On May 4, 2023, the Law on the Protection of Whistleblowers or Publicly Disclosing Information on Violations entered into force in Bulgaria, in fulfillment of the obligation to transpose Directive (EU) 2019/1937 of the European Parliament and the Council of October 23, 2019 d. The law represents an important step towards strengthening transparency and the fight against corruption in various sectors of society.

What does this mean for Bulgarian fintech companies?

From May 4, 2023, Bulgarian fintech companies must:

  • implement an internal whistleblowing system, including designating an employee(s) or unit to receive and review reports, and follow-up on them.
  • provide clear and accessible information about the rules and conditions for reporting irregularities to company employees and to all persons who may learn and report violations in a work context.
  • submit regular reports to the Commission for Personal Data Protection – the central authority for external whistleblowing, which also has methodological and control functions by law.
  • subject to control and pecuniary sanction in case of non-fulfillment of obligations by law. The sanctions are as follows:
    • Companies: from BGN 5,000 – 20,000 for companies
    • Persons responsible for receiving and checking signals – 400 to 4000 BGN
    • For a representative of the employer – from BGN 2,000 to BGN 8,000.

The solution: Confidential Reporting System 

The platform provides a ready-made solution for introducing an internal channel for reporting signals, in accordance with the requirements of the Directive and Bulgarian legislation.
Fintech Explained Vol. 4.1 will pay special attention to the blockchain-based solution prepared by Happy Company (BFA member) and Transparency International Bulgaria – Confidential Reporting System.

About the event

Date: September 20, 2023


Kalin Slavov – Executive Director of the Association “Transparency without borders.”
Ilia Hristov – Executive Director of Happy Company EOOD.

Location: Entract 127, Google Maps

Start time: 6:30 p.m.

Free registration

More about the Whistleblower Protection Act

The law covers a variety of employers and sectors and aims to provide protection to persons reporting violations through an internal whistle-blowing channel, an external channel or publicly disclosing information about violations of Bulgarian legislation and acts of the European Union in the areas specified in the Law.

 Among the employers who are obliged are: 

  • Employers in the public and private sectors, including financial institutions.
  • Private sector employers with 50 or more employees.
  • Private sector employers, regardless of the number of employees, if their activities are related to EU legislation, especially in the area of financial services, products and markets, as well as the prevention of money laundering and terrorist financing.

This broad scope ensures that breaches of EU law can be flagged and detected in a timely manner, regardless of the sector in which they occur.

Obligations of employers:

The law requires employers to create a system and rules for submitting reports through an internal channel, to accept reports of violations or risk of violations, to check the received reports, to process them and to take follow-up actions within the deadlines regulated by law.


The law prohibits any form of harassment, retaliation or threats against the whistleblower.

Controlling authority:

The law provides for the Commission for Personal Data Protection as a supervisory authority that will monitor compliance with the regulations and impose sanctions in case of violations.

Dates of entry into force and control:

04 May 2023 – The law and the duty to comply come into effect

  • Obliged persons – employers with more than 250 employees, are subject to verification

17 December 2023

  • Obliged persons – employers with fewer than 250 employees are subject to inspection