Blowing the Whistle in Turkey: A Policy Analysis in Light of the EU Whistle-blower Directive

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

In summary

With the growing recurrence of corruption scandals in recent years, there has been a growing interest in establishing whistle-blower laws at the national level. International organisations have also been influential in this respect, along with the national regulations in certain countries having extraterritorial reach. The most recent move came from the European Union, and Turkey is expected to follow suit sooner or later as part of its EU accession track and commitments under certain UN and OECD conventions.

Discussion points

  • Overview of the whistle-blowing Landscape
  • Assessment of the EU Whistle-blower Protection Directive
  • Legal protections for whistle-blowers in Turkey

Referenced in this article

  • Directive (EU) 2019/1937
  • US Foreign Corrupt Practices Act
  • ILO Termination of the Employment Convention No. C158
  • OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions
  • Law on Witness Protection No. 5726
  • Regulation on Active Cooperation for Detecting Cartels
  • Regulation on the Awards to be Granted to Whistle-blowers Who Help with Revealing Terror Crimes, Collecting Evidence or Catching Offenders
  • Code of Obligations No. 6098
  • Law on Protection of Competition No. 4054
  • Criminal Code No. 5237
  • Labour Law No. 4857
  • United Nations Convention against Corruption

Overview of the whistle-blowing landscape

Internal investigations, whistle-blowing and external monitoring are the three key pillars in preventing and combating corruption and enabling better governance and performance both on a state and company level.

An important place is given to the institution of whistle-blowers because of their effectiveness and importance in detecting risks and irregularities. In 2003, the crucial role of whistle-blowers in detecting crime and their need for protection were recognised as a part of international law when the United Nations adopted the Convention Against Corruption.[1] This Convention was signed by 140 nations and has been formally ratified, accepted, approved or acceded by 137 nations, including Turkey.[2]

With the growing occurrence of corruption scandals in recent years, especially in large companies, there has been a growing global interest in establishing whistle-blower laws at the national level, not to mention the national rules and regulations adopted in certain countries, such the United States and the United Kingdom, that have extraterritorial reach. [3] International organisations such as G20, [4] the Organisation for Economic Co-operation and Development (OECD) [5] and the International Chamber of Commerce [6] have also been influential in pushing for greater international adoption and national implementation of whistle-blower laws and best practices.

Significant risks and costs are associated with whistle-blowing. The most common ones are being subject to bad publicity, discrimination and being fired. Given that the role of whistle-blowers is crucial in raising awareness of violations and breaches that would otherwise remain concealed, adopting an inadequate approach in shaping a whistle-blowing policy can be detrimental to the fight against corruption and pose a serious threat to the welfare of society both at the micro and macro levels.

In a similar vein, a well-built whistle-blowing policy, together with a strong anti-retaliation message, can reduce the vulnerabilities of whistle-blowers and empower them to speak up without fear. This will, in turn, help detect and deter acts of corruption and promote a culture of compliance and transparency.

At present, only a few countries have comprehensive whistle-blower protection policies. The majority tend to have a legal framework that is so fragmented that it leaves significant gaps in this respect. Jurisdictions such as the United Kingdom, the United States, France, Ireland and Italy offer specific protection to whistle-blowers against retaliation by their employers. In other countries, such as Germany, Hong Kong, Brazil and Turkey, there is no specific protection for whistle-blowers.

The more countries that adopt a particular policy in this respect, the more likely others are to follow. Potentially, the number of highly visible public scandals, such as WikiLeaks and Cambridge Analytica, will increase pressure on countries to implement safeguards for the benefit of whistle-blowers.

In this respect, the most recent move came from the European Union through the adoption of an EU-wide legislative act for uniform whistle-blower protection. Turkey is expected to follow suit soon as part of its accession track to the European Union.

What is at stake in the EU Whistle-blower Protection Directive?

On 7 October 2019, the European Union adopted the Directive (EU) 2019/1937, dated 23 October 2019, on the protection of persons who report breaches of Union law, commonly referred to as the Whistle-blower Protection Directive (the Directive).[7] The Directive entered into force on 23 December 2019, and the EU member states have two years to implement the Directive into their national law. It aims to enable confidential reporting and protect whistle-blowers against termination of employment, refusal of promotions or salary, transfer or change of workplace and discrimination. For this, it provides minimum harmonisation standards that should be adopted at the national level.

At present, whistle-blower protection varies between member states. Some have relatively high levels of whistle-blower protection in place (eg, Ireland) whereas some have practically none (eg, Cyprus).

Prior to the adoption of the Directive, the European Union had long been called to develop an EU-wide law on whistle-blower protection; however, both the European Commission and the Council of Europe were unwilling to act on those calls for several reasons.

The call for an EU law on the protection of whistle-blowers was first voiced by the European Parliament in October 2013,[8] but the Commission rejected the request on the grounds that international standards are already in place.[9] As for the Council of Europe, it appeared to have no interest in enhancing legal protections for whistle-blowers at the time.[10] However, a series of scandals that were revealed to the public by whistle-blowers (eg, WikiLeaks, Panama Papers, Cambridge Analytica and LuxLeaks) made the European Union’s need for comprehensive protection of whistle-blowers more apparent, and the Commission proposed the Directive in April 2018.

According to the Directive, the member states must ensure that the following key provisions are transposed into the national law as necessary.

Companies in scope

  • The Directive applies both to the private and public sectors. Companies located in the European Union with 50 or more employees will be required to implement internal compliance reporting channels.[11] Furthermore, all companies are required to ensure that whistle-blowers are protected against any form of retaliation.

Scope of protection

  • The Directive applies not only to employees working at the company at the time of the reporting but also to applicants who disclose breaches during the recruitment process and former workers.[12] The protection extends to volunteers, paid or unpaid trainees, contractors, subcontractors and suppliers, as well as self-employed persons, shareholders, management, and administrative or supervisory bodies.[13]
  • To protect whistle-blowers, companies will be required to refrain from any form of retaliation, including termination of employment, unjustified negative performance assessments or negative impacts on promotions or salary, transfers or changes of workplace, and harassment or discrimination.[14]

Subject matters of protection

  • The Directive refers to protecting individuals who report breaches of certain EU laws, including public procurement, financial services, products and markets, prevention of money laundering and terrorist financing, product safety and compliance, transport safety, protection of the environment, radiation protection and nuclear safety, food and feed safety, animal health and welfare, public health, consumer protection, protection of privacy and personal data, security of network and information systems, financial interests of the Union and internal market in terms of competition and taxation. [15] The protection covers only the disclosures pertaining to breaches of the EU laws and national policies setting rules beyond the minimum standards of the EU regulations. EU directives are left out of scope in this respect. [16]

Minimum standards for protection

  • Member states must require companies to establish a reporting and investigation system available to all employees and other relevant persons specified in the Directive.[17] The system can be operated internally by the company itself or externally by a third-party service provider appointed by the company. Either way, it must be designed and operated to ensure the whistle-blower’s confidentiality and prevent access to non-authorised persons.
  • The internal reporting system must allow for reporting in writing (eg, by email, by physical complaint boxes or through an online platform, whether it be on an intranet or internet platform) or orally (eg, via telephone or through other voice messaging systems). If requested by the whistle-blower, the system must enable submission of a report by means of in-person meetings.
  • Once the report is submitted, the company must confirm receipt of the report within seven days and must respond to the whistle-blower within three months of the confirmation.[18]

Three-tier reporting model

  • The Directive recommends a three-tiered reporting model comprising internal, external and public reporting channels. Internal reporting refers to reporting to the company itself; external reporting refers to making a report to law enforcement agencies or authorities outside the company; and public reporting refers to disclosure to the media.
  • According to the three-tiered model, the whistle-blower is encouraged to take the internal route first. He or she may resort to external means of reporting by taking the report to the relevant enforcement authorities, ideally following an internal reporting (or directly without prior internal reporting). If sufficient measures are not taken in the first two steps, the whistle-blower may turn to the public.

Aspects to be governed by the member states

  • The Directive provides leeway for the member states to determine certain aspects of the protection for whistle-blowers, in accordance with which different reporting systems may be set in the different member states. For instance, member states can decide whether anonymous reporting will be permitted,[19] whether subject matters of the protection will be expanded and whether protection will be extended beyond what the Directive requires.
  • Similarly, the scope of sanctions to be imposed in the event of non-compliance is left to the discretion of the member states. The member states can also implement stronger measures for whistle-blowers, such as requiring companies with fewer than 50 employees to form internal reporting channels.[20]

Prospects and challenges

Overall, the Directive is the first EU law to address the fragmentation of protection for whistle-blowers across the European Union. Although the Directive permits member states to determine certain aspects through their national laws, there is an opportunity now for member states to form or strengthen their whistle-blower protection laws by converging on the same high standards set by the Directive.

From a critical perspective, the scope of the Directive is limited to reporting breaches of certain defined areas of EU law as specified in article 2, and it only sets minimum standards owing to the limited competences of the European Union, which may not protect mere violations of national law. This may create legal uncertainty for whistle-blowers in understanding whether they are protected.[21]

For instance, article 6(1)(a) of the Directive requires whistle-blowers to have reasonable grounds to believe that the information they are reporting falls within the scope of the Directive to be qualified for protection. Given that the whistle-blower is rarely in a position to perceive the situation wholly and accurately at the time of the reporting, the Directive is not fully effective in eliminating the vulnerabilities of whistle-blowers against retaliation.[22]

Moreover, the Directive is applicable to reports of breaches related to procurement rules involving defence or security information. This may be problematic as national security whistle-blowers often suffer the most severe retaliation, which includes not only termination of employment but also criminal investigation.

Trends similar to the European Union in whistle-blower protection frameworks may emerge in Turkey given the global and regional nature of today’s businesses. This may produce extra­territorial effects and may lead to cooperation between regulators across the region. Moreover, Turkey must align its legislation with the Directive as part of its accession process to the European Union.

Legal protections for whistle-blowers in Turkey

Turkey does not have any specific legislation regarding whistle-blower protection. However, it is party to all international anti-corruption conventions, including the United Nations (UN) Convention against Corruption and the International Labour Organisation’s Termination of the Employment Convention No. C158.

Turkey’s anti-corruption legislation has been improving over the past 20 years, aligning with the international conventions and standards to which Turkey has become a party. However, article 32 and 33 of the UN Convention Against Corruption (ie, provisions on the protection of witnesses and whistle-blowers) have not yet been implemented in Turkey,[23] and there is no specific legislation for the protection of reporting persons.

There are, however, several provisions scattered across different laws prescribed under Turkish legislation that may apply to whistle-blowing cases.

UN Convention against Corruption

  • Turkey signed the Convention on 10 December 2003 and ratified it on 9 November 2006. Pursuant to article 90 of the Turkish Constitution, duly ratified international agreements have the force of law.
  • Article 33 of the UN Convention calls the signatory states to adopt appropriate measures to provide protection for whistle-blowers against any unjustified treatment for their reporting to the competent authorities.
  • The Convention still needs to be implemented fully in Turkey as no specific legislation has been enacted in this regard yet.

OECD convention and guidelines

  • Turkey is a party to the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. The Convention obliges the signatories to adopt the necessary rules and regulations to fight against wrongdoing.
  • Turkey also commits to following the OECD Guidelines for Multinational Enterprises. The Guidelines state that multinational enterprises should refrain from discriminatory or disciplinary action against employees who make reports on practices that violate the law, the Guidelines or the company’s internal policies.[24]

ILO Convention No. C158 and Labour Law No. 4857

  • Turkey ratified Convention No. C158 of the International Labour Organization (ILO) on 4 January 1995, and it entered into force 12 months after its ratification was registered as law. Pursuant to article 5 of the Convention, ‘filing of a complaint or the participation in proceedings against an employer involving alleged violation of laws or regulations or recourse to competent administrative authorities’ should not constitute valid reasons for termination.
  • Article 18 of the Turkish Labour Law No. 4857 echoes article 5 of ILO Convention No. C158. This protection is only in relation to complaints filed against employers (ie, there is no specific regulation for reporting an employee). There is no specific law protecting employees in reporting wrongdoing; however, according to Article 25 of the Law, acts abusing the employer’s trust, theft or the disclosure of confidential and professional secrets pertaining to the employer are deemed to be fair grounds for termination of an employment agreement if those acts are against the employee’s duty of loyalty.

Code of Obligations No. 6098

  • Pursuant to article 396 of the Turkish Code of Obligations, ‘employees are obliged to do their work undertaken diligently and act loyally in protecting legitimate interests of the employer’; thus, the employee should report to the employer the wrongdoing he or she witnessed of another employee, in accordance with the duty of loyalty, if he or she witnesses any wrongdoing at the workplace.

Criminal Code No. 5237

  • Articles 278 to 284 of the Turkish Criminal Code prescribe penalties for failing to report crimes. Any person who fails to report an offence in progress to the relevant authority will be sentenced to a penalty of imprisonment for a term of up to one year. Any person who fails to notify the relevant authority of any offence that has already been committed, but where it is still possible to limit its consequences, will also be sentenced to a penalty of imprisonment for a term of up to one year.
  • There is also an effective remorse mechanism (a type of leniency) under the Criminal Code that provides for either a reduction in the penalty or full immunity. This mechanism applies for certain crimes as prescribed in the Code, such as bribery and money laundering.
  • In respect of bribery, if the perpetrator, participant, intermediary or accessory to a crime reports it to the authorities before the law enforcement bodies become aware of it, that person will not be subject to any punishment for bribery.
  • In respect of money laundering, there is no punishment for a person who helps the law enforcement bodies seize the assets that are the subject of a crime or reports their location before the commencement of criminal proceedings.

Law No. 4054 on protection of competition

  • There is a leniency application mechanism for cartel cases under the Turkish competition law regime. In addition to Law No. 4054, the Regulation on Active Cooperation for Detecting Cartels and the Guidelines on the Clarification of the Leniency Regulation specify the details of the leniency mechanism. Accordingly, the leniency programme is only available for cartelists (ie, it does not apply to other forms of antitrust infringement). A cartelist can apply for leniency until the investigation report is officially served. Depending on the application order, there may be full immunity from, or a reduction of, the fine.


  • Whistle-blowers who report tax evasions can be awarded up to 10 per cent of the tax imputed, and those who report the smuggling of goods or drugs can be awarded up to 25 per cent of the value of the smuggled goods or drugs.
  • In addition, the Regulation on the Awards to be Granted to Whistle-blowers Who Help with Revealing Terror Crimes, Collecting Evidence or Catching Offenders provides for the granting of a financial incentive to whistle-blowers who report terrorist organisations.
  • The only legislation specifically granting legal protection to whistle-blowers is Law No. 5726 on witness protection, which applies only to people who have provided testimonies during criminal proceedings and certain relatives.


Turkey has plenty of room for whistle-blower protection and requires a single legal structure for this, as opposed to a piecemeal approach, to ensure effective implementation. With the globalisation of anti-corruption legislation (eg, the US Foreign Corrupt Practices Act and the UK Bribery Act), it is critical to look at whistle-blowing on a global basis, given the nature of today’s businesses.

Given that Turkey is an acceding country to the European Union and, accordingly, that many of Turkey’s regulations are akin to, and closely modelled on, the EU regulations (eg, antitrust, data protection and privacy), the adoption of the Directive may encourage the Turkish legislative body to adopt similar rules for whistle-blower protection. Furthermore, Chapter 23 (Judiciary and Fundamental Rights) for Turkey’s accession to the European Union requires Turkey to implement whistle-blower protection.

The European Commission’s 2020 Turkey Progress Report[25] emphasises that Turkey’s ‘legal framework on whistle-blower protection still needs to be aligned with the new EU acquis on this issue’. During the negotiation process for Turkey’s accession, Chapter 23 carries special importance for Turkish authorities as it has been emphasised in the Ministry of Justice’s Judicial Reform Strategy.[26] As a result, once the transposition process of the Directive is complete in the member states, it can be reasonably expected that Turkey will follow suit (sooner or later) as part of its accession track to the European Union.

Alternatively, the Directive may accelerate Turkey’s implementation process, together with the commitments Turkey has made in respect of whistle-blower protection under the aforementioned UN and OECD conventions.


[1] United Nations Office on Drugs and Crime, ‘United Nations Convention Against Corruption’, 2004.

[2] Turkey completed the ratification procedure on 9 November 2006, together with the Ratification Law No.5506, dated 24 May 2006.

[3] Eduard Ivanov, ‘Overview of Anti-Corruption Compliance Standards and Guidelines’, International Anti-Corruption Academy, 2019.

[4] Group of Twenty (G20), ‘High-Level Principles for the Effective Protection of Whistle-blowers’, 2019.

[5] G20 Anti-Corruption Action Plan, ‘Protection of whistle-blowers: Study on whistle-blower protection frameworks, compendium of best practices and guiding principles for legislation’, 2010.

[6] International Chamber of Commerce, ‘Guidelines on Whistleblowing’, 2008.

[7] Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law.

[8] European Parliament, ‘Resolution on Organised Crime, Corruption and Money Laundering: Recommendations on Action and Initiatives to be Taken’, (2013/2107(INI)), 23 October 2013, point 14.

[9] Nikolaj Nielsen, ‘EU-Wide Whistle-blower Protection Law Rejected’, EU Observer, 23 October 2013:

[10] Transparency International, ‘Whistleblowing in Europe: Legal Protections for Whistle-blowers in the EU’, 5 November 2013, p. 48.

[11] For companies with 50 to 249 employees, this obligation will not apply until 17 December 2023.

[12] Article 4 of the Directive.

[13] Ibid.

[14] Articles 19 to 20 of the Directive.

[15] Article 2 of the Directive.

[16] Article 1 of the Directive.

[17] Article 4 of the Directive.

[18] Article 9 of the Directive.

[19] Article 6(2) of the Directive.

[20] Article 8(7) of the Directive.

[21] Transparency International, Building on the EU Directive for Whistle-blower Protection Analysis and Recommendations, 2019:

[22] Ibid.

[23] Transparency International Turkey and the UNCAC Coalition, ‘Enforcement of Anti-Corruption Laws: Turkey’, 2015:

[24] OECD, Guidelines for Multinational Enterprises, section II, General Policies, 14.

[26] Ministry of Justice, ‘Judicial Reform Strategy’, May 2019:

Unlock unlimited access to all Global Investigations Review content