Law 2/2023 on the Protection of Whistleblowers (LPPI) aims to promote a culture of information and ensure the protection of whistleblowers against possible retaliation. To achieve this, it establishes the obligation for public and private entities to implement an internal reporting system or whistleblower channel.
This law particularly impacts companies with 50 employees or more, posing challenges regarding whistleblower anonymity and confidentiality, as well as ensuring data integrity throughout the reporting process. In this context, BLOOCK, Gladtolink, and GoLive join forces to present a blockchain-based whistleblower reporting system that complies with the new regulations, leveraging Zero-Knowledge Proof (ZKP) technology and decentralized digital identity to achieve this.
The new Law 2/2023
What is the purpose of this new law?
The purpose of Law 2/2023 on the Protection of Whistleblowers (LPPI) is twofold: firstly, to promote a culture of information that prevents or detects threats to the public interest, and secondly, to ensure adequate protection for whistleblowers against possible retaliation.
What obligations does it establish?
To achieve the first objective, the legislation establishes the obligation for both public and private entities to implement an internal reporting system or whistleblower channel. This system will allow reporting of possible serious or very serious criminal or administrative offenses.
Regarding the second objective, a legal protection mechanism is established to ensure that informants or whistleblowers do not suffer harm as a result of using these reporting channels.
Which companies are affected?
The obligation to implement an internal reporting system (IRS) applies to all companies with 50 or more employees. As a result, the enforcement of this regulation has a direct impact on the workplace, which raises various questions about its interpretation and practical application.
What challenges does it establish for these companies?
The main challenge that this new law presents to companies is to maintain the anonymity and confidentiality of whistleblowers. The issue lies in the fact that no centralized system is 100% confidential, as system administrators always have access to the whistleblower’s identity.
Another challenge is to ensure data integrity throughout the reporting process. Reporting irregularities often involves sensitive and confidential information, and there is a risk of data manipulation or alteration. It is essential to establish secure systems and protocols to safeguard the integrity of the reported data, protecting both the whistleblowers and the accused parties.
What are the compliance deadlines?
The companies affected by the law must have a fully functional internal reporting channel that complies with the requirements set by the law before December 1, 2023.
What is the penalty regime?
Committing offenses under this law can result in fines, the amounts of which vary depending on whether they apply to individuals or legal entities.
For individuals, fines range from 1,001 to 10,000 euros for minor offenses, from 10,001 to 30,000 euros for serious offenses, and from 30,001 to 300,000 euros for very serious offenses.
For legal entities, fines range from 100,000 euros for minor offenses, between 100,001 and 600,000 euros for serious offenses, and between 600,001 and 1,000,000 euros for very serious offenses.
¿ What is the direct solution to these challenges?
Zero-Knowledge Proof (ZKP) and Blockchain-based Digital Identity
Through the Zero-Knowledge Proof (ZKP) protocol, individuals can demonstrate that they have knowledge or relevant information without revealing their real identity. This way, whistleblowers can be identified or present certain credentials without the need to disclose any personal information to the company.
A blockchain-based digital identity system, combined with ZKP, provides a secure and transparent way to record transactions and maintain data integrity. By combining these technologies, individuals can report anonymously, protecting their identity while ensuring the confidentiality of the information provided.
Generation of Certified Evidence
Unlike traditional systems that store information in a “black box” hosted on a centralized server accessible to system administrators, information recorded on a decentralized network like blockchain is time-stamped and fully immutable, making it secure, reliable, and legally valid.
The characteristics of decentralized systems allow companies to easily generate verifiable evidence that the whistleblowing process has been followed according to the required timelines set by the law. Thanks to the timestamping provided by blockchain, it can be demonstrated that the certified information has not been modified at any point by the company.
BLOOCK takes on the challenge alongside Gladtolink and GoLive
During the upcoming Digital Enterprise Show (DES) in Malaga (June 13-15), BLOOCK, in collaboration with Gladtolink and GoLive, will present a new project: a blockchain-based whistleblower reporting system that complies with the new regulations.
Gladtolink is an easily adaptable no-code platform that allows users to create applications without programming knowledge. Through the integration of BLOOCK’s solution, Gladtolink users can leverage the benefits of blockchain-based digital identity to ensure anonymity, confidentiality, data integrity, and authenticity of their sensitive information.
GoLive is a company specializing in Digital Transformation. The GoLive team focuses on humanizing technology and facilitating change through an ecosystem of services and solutions designed to help organizations overcome challenges and achieve their goals. With that objective in mind, and thanks to the tools provided by Gladtolink and BLOOCK, GoLive has developed a legally valid whistleblower reporting system to assist companies affected by the new Law 2/2023.
The problem with current solutions
Existing complaint mailbox solutions lack a system for the custody of digital files by a trusted third party. This means that anyone can modify the digital files, resulting in a lack of legal value and validity.
The lack of integrity and security in the custody of these files allows for unauthorized manipulation and modification, questioning the authenticity and reliability of the information contained within them. As a result, an organization’s ability to demonstrate compliance with Law 2/2023 is compromised, as they cannot provide strong and verifiable evidence of their actions and responses to the complaints filed. This creates a gap in the organization’s legal defense, potentially placing them at a disadvantage in the face of legal actions related to regulatory compliance.
Whistleblower reporting system with legal validity
The system developed by BLOOCK, Gladtolink, and GoLive utilizes a decentralized digital identity solution and Zero-Knowledge Proof (ZKP) technology to ensure the anonymity and confidentiality of whistleblowers. Through a decentralized blockchain-based platform, whistleblowers can securely submit their reports without revealing their real identities.
With this purpose in mind, BLOOCK, Gladtolink, and GoLive are committed to assisting companies in complying with the new Law 2/2023. Leveraging BLOOCK’s certification service and the reporting platform developed by GoLive using Gladtolink’s tools, organizations can seamlessly address the challenges posed by the new legislation.
For more information, please do not hesitate to contact us at firstname.lastname@example.org.
The EU Whistleblowing Directive 2023 (2/2023) – Blockchain enterprise solution for compliance