Monthly Archives: December 2022

New Rules On Whistleblowing

On December 9, 2022, a bill to implement Directive (EU) 2019/1937 on whistleblowing was submitted to the President of the Chamber of Deputies.

The draft envisages several obligations for entities of public and private sectors, including an obligation to activate a whistleblowing channel (internal or external) that guarantees the confidentiality of the identity of the reporting person, unless the reporting person gives express consent; of the person involved; of the person otherwise mentioned in the report; and of the content of the report and any related documentation.

Such reports may be made either in written or oral form, through telephone lines or voice messaging systems; the reporting person may request that a face-to-face meeting be scheduled.

The Italian Anti-Corruption Authority, after having heard the Italian Data Protection Authority, must adopt, within 3 months of the adoption of the legislation, specific guidelines on procedures for handling external reports.

To comply with personal data protection legislation, it will be necessary to:

  • Prepare adequate privacy notices regarding the processing of data collected within the reporting process;
  • Adopt appropriate technical and organizational measures to ensure an adequate level of confidentiality of the information of the reporting person and the person involved, as well as the content of the report and related documentation, to be identified on the basis of a data protection impact assessment;
  • Give an express authorization to the parties who will receive reports to process personal data;
  • Formally appoint all parties that process data related to the reports (i.e., external providers) as data processors.

The draft also provides that data related to internal and external reports, as well as related documentation, may be retained for up to a maximum of 5 years from the date of the communication of the final outcome of the reporting procedure.

Retaliation against reporting persons is prohibited and sanctions can be applied as a result.

Once approved, the whistleblowing legislation will take effect 4 months after the date of its entry into force, except for private-sector entities that have employed, over the past year, an average of not less than 50 and not more than 249 employees, with unlimited term or fixed-term employment contracts, for whom the provisions of the legislation will take effect as of December 17, 2023.

Product Liability Directive

The Proposal for a new Product Liability Directive of September 2022 is likely to be a game changer for manufacturers of products. Rules on the burden of proof are going to favor consumers more than before.

If you want to familiarize with the new rules, you will appreciate the following slides. Any questions? You know where to find us. Happy holidays!

New Rules on Corporate Sustainability Reporting

On November 28, 2022, the European Council approved the corporate sustainability reporting directive (CSRD). The CSRD strengthens the existing sustainability reporting requirements under the EU legislation and broadens their scope of application. It does so by modifying directives and regulations containing the current sustainability reporting rules, including the Non-Financial Reporting Directive (“NFRD”).

Under the CSRD a company must report the company’s impact, as well as how its development, performance and position is affected by sustainability matters. Such information shall be included in a dedicated section of the management report.

The CSRD requires an increasing number of companies to report sustainability information. While the NFRD reporting requirements are currently mandatory for large public-interest companies with more than 500 employees, the CSRD enlarges the list of entities subject to those requirements to:

  • companies with more than 250 employees and a turnover of 40 million euros (so called large companies);
  • all companies listed on regulated markets, including SMEs and with the sole exception of microenterprises; and
  • non-EU companies generating a net turnover of 150 million euro in the EU and which have at least one subsidiary or branch in the EU exceeding certain thresholds.

In light of the above, the CSRD is expected to impact nearly 50,000 companies in the EU, compared to the approximately 11,000 companies already covered by the NFRD.

The new requirements will not be immediately mandatory, as the CSRD provides that the new sustainability reporting requirements will be implemented in a four-stage process here below summarized:

Starting dateFinancial YearEntities subject to reporting requirements
January 1, 2025Financial years starting on or after 2024Companies already subject to the NFRD
January 1, 2026Financial years starting on or after 2025Large companies that are not currently subject to the NFRD
January 1, 2027Financial years starting on or after 2026Listed SMEs (with the sole exception of micro undertakings) and the remaining European companies that fall under the CSRD application
January 1, 2029Financial years starting on or after 2028Non-EU companies that fall under the CSRD application

The European Commission, with the technical support of the European Financial Reporting Advisory Group (EFRAG), will adopt sustainability reporting standards.

The CSRD still needs to be signed and published in the Official Journal of the European Union and will enter into force 20 days afterwards. After that, each Member State will need to implement the CSRD into local law within 18 months.