On 11th November 2022, the Greek Parliament adopted the Law 4990/2022, which transposes Directive (EU) 2019/1937 into the Greek Legislation.
The law establishes rules for the protection of persons who report breaches of Union law harmful to the public interest, widely known as whistleblowers, working in the private or public sector, who identify such breaches (potential or actual) during their work- related activities.

Whistleblowers shall be protected when reporting i. infringements of Union law in areas such as public procurement, financial services, as well as the prevention of money laundering and terrorist financing, environmental protection, consumer protection, protection of privacy and personal data and security of network and information systems,

ii. infringements affecting the economic interests of the Union,

iii. infringements relating to the internal market, including infringements of Union rules on competition and State aid.

The main provisions of Law 4990/2022 are the following:

Establishment of an internal and external reporting channel

As for the internal reporting channel, companies with 50 or more employees, also companies operating in the financial sector services, products and markets, transport sector and environment sector regardless of the number of employees, are obliged to appoint an officer responsible for the receipt and follow-up of reports.

As regards as the external reporting channel, the National Transparency Authority is designated as the competent authority for the receipt, management and monitoring of the reports submitted to it directly concerning infringements.

Protection of whistleblowers

Whistleblowers are entitled to protection if, at the time of reporting, they had reasonable grounds for believing that the information they had obtained was true, at the time of disclosure, irrespective of whether they were subsequently disproved or destroyed, and/or, in the case of reporting to the National Transparency Authority, there is a risk of retaliation.

Obligations of confidentiality

Personal data and any kind of information leading, directly or indirectly, to the identification of the reporting party shall not be disclosed to anyone other than the authorized staff members, unless the reporting party consents to such disclosure.

Companies shall implement technical and organizational measures during the reporting follow-up and communication with the competent authorities. Companies must also maintain a record for each report they receive.

Personal data processing carried out in the context of the operation of the reporting system complies with the requirements of Regulation (EU) 2016/679 and Law 4624/2019, which supplements the GDPR in the Greek legal framework.

Protective Measures

The law provides substantial safeguards such as free legal advice on the procedures against retaliation. All forms of retaliation or threats of retaliation against whistleblowers, including dismissal or discrimination are prohibited. In the event of retaliation, whistleblowers shall be entitled to full compensation for the damage they suffered.


The Law provides for both criminal sanctions and monetary fines for persons who obstruct or attempt to obstruct the reporting of infringements, retaliate, or initiate malicious proceedings or infringe the obligation to maintain the confidentiality of the identity of whistleblowers.

The Editorial Team