Open-source whistleblowing software (Malta)
Reporting breaches, corruption, and abuses encountered in a work-related context is a right recognised across the European Union. And it is a right to be able to do so safely, with protection and confidentiality.
The EU Whistleblowing Directive
The EU Directive on the protection of persons who report breaches of Union law requires organisations to set up secure, confidential reporting channels and to safeguard reporting persons from retaliation.
In Malta the Directive is implemented through amendments to the Protection of the Whistleblower Act (Chapter 527 of the Laws of Malta). Public bodies and private employers with 50 or more workers must operate internal reporting channels; external reports are handled by the designated Whistleblowing Reports Units.
A secure whistleblowing platform
Are you looking for a secure, ethical reporting platform that complies with the EU Whistleblowing Directive?
Try GlobaLeaks, the free and open-source software designed to:
- Protect the identity of reporting persons and ensure full confidentiality
- Provide secure internal and external reporting channels with structured case management
- Ensure traceability, auditability, and reliable follow-up of reports
- Align with the requirements of Directive (EU) 2019/1937
Learn more in the official documentation.
Frequently asked questions
Who must set up an internal reporting channel?
Under Directive (EU) 2019/1937 and the national laws transposing it, all private companies with 50 or more employees and most public sector bodies must operate an internal reporting channel. In some sectors, such as financial services, the obligation applies regardless of company size.
Can reports be submitted anonymously?
Each EU Member State decides whether organisations must accept anonymous reports. GlobaLeaks supports both anonymous and confidential reporting, so the channel can be configured to match the national law and your internal policy.
How are whistleblowers protected from retaliation?
Reporting persons who had reasonable grounds to believe the reported information was true are protected against any form of retaliation, such as dismissal, demotion or discrimination. The confidentiality of their identity must be guaranteed at every stage.
What deadlines apply after a report is submitted?
The organisation must acknowledge receipt of the report within 7 days and provide feedback on the follow-up within 3 months, as required by Directive (EU) 2019/1937 and its national transpositions.
Why choose an open source whistleblowing platform?
Open source software like GlobaLeaks can be independently audited: anyone can inspect the code and verify how reports are encrypted and how whistleblowers' identities are protected, instead of relying on a vendor's claims. Open standards and APIs prevent vendor lock-in, and the platform can be self-hosted, giving the organisation full control and digital sovereignty over sensitive data.