EU Whistleblower Directive — Directive (EU) 2019/1937
EU Whistleblower Directive — Directive (EU) 2019/1937 — 75% covered.
4 requirements · 3 enforced · 0 designed · 0 advisory · 0 deferred.
Source: Directive (EU) 2019/1937 establishes common minimum standards for the protection of persons who report breaches of Union law. Article 9 requires internal reporting channels to acknowledge receipt within 7 days and to provide feedback within a reasonable timeframe (not exceeding 3 months); Article 11 requires diligent follow-up by a designated impartial person or department; Article 16 requires the identity of the reporting person to be kept confidential and disclosed only to authorised staff on a need-to-know basis; Article 19 prohibits any form of retaliation. KYE Protocol™ governs whether an AI-assisted intake-triage decision, an access to a reporter's identity, or a case disposition may PROCEED to a consequential action — under a named case-handler's authority, on a recorded need-to-know basis, with confidentiality evidence captured, a signed Evidence Pack, and a contestability record. KYE does not investigate the report, judge the allegation, or decide whether wrongdoing occurred. · License: EU Directives are published by the Publications Office of the European Union; KYE registry paraphrases each requirement's intent and cites the official article identifier for mapping purposes only.
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Confidentiality & need-to-know access to a reporter's identity | 1 | 1 | 0 | 0 | 0 | 100% |
| Named-authority on the case disposition (acknowledgement / feedback clocks) | 1 | 1 | 0 | 0 | 0 | 100% |
| Contestability & reconstruction of the handling | 1 | 1 | 0 | 0 | 0 | 100% |
| Substantive investigation & whether the breach occurred | 1 | 0 | 0 | 0 | 0 | 0% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
eu-whistleblower-directive.confidentiality-need-to-know-access |
Access to a reporter's identity proceeds only under a recorded need-to-know named-authority decision | enforced | audit_events: kye.purpose.request.v1, kye.purpose.admissibility.v1, kye.evidence.decision_map.v1engines: internal, internalrule_packs: kye:rule-pack:whistleblower-speakupdictionaries: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
eu-whistleblower-directive.case-disposition-named-authority |
A case disposition (close / escalate) under the acknowledgement / feedback clocks proceeds only under a recorded named-authority decision | enforced | audit_events: kye.purpose.admissibility.v1, kye.evidence.decision_map.v1, kye.evidence.pack.v1engines: internal, internalrule_packs: kye:rule-pack:whistleblower-speakupconstitution_refs: constitution/12-PURPOSE-PERMISSION.md, constitution/13-RESILIENCE-LOOP.md |
eu-whistleblower-directive.handling-contestability-reconstruction |
Contestability & reconstruction of the AI-assisted handling for a confidentiality or follow-up challenge | enforced | audit_events: kye.evidence.pack.v1, kye.replay.context_seal.v1, kye.replay.proof.v1engines: internal, internalrule_packs: kye:rule-pack:whistleblower-speakupconstitution_refs: constitution/13-RESILIENCE-LOOP.md, constitution/21-DELEGATED-AUDITABILITY.md |
eu-whistleblower-directive.substantive-investigation |
Substantive investigation, assessment of the reported breach, and the remediation decision | out-of-scope | (no enforcement cited) |