Internal Reporting Office (Section 12 HinSchG)
Mandatory whistleblower reporting office for 50 or more employees
TL;DR
An internal reporting office under Section 12 of the German Whistleblower Protection Act (HinSchG) is the organizational unit of a company that receives and processes reports of violations. Mandatory for all employers with 50 or more employees. Sector-specific rules (banks, insurers) apply regardless of size. Three mandatory reporting channels: in writing, orally, and in person on request.
What is the Internal Reporting Office (Section 12 HinSchG)?
Under Sections 13-15 HinSchG, the internal reporting office must:
- Make all three channels available (written, oral, in person)
- Process anonymous reports — mandatory since 01.01.2025 (Section 16 (1) sentences 4-6)
- Acknowledge receipt within 7 days
- Provide feedback within 3 months
- Maintain confidentiality (Section 8) — identity protection also within the corporate group
- Enforce the prohibition of retaliation (Section 36) for all whistleblowers
- Ensure the expertise of the reporting office officer (Section 15 (2))
Note: Section 22 HinSchG governs the external reporting office at the Federal Cartel Office (competition law / DMA) and not an audit obligation for companies. An annual effectiveness self-review of the internal reporting office is best practice (NOT a statutory obligation); see Audit Obligation (HinSchG) — clarification.
Practical example
Practical setup: - Reporting office officer appointed (letter of appointment) - Rules of procedure documented - Reporting channels: web form (written/anonymous), telephone hotline, email address - Training of the reporting office officer pursuant to Section 15 (2) (typically 8 teaching units) - DPIA and ROPA entry for the processing - Notice/intranet information for the workforce