Download one of our guides on the LkSG, EUDR, CSRD & sustainability now Learn more →
lawcode Logo
DEDE
Test now Personal demo
Test now Personal demo
Whistleblower system

Legally compliant reporting system that creates trust
GDPR-compliant and ISO 27001 certified.

From anonymous reporting to case processing and timely feedback: The whistleblower system digitizes your entire whistleblowing process, legally compliant with the HinSchG, EU Whistleblower Directive and LkSG complaints procedure.

HinSchG compliant
30+ Languages
End-to-end Encrypted
📋 Case management ⏱️ Deadline control ⚙️ Configurable workflows ☰ Configurable forms 🎨 Own branding / white label 🌐 Bring your own domain

Request a free live demo

Experience the whistleblower system module in action

Free & non-binding · No sales pressure

The challenge

What the Whistleblower Protection Act means for your company
and why e-mail is not enough

Since July 2023, companies with 50 or more employees must set up an internal reporting office. Those who fail to act risk fines.

Case processing & data protection

Whistleblowers should be able to make personalized or anonymous reports, but it must still be possible to communicate back. It is practically impossible to present the entire case history transparently by e-mail or letterbox.

Deadlines & feedback obligations

The HinSchG requires a confirmation of receipt within 7 days and a response within 3 months. Without a system, you will quickly lose track of current deadlines.

Protection from reprisals

Your process must ensure that whistleblowers are not disadvantaged. Without clear documentation of the protective measures, there is no proof for the authorities.

Legal requirements

All HinSchG obligations in one platform

The whistleblower system covers all requirements of the Whistleblower Protection Act, the EU Whistleblower Directive and the LkSG complaints procedure.

Internal message channel

Secure, digital channel for anonymous, pseudonymous and named reports.

Anonymity guaranteed

Fully GDPR-compliant return communication without disclosing identity.

Protection against reprisals

Documented protective measures for whistleblowers in accordance with the HinSchG.

Deadline control

Automatic reminders for 7-day confirmation and 3-month feedback.

Case management

Structured processing, triage and complete documentation of all cases.

Training & sensitization

Training tools and templates for internal communication on the reporting channel.

Workflows

Create or customize existing workflows according to your needs.

LkSG complaints procedure

Receive complaints at the same time, in accordance with the LkSG.

Personal demo

Enter messages

Record messages securely and easily, anonymously or by name

Whistleblowers can submit a report within a few minutes using a clearly structured form, completely anonymously. Once submitted, they receive login details to check the status, write messages and upload additional files at any time.

  • Anonymous, pseudonymous or named reporting possible
  • Login data after submission for secure return communication
  • File upload for receipts, screenshots and documents
Hintbox — Create Report (Simplified View)
🔒 Anonymous Pseudonym Named
Compliance Violation ▾
Main Entity GmbH ▾
Please describe the incident in as much detail as possible...
📎
Drag files here or click
Submit report Save draft

Dashboard & key figures

Precise insights with customized dashboards

Maintain an overview with customizable dashboards that show you all relevant key figures in real time. Open deadlines, case categories and processing times, all at a glance.

  • Real-time overview of all cases, deadlines and processing status
  • Automatic deadline warning for approaching 7-day and 3-month deadlines
  • Reporting functions for compliance reports and audits
Dashboard — Compliance Overview (Simplified View)
27
Total
1
Urgent
2
Deadline approaching
85%
Resolved
Reports by Category
Compliance
Data Protection
Fraud
Security
Other
⏱️
Deadline warning: Case #HB-046
3-month deadline expires in 8 days

Case processing

Efficient case handling thanks to clear process steps

All necessary processing steps are clearly documented and the progress of previous interactions can be traced at any time. The integrated triage system automatically prioritizes incoming cases.

  • Automatic triage: cases are prioritized and categorized
  • Processing steps, responsibilities and deadlines clearly structured
  • External persons (e.g. ombudsperson) can be involved in processing
Case Management — #HB-047 (Simplified View)
Suspected data protection violation
Anonymous · Received: 07.03.2026 · Priority: High
Urgent
1
Acknowledgment of receipt sent
Automatic · 07.03.2026, 14:32
2
Triage & Categorization
System: Data Protection · Priority: High
3
Review facts
Assigned: K. Meyer (DPO)
⏳ Active
4
Define measures
Document remedial measures
Pending
5
Feedback to whistleblower
Deadline: 07.06.2026 (3 months)
Pending

Flexible forms

Customize registration forms to your individual needs

Customize the forms with easily configurable templates. Groups can create additional companies, whistleblowers can select the company in question. You can control access rights granularly.

  • Drag-and-drop form editor for individual fields
  • Multi-companies: Groups map all subsidiaries
  • Granular access rights for managers and editors per company
Form Editor — Configuration (Simplified View)
Form fields Entities Permissions
⋮⋮
Type of Violation
Dropdown · Required field
Active
⋮⋮
Entity
Dropdown · Required field
Active
⋮⋮
Description
Text field · Required field
Active
⋮⋮
File Upload
File attachment · Optional
Active
⋮⋮
Department (optional)
Dropdown · Optional
Inactive
+ Add field

AI-supported titles & summary (optionally available)

Every message immediately to the point, automatically via AI

The AI analyses incoming messages and automatically generates a precise title, a structured summary and a categorization with relevant tags. Processors immediately receive a clear overview without having to read the entire message.

  • Automatic title and summary from the message text
  • Categorization by violation type, priority and department
  • Confidence score and manual transfer with a click
#HB-047 · Anonymous · Data Protection
Urgent
AI Title & Summary
↻ New ✓ Apply
Generated Title
Unauthorized access to customer data via third-party integration
⚖ Data Protection · DSGVO Art. 32, 33
Summary
Via a CRM third-party interface personal customer data is accessible without access control. Affected: Contact details and payment information of approximately 12,000 customers since January 2026.
Data Protection Violation High Priority IT Department ~12.000 Affected Parties
AI Confidence
92 %

AI-supported status summary (optionally available)

Current case status and next steps at a glance, summarized by AI

The AI summarizes the current processing status of each case in easy-to-understand language. Process steps, open tasks, deadlines and responsibilities are clearly displayed so that no detail is lost.

  • AI-generated summary of the current case status
  • Process progress with completed and open steps
  • Automatic task list with deadlines and responsible persons
#HB-047 · Data Protection Violation
In Progress
AI Status Summary
Case in Fact-finding Review (Step 3/5). K. Meyer is reviewing the CRM interface. 3-month deadline expires on 07.06.2026 — remaining 92 Days.
Acknowledgment of Receipt
07.03. · 7-day deadline ✓
Triage & Categorization
Data Protection · Priority High
3
Review facts
K. Meyer is reviewing CRM access
4
Define measures
5
Feedback to whistleblower
Open Tasks
Send acknowledgment of receipt
Request CRM access log
Deadline: 14.03. IT Team
Review Art. 33 notification obligation
Deadline: 21.03. K. Meyer
Progress
40 %

AI-supported anonymization (optionally available)

Automatically recognize and mask personal data

The AI automatically recognizes persons, organizations, locations and dates in reports and replaces them with neutral placeholders. This allows cases to be forwarded in compliance with data protection regulations without disclosing sensitive information.

  • Automatic recognition of names, companies, locations and dates
  • Before and after view with color-coded marking
  • Entity mapping only visible to authorized editors
#HB-047 · AI Anonymization
↻ Retry ✓ Apply
AI Anonymization
3
Persons
2
Organizations
1
Locations
2
Dates
Original Text
Anonymized
Since the CRM integration of Fiktions GmbH in January 2026 customer data has been accessible. Thomas Berger (IT) brought it to my attention. Report to Dr. Kathrin Schulz on 28.02.2026 — without response.
Since the CRM integration of [UNTERNEHMEN-1] in [ZEITRAUM-1] customer data has been accessible. [PERSON-1] (IT) brought it to my attention. Report to [PERSON-2] on [DATUM-1] — without response.
Entity Mapping (editors only)
Thomas Berger [PERSON-1] Person
Dr. Kathrin Schulz [PERSON-2] Person
Fiktions GmbH [UNTERNEHMEN-1] Org
January 2026 [ZEITRAUM-1] Date
28. February 2026 [DATUM-1] Date

AI-supported remedial measures (optionally available)

Appropriate measures proposed, prioritized and with legal basis

Based on the case analysis, the AI proposes concrete remedial measures, prioritized by urgency. Each measure includes responsibilities, timeframes and the relevant regulatory basis so that your team can act immediately.

  • Prioritized measures from immediate to long-term
  • Regulatory references (e.g. GDPR Art. 32, 33, 35)
  • Direct takeover as tasks in case management
#HB-047 · AI Remedial Measures
Apply Selected
AI Remedial Measures · Based on Case Analysis
Immediate Measures
1
Block CRM third-party API access
Immediately DSGVO Art. 32
👤 IT security · ⚡ Risk –High
2
Review Art. 33 notification to supervisory authority
72 hrs DSGVO Art. 33
👤 DSB / K. Meyer · ⚡ Risk –High
Short-term (1–2 weeks)
3
Forensically analyze access logs
14 Days
👤 IT Forensics · ⚡ Risk –Medium
Medium-term (1–3 months)
4
Zero-trust access control for third-party APIs
8 Weeks
👤 IT Architecture · ⚡ Risk –High
Long-term (3–6 months)
5
DPIA for all third-party integrations
6 Months DSGVO Art. 35
👤 DSB / Legal · ⚡ Risk –Medium
~85 %
Risk Reduction
~6 Mo.
Total Duration
~12.000
Affected Parties
3 / 5 Measures selected Create as Tasks →

AI-supported Executive Summary (optionally available)

Overall picture of all reports (risks, trends and recommendations for management)

The AI evaluates all reports for a period and creates an executive summary with KPIs, trend analyses and identified risk areas. The management receives prioritized recommendations for action based on the overall reporting situation.

  • KPI dashboard with notification volume, resolution rate and processing time
  • Automatic detection of systemic risk areas
  • Prioritized recommendations with expected risk reduction
Q1 2026 · All Entities
PDF Export Send to CEO
AI Executive Summary · Overall Assessment
27
Reports
↑ +8 vs. Q4
4
Open
↑ +2
85%
Resolved
↑ +5%
18T
Avg. Processing
↓ –4 Days
Increase in data protection reports (+60%) correlates with new third-party integrations. 3 of 4 open cases involve IT security — indicating systemic deficit in supplier due diligence. All legal deadlines met.
Reports by Category
Data Protection
10
10
Compliance
7
7
Fraud
5
5
Security
3
3
Other
2
2
Risk Areas
🔐 Third-party Data Critical
Insufficient access controls for external integrations.
4 Cases · Trend ↑
📋 Procurement High
Suspected order splitting to circumvent thresholds.
3 Cases · Trend →
Recommendations to Management
1
Immediate audit of all third-party integrations
Security review of all API connections and missing DPAs.
↓ –60%
2
Revise procurement policy
Four-eyes principle from €10,000 and automatic split detection.
↓ –40%
3
Mandatory data protection training for all departments
E-learning for employees with access to external systems.
Prevention

Your advantages

More than just a reporting channel
Compliance infrastructure that creates trust.

A platform that combines the HinSchG, EU Whistleblower Directive and LkSG complaints procedure in one system.

Anonymity / Personalized

Whistleblowers can optionally communicate without revealing their identity, with login data for secure feedback communication and status updates.

Automatic deadlines

7-day confirmation and 3-month confirmation are monitored automatically. No more missed deadlines.

30+ languages

Reporting channel available in over 30 languages, with automatic translation function for international teams and suppliers.

White Label

Law firms, consultants and partners offer the system under their own name, fully customizable.

Multi-companies

Groups map all subsidiaries. Access rights and case allocation can be controlled for each company.

DSGVO & ISO 27001

Hosting in Germany, ISO 27001 certified and fully GDPR-compliant. Highest security standards.

Frequently asked questions

FAQ about the module

With the whistleblower system, you can implement the requirements of the EU Whistleblower Directive and the national implementation laws (HinSchG) within a few minutes. The system enables optimal case management with a clear dashboard. A separate, clearly structured form is available for whistleblowing, which can be completed in just a few minutes, completely anonymously.

The EU Whistleblower Directive obliges companies with 50 or more employees. However, the whistleblower system can be used regardless of the number of employees, including for legal entities in the public sector, ombudspersons and groups with several subsidiaries.

As a partner, you can offer the whistleblowing system with your logo and name to your clients and customers as an extended service package. The solution is suitable for lawyers, tax consultants, auditors, data protection officers and compliance consultants.

The costs depend on the number of employees and start from €69 net per month for the premium package.

Yes, with the whistleblower system, legal entities in the public sector fulfill the requirements of the EU Whistleblower Directive. Public authority employees and citizens can report irregularities and breaches of the law via the digital system, even anonymously.

Attention: Fines for missing reporting channel

Companies with 50 or more employees that do not set up an internal reporting channel risk fines. The obligation has been in force since July 2023, act now.

Prepare now

Is your reporting channel ready?

See in 30 minutes how the whistleblowing system covers anonymous & personalized reporting, case management and deadline control for your company and how quickly it can be set up.

Free live demo in 30 min Start trial version now

Eine Plattform, alle Regulierungen.

Entdecken Sie die Module der lawcode Suite für rechtssicheres Compliance- & ESG-Management.

Lieferanten-Risikomanagement

Lieferantenrisiken erkennen, bewerten und aktiv steuern, über die gesamte Wertschöpfungskette hinweg.

Entwaldungsverordnung

Geodaten erfassen, Sorgfaltserklärungen erstellen und Entwaldungsfreiheit lückenlos nachweisen.

Nachhaltigkeitsreporting

Nachhaltigkeitsberichte ESRS-konform erstellen – strukturiert, auditierbar und fristgerecht.

Hinweisgebersystem

Sichere, anonyme Meldekanäle bereitstellen – gesetzeskonform und vertrauenswürdig für alle Beteiligten.

Freigaben & Genehmigungen

Geschenke, Einladungen und Freigaben digital erfassen und revisionssicher genehmigen lassen.

Compliance-Schulungen & LMS

Compliance-Schulungen zuweisen, durchführen und dokumentieren – mehrsprachig und nachweisbar.

Richtlinien-Management

Policies zentral versionieren, verteilen und die Kenntnisnahme risikofrei verwalten.