The recently-adopted Directive 2019/1937 of 23 October 2019 on the protection of persons who report breaches of Union law (aka the ‘Whistleblower Protection Directive’ or WPD) explicitly covers reports of breaches of public procurement law (Art 2(1)(a)(i) WPD)—with a limited exception for defence and security procurement not covered by the relevant EU rules (Art 3(2) WPD and Annex, Part I(A) WPD).

The Whistleblower Protection Directive needs to be transposed towards the end of 2021 (with a further delay to 2023 for covered SMEs). The decisions made by Member States in the transposition of the Whistleblower Protection Directive may generate significant impacts on public procurement practice in the medium term. However, the likely future effectiveness of the Directive hinges on a problematic discretionary provision on ‘clearly minor’ breaches of EU law, on which this blog post will focus.

Background

Implicitly, the coverage of public procurement by the Whistleblower Protection Directive is a recognition of the limitations of the public enforcement of (EU) public procurement law, as well as their private enforcement through the procurement remedies system (despite the Commission’s recent decision not to reform the Remedies Directives…).

Indeed, the recitals of the Whistleblower Protection Directive stress that procurement coverage is necessary

… to enhance the enforcement of Union law on public procurement. It is necessary, not only to prevent and detect procurement-related fraud and corruption in the context of the implementation of the Union budget, but also to tackle insufficient enforcement of rules on public procurement by national contracting authorities and contracting entities in relation to the execution of works, the supply of products or the provision of services. Breaches of such rules create distortions of competition, increase costs for doing business, undermine the interests of investors and shareholders and, in general, lower attractiveness for investment and create an uneven playing field for all businesses across the Union, thus affecting the proper functioning of the internal market (rec 6 WPD, emphasis added).

Therefore, creating (or boosting) national mechanisms to enable whistleblowers to shine a light on potential infringements of EU public procurement law is expected to generate gains on procurement compliance and probity. This is largely aimed at reporting by ‘insiders’, to the extent that there are already other strategies to seek to increase the visibility of procurement information and trigger engagement by civil society and external stakeholders, eg through the new rules on eForms, due to be transposed by end of 2022.

Broadly, the Whistleblower Protection Directive seeks to enhance compliance with EU law, and in particular public procurement rules, by requiring Member States to mandate private and public entities to create new internal and external reporting mechanisms, as well as to afford specific protective measures to (good faith) whistleblowers that report internally or externally, or publicly disclose, breaches of EU law on the basis of information gained in a work-related context. The Directive creates rather granular requirements depending on the size of the private or public sector entity allegedly involved in the EU law breach.

‘Clearly minor’ breaches

In the context of external reporting of suspected breaches of EU (public procurement) law, Art 11(3) of the Whistleblower Protection Directive establishes that

Member States may provide that competent authorities, after having duly assessed the matter, can decide that a reported breach is clearly minor and does not require further follow-up pursuant to this Directive, other than closure of the procedure (emphasis added).

Different to other fields covered by the Directive (eg securities regulation or competition law), I think that this will be the crux of the whistleblowing system in the context of procurement, in particular if Member States opt to designate procurement review bodies as those competent to receive and/or process reports on potential infringements of EU public procurement law—which seems like a rather natural option. However, this would largely amount to a mere broadening of the active standing to launch procurement review procedures.

I would expect most Member States to avail themselves of the discretionary nature of this provision. Thus, I think that the effectiveness of the system will hinge on the provisions of Art 11(3) WPD because external reporting of non-obvious breaches is the most likely focus of (potential) whistleblower activity.

First, because internal reporting mechanisms are unlikely to gain much traction in either private entities (I find it difficult to see how a company that has taken a specific position in the context of a tender would be willing to reverse it due to an internal report, unless it had a very decentralised system to approve the offers) or public entities (again, as the mechanisms of control and decision-making should have already addressed any concerns and, failing that, would have galvanised the public buyers’ position).

It is hard for me to envisage a significant number of inadvertent breaches of procurement law that go undetected and can easily be fixed upon realisation, as is also hard to imagine the possibility of creating a multi-track system whereby concerns harboured by those ‘in the know’ within an organisation can be reported in a manner that results in a significant revision of the situation (barring, perhaps, in the context of very large organisations, or shared mechanisms for intermediate ones).

Second, because very major shortcomings in the probity of the procurement process (ie straight out corruption) or major deviations from procurement law (eg illegal direct awards or ‘cooking’ of the technical specifications or award criteria) should already be covered by other mechanisms, including criminal law. In that context, the main issue is not the administrative responsibility or liability of those involved in the illegality (criminality?), and probably also not (primarily) an issue of work-related retaliation against the whistleblower (which is the core coverage of the protective measures of Art 19 WPD, as far as I can see).

So, unless there is a fear that criminal behaviour is widespread and largely under-reported and under-detected in the field of EU public procurement practice due specifically to limited protections for whistleblowers (which I find a relatively implausible claim), in my opinion, the area of EU procurement law compliance that can probably be practically targeted is somewhat intermediate—ie that of relatively unclear rules of EU public procurement law, of the (mis)implementation of rules in non-observable manner (eg the ‘doctoring’ of evaluation reports), as well as deviations that fall within the area of discretion afforded to contracting authorities.

In those cases, and for the reasons indicated above, the most likely materialisation of any whistleblowing is an external report to the competent authority, which will then have to assess the extent to which the reported breach is (or not) ‘clearly minor and does not require further follow-up’ pursuant to the Whistleblower Protection Directive—ie, presumably, whether the issue of (strict) compliance can be left to the ordinary (if faulty?) enforcement mechanisms for EU (public procurement) law.

Why is public procurement different?

Against that practical backdrop, in my view, the importance of Art 11(3) WPD in the context of procurement stems from the long-lasting discussion of the types of infringements of EU law—ie ‘any breach’, a ‘sufficiently serios breach’, etc—that should trigger relevant consequences; eg the termination of the contract under Art 73 of Directive 2014/24/EU, the ineffectiveness of an awarded contract under Art 2d of the Remedies Directive, or more recently State liability in damages, in the context of the Fosen-Linjen saga (see here).

What constitutes a ‘clearly minor’ breach will need to be somewhat reconciled with the existing rules on procurement remedies. It would seem not only undesirable, but also counter-intuitive, for the Whistleblower Protection Directive to be interpreted in a more stringent way than other rules on procurement remedies. If a public entity could legally follow a course of action under regular administrative and liability rules, why would it be subjected to a more stringent threshold of compliance solely due to the origin of the information/report that prompts the review of its actions and decisions?

Moreover, the application of a common standard would seem a natural consequence of the accumulation of competences for the review of procurement complaints by the same authorities, where this happens. Therefore, as indicated above, it seems to me that the effect of the implementation of the Whistleblower Protection Directive is largely constrained to expanding the active standing to launch procurement review procedures. Whether this can make a significant difference remains an empirical unknown.

Other effects would only be generated if the choices leading to the domestic implementation resulted eg in the attribution of the competence to investigate procurement whistleblowing reports to authorities other than procurement review bodies—but this would create all sorts of practical complications in terms of expertise availability and two-track review procedures, eg in the case of a whistleblowing report concerning a tender in relation to which disappointed tenderers also launch ‘standard’ review procedures.

All in all, then, I think that the likely future effectiveness of the application of the Whistleblower Protection Directive in the field of procurement will hinge on the concept of ‘clearly minor’ breach and its relationship to the current standards triggering ineffectiveness of procurement procedures, awarded contract and/or liability in damages at the domestic level. This is thus perhaps an area where the European Commission could issue interpretive guidance ahead of the transposition deadline of 17 December 2021.