on breaches.
3. The head of an institution shall be responsible for establishing an internal channel for providing information on breaches and securing its functioning. The head of the institution shall notify employees, civil servants and officers regarding the internal channel for providing information on breaches in place at the institution and shall provide related information at the workplace in a manner accessible to all of them.
Article 17. Liability
Persons in breach of the requirements of this Law shall be held liable in accordance with the procedure laid down by laws of the Republic of Lithuania.
Article 18. Entry into force and implementation of the Law
1. This Law shall enter into force on 1 January 2019.
2. The Government or institutions authorised by it shall adopt legal acts implementing this Law by 31 December 2018.
I promulgate this Law passed by the Seimas of the Republic of Lithuania.
President of the Republic of Lithuania Dalia Grybauskaitė