The EU Whistleblowing Directive: An Opportunity for (Operationalizing) Corporate Human Rights Grievance Mechanisms?

Despite being an internationally accepted corporate social responsibility framework, the United Nations Guiding Principles on Business and Human Rights have not managed to provide victims of corporate human rights violations with access to remedy. The European Commission has announced plans to introduce an EU-level human rights due diligence directive which may include corporate grievance mechanisms. This article considers potential synergies between the planned directive and the mechanism laid down in the Whistleblowing Directive. Three issues are highlighted. First, stakeholders usually face retaliation after making a complaint about human rights abuses in a company’s operations. By setting formal levels of protection against retaliation, the Whistleblowing Directive offers a regulatory framework to change this reality. Second, conducting effective human rights due diligence must be based on meaningful consultation with all relevant stakeholders. If companies approach this issue in a top-down manner using auditing firms, they risk non-compliance with human rights due diligence requirements. Therefore, the legislation should include corporate grievance mechanisms to match remedies with victims’ expectations. Third, in terms of corporate grievance mechanisms, victims often lack resources to participate in them in a fair and respectful manner. This requires EU Member States to use their legislative power to lay down regulations that effectively enhance cooperation and coordination with independent monitoring bodies. To enhance the development as to access to remedy, the Whistleblowing Directive offers synergies through which to achieve greater accessibility, transparency, and victim empowerment. Corporate grievance mechanisms, facilitated by the Whistleblowing Directive, could take this a step further.


Introduction
Many corporate scandals in recent years, from the Panama Papers to Dieselgate and Cambridge Analytica, have come to light owing to people who have spoken up. Whistleblowers have an important role in disclosing information about wrongdoing inside organizations and companies in both the public and private sector that can seriously harm the public interest. It is estimated that corruption alone costs the EU economy 120 billion euro per year. 1 In this context, the European Commission has introduced essential components for effective and balanced rules to protect whistleblowers. 2 EU Member States have until the end of 2021 to pass a law that brings national legislation into line with the standards laid down in EU Directive 2019/1937 3 (the 'Whistleblowing Directive'). Consequently, there will be debate on corporate responsibility in terms of compliance with law. The reasoning behind this legal development has similarities to that applying to moves to increase corporate responsibility towards respect for human rights. Despite the increasing demand to shift from a voluntary corporate social responsibility (CSR) approach to smart mix regulation with binding legislation, 4 and from reporting duties (increasing transparency) to conducting due diligence, little concrete action has yet been taken to bolster the remedies available in the event of non-compliance with mandatory human rights due diligence (HRDD). Being the key concept of legislation, HRDD requires companies to take appropriate prevention means to avoid salient human rights risks, to create suitable whistleblower/grievance mechanisms (as part of remedial actions), to ensure that remedial actions occur after human rights abuses, and to document and report the measures taken. 5 Lack of effective regulation of employment and recruitment agencies, and low barriers to entry into the business has allowed unscrupulous companies to proliferate and to maintain poor labor practices and possible involvement in human trafficking and other serious human rights abuses through criminal organizations. 6 The report of the European Union Agency for Fundamental Rights (FRA) concludes that tackling labor exploitation requires that victims should be encouraged to report severe labor exploitation to labor inspectors or the police. This can be facilitated with the help of support organizations, trade unions and lawyers. 7 Moreover, FRA views that, to end the impunity, besides reporting situations of severe labor exploitation, workers should be offered sufficient protection. As for migrant workers in the EU, Member States should ensure that law enforcement is conducted in full compliance with human rights standards and does not prevent access to justice for exploited workers and foster impunity for exploitative employers. 8 As for remedy, EU Member States should ensure that such victims receive back payment for wages, damages and other compensation through the swift enforcement of judgments. 9 According to a recent study, the number of companies that provide people who have suffered harm in this area with a remedy is extremely low (6.9%). 10 To level the playing field and to increase leverage on supply chains in third counties, the European Commissioner for Justice Didier Reynders has stated that the Commission will introduce a legislative initiative on mandatory human rights and environmental due diligence obligations for EU companies in 2021. 11,12 Although it seems that EUdomiciled companies may be required to conduct HRDD sooner than anticipated, there is a real danger that without mitigation of and the provision of remedies for human rights breaches HRDD may become an ex ante endeavor in which companies try to conduct flawless sustainability reporting. However, plenty of mistakes may occur before HRDD is sufficiently conducted because it may be a novel exercise for a vast number of companies. 13 Consequently, laying down another obligation to establish corporate grievance mechanisms (CGMs) to mitigate and remedy human rights-related complaints may prove challenging. Companies may even regard CGMs as no more than an additional administrative burden. This article argues that this is an oversimplified perception.
The remedy pillar of the United Nations Guiding Principles on Business and Human Rights (UNGPs) comprises various mechanisms. 14 The evidence shows that for the time being judicial mechanisms still face several barriers, such as conflict of laws, statutes of limitations, etc. 15 Moreover, the costs of proceedings, in particular, can appear enormous: hiring a lawyer, obtaining experts' opinions, and the risk of having to pay the winning party's costs can even lead to a situation where the victim's costs cannot be recovered even after winning a case. 16 In addition, victims may face retaliation in the form of what is known as a 'strategic lawsuit against public participation' (SLAPP), a technique used by some companies against victims. In the absence of anti-SLAPP legislation, SLAPP lawsuits are increasingly used to silence individuals and organizations and set another barrier to access to justice through judicial mechanisms. 17 If the EU's HRDD directive is based on the UNGPs, as it arguably should be, remedial mechanisms will indisputably have a role to play in it. In view of the financial and legal challenges sketched above, there is a demand for innovative, lowhanging fruit approaches to access to remedy, such as CGMs. In order to engage 8 FRA (2018), p 8. 9 FRA (2019), p 92. 10 Gregor and Houston (2020). 11 European Parliament Working Group on Responsible Business Conduct (2020). 12 Business and Human Rights Resource Centre (2020). 13 Depending on the scope of HRDD law. 14 See discussion of the UNGP structure at 2.1. 15 European . 16 FRA (2020), p 73. 17 Ibid.,p 10. in meaningful dialogue with rightsholders, the Whistleblowing Directive may offer certain synergies in relation to the HRDD directive that make it easier for companies to set up CGMs. This article argues that various structures from which CGMs could benefit could be established on the basis of the Whistleblowing Directive. A wider question remains as to how the Directive's whistleblowing mechanism may assist the design of the HRDD directive. Before addressing these issues, it is necessary first to assess the current situation in terms of companies' (operational) grievance mechanisms and their shortcomings.
The article is organized as follows. First, it assesses the current potential of CGMs and the likely impediments to them. Second, it introduces the Whistleblowing Directive, whistleblowing in the corporate context and why it matters for business. Third, it argues that whistleblowing may be beneficial for the implementation of CGMs, while pinpointing both the potential benefits and problems with such synergy.

The UNGPs' Missing Link: Lack of Institutionalization and Implementation of CGMs
Although the negative aspects of business activities, including child labor, land logging without communities' permission and illegal discrimination against workers, have received wide public attention, victims often remain without a remedy. This means that an aggrieved party will not be placed 'in the same position as he or she would have been in had no injury occurred'. 18 However, the 'right to an effective remedy' is a universally recognized principle of international human rights law. 19 It is also a bedrock principle of the UNGPs, a soft law instrument that has emerged as the leading framework to address the incorporation of human rights into business activities. The UNGPs comprise three pillars: (1) the state duty, which means states must protect human rights within their territory by taking appropriate steps to prevent, investigate, punish and provide redress for human rights abuses; 20 (2) the corporate responsibility to respect human rights by avoiding violating the human rights of others and addressing adverse human rights impacts as a result of activities with which companies are involved; 21 and (3)  human rights, states must take appropriate steps to ensure those affected have access to effective remedy. 22 Despite the UNGPs' influence on national and EU legislation as the leading international framework, National Action Plans on business and human rights (NAPs) articulate actions on grievance mechanisms in a diverse manner. Access to effective remedy has remained a challenge for many victims of business-related human rights abuses in states with NAPs. 23 Very few companies are publicly committed to remedy in situations where they find that they have caused or contributed to adverse human rights impacts. 24 This is highlighted by the outcomes of different voluntary multi-stakeholder initiatives (MSIs), which demonstrate how ineffectively they have fit remedial purposes. 25 Besides the UNGPs, another international corporate responsibility framework, the OECD Guiding Principles for Multinational Enterprises (OECD Guidelines), is a hybrid intergovernmental institution that permits individuals and organizations to lodge company-specific and location-specific employment relations-related grievances within the supply chains of multinational enterprises (MNEs) domiciled in an OECD member state. The OECD Guidelines are being operationalized through National Contact Points (NCPs), which member states are required to establish. 26 However, despite being the only international standard with a built-in grievance mechanism, due to their voluntarist nature NCPs are unable to enforce their findings and lack capacity as to awareness, institutional legitimacy and authority. 27 Therefore, NCPs have not fulfilled their function of providing sufficient remedial outcomes either, even after having been aligned with the UNGPs in 2011. 28 As the notion of 'rights' is meaningless without a remedy in practice, the UN Working Group on Business and Human Rights has been mandated to research ways in which to 'realize effective remedies for those affected by business-related human rights abuses'. 29 In its recent report, the OHCHR recommended that states should 'establish and maintain an enabling legal and policy environment for non-Statebased grievance mechanisms dealing with business-related human rights harms with appropriate and meaningful consultations with relevant stakeholders'. 30 Many human rights experts and practitioners in the FRA study also suggest that companies need to adopt operational grievance mechanisms. 31 Grievance mechanisms should be designed such that rightsholders can access them without fear of retaliation, including rightsholders' representatives, in an effective manner. 32  people who are affected by or at risk of business-related human rights abuses should have access to realistic and readily identifiable pathways to an effective collective remedy. 33 UNGP 31 recommends a general standard for the establishment of CGMs. As part of the UNGP remedy pillar framework, these effectiveness criteria are intended for all non-judicial grievance mechanisms. UNGP 31 states that in order to ensure their effectiveness, all non-judicial grievance mechanisms should be legitimate, accessible, predictable, equitable, transparent, rights-compatible and a source of continuous learning. In short, these criteria should guarantee that people know about CGMs, trust them and are able to use them effectively. 34 CGMs should also be based on engagement and dialogue, which empowers stakeholder groups to contribute to their design and performance and to address and resolve grievances through dialogue. In respect of the criteria, voluntary measures have not reached this level. 35 These criteria are not specific to CGMs but are also intended for use in the context of other mechanisms, such as whistleblowing reporting channels, to make them more effective. Thompson has pointed out incongruities that erode the effectiveness of CGMs: one of the important factors is that CGMs lack the novelty of enforcing human rights through dialogue and engagement as opposed to adjudication. 36 Thompson takes the view that the design of CGMs should also take into account how to reconcile objective human rights with the subjective preferences of the parties and broaden the interpretation of the remedy. 37 The briefing requested by the Subcommittee on Human Rights of the European Parliament (DROI) raises concerns regarding a weak deterrence effect as to CGMs operating subject to non-disclosure clauses. 38 Non-disclosure would keep information about possible CGM procedures secret. In setting up the framework for effective CGMs, the approach to assessing the process and the outcomes should be human rights based. 39 While traditional corporate social responsibility has viewed workers as passive recipients of corporate-led initiatives, it is also necessary to build governance capacities which actively involve workers in the long run. 40 Without the involvement of those affected by governance, it is difficult to ascertain objective standards to determine whether outcomes are effective. Therefore, subjective preferences also play an important, active role in the UNGPs in understanding remedies with the full participation of the affected stakeholders. 41 Consequently, finding new approaches to increase such activity is highly necessary. 33 Ibid. 34 ), p 12. 35 See OECD Watch (2015, OECD (2017) and MSI Integrity (2020). 36 Thompson (2017), p 55. 37 Ibid. 38 European Parliament (2020b), p 9. 39 Thompson (2017), p 59. 40 Donaghey and Reinecke (2017), p 1. 41 Thompson (2017), p 76.

The Importance of CGMs for Different Stakeholders
The European Commission's study on due diligence requirements through the supply chain published in 2020 concludes that stakeholders consider companies' due diligence practices insufficient for addressing human rights and environmental impacts. Third parties and potentially affected stakeholders confuse 'human rights risk management' (risk to the people) with narrower 'risk management' (risk to the company), which indicates that very few understand how companies should prioritize issues and identify leverage and appropriate measures. 42 The Business Network on Civic Freedoms and Human Rights Defenders, with the support of a few large multinational companies, made a statement in which it strongly emphasized the duty to respect human rights and human rights defenders in line with the UNGPs. This includes recognizing the role of human rights defenders as beneficial partners in identifying risks or problems in business activities, in encouraging due diligence and in the provision of remedy when harm occurs. 43 The European Commission's study also recognizes the creation of operational-level grievance mechanisms as an important component of due diligence to identify and, when relevant, remedy impacts. However, the study highlights that current grievance mechanisms often fall short in various respects regarding remediation. 44 In a similar vein, another study about multi-stakeholder initiatives also recognizes their failure to address issues regarding human rights abuses. This is due to insufficient monitoring through top-down professionalized audits, which ignore the power imbalances between rightsholders and MSI members. 45 If companies are to meet the standards laid down in the UNGPs, they should participate in legitimate remediation processes, as noted by the International Commission of Jurists (ICJ) in a recent report. 46 The ICJ highlights that companies' operational grievance mechanisms are vitally important in the broader relationship between the company and its stakeholders. 47 Companies should include CGMs as part of their strategic framework to build the company's legitimacy and acceptance in the community. Instead of being a tool for companies to run cosmetic public relations strategies, they should be a potential source of redress for victims and affected individuals in order to contribute to the wellbeing and realization of human rights in their own immediate environs. 48 On the other hand, if social sustainability issues were integrated into corporate decision-making, thus making directors more accountable for the sustainability of their business conduct, as the European Commission study on directors' duties and sustainable corporate governance highlights, 42 European Commission (2020b), p 92. 43 Business and Human Rights Resource Centre (2018). 44 European Commission (2020b), p 86. 45 MSI Integrity (2020), p 126. 46 ICJ (2019), p 9. The report is the result of over 2 years of research and consultation by a team from the ICJ with advice from an expert panel composed of judges, UN officials and other legal experts. 47 Ibid., p 84. 48 Ibid. companies would start identifying and managing relevant sustainability risks and impacts more effectively. 49 The integration of due diligence practices and remedial measures is being emphasized in the draft report of the European Parliament's Committee on Legal Affairs (JURI), 50 followed by the European Parliament resolution of 10 March 2021 51 in which the European Parliament expects the Commission to include effective CGMs as part of the planned HRDD directive. Article 9 of the proposed directive envisages CGMs having a dual function as both an early-warning risk-awareness and a mediation system. 52 Although Article 9 includes a reference to the effectiveness criteria set out by UNGP 31, it remains unclear how exactly UNGP 31 facilitates grievance mechanisms in raising concerns either anonymously or confidentially.
As opposed to private mechanisms such as CGMs, states have a duty to provide judicial mechanisms. UNGP 25 provides that 'States must take appropriate steps to ensure, through judicial, administrative, legislative or other appropriate means, that when such abuses occur within their territory and/or jurisdiction those affected have access to effective remedy'. In comparison to state-based judicial mechanisms, especially trials entailing extraterritorial jurisdiction, private grievance mechanisms offer advantages for both victims and companies through reduced costs and speed of access. As to remediation, CGMs can provide early-stage recourse and resolution in respect of certain harms in such a way as to prevent disputes from escalating and human rights abuses from worsening. 53 This is also noted by the European Parliament resolution in terms of understanding CGMs' responsibility to provide for or cooperate with remediation processes, which 'shall be determined in consultation with the affected stakeholders' and entail remedies including but not limited to 'financial or non-financial compensation, reinstatement, public apologies, restitution, rehabilitation or contribution to investigation'. 54 The European Parliament's call to establish such a function for CGMs seems difficult without proper legislation and means of enforcement covering procedural safeguards in relation to privacy, whistleblower protection and fundamental labor rights. Stakeholders that engage with the CGM process may face the risk of retaliation, which may eventually lead to weak engagement with CGMs in the first place. 55 From a corporate perspective, such fear of retaliation also means that the quality of information submitted by stakeholders regarding abuses that have occurred in supply chains, for instance, will be low.
The OHCHR Accountability and Remedy Protect III project ('ARP III') points out that the interrelationship between judicial, non-judicial and operational grievance mechanisms creates a potential role for each mechanism in enhancing access to 49  remedy. Therefore, CGMs may provide more options and choices for remedy seekers. 56 On the other hand, ignoring the role of CGMs may lead to underdevelopment of a more dynamic remedial system. Increasing regulation in respect of engagement in CGMs in the remedial framework of the UNGPs may potentially raise awareness of systemic problems in company operations or create new innovations to enhance user experience and streamline processes. 57 To facilitate meeting the requirements laid down in the UNGPs, the regulator should create a 'public-private' nexus requiring companies to establish effective CGMs. As the EU Whistleblowing Directive aims to help people who report breaches of EU law, it is worth pondering whether it could help achieve better compliance with corporate human rights obligations and access to remedy.

Introduction to the Whistleblowing Directive
Traditionally, whistleblowing protection refers to various mechanisms designed to help prevent damage and detect threats or harm to the public interest that may otherwise remain hidden. 58 Regulating whistleblowing activities may have justice and utilitarian dimensions, which recognize and protect whistleblowers' freedom of expression, and on the other hand, aim at increasing the effectiveness of preventing and detecting dangers resulting from wrongdoing and violations of law. 59 Most European countries lack a codified, sufficiently protective whistleblowing system. However, two different driving forces-public law enforcement interests and civil society commitment-have also begun to shape whistleblowing legislation globally. 60 The new EU Whistleblowing Directive replaces the older system, which was characterized by the existence of substantially different whistleblower laws in several Member States' national legislation. Moreover, as only ten Member States offered comprehensive whistleblowing protection, the European Council noted the loss of potential benefits due to a lack of whistleblower protection at EU level. 61 Therefore, the new directive seeks to set the level playing field as to the fragmented whistleblowing protection by increasing the protection of whistleblowers from retaliation. 62 Moreover, the directive is aimed to complement measures to increase business transparency in social and environmental matters. 63  requires companies with more than 50 employees to set up internal whistleblowing channels that guarantee the protection of whistleblowers from retaliation after reporting information about breaches of EU law. 64 The Whistleblowing Directive defines a whistleblower as a 'reporting person', who, being a natural person, reports or publicly discloses information on breaches acquired in the context of his or her work-related activities. 65 Moreover, a whistleblower usually exposes information about illicit activities and/or behavior harmful to the public interest, which may give rise to the risk of serious retaliation. 66 'Retaliation' is broadly defined in the Directive and covers different issues, such as early termination or cancellation of a contract for services, a license or permit, loss of business or income, coercion, harassment or intimidation, blacklisting or business boycotting or damage to reputation. 67 A whistleblower can work within the private or public sector and is a person who, in a 'work-related context', has acquired information regarding a breach of EU law. This may apply to current employees as well as those who have since left their position or who have not yet begun it. The scope of the Whistleblowing Directive goes far beyond the status of an employee, as it includes self-employed people, shareholders, members of administrative, managing and supervisory bodies, contractors, sub-contractors and suppliers, facilitators, third persons connected with reporting persons and legal entities. 68 Unpaid trainees and volunteers also fall within its ambit. This broad approach is important (in relation to CGMs), as the UNGPs recognize the key role of human rights defenders (and whistleblowers) in human rights due diligence. Companies should consider them as an important expert resource that enables them to understand the concerns of affected stakeholders particularly 'in situations where consultation with affected stakeholders is not possible'. 69,70 The benefits of establishing whistleblowing mechanisms for society are significant, as 'breaches of Union law, regardless of whether they are categorized under national law as administrative, criminal or other types of breaches, may cause serious harm to the public interest, in that they create significant risks for the welfare of society'. 71 The material scope of the Whistleblowing Directive is defined in Article 2. In respect of information which may cause serious harm to the public interest in various areas, the Directive protects persons reporting breaches of EU law concerning the following areas: public procurement; financial services, products and markets, and prevention of money laundering and terrorist financing; product safety and compliance; transport safety; protection of the environment; radiation protection and nuclear safety; food and feed safety, animal health and welfare; public health; consumer protection; and protection of privacy and personal data, and security of network and information systems. Given this large material scope, the Whistleblowing Directive requests better enforcement of rules in these areas to ensure the full protection of whistleblowers. 72 Whistleblower activities have typically focused on detecting injustice and wrongdoing in organizations, with a focus on protecting human rights in the workplace. 73 Despite the existence of civic rights, the Whistleblowing Directive's wide scope goes further to protect whistleblowers' reporting in relation to various fields of EU law including health and safety, data, environment and consumer protection, and financing and public procurement. However, the Directive explicitly mentions human rights in regard to the freedom of expression as enshrined in Article 11 of the Charter of Fundamental Rights of the European Union 74 and in Article 10 of the Convention for the Protection of Human Rights and Fundamental Freedoms. 75 In this context, whistleblowers enjoy their human right as they report 'information about threats or harm to the public interest obtained in the context of their workrelated activities'. 76 Exclusions from the scope of the Directive generally concern areas that are beyond the scope of EU competencies. 77 The Directive offers no protection in respect of classified information, legal and medical privilege, the secrecy of judicial deliberations and rules on criminal procedure. 78 As for classified information, the Directive refers to information that EU law or the laws, regulations or administrative provisions in force in the Member State concerned require, for security reasons, to be protected from unauthorized access. 79 Therefore, classified information refers to the most important security issues of states, not private companies albeit that the latter may consider their trade secrets as classified information.
The scope of the Whistleblowing Directive is not horizontal but sectoral. It covers specific sectors and issues, such as investment products, insurance distribution, statutory audits, securities, market abuse, money laundering, credit institutions and trade secrets. 80 The legislation not only enables disclosures in these areas but also ensures that an adequate response is given in reaction to disclosures. Considering this, authors highlight that many caveats remain, which could upset the delicate balance between whistleblowers (employees) and public and private authorities (employers) as defendants to claims. 81 In the context of HRDD legislation, a wellestablished dialogue could be beneficial in terms of consideration of HRDD policy issues. 81 White (2018)

Company-level Operation
This article suggests that the increased amount of information received from affected stakeholders through whistleblower mechanisms also helps companies conduct better business. The business case in this respect is that corporate efforts to foster civil freedoms also advance economic growth and produce innovation. Moreover, on a larger scale in society, civil society (organizations) may reduce the cost of corruption and help businesses to become more sustainable. Supporting civil society has potential to enhance customer, investor and employee relationships. 82 The Whistleblowing Directive lays down requirements aimed at creating a common level playing field for receipt of such information in order to make it easier for companies to engage in whistleblowing due diligence.
The Directive establishes two types of mechanisms for reporting the disclosed information. To use the internal mechanism, reporting persons should submit their report within the organization. Utilizing internal reporting procedures establishes the trust of reporting persons in organizations provided that relevant authorities carefully consider reports, provide feedback and take action. 83 Taking into account the sensitive nature of whistleblowing, the Directive emphasizes that a person who receives reports and conducts proceedings should enjoy a certain degree of independence to avoid a conflict of interest. 84 As for the protection of the whistleblower's personal, sensitive data, the investigating person should be professionally trained on the applicable data protection rules. According to the Directive, Member States should provide this enhanced protection in regard to the identity of whistleblowers as well as persons concerned, including third parties and witnesses, at all stages of the process. 85 Alongside the Whistleblowing Directive, this internal reporting mechanism faces similar considerations as those required by the UNGPs in relation to CGMs.
As distinct from internal procedures, in using external reporting procedures a whistleblower reports information to an external body. The Directive refers to the competent national authorities or EU bodies, offices or agencies. As whistleblowers need to understand how and when to act, these bodies should give guidance to reporting persons on the procedures for reporting. 86 There is no obligation for whistleblowers to use the internal mechanism: whistleblowers may choose the most appropriate mechanisms themselves. 87 Therefore, companies should incentivize the development of their own internal mechanisms so that reporting persons utilize them. This is also important because whistleblowers have the right to disclose information directly to the media (and bypass both mechanisms) if no appropriate internal or external action was taken in response to their report and there are reasonable 82 Rekosh and Khadar (2018). 83 Šepec et al. (2020), p 8. 84 Whistleblowing Directive, recital 76. 85 Ibid. 86 Whistleblowing Directive, Art. 12(4)(a). 87 Ibid.,recital 33. grounds to believe that the breach of EU law (as contained in the information to be disclosed) may constitute an imminent or manifest danger to the public interest and there is a risk of retaliation in external reporting. In this vein, if there are poor prospects of an effective response to the reported information, whistleblowers can disclose their information to the media or the public directly. 88 Since many abuses of EU law may take place in third countries, the Whistleblowing Directive stipulates that receiving and investigating reports in full confidentiality means that internal reporting procedures extend beyond an EU-domiciled company to its subsidiaries and affiliates ('the group'), and to any of their agents and suppliers. 89 To meet this requirement, a company needs to make it clear in supplier contracts or codes of conduct that it expects its suppliers to establish more integrated whistleblower mechanisms in relation to the Directive. Although the Whistleblowing Directive is also applicable to companies' subsidiaries and suppliers, the complexities of international supply chain management raise many questions regarding the enforcement of internal/external channels.

The Problems with Synergy
Many aspects need to be considered when looking at the similarities and differences between whistleblowing mechanisms and CGM mechanisms. CGMs appear particularly relevant to whistleblowers by being, in most cases, the first means of recourse in relation to human rights issues. 90 By supporting the 'identification of adverse human rights impacts' and allowing 'grievances, once identified, to be addressed' and 'adverse impacts to be remediated early and directly by the business enterprise', CGMs prevent 'harms from compounding and grievances from escalating'. 91 While the Whistleblowing Directive has limited scope, the OECD Guidelines contains explicit recommendations supporting whistleblowing safeguards, which have potential to be extended from corruption issues to all other human rights abuses. 92 According to the OECD Guidelines, risk-based due diligence forms a key element of responsible business conduct in order to identify, prevent and mitigate companies' actual and potential negative impacts and account for how those impacts are addressed. 93 Considering the types of corporate misconduct reported by whistleblowers, whistleblower protection should comprise all business operations, including human rights issues. 94 Since the UNGPs were incorporated into the 88  OECD Guidelines in 2011, the OECD could further develop the interaction between whistleblowing and human rights topics.
Although the human rights regime is ultimately more diffuse than the specific material scopes of whistleblowing, employees' rights-as recognized by most constitutions in Europe and the US in the context of the human right of freedom of expression-often reflect human rights. These include the possibility and duty to inform members of the company's management and the public about negative issues in the company, entailing violation of basic human rights at the workplace, that threaten wellbeing and welfare. 95 On the other hand, other human rights instruments also support whistleblowing: Article 19(2) of the International Covenant on Civil and Political Rights states that a person has the 'freedom to seek, receive and impart information and ideas of all kinds'. In other words, whistleblowing undeniably has a legal and ethical link to the protection of human rights. In Guja v. Moldova the European Court of Human Rights (ECtHR) concluded that there is no hierarchy between internal whistleblowing and whistleblowing to a 'competent authority or body'. 96 Moreover, the ECtHR affirmed that whistleblowers have a right to freedom of expression as well as duties towards employers in that regard. 97 In Heinisch v. Germany the Court ruled that the public interest in being informed about the quality of public services outweighs the interest in protecting the reputation of any organization. 98 Although using reporting channels provided for by the Whistleblowing Directive is mandatory in order to receive protection from retaliation, the provisions regarding freedom of expression and information guaranteed by the Charter of Fundamental Rights of the European Union grant the right to direct reporting as a necessary and proportionate measure. 99 However, the diffuse nature of human rights may be problematic in the context of the Whistleblowing Directive. White has criticized the defined material scope of the Directive as it may restrict its applicability by excluding practices in areas where there is no clearly recognizable, single market issue at stake (as defined in Article 2). 100 In this way, the protection of whistleblowers would not be guaranteed in cases that have problematic features. For example, Dourado notes that where tax evasion is in question, the issue of whether the whistleblower knows that the disclosed information falls within the scope of the law is problematic. The question remains as to whether a whistleblower who in good faith reports information that he or she mistakenly perceived as a breach of EU tax law or an abusive practice, should be protected. There may also be information to be reported of which some lies within the scope of the Directive and some does not, in which circumstances these categories cannot easily be separated. 101 This seems to be too daunting a task 95 Alm and Rendtorff (2020), p 623. 96 ECtHR (2008). 97 Ibid. 98 ECtHR (2011). 99 Gerdemann and Colneric (2020), p 15. 100 White (2018) for whistleblowers, considering that many legal definitions as to what constitutes abusive tax practices, breach of human rights and environmental damage are the subjects of scholarly and political debate. Moreover, similar confusion may arise in specific human rights abuse cases where victims acting as whistleblowers are likely to be uninformed as to the content of the Directive, and therefore may face negative consequences in respect of which they are not entitled to the protection from retaliation that is afforded to whistleblowers according to the Directive.
The human rights conventions encompass not only civic rights but all human rights, including economic, social and cultural rights, such as the right to an adequate standard of living, 102 the right to health 103 or the right to development. 104 In relation to this context, the material scope of the Whistleblowing Directive regarding human rights remains unspecified. However, as the material scope of the Directive is not intended to be exhaustive, Member States may go beyond what is covered in it. This could be pivotal for extending the Whistleblowing Directive's safeguards in respect of CGMs.
The expansion of the scope of the Directive to cover all human rights would be significant in terms of strengthening the incentives for whistleblowing. The Whistleblowing Directive does not stipulate any positive incentives that would encourage whistleblowers to engage in reporting. Instead, it takes a negative approach, under which whistleblowers will be protected from negative consequences such as retaliation. As for reputation, the prospect of being able to break an important whistleblowing story would act as an incentive for journalists, but the same would not apply for an auditor, for example. For the latter, the reputational incentive is low, as whistleblowing will likely lead to loss of that account and will not lead to an increase in new accounts. 105 The central concept of disclosure of information is public interest. Therefore, the most relevant question concerns the scope of the public interest in the light of the Whistleblowing Directive. As to its applicability to CGMs, the key question is what kinds of human rights breaches are relevant. Several fundamental issues arise in respect of human rights abuses, such as minimum standards to secure decent working conditions, the worst forms of child labor and the rights of indigenous peoples, many of them highlighted by core ILO Conventions. 106 These issues engage public interest on the basis that failures in such areas are harmful in a universal sense, and therefore deliberation as to whether they belong to the scope of the Whistleblowing Directive (even if applied under the CGM procedure) should not be necessary.
Another problematic issue derives from the fact that both the practice of making complaints through CGMs and that of reporting breaches of EU law through internal/external channels remain in their infancy. Guaranteeing the integrity and legitimacy of both processes requires specific regulation that supports the integration of the mechanisms. As the Whistleblowing Directive's aim is to strengthen enforcement in certain policy areas, there should be sufficient supervision to ensure that companies are effectively establishing both the CGM and the internal reporting channel. Therefore, to avoid weak enforcement, loopholes and corruption, Member States must act in a coordinated manner and/or at EU level by laying down common minimum standards for whistleblower protection. 107 However, regarding malicious reporting, Member States should acknowledge that due to the principle of proportionality the Whistleblowing Directive cannot go beyond what is necessary to achieve its objectives. 108 Accordingly, Member States should also extend protection to victims of corporate human rights abuses to avoid a dissuasive effect on potential whistleblowers.
In contrast to the requirements of the Whistleblowing Directive, human rightsoriented CGMs are expected to be in line with the effectiveness criteria contained in UNGP 31. This means that whistleblowers and other users should have knowledge of CGMs, have confidence in them and be able to use them in practice (i.e., CGMs should meet their needs). To avoid the possibility of the internal/external channels provided for under the Whistleblowing Directive lacking these effectiveness criteria, companies could improve them by synergizing CGMs with them. By integrating CGMs into whistleblowing mechanisms while recognizing the different ways in which meaningful consultation may take place, companies could give much greater emphasis to the needs, perspectives and expectations of the people for whom such mechanisms are intended. This would be fundamentally important to meet each of the UNGP 31 effectiveness criteria in practice. 109 As the applicability of the Whistleblowing Directive extends beyond EU-domiciled companies to their subsidiaries and affiliates, it also raises issues as to synergetic benefits regarding the elements of CGMs. A whistleblowing mechanism may have a role as the backbone for CGMs by helping businesses to address the actual situation on the ground in a timely manner. 110 A company can assist its suppliers by offering capacity building on CGMs and may also review the mechanism. If a supplier's efforts to establish a CGM are inadequate, the company could provide a recourse mechanism instead. 111 As part of the establishment of CGMs, different company departments need to engage in better collaboration and coordination so that managers in operational fields, managers responsible for company HRDD policies and sustainability reporting and the board have a common understanding of the issues. If this aspect is neglected, (depending on the company in question) HRDD policies may be rendered diffuse and even purely declaratory, and accordingly drift further from achieving meaningful impact assessments and from answering the needs of those for whom the proposed HRDD legislation is designed. Therefore, company departments should gain a significantly more substantive role in determining and defining HRDD policies.

Possibilities for Synergy: A Proposal for the Enhanced CGM Built
on the Whistleblowing Directive?

Technical Analysis: Increasing Accessibility by Empowering Users of the Mechanism
The Whistleblowing Directive has several distinctive features that may contribute to enhanced business and human rights outcomes. In particular, this article suggests that the Whistleblowing Directive and CGMs could attain significant synergies, especially concerning the accessibility criteria set out in UNGP 31. Many of the barriers to accessibility, such as lack of awareness of the mechanism, language, literacy, physical location, costs and fears of reprisal 112 are also substantially considered by the Whistleblowing Directive. So far, CGMs have fallen short in terms of achieving dialogue-based processes that meet international human rights standards. Studies focusing on whistleblowing indicate that whistleblower mechanisms have the potential to motivate employees to report issues, if they perceive the importance, responsibility and financial feasibility regarding their role as reporters. 113 The most significant change introduced by the Whistleblowing Directive concerns expansion of protective measures against retaliation, which unifies the very diverse approaches previously taken in different Member States. 114 While this will necessarily evoke different responses in the field of business and human rights, embedding the ban against retaliation in CGMs is of elementary importance from a variety of perspectives. The UNGPs conclude that fears of reprisal create an early barrier to access to remedy. 115 Effective detection and prevention of unlawful retaliation in both internal and external reporting systems should reassure reporting persons that retaliatory measures are not allowed and will be punished by law. 116 Article 19 of the Whistleblowing Directive makes it clear that all forms of retaliation, whether direct or indirect, including withholding of promotion, discrimination, harassment, or unfair treatment, are prohibited.
The significant financial incentive for companies to design their internal reporting mechanisms well comes from the Directive's provision that guarantees legal access to remedies for all victims of retaliation. 117 Consequently, if the mechanism fails to protect the whistleblower against retaliation, the company must compensate any loss sustained. This includes, inter alia, re-employment measures, compensation for actual and future financial losses and payment of medical expenses. 118 However, the exact definition of compensatory measures is left to the Member States. Taking into account their different cultural stances in relation to whistleblowing, this fact may create challenges in terms of defining EU-wide common protection for whistleblowers. Moreover, according to the Commission, the type of remedy that is suitable needs to be determined on a case-by-case basis by reference to the type of retaliation involved, which may also be interpreted in different manners in Member States. 119 To defend whistleblowers from accusations of bad faith regarding their reporting activities, the Directive stipulates that 'if [reporting persons] had reasonable grounds to believe that the information on breaches reported was true at the time of reporting and that such information fell within the scope of this Directive' and they used the applicable internal or external channels, whistleblowers should receive protection. 120 Similar good faith provisions should protect users of grievance mechanisms and their relatives, lawyers and other assistants against SLAPP lawsuits under both internal and external mechanisms.
Mercadé notes that protection for whistleblowers has its limits and depends on how retaliation is defined as unjustified detriment to the whistleblower. In other words, a line needs to be drawn between justified and unjustified detriment, meaning that a whistleblower will not be protected against any other (justified) measure imposed by the employer. 121 Therefore, some acts, such as restructuring or a similar negative event at the workplace, may fall outside the scope of the Directive. However, similar to considerations as to what constitutes relevant public interest, no deliberation should be necessary on the issue of whether protection should be provided against detriment related to breaches of (fundamental) human rights. This interpretation of human rights would be consistent with CGMs.

Informational Analysis: Embracing the Bottom-up Approach: Better Human Rights Due Diligence Through Information Received from a Company's Affected Stakeholders
The Whistleblowing Directive offers companies the possibility to receive sensitive information in situations in which affected stakeholders would not normally provide them with such information for one reason or another. As to regulation literature, whistleblowers serve as regulatory intermediaries, whose role may have important implications for knowledge and value creation or achieving other organizational aims. 122 In the context of the HRDD legislation, whistleblowers could function as carriers of information on the basis of the value of the disclosed [human rights-related] information for the achievement of regulatory targets. 123 Fasterling describes whistleblowers as the 'eyes and ears of the company' 124 so that they become an instrument of a company's risk management without necessarily acting in the public interest. 125 Understanding the concerns of affected stakeholders is crucial for companies in order for them to be able to engage in meaningful consultations and to develop their own operation more broadly: 126 without meaningful consultations, companies can hardly fulfil their human rights due diligence requirements as set out by the UNGPs either. 127 This is highlighted in the ARP III: without meaningful consultations, companies find it difficult to address the needs of people who may be at heightened risk of marginalization and vulnerability. 128 Moreover, meaningful consultations are needed in order to assess the human rights implications of outcomes and remedies and to ensure that risks of any adverse human rights impacts arising from the remedy or its implementation are fully addressed. 129 Therefore, effective HRDD does not culminate in annual sustainability reports concerning increased levels of transparency, but requires companies to make active efforts to avoid their harmful human rights impacts.
Regarding the transparency of a company's sustainability activity, the due diligence doctrine connects to companies' sustainability reporting, which may additionally be verified by auditing firms or checked by non-governmental organizations. 130,131 Using private audits, however, provides only a limited approach to the tracking of sustainability impacts. Although auditing may give the impression of active supply-chain monitoring and continuous improvement, it entails several structural problems that include deception and failing to detect or ignoring problems with supply chains. 132 Moreover, the audit-compliance mentality involves a tendency 'not to try to find things out [but instead] they are trying to prove that something is not there'. 133 Big audit firms have not imposed concrete performance targets, binding public regulation and an independent watchdog role for civil society. 134 In other words, audits can be viewed, if not as ineffective, at least as insufficient tools to disclose human rights problems in supply chains.
Utilizing the Whistleblowing Directive's protective safeguards within CGMs will contribute to HRDD processes. Acknowledging the goals of the upcoming HRDD directive-such as receiving information about social and environmental abuses in companies' operations and acting upon this information-it is crucial that this sustainability information is as transparent and comprehensive as possible. Therefore, 124 Fasterling (2014) LeBaron and Lister (2016), p 4. 133 Ibid., p 7. 134 Fransen and LeBaron (2019), p 261. besides providing access to remedy, CGMs can act as a means to track and monitor companies ' HRDD processes. 135 To date, this function has been underutilized by companies as a means of monitoring their human rights impacts. 136 The top-down approach offers only a limited solution because scholars indicate that without sufficient visibility from source to retail, companies remain unaware of their supply chain human rights risks. Therefore, the efficiency of regulation will necessarily require the incorporation of a multiplicity of agents. 137 Whistleblowers may be employed as regulatory intermediaries to address the fragmentation of knowledge in a market economy. 138 Likewise, increasing HRDD transparency through sustainable grievance mechanisms can facilitate the mitigation of supply chain disruption. 139 Moreover, as to the importance of transparency, the structural whistleblowing model laid down in the Sarbanes-Oxley Act of 2002 has been viewed as improving employee (whistleblower) motivation, because it encourages reporting directly to independent company directors who have the authority and responsibility to respond to information about wrongdoing. 140 Therefore, in order to achieve true transparency in the operations of a company and its subsidiaries and supply chains, a more holistic approach is required.
The first stakeholder approach to improve companies' disclosure requirements and practices is enabling more independent monitoring, which can be done by civil society and state authorities. State authorities, in particular, may provide incentives, mandates and sanctions for companies operating in areas in which there are risks to human rights, to ensure that companies report publicly and periodically on key issues. 141 The second stakeholder approach allows stakeholders to disclose their relevant information through CGMs without fear of retaliation: this bottomup approach data differs from traditional top-down sustainability reporting information, being complementary to it. Developing and enhancing HRDD policies in a dynamic manner requires that a company receives information resulting from ex post breach situations. However, the mere existence of such a framework is not sufficient, because a company's bylaws, policies and statements should primarily be designed to mitigate and remedy in an active manner. 142 In view of the problems involved in top-down auditing, 143144 HRDD could be greatly improved by adding information from the operational field, where companies make impacts in a constant manner. 145 Therefore, in order to achieve the greatest 135 McCorquodale et al. (2017), p 221. 136 Ibid.,p 211. 137 Kampourakis (2020), p 3. 138 Ibid., p 11. 139 Bağlayan et al. (2018). impact, HRDD should be regarded as a dynamic process of continuous improvement. 146,147 As the feedback could derive from companies' negative impacts, as a very basic principle of grievance mechanisms, the UNGPs note that they should be based on engagement and dialogue. 148 The flow of information from stakeholders, whose rights the HRDD directive will seek to protect, has potential to ensure that standard-setting and implementation processes respond to their lives' experiences. 149 I argue that well-established meaningful stakeholder consultations via CGMs have great potential to enhance a company's HRDD policies and to prevent future abuses from occurring. Avoiding financial, legal and reputational risks amounts to an important business case for companies to adopt such a dynamic HRDD approach in their strategies.

Structural Analysis: Enforcement and Remediation Through External Mechanisms
As companies may not have internal reporting channels in place or a whistleblower may simply prefer to avoid them, the Whistleblowing Directive requires states to establish appropriate external reporting channels as an alternative channel. 150 As Member States are responsible for considering the scope of the Directive's followup activities, they should guarantee that external mechanisms take sufficient steps to ensure effective enforcement of the Directive. The authorities designated as competent should have the necessary capacities and powers to ensure appropriate measures, including enquiry, investigation, prosecution and action for recovery of funds and other appropriate remedial action. 151 These steps may provide synergetic benefits between whistleblowing mechanisms and CGMs. If the role of CGMs consists more of alerting than mediation and remediation (similar to the internal channels of whistleblowing mechanisms), then the remedial function should at least be guaranteed by external state-based mechanisms. Therefore, attention should be paid to the way in which external mechanisms function in delivering enforcement and access to remedy. Effective legal protection for employees (and other whistleblowers) is needed to avoid the chilling effect of retaliation, which was already highlighted by the Parliamentary Assembly of the Council of Europe in its resolution that effective legal remedies and relief should be part of the proposal for a European directive. 152 As for increasing corporate liability through the mechanisms, the Whistleblowing Directive concentrates on liability in relation to retaliation. To avoid retaliation occurring undeterred and going unpunished, the Directive should include provisions for personal liability and penalties for the perpetrators of retaliation. 153 As Member States are responsible for designing external mechanisms, the European Federation of Journalists wrote a concerned letter to note that deterrent effects of administrative burdens 154 should not be applied, so that the Whistleblowing Directive can 'better detect and prevent harm to the public interest'. Eventually, not doing so would not only affect whistleblowers' protection but also leave the public ignorant of abuse of power and human rights violations. 155 Therefore, Member States should guarantee absolute protection for whistleblowers who comply with the Directive, so that sanctions cannot be deliberately employed against whistleblowers. 156 If whistleblowers cannot be protected, those who bring a grievance in the context of CGMs will not be likely to receive protection either.
The national authorities should ensure, through their external reporting channels, that whistleblowers and facilitators have access to a full range of remedial measures that cover all direct, indirect and future consequences of any type of retaliation. 157 The Whistleblowing Directive establishes minimum levels of protection but also allows Member States to go further by increasing levels of protection. Although the Whistleblowing Directive does not explicitly mention compensation for ex ante harm that may have a causal connection to acts of retaliation, it would be worth considering whether whistleblowers should receive compensation in a sum proportionate to the harm that has occurred. Dyck et al. have even suggested that whistleblowers should receive compensatory incentives in the form of a monetary reward directly linked to the size of the fraud uncovered, 158 emphasizing that such incentives do not seem to lead to an excessive number of frivolous lawsuits. 159 These kinds of considerations could improve the integration of whistleblowing channels and CGMs as a means of remediation, to ameliorate the situation of those who have suffered harm prior to blowing the whistle. 160 Broader remediation tools of this kind could facilitate the establishment of mechanisms that may be invoked as an aspect of HRDD legislation to provide effective early-stage recourse. 161 If external reporting channels have any major role in guaranteeing effective enforcement of the Whistleblowing Directive, the independence of the mechanism will be crucial to ensuring that cultural differences between 'old' and 'new' democracies do not play a role in enforcement. 162 The same logic should be applied in the context of CGMs to their monitoring mechanisms in that a clear independent mandate should be created. 163 If state-based external mechanisms are founded as single agencies under a specific ministry, there is a danger of vested interests hindering the establishment of a climate of trust in which cases can succeed, as witnessed by the practice followed in respect of the OECD's NCP mechanism. 164 The creation of synergies by combining external reporting channels and CGMs could also involve implementing the procedural guidance of the UNGP 31 effectiveness criteria. This might mitigate any power imbalance between the parties by making processes more equitable so that 'aggrieved parties have reasonable access to sources of information, advice and expertise necessary to engage in a grievance process on fair, informed and respectful terms'. 165 This statement is given further weight by the fact that affected stakeholders have much less access to information and expert resources to pay for them than companies do. Such power imbalances endanger the perception and achievement of fair process and durable solutions. 166 This is also acknowledged in the Whistleblowing Directive in the statement that 'the perpetrators of retaliation may have greater power and resources to document the action taken and the reasoning'. 167 Moreover, the Directive generally emphasizes that 'the importance of providing balanced and effective whistleblower protection is increasingly acknowledged at both Union and international level'. 168 The external reporting channels could provide CGMs with useful frameworks that include synergetic benefits, offering a model that makes CGMs' external independent monitoring mechanisms more meaningful, legitimate and effective, as expected by the European Parliament. 169 Provided that CGMs, as designed in line with the whistleblowing mechanism, can deliver favorable remedial outcomes, they could at least provide those bringing grievances with structural empowerment that helps them to access judicial mechanisms, if necessary.

Conclusions
The EU's new Whistleblowing Directive is a significant legislative development in its own right and may also improve rightsholders' position in the wider business and human rights context. Introducing the Whistleblowing Directive in the context of the UNGP remedy pillar offers several benefits but should also come with a few caveats. While no HRDD directive has yet been enacted, the article assumes a need to utilize CGMs as an alternative mechanism to access to remedy. The Whistleblowing Directive addresses and mitigates many procedural obstacles that have been found to be problematic.
First, after decreasing rightsholders' fears of retaliation owing to the implementation of the Whistleblowing Directive, it may be assumed that they will also be more confident about filing complaints within companies' CGMs. To enjoy the protection of the Whistleblowing Directive, rightsholders should be identified as whistleblowers if they disclose human rights-related information about a company's operational impacts, which has public interest. To legitimize the improved version of the internal reporting channel, a company can choose to implement it by recognizing these affected stakeholders as whistleblowers as they report on breaches, and this will improve the company's HRDD policies. Alternatively, if the European Commission introduces an HRDD directive, 170 as it intends, CGMs may become more standardized as a separate mechanism, which could create a level playing field for different kinds of companies.
Second, a bottom-up approach should be comprehensively embraced: companies should both prevent negative human rights impacts from occurring and mitigate and remedy impacts that could not be prevented. The integration of CGMs into the HRDD process affords companies a tool by which to analyze trends and patterns in complaints, which helps them to identify systemic problems and adapt their practices accordingly. 171 On the other hand, if no proper CGM appears to be in place, there must be doubt as to whether a company has taken effective measures to monitor HRDD impacts. Similarly, an HRDD law that does not require effective CGMs turns a blind eye to the comprehensive and dynamic HRDD process.
Third, besides companies' internal grievance mechanisms and reporting channels, the Whistleblowing Directive provides the legal basis for the establishment of external reporting channels. Member States should guarantee that these mechanisms are independent, effective and legitimate. The UNGP 31 effectiveness criteria provide policymakers with guidance that may improve enforcement powers and remedies in the event of breach of the relevant laws. The Whistleblowing Directive has potential to incentivize the establishment of whistleblowing channels so that the coming wave of HRDD legislation can be taken into consideration.
Funding Open access funding provided by University of Eastern Finland (UEF) including Kuopio University Hospital.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission