Anyone reporting a breach of rules within a company is not automatically protected. And anyone who, as a compliance officer, mishandles a report risks their own job. Five recent rulings from the years 2024 to 2026 make it clear: The Whistleblower Protection Act (HinSchG) only applies if specific conditions are met.
The Heraeus Case: A Wake-Up Call for Compliance Officers
In November 2025, the Offenbach Labour Court ruled that both the Compliance Officer and the General Counsel of the Heraeus Group could be effectively terminated with ordinary notice. The trigger was a whistleblower report concerning manipulated quantity data and potential financial offences within a group subsidiary.
In the court's opinion, several duties were breached. The parties deviated from their own procedural rules and excluded group audit, even though internal guidelines provided for their involvement. Furthermore, individuals against whom the tip-off itself was directed were included in the investigation team. The court also assessed the response to the whistleblower as partly incorrect. Ultimately, it considered the trust relationship to be „irreparably destroyed“.
The case highlights how sensitive it is to handle internal reports. Even procedural errors can have significant consequences. The judgements are not yet legally binding; the Hessian State Labour Court will have to decide in the next instance.
Further current rulings show: protection only with the right prerequisites
Besides the Heraeus case, four other decisions have sharpened the picture in case law.
In one case, the Federal Labour Court clarified: protection only begins with the actual report. Those who are only aware of a potential violation but have not yet made a report are not yet protected.
Another procedure relating to Volkswagen highlights the importance of timing and reporting channels. Reports submitted before the HinSchG (Whistleblower Protection Act) came into force or to an inappropriate reporting office jeopardise protection.
Even a probationary compliance officer received no protection because the alleged violation was not explained with sufficient plausibility. Another case made it clear: supervisors are not automatically reporting channels within the meaning of the HinSchG.
The Higher Labour Court of Hesse ruled in favour of the whistleblower. An instruction to cease contact with one's own lawyer can be a prohibited act of retaliation.
This shows that whistleblower protection often hinges on formal, but crucial, points
- Was this the correct reporting channel?
- Did the notification take place after 2 July 2023?
- Is the connection between reporting and disadvantage plausibly demonstrated?
Those who do not observe these points risk losing protection under the HinSchG.
What companies should fundamentally examine now
The judgments provide clear indications of where action is needed:
- Reporting office and clarify procedure: Employees must know where on which channel they can report feedback. The internal reporting office must be clearly named and separated from regular reporting lines.
- Living processes for real Internal regulations are only helpful if they are also applied. The Heraeus case shows what happens when this is not the case.
- Knowing the temporal scope The HinSchG only applies to reports from 2 July 2023. Older reports are generally not covered by the protection scope, although the reported incident may still have occurred before 2 July 2023.
- Ensure open communication: Communication with whistleblowers should be open and careful. Pacifying or inaccurate answers can have legal consequences.
Conclusion: Whistleblower protection needs clear processes
The HinSchG It does not create automatic security. The courts meticulously examine whether the reporting channel, timing, presentation, and connection are correct.
For companies, this means: A whistleblowing system should not just exist in name only. It must clearly outline reporting channels, responsibilities, and procedures so that reports can be reliably investigated and managed in a timely manner.
The full legal review by Patrick Späth and MMichael Widmann in the CCorporate Compliance Journal (CCZ) 4/2026 shows which mistakes companies should avoid and what requirements courts specifically make.
Here you will find the Legal processing: ”What compliance officers need to know now”
This blog post was inspired by the specialist article by lawyer Patrick Späth, LL.M. (King's College London) and attorney Michael Wiedmann, published in the Corporate Compliance Zeitschrift (CCZ) 4/2026, pages 82–87.