Decision making within companies or by employees that crosses legal lines will face clearer exposure and stronger chances of detection and sanction. Law No. 2/2023, which transposes a European directive, requires organizations with more than 50 employees to provide a channel for reporting conduct that violates regulations. The system also accepts anonymous complaints, allowing any member of the workforce to raise concerns without revealing identity.
Thus, the objective is to push companies toward heightened vigilance to deter illegal behavior that could damage the organization, under the threat that an investigation may be opened based on such complaints. Of course, there are potential legal consequences if the disclosed facts prove to be true.
In the Alicante area, there will be approximately 720 companies required to implement this anonymous reporting system once they surpass 50 workers. Those with more than 250 employees, about 94 firms, must take action by June 13 of the current year. The remaining affected entities have until December 1 to comply.
Industry days are already being organized to address the topic. Recently, the Elche and District Business Circle teamed with Grupo Asesor Ros to host a briefing designed for business leaders and managers.
As a reminder, Alexander Perez, a partner at the overseeing consultancy, highlights that the key novelty is the whistleblower channel itself. This is unlike generic compliance plans that simply promise adherence to rules; the reporting channel is now mandatory and legally binding.
Along with the formal mechanism for employees to submit reports, typically via a dedicated web page, each affected company must establish a procedure to handle complaints and appoint a responsible person to coordinate reporting with the new Independent Whistleblower Protection Agency. Confidentiality must be preserved, and in appropriate cases the identity of the complainant should remain anonymous.
This requirement is the most controversial aspect. It opens the possibility that unfounded complaints could be filed by colleagues or competitors for personal reasons or revenge, creating potential friction within teams. Perez warns that the regulation could be seen as a modern instrument of scrutiny that may feel invasive to some. He notes that individuals can report someone nearby even without proof, which raises concerns about fairness and due process.
Planeta Huerto adopts a penalty compliance framework with Devesa & Calvo to illustrate how these rules are applied in practice. Juan Jose Cortes from Devesa & Calvo explains that the internal information system owner must receive proper training and follow clear criteria when deciding whether a complaint merits processing. If the matter concerns a personal dispute, or if the disclosed facts are evidently inaccurate or simply reflect a preference for a different course of action, the report may be rejected.
Complaints may target individuals involved in wrongdoing within the company, such as embezzlement, or the company itself if there is a belief that the responsible person acted unlawfully while avoiding tax. Any act contrary to European Union law or any serious offense is within the scope of the system, as is the potential damage to public finances.
As soon as indications arise that a reported issue might constitute a crime, the matter should be referred to the public prosecutor for action. It is important to note that Spanish law recognizes criminal liability for legal entities, so a company can be held responsible alongside the individuals involved.
In addition, the new framework extends to political parties, trade unions, business associations, and their foundations that handle public funds. Firms that fail to establish an anonymous reporting channel face substantial penalties, ranging from six hundred thousand to one million euros. The law permits the management of these internal information systems to be entrusted to an external third party, provided that independence, confidentiality, data protection, and the confidentiality of communications are guaranteed. This shift is described as a turning point by Alejandro Perez, a partner at Grupo Ros Asesores, who emphasizes the greater effort companies will invest to ensure full compliance with the legislation.