Home » Legislation » Act on Protection of Persons, Reporting Information, or Publicly Disclosing Information about Breaches (Whistleblowers Protection Act)

Act on Protection of Persons, Reporting Information, or Publicly Disclosing Information about Breaches (Whistleblowers Protection Act)

Act on Protection of Persons, Reporting Information, or Publicly Disclosing Information about Breaches (Whistleblowers Protection Act) (PDF)

Act on Protection of Persons, Reporting Information, or Publicly Disclosing Information about Breaches (Whistleblowers Protection Act) (DOC)

ACT ON PROTECTION OF PERSONS, REPORTING INFORMATION, OR PUBLICLY DISCLOSING INFORMATION ABOUT BREACHES (WHISTLEBLOWERS PROTECTION ACT)

In force from 04.05.2023

Prom. SG. 11/2 Feb 2023

Chapter one.

GENERAL PROVISIONS

Subject

Art. 1. (1) This Act shall regulate the conditions, procedure and measures for protection of persons in the public and private sectors, who report information, or publicly disclose information about Bulgarian legislation, or acts of the European Union, (whistleblowers), that endanger or damage the public interest and the European Union law, as well as the terms and conditions for submitting and considering such information or publicly disclosed information.

(2) This Act shall also apply to persons, related to persons, sending information or publicly disclosing information about breaches.

(3) This Act shall not repeal the rules of the current legal framework, providing for the existence of different bodies with powers to check information in different spheres of the public sector.

Purpose

Art. 2. The purpose of the Act shall be to ensure the protection of persons in the public and private sectors, who report information or publicly disclose information about breaches of Bulgarian legislation or acts of the European Union, which became known to them during or on the occasion of the performance of their work or official duties, or in another work context.

Scope

Art. 3. (1) This Act shall apply to report information or public disclosure of information about:

1. breaches of Bulgarian legislation or of the acts of the European Union, specified in the Annex to the Act in the field of:

a) public procurement;

b) financial services, products and markets and the prevention of money laundering and terrorist financing;

c) product safety and compliance;

d) safety of transport;

d) transport safety;

e) environmental protection;

f) radiation protection and nuclear safety;

g) food and feed safety, animal health and animal welfare;

h) public health;

i) consumer protection;

j) protection of privacy of personal life and personal data;

k) the security of networks and information systems;

2. breaches, that affect the financial interests of the European Union in the sense of Art. 325 of the Treaty on the Functioning of the European Union;

3. breaches of the rules of the internal market within the meaning of Art. 26, Para. 2 of the Treaty on the Functioning of the European Union, including the rules of the European Union and Bulgarian legislation on competition and state aid;

4. breaches, related to cross-border tax schemes, the purpose of which is to obtain a tax advantage, that is contrary to the subject or purpose of the applicable law in the field of corporate taxation;

5. committed crime of a general nature, for which a person under Art. 5 has learned in connection with the performance of his work or in the performance of his official duties.

(2) This Act shall also apply to reports or public disclosure of information about breaches of Bulgarian legislation in the field of:

1. the rules for payment of due public state and municipal receivables;

2. labor legislation;

3. the legislation, related to the performance of civil service.

(3) Where the sectoral acts of the European Union, referred to in Part II of the Annex provide for special rules on reporting, the rules, set out in those acts or national provisions, introducing the relevant rules shall apply. This Act shall apply insofar as a matter is not peremptorily regulated in the relevant sectoral acts and national regulations.

(4) This Act shall not affect:

1. the right of workers and employees, as well as employers to consult with their representative, trade union organizations and representatives under Art. 7, Para. 2 of the Labor Code;

2. the rules for the independence of representative bodies of workers and employees and of employers and their right to conclude collective labor agreements.

Exceptions form the scope

Art. 4. This Act shall not apply to reports of information for breaches:

1. of the rules for awarding public contracts in the field of defense and national security, when they fall within the scope of Art. 346 of the Treaty on the Functioning of the European Union;

2. of the protection of classified information within the meaning of Art. 1, Para. 3 of the Protection of Classified Information Act;

3. which have become known to persons, exercising a legal profession and for whom there is an obligation by law to protect professional secrecy;

4. of the confidentiality of health information within the meaning of Art. 27 of the Health Act;

5. of the secrecy of the judicial conference;

6. of the rules of criminal proceedings.

Persons, to whom protection is granted

Art. 5. (1) Protection under this Act shall be provided to a whistleblower from the moment the report is filed or the information about a violation is made public.

(2) A whistleblower within the meaning of this Act shall be a natural person, who files a report of information, or publicly discloses information about a breach, that has become known to him in his capacity as:

1. worker, employee, civil servant or other person, who performs wage labor, regardless of the nature of the work, the method of payment and the source of financing;

2. a person, who works without an employment relationship and/or exercises a free profession and/or craft activity;

3. volunteer or intern;

4. partner, shareholder, sole owner of the capital, member of the management or control body of a commercial company, member of the audit committee of an enterprise;

5. a person, who works for a natural or legal person, its subcontractors or suppliers;

6. a job applicant, who participated in a competition or other form of selection for employment and in this capacity received information about a violation;

7. worker or employee, when the information was obtained within the framework of an employment or service relationship, that was terminated at the time of the filing of the report of a signal, or of the public disclosure.

(3) Protection under this Act shall also be provided to any other whistleblower, who reports a breach, that has become known to him in a work context.

(4) Protection under this Act shall also be granted to:

1. persons, who assist the whistleblower in the reporting process;

2. persons, who are related to the whistleblower and who may be subject to repressive retaliation, due to the information reporting;

3. legal entities, in which the whistleblower has an equity interest, works for, or is otherwise associated with in a work context.

Conditions for the protection of whistleblowers

Art. 6. (1) A person, reporting breaches through an internal or external channel within the meaning of this Act shall have the right to protection, provided that he/she:

1. has had a reasonable reason to believe, that the submitted information about the breaches in the report was correct at the time of its submission and that this information falls within the scope of Art. 3;

2. has reported a breach under the terms and conditions of this Act.

(2) In the conditions under Para. 1, the person, who reports a breach under Art. 3 to institutions, bodies, services or agencies of the European Union shall also have the right to protection. Such reporting of information shall be considered as reporting through an external channel.

Conditions for the protection of persons, who publicly disclose information about breaches

Art. 7. A person, who publicly discloses information about a breach has the right to protection under this Act, when he had a reasonable reason to believe, that the information about the breach was true at the time of its disclosure and that this information falls within the scope of Art. 3, and any of the following conditions are met:

1. the person has filed a report under the conditions and in accordance with the procedure of this Act, but no relevant actions were taken on the report within the terms, provided for in Sections I and II of Chapter Two;

2. the person has reason to believe that:

a) the breach may represent an immediate or clear danger to the public interest or there is a risk of damage, that cannot be remedied;

b) in case of external reporting information, there is a risk of retaliatory actions or there is a possibility, that the breach will not be effectively dealt with, due to the danger of concealment or destruction of evidence, suspicion of collusion between the competent authority and the perpetrator of the breach, or the complicity of the authority in the breach, as well as due to other specific concrete circumstances of the case.

Prohibition for refusal of rights, or restriction

Art. 8. The rights, granted to persons under this Act may not be limited. Any provision in a public-law act or stipulation in a private-law act, that excludes or limits their rights shall be void.

Obstacles to formation of proceedings

Art. 9. Proceedings shall not be instituted after:

1. anonymous signal reporting;

2. reports, relating to breaches, committed more than two years ago.

Right to protection of the person, anonymously submitted report

Art. 10. Persons, who anonymously filed a report, not in accordance with this Act or publicly, but anonymously, disclosed information about breaches, and were subsequently identified and became the object of repressive retaliatory actions, shall have the right to protection, when the conditions under Art. 6, Para. 1 and Art. 7 are present.

Use of information reporting channels

Art. 11. (1) In view of the possibility of quickly preventing a breach or removing the consequences of such a breach, the information should be submitted as a priority through an internal reporting channel.

(2) In the event, that there is a reasonable assumption, that the is at risk of retaliatory discriminatory actions, and that no effective measures will be taken to verify the signal, the signal report may be submitted through an external submission channel.

(3) In view of the high public interest in preventing breaches of Bulgarian legislation and acts of the European Union, public disclosure of information about such breaches shall be encouraged. The persons, publicly disclosing such information, in addition to the protection under this Act, shall also enjoy the protection of free dissemination of information, established in the Constitution.

(4) Whistleblowers or publicly disclosing information about breaches may choose to report one way, a combination of two ways, or all three ways at the same time.

Chapter two.
REPORTING INFORMATION

Section I.

Internal reporting information

Obliged subjects

Art. 12. (1) Obliged subjects under this Act shall be as follows:

1. employers in the public sector, with the exception of the municipalities under Para. 2;

2. private sector employers with 50 or more workers or employees;

3. employers in the private sector, regardless of the number of workers or employees, if their activity falls within the scope of the European Union acts, specified in Part I, Letter "B" and Part II of the Annex to Art. 3, Para. 1 and 3.

(2) Municipalities with a population of less than 10,000 people or fewer than 50 workers or employees may share resources for receiving and following up on signal reporting, subject to confidentiality obligations.

(3) Obliged subjects under Para. 1, item 2 with a total number of 50 to 249 workers or employees may use a common channel for internal information reporting by designating one person or a separate unit, pursuant to Art. 14.

(4) Obliged subjects shall be obliged to provide clear and easily accessible information about the conditions and procedures for information reporting. The information shall be provided on the websites of the obliged subjects, as well as in a prominent place in the offices and work premises.

Requirements for creating an internal information reporting channel

Art. 13. (1) Obliged subjects under Art. 12, Para. 1 shall create an internal information reporting channel, that meets the following requirements:

1. it is managed in a way, that ensures the completeness, integrity and confidentiality of the information and prevents unauthorized persons from accessing this information;

2. enables the storage of information, recorded on a durable medium for the needs of the investigation of the information and for further investigations.

(2) Obliged subjects shall, at least once every three years, review their rules for internal reporting and follow-up, analyze the practice of implementing this Act and, if necessary, update the rules.

Employees, responsible for handling information reports

Art. 14. (1) Obliged subjects under Art. 12, Para. 1 shall designate one or more officials, who shall be responsible for handling reports.

(2) Employees, responsible for the consideration of reports may be the employees in the structure of each of the obliged subjects under Art. 12, Para. 1, charged with the processing and protection of personal data. Obliged subject, who do not have an obligation under Art. 37 of Regulation (EU) 2016/679 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and shall designate another employee, responsible for handling reports.

(3) Employees, responsible for handling information may also perform other activities, assigned by the employer, provided that their reconciliation does not result in a conflict of interest.

(4) Employees, responsible for handling signal reports should not have a conflict of interest for each case reviewed.

(5) Obliged subjects under Art. 12, Para. 1, items 2 and 3 may assign the functions of receiving and registering reports of breaches to another natural or legal person outside their structure, subject to compliance with the requirements of this Act, and may use an internal reporting channel, created from the economic group, to which they belong, if the channel meets the requirements of this Act.

Information reporting

Art. 15. (1) The report shall be submitted to the employee in charge of handling reports, in writing, including by e-mail, or orally. Verbal reporting may be done by telephone, other voice communication systems, and at the request of the reporting person - through a personal meeting in a suitable time, agreed between the parties.

(2) For the registration of information, the subjects, obliged under Art. 12 shall use forms, according to a model, approved by the national authority for external information reporting, which shall contain at least the following data:

1. the sender`s full name, address and telephone number, as well as an email address, if any;

2. the names of the person, against whom the report is filed and his workplace, if the report is filed against specific persons and they are known;

3. specific details of a breach or of a real danger, that it will be committed, the place and period of the breach, if it was committed, a description of the act or the situation and other circumstances, as far as these are known to the information reporter;

4. date of reporting the information;

5. signature, electronic signature or other identification of the sender.

(3) The written information shall be submitted by the sender by filling in a form under Para. 2. The verbal report shall be documented by filling in a form by the employee in charge of handling reports, who shall offer the whistleblower to sign it if he wishes.

(4) Any kind of sources of information, supporting the statements, made in it and/or reference to documents may be attached to the information, including the indication of data on persons, who could confirm the reported data or provide additional information.

(5) If the information does not meet the requirements under Para. 1, the information reporter shall be sent a message to eliminate the admitted irregularities within 7 days of receiving the information. If the irregularities have not been corrected within this period, the report, together with the attachments to it shall be returned to the whistleblower.

(6) Each information shall be checked for its credibility. Information, that does not fall within the scope of this Act and the content of which does not give reasons to be considered plausible are not considered shall not be considered. Reports, that contain patently false or misleading statements of fact will be returned with instructions to the sender to correct the statements and about the sender`s responsibility for persuasion.

Handling information. Internal inspection

Art. 16. Employees, responsible for handling signal reports shall be required to:

1. receive the information and confirm their receipt within 7 days after receipt;

2. ensure, that the identity of the whistleblower and any other person, named in the information will be properly protected and take the necessary measures to limit access to the information by unauthorized persons;

3. maintain contact with the whistleblower, requesting additional information from him and third parties if necessary;

4. provide feedback to the reporter of the signal about the actions, taken within a period of no longer, than three months after confirming the receipt of the signal;

5. provide the persons, wishing to file a report with clear and easily accessible information about the procedures for external reporting of information to the competent national authority, and when appropriate - to the institutions, bodies, services and agencies of the European Union;

6. document verbal information;

7. maintain a register of reported information

8. listen to the person, against whom the report was filed or accept his written explanations and collect and evaluate the evidence, indicated by him

9. provide the affected person with all the collected evidence and give him the opportunity to object to it within 7 days, subject to the information reporter’s protection;

10. provide an opportunity for the affected person to present and indicate new evidence to be collected in the course of the investigation;

11. in case the facts, presented in the report are confirmed:

a) organize the taking of follow-up actions in connection with the report, and for this purpose they may require the assistance of other persons or units in the structure of the relevant obliged subject;

b) offer obligations, subject under Art. 12, Para. 1, taking specific measures with the aim of stopping or preventing the violation in cases, where it has been established or there is a real danger of its imminent commission;

c) direct the whistleblower to the competent authorities, when his rights are affected;

d) forward the information to the external information reporting authority, if it is necessary to take action on its part, and the information reporter is notified in advance of the forwarding; in case the report is filed against the information reporter’s employer, the employee in charge of investigating the report shall direct the person to simultaneous reporting to the external information reporting authority.

Subsequent actions

Art. 17. (1) The obliged subject under Art. 12, Para. 1 shall:

1. based on the received report and the proposals of the employee, responsible for reviewing the report under Art. 16, item 11, letter "b", take actions within its competence to stop the breach or to prevent it, if it has not started;

2. prioritize, according to predetermined criteria and rules, the consideration of the numerous information, received for more serious breaches;

3. terminate the check:

a) when the reported breach is a minor case and does not require additional follow-up actions; termination shall not affect other obligations or applicable procedures in relation to the reported, or protections under this Act with respect to internal or external information reporting;

b) on a repeated information, that does not contain new information of essential importance for a breach, in respect of which there is already a completed investigation, unless new legal or factual circumstances justify taking further action;

c) when evidence of a committed crime is established; the information and the materials to it shall be sent immediately to the prosecutor`s office;

4. prepare an individual report, in which it briefly describes the information from the report, the actions taken, the final results of the check on the report, which, together with the reasons, shall be communicated to the worker or employee, who submitted the report and to the affected person, in compliance with the obligation to protect them.

(2) In cases, where the inspection is terminated on the basis of Para. 1, item 3, letters "a" and "b", the information reporting person may file a report with the national body for external information reporting.

Register of information

Art. 18. (1) The obliged person under Art. 12, Para. 1 shall create and maintain a register of reports of breaches, which shall not be public.

(2) The register shall contain information about:

1. the person, having received the information;

2. the date of reporting the information;

3. the affected person, if such information is contained in the report;

4. summary data on the alleged breach, such as place and period of commission of the breach, description of the act and other circumstances, under which it was committed;

5. the connection of the submitted report with other information after its establishment in the report processing process;

6. information, provided as feedback to the person, who filed the report and the date of its provision;

7. follow-up action taken;

8. the results of the check on the report;

9. the report storage period.

(3) The information, entered in the register shall be stored in a way, that guarantees its confidentiality and security.

(4) The procedure for keeping the register shall be determined by an act of the obligated person under Art. 12, Para. 1, in compliance with the Ordinance of the national body for external information reporting.

(5) The employees, responsible for the consideration of reports shall be obliged to regularly submit the necessary statistical information to the national authority for external reporting of reports in accordance with the procedure, established by it, including in the presence of a technical possibility by establishing a direct connection between the register of the obliged person and the register, kept by the national information reporting authority.

Section II.
External information reporting

Central authority for external information reporting

Art. 19. (1) The central body for external signal reporting and for the protection of the persons, to whom such protection is provided in the sense of this Act shall be the Commission for the Protection of Personal Data, hereinafter referred to as "the Commission".

(2) implementing this Act, the Commission shall:

1. organize the reception of the information and directs them to the competent authorities in order to check them and take follow-up actions;

2. approve forms for receiving information; shall coordinate and supervise the activities of consideration of information by the obliged subjects under Art. 20, as well as to all bodies and organizations, that receive or operate with such information;

3. give methodical instructions to the obliged subjects under Art. 12, Para. 1, carry out trainings for their employees, responsible for the examination of information under this Act, and adopt an Ordinance for keeping the register under Art. 18, Para. 4 and for forwarding the internal information to it;

4. maintain a register of information, analyze and summarize the practice of working with them and transmit the necessary statistical data to the European Commission;

5. fulfill the other powers, attributed to it by virtue of this Act, and ensure the protection of persons, reporting or publicly disclosing information about breaches, including through the application of the administrative measures, provided for in this Act.

(3) Information reports, related to illegal processing of personal data within the meaning of Regulation (EU) 2016/679, the Personal Data Protection Act and other special Acts or instruments of the European Union shall be considered by the Commission, according to the general procedure, provided for in these Acts and instruments.

Report verification and referral by competence

Art. 20. (1) For the purpose of verifying the information and publicly disclosed information about breaches, as well as for taking appropriate actions to prevent the breaches or to eliminate their consequences, the Commission shall forward the information immediately, but no later than 7 days after their receipt, to the authority, competent for the subject of the report, as follows:

1. The Competition Protection Commission - for information reports under Art. 3, Para. 1, item 1, letter "a" and item 3;

2. The Financial Supervision Commission - for information reports under Art. 3, Para. 1, item 1, letter "b";

3. the Chairman of the Metrological and Technical Supervision State Agency - for information reports under Art. 3, Para. 1, item 1, letter "c";

4. the Minister of Transport and Communications - for information reports under Art. 3, Para. 1, item 1, letter "d", for all types of transport;

5. the Minister of Environment and Water - for information reports under Art. 3, Para. 1, item 1, letter "e";

6. the Chairman of the Nuclear Regulatory Agency - for information reports under Art. 3, Para. 1, item 1, letter "f";

7. The Bulgarian Food Safety Agency - for reports under Art. 3, Para. 1, item 1, letter "g";

8. the Chief state health inspector within the meaning of the Health Act - for reports under Art. 3, Para. 1, item 1, letter "h";

9. The Consumer Protection Commission - for reports under Art. 3, Para. 1, item 1, letter "i";

10. The National Computer Security Incident Response Team - for reports under Art. 3, Para. 1, item 1, letter "k";

11. the Minister of Finance - for reports of breaches under Art. 3, Para. 1, item 2 and Para. 2, item 1;

12. the Executive Director of the National Revenue Agency - for reports of breaches under Art. 3, Para. 1, item 4;

13. the Executive Director of the Main Labor Inspectorate Executive Agency - for reports under Art. 3, Para. 2, items 2 and 3;

14. the Regional Governor of the region, in which the municipality against which the report was filed is located, or another competent central authority of the executive power according to the specifics of the report.

(2) The Commission shall forward the report to the competent authority under Para. 1, without disclosing data about the person, who filed the report. In the event, that in order to establish the truth of the facts, alleged in the report, it is necessary to reveal the identity of their sender, the Commission may do so before the competent authority, only after obtaining written consent from the sender of the report. Upon obtaining consent, the competent authority under Para. 1 shall be obliged to provide conditions for working with the information and with the sender of the information in strict compliance with the requirements of this Act for preserving the identity of the sender of the report and his protection. The competent authority shall notify the Commission of the follow-up actions in relation to the report within the terms of Art. 23, Para. 1, item 2.

(3) The provision of Para. 2 shall not apply when the reports of breaches, committed by persons, holding high public positions. In these cases, the Commission shall send the report for verification to the Commission for Combating Corruption and for Confiscation of Illegally Acquired Property.

(4) The Commission shall have the right at any time to request information from a body under Para. 1 for the stage, at which the check, carried out by him is based on the report submitted, and to give instructions on the way to carry out the check, which are mandatory for the relevant authority.

Publicity of the activity of receiving information reports by the Commission

Art. 21. The Commission shall publish the following information on its website in a separate and easily recognizable and accessible section:

1. the conditions, under which the right to protection under this Act is granted;

2. contact details, regarding the use of the external information reporting channel, in particular email and postal addresses, telephone numbers, indicating whether telephone calls are recorded;

3. the procedures, applicable to information reporting, including the manner in which the Commission may request the reporter to clarify the information submitted or provide additional information, the deadline for providing feedback to reporter, the type and content of the feedback;

4. the privacy regime, applicable to information and information on the processing of personal data in relation to information;

5. the follow-up actions, that are taken in relation to the information;

6. the options for obtaining confidential counseling for persons considering to report information, the procedures and legal remedies against retaliatory actions;

7. the conditions, under which the person, reporting to the Commission is protected from liability in case of confidentiality, pursuant to Art. 31.

Requirements to the external information reporting channel

Art. 22. (1) The Commission shall build a channel for external reporting of information in accordance with the requirements of Art. 13.

(2) The channel for external reporting of information shall be an independent structural unit of the Commission, provided with a sufficient number of employees, specially trained for the work of examining information. The distribution of received information among the employees of the unit shall take place on a random basis.

(3) The employees of the unit shall have no right to provide information about the information received, and especially about their senders, to other employees, including the other members of the Commission.

(4) In cases, where the Commission receives information in a manner, different from that under Para. 1, or by employees, other than the employees, responsible for investigating the reports, to the employees who received it, shall be forbidden to disclose any information, by which the identity of the whistleblower or the affected person could be established, they shall undertake immediately to forward the report without changes to the employees, responsible for handling reports.

Receiving information from the external channel

Art. 23. (1) In their activity, the employees of the Commission`s unit - a channel for external reporting of information, shall fulfill the obligations under Art. 15, as well as they shall:

1. immediately acknowledge receipt of the report, unless the reporter has specifically requested otherwise or the employee has reason to believe, that acknowledging receipt of the report would jeopardize the protection of the reporter’s identity;

2. in accordance with this Act, provide feedback to the reporter within a period of no longer, than three months, which may be extended to 6 months in duly justified cases, requiring a thorough investigation;

3. transmit the information, contained in the report as appropriate to the competent institutions, bodies, services or agencies of the European Union for the purpose of subsequent investigation, when it concerns breaches of EU law and this is provided for in it or in the national law.

(2) Receiving and working with information in the unit - a channel for external reporting of information, shall be done by its employees, when applying the provisions of Art. 16.

(3) Persons, who have publicly disclosed information about breaches shall be guaranteed immediate protection by the Commission upon their request. For this purpose, the Commission shall notify in writing the employer or the other person, against whom the publicly disclosed information is directed, that the whistleblower is placed under the protection of the law, indicating the consequences if repressive retaliatory actions are taken against the reporter.

Powers when carrying out inspections

Art. 24. The employees under Art. 22 shall:

1. review the information received and forward them for verification to the relevant competent authority under Art. 20 in view of the subject of the information; forwarding shall take place no later than 7 days after the receipt of the report, of which its sender is notified;

2. maintain continuous contact with the sender of the report and with the competent authority in charge of carrying out the inspection, assisting in the exchange of information between the two parties, regarding the request or transmission of additional data and information;

3. carry out independent checks on reports of breaches, committed by the authorities under Art. 20; for this purpose, they shall have the right to request and receive information from state and municipal bodies, as well as from legal entities and individuals, necessary to establish additional factual circumstances, related to the report; authorities and persons shall be obliged to submit the necessary information and documents within 7 days of receiving the request.

Subsequent actions

Art. 25. (1) Based on the report of the relevant officer, the head of the unit shall propose to the Commission:

1. taking concrete measures in order to stop the breach in the cases, where it has been found;

2. sending the information, contained in the report to the competent institutions, bodies, offices or agencies of the European Union for the purpose of subsequent investigation, when this is provided for in acts of the European Union; in these cases, the whistleblower shall be notified of the referral within 7 days;

3. referral to the prosecutor`s office in cases of a detected crime;

4. taking measures to protect the person, who filed the report;

5. termination of verification:

a) when the reported breach is clearly minor and does not require further follow-up action; termination does not affect other obligations or applicable procedures in relation to the reported, or protections under this Act with respect to internal or external information reporting;

b) on a repeated alert, that does not contain new information of essential importance for a violation, in respect of which there is already a completed investigation, unless new legal or factual circumstances justify taking further action;

c) by taking the actions under items 1 - 4.

(2) In the cases under Para. 1, the Commission shall examine the proposed report in a closed session and render a decision, which is subject to appeal by the interested parties in accordance with the Administrative Procedure Code.

Report of the Commission

Art. 26. (1) The Commission shall issue a report on the actions, taken within a period of no longer than three months, or in duly justified cases - 6 months, from the receipt of the information report.

(2) The report under Para. 1 shall include a description of the information, contained in the report, the actions taken, the final results of the check on the report and the decision taken under Art. 25, Para. 1.

(3) The Commission`s report shall be communicated to the whistleblower and the affected person through the employee under Art. 22 in the terms under Art. 23, Para. 1, item 2.

Possibility for considering report with priority

Art. 27. (1) In the event of multiple incoming reports, the Commission may decide to prioritize reports of serious breaches .

(2) The conditions and procedure for priority consideration of reports of serious breaches shall be adopted by the Commission.

Interaction between information receiving bodies

Art. 28. (1) In the event, that a report of breaches of the Bulgarian legislation or the European Union law has been received directly by one of the authorities under Art. 20, the relevant manager shall be obliged to immediately forward the report to the Commission through the relevant external reporting channel. In the event, that the report reaches employees, other than those, responsible for handling reports, the employees, receiving it shall be prohibited from disclosing any information, that could identify the reporting or affected person, and the report shall be forwarded immediately, without modification, to the employees, responsible for consideration of the information.

(2) Contact with the reporting person shall be established immediately, but no later than 7 days, by the Commission through the unit - channel for external reporting, which shall notify the sender of the change in the address of his report.

(3) The work on the report may be assigned to the same authority, where the report was originally filed, if it is competent in the case, under the direction and supervision of the Commission and in compliance with the procedures, provided for in this Act.

Register of information reports. Overview of procedures

Art. 29. (1) The Commission shall create and maintain a register of information in accordance with the provisions of Art. 18, Para. 2 and 3. The register of the Commission shall be connected to and may receive information from the registers of the obliged objects under Art. 20, as well as transmit information to them if necessary.

(2) The Commission shall annually send to the European Commission information on:

1. the number of reports received;

2. the number of inspections, performed and their results;

3. report on financial receipts from collected fines and property sanctions and assessment in case of established financial damages.

(3) At least once a year, the Commission shall organize a general meeting with the authorities under Art. 20, at which the activity of working with information shall be analyzed, as well as for the purpose of collecting statistical data for the needs of preparing the report under Para. 2.

(4) The Commission shall publish on its website the information under Para. 2 in compliance with the requirements for the protection of personal data and the Classified Information Protection Act.

(5) The Commission shall regularly, and at least once every three years, review its rules for external reporting and follow-up, analyze the practice of applying this Act and update the rules, if necessary.

External audit

Art. 30. (1) The Commission shall be subject to an external audit, regarding the fulfillment of the obligations under this Act and the correct handling of information and the protection of their senders. The audit shall be carried out by the Ombudsman of the Republic of Bulgaria.

(2) The Ombudsman shall perform an on-site inspection of the work of the unit - an external channel for reporting information, which shall include a review of compliance with the deadlines for processing information, the quality of interaction between the Commission and other competent authorities under Art. 20, the compliance of the registers with the law and other aspects of the Commission`s activity, allowing an assessment of its effectiveness, in relation to the operation with the information. During the inspection, full access to the work of the unit under Art. 22 shall be provided.

(3) The Ombudsman shall accept and examine complaints against the Commission by persons, who have sent reports, including about unsecured protection or breaches of the confidentiality of the information about them.

(4) The Ombudsman shall include information on the audits, carried out by him of the activities of the Commission for the implementation of the provisions of this Act in his annual report, which he shall submit to the National Assembly.

Section III.

Additional rules, applicable to internal and external information reporting

Obligation of confidentiality

Art. 31. (1) Obliged subjects under Art. 12, Para. 1 and the Commission shall take appropriate measures to protect the information, related to the reported breaches and to protect the identity of the whistleblower, providing access to the information only to the employees, who need this data to perform their official duties.

(2) The transmission of data and reference to circumstances by the Commission and the obliged subjects under Art. 12, Para. 1 may not directly or indirectly reveal the identity of the reporting person, as well as create an assumption about his identity.

(3) Para. 1 and 2 shall also apply to protect the identity of the persons concerned.

(4) Disclosure of identity or information under Para. 1 shall be allowed only with the express written consent of the reporting person.

(5) Notwithstanding the provisions of Para. 1, the identity of the reporting person and any other information, from which his identity may be directly or indirectly known may be disclosed only when this is a necessary and proportionate obligation, imposed by Bulgarian legislation or by the European Union law, in the context of investigations by national authorities or judicial proceedings, including with a view to guaranteeing the right of defense of the person concerned.

(6) In the cases under Para. 5, before disclosure of the identity or the information under Para. 1, the obliged subjects under Art. 12, Para. 1 or the Commission shall notify the information reporter of the need for their disclosure. The notification shall be in writing and shall be motivated. The reporter shall not be notified when the investigation or legal proceedings are jeopardized.

(7) The Commission and the employees, who receive information about a breach, that involves trade secrets shall be required not to use or disclose trade secrets for purposes, that go beyond what is necessary to take follow-up action.

Personal data processing

Art. 32. (1) Any processing of personal data, carried out pursuant to this Act, including the exchange or transmission of personal data by the competent authorities, shall be carried out in accordance with Regulation (EU) 2016/679 and Directive (EU) 2016/680, and when the transmission involves institutions, bodies, services or agencies of the European Union - in accordance with Regulation (EU) 2018/1725, as well as with the Personal Data Protection Act.

(2) No personal data shall be collected, that is clearly not relevant for considering the specific report, and if it is accidentally collected, shall be deleted.

Chapter three.
MEASURES FOR ENSURING PROTECTION

Prohibition of retaliation against persons, who have reported information, or publicly disclosed information about a breach

Art. 33. (1) Any form of retaliatory actions against the persons, specified in Art. 5, having the nature of repression and putting them in a disadvantageous position, as well as threats or attempts of such actions shall be prohibited, including in the form of:

1. temporary suspension, dismissal or application of another ground for termination of the legal relationship, under which the person is employed;

2. demotion or delay in promotion;

3. a change in the place or nature of work, the length of working hours or a reduction in remuneration;

4. refusal to provide training to maintain and improve the professional qualification of the worker or employee;

5. negative evaluation of work, including in a job recommendation;

6. application of property and/or disciplinary liability, including imposition of disciplinary penalties;

7. coercion, rejection, threats to take retaliatory actions or actions, expressed physically, verbally or in any other way, which are intended to harm the dignity of the person and create a hostile professional environment;

8. direct or indirect discrimination, unequal or unfavorable treatment;

9. taking away the possibility to switch from a fixed-term employment contract to an employment contract for an indefinite period of time, when the worker or employee had a legal right to be offered a permanent job;

10. preterm termination of a fixed-term employment contract or refusal to re-conclude it, when such is permissible by the law;

11. harms, including to the person`s reputation, in particular in social networks, or financial losses, including loss of business and loss of income;

12. inclusion in a list, drawn up on the basis of a formal or informal agreement, in a sector or in an industry, which may result in the person not being able to start working or not being able to supply a good or service in that sector or industry (blacklist);

13. early termination or cancellation of a contract for the supply of goods or services when the person is a supplier;

14. termination of a license or permit;

15. directing the person to a medical examination.

(2) The competent authorities under Art. 20, Para. 1 shall give mandatory prescriptions to stop the damaging actions under Para. 1 until completion of their inspection.

Responsibility of harms

Art. 34. In case of violation of prohibition under Art. 33 the information reporting person shall have the right to compensation for the property and non-property harms, suffered.

Measures for support

Art. 35. (1) The persons under Art. 5 shall have the right to access the following support measures:

1. free and accessible information and advice, regarding procedures and protection measures under Art. 36, 37, 38 and 39;

2. assistance to any authority, necessary to protect them against retaliatory actions, including by giving proper notice of the fact, that they are entitled to protection under this Act;

3. legal assistance in criminal, civil, administrative and in international disputes in civil cases, related to the protection of the reporting person in connection with the report, submitted by him or the disclosed information, in accordance with the Legal Aid Act;

4. out-of-court resolution of cross-border disputes through mediation in accordance with the Mediation Act.

(2) The measures under Para. 1, items 1 and 2 shall be provided by the Commission, the measures under item 3 - by the National Legal Aid Bureau, and the measures under item 4 - by a mediator, entered in the Unified Register of Mediators.

Exemption from liability

Art. 36. (1) Reporting persons shall not be liable for the acquisition of, or access to, information, that is reported or publicly disclosed, provided that such acquisition or access does not constitute a separate crime.

(2) Reporting persons shall not be liable for breach of disclosure restrictions, imposed by contract, lawful or legislative act or administrative action, provided they have reasonable grounds to believe, that the information reporting, or public disclosure of information was necessary for disclosure of the breach.

(3) When a person files a report or publicly discloses information about breaches, falling within the scope of this Act, and this information includes a trade secret, and when that person meets the conditions of this Act, this reporting or public disclosure shall be considered lawful within the meaning of Art. 7, Para. 2 of the Commercial Secret Protection Act.

Harms, caused to private subjects

Art. 37. Harms, caused to the reporting person in connection with the submitted report or publicly disclosed information shall be considered to be caused intentionally until proven otherwise.

Possibility of termination of legal proceedings

Art. 38. When criminal, civil or administrative proceedings have been instituted against a person in connection with a report, submitted by him or publicly disclosed information, he shall have the right to request termination of these proceedings, if there was a reasonable reason to assume, that the filing of the report or public disclosure of the information were necessary to detect an infringement.

Protection of affected persons

Art. 39. (1) The affected person shall fully enjoy his right to defense and to a fair trial, as well as the presumption of innocence, including to be heard, and his right of access to the documents, relating to him.

(2) The affected person shall have the right to compensation for all pecuniary and non-pecuniary damages, when it is established, that the person under Art. 5 has knowingly sent a report with false information or publicly disclosed false information, as well as when, according to the circumstances, he was obliged to assume, that the information had been false.

Liability for act or omission of act, unrelated to the information reporting

Art. 40. (1) The whistleblower shall be liable - according to the Bulgarian legislation and the EU law for an action or inaction, that is not related to the submission of the report or is not necessary for the disclosure of the breach.

(2) In the case of a judicial or administrative legal process, in which a person claims to have been subject to retaliatory actions under Art. 33, it must be proven, that these actions are a reaction precisely to information, submitted by him. It should not be assumed, that the retaliatory action was carried out as a reaction to a report, submitted by the person, if the assessment of all the circumstances indicates, that the person, who imposed the measure has another legal basis for applying the measure.

Chapter four.
ADMINISTRATIVE PENAL PROVISIONS

Art. 41. (1) A person, who fails to fulfill an obligation under Art. 13, Para. 1 and 2, unless subject to a more severe punishment shall be punished by a fine of BGN 1000 to 5000.

(2) When the breach under Para. 1 is committed by a legal entity, or a sole trader, a property sanction in the amount of BGN 5,000 to BGN 20,000 shall be imposed.

(3) For a repeated breach under Para. 1 and 2, the penalty shall be a fine of BGN 5,000 to BGN 10,000 or a pecuniary sanction in the amount of BGN 10,000 to BGN 30,000.

Art. 42. It shall be punishable by a fine in the amount of BGN 400 to BGN 4,000, unless it is subject to a heavier penalty, a person, who:

1. obstructs or attempts to obstruct the submission of a report, made in pursuance of the purpose of this Act;

2. fails to take the necessary follow-up actions under Art. 17, Para. 1, items 1 - 3 in connection with the information or deliberately delayed them;

3. within the statutory period, did not provide information about the subsequent actions of the person, who submitted the report under Art. 16, item 4.

Art. 43. It shall be punishable by a fine in the amount of BGN 2,000 to BGN 8,000, unless it is subject to a heavier penalty, a person, who:

1. takes action with the aim of repression against the person, who submitted the report or against a person, related to him, under Art. 33;

2. initiates proceedings, if it is carried out only with the intention of harming the person, having reported the information.

Art. 44. A person, who violates the obligations under Art. 31 shall be punishable by a fine in the amount of BGN 400 to BGN 4,000, unless subject to a heavier penalty.

Art. 45. When it is established, that the person knowingly submitted a report or made public false information shall be punished with a fine of BGN 3,000 to BGN 7,000. The right of the affected person to claim compensation for damages suffered shall be preserved.

Art. 46. (1) The acts, establishing the breaches shall be drawn up by officials, designated by the Chairman of the Commission, and the penal decrees shall be issued by the Chairman of the Commission.

(2) Drawing up of acts, issuing, appeal and execution of criminal decrees shall be carried out in accordance with the Administrative Violations and Penalties Act.

Art. 47. Fines and pecuniary sanctions shall be paid into the income of the State budget.

Additional provisions

§ 1. In the meaning of this Act:

1. "Breaches" are acts or omissions of such, that are:

a) illegal and related to the Bulgarian legislation or the acts of the European Union in the areas, specified in Art. 3, or

b) contradict the subject or purpose of the rules in the acts of the European Union and the areas, specified in Art. 3.

2. "Employer" is any natural person, legal entity or its division, as well as any other organizational and economically separate entity (enterprise, establishment, organization, cooperative, farm, establishment, household, company and the like), that independently hires workers or employees on labor and service legal relationship, including for home work and remote work and for sending to perform work in a user enterprise.

3. "Breach information" is information, including reasonable suspicions, of actual or potential violations, that have occurred or are likely to occur in the organization, in which the whistleblower works or has worked, or in another organization, with which he or was in contact during the course of his work, as well as for attempts to cover up breaches.

4. "Work context" is current or past work activities in the public or private sector through which, regardless of their nature, individuals receive information about breaches and within which such individuals may be subject to retaliatory retaliation, if they report such information.

5. "Affected person" is a natural or legal person, who is identified in the filing of the report or in the public disclosure of information as the person, to whom the breach is attributed or with whom that person is connected.

6. "Feedback" means providing the reporting person with information about the action, that is intended or has already been taken as a follow-up action, as well as the reasons for the follow-up action in question.

7. "Rejection" is an action or inaction with the aim of isolating the person, who sent a report or publicly disclosed information about a breach from the professional environment.

8. "Enterprise" is any natural person, legal entity or civil society, that carries out economic activity, regardless of its ownership, legal and organizational form.

9. "Persons, related to the information reporter" are third parties, who may be subject to retaliatory retaliation in a work context, such as colleagues or relatives without limitation in degrees.

10. "Repeated" is the breach, committed within one year from the entry into force of the criminal decree, by which the person was punished for the same type of breach.

11. "Retaliation" is any direct or indirect action or omission of such, that occurs in a work context, is triggered by internal or external signal reporting or public disclosure, and that causes or may cause adverse consequences to the reporting person’s detriment.

12. "Follow-up action" means any action, taken by the person receiving the report or by a competent authority to assess the accuracy of the allegations, presented in the report and, where appropriate, to address the reported breach, including through actions, such as internal inquiry, investigation, prosecution, actions to secure funds or closing the procedure.

13. "Sufficient data" is data, from which a reasonable assumption may be made about a breach, that falls within the scope of this Act.

14. "Obviously minor breach" is present when the committed breach reveals a clearly insignificant degree of public danger in view of the absence or insignificance of harmful consequences.

15. "Serious breach" is present, when the committed breach has or could have a significant and long-lasting negative impact on the public interest.

16. "Internal reporting of information" is verbal or written communication of information about breaches within a legal entity in the private or public sector.

17. "External reporting of information" is verbal or written communication of information about breaches to the competent authorities.

18. "Durable media" is any carrier of information, enabling the obliged entities under Art. 12, Para. 1 or the Commission to store information, that allows its easy use in the future for a period, corresponding to the purposes, for which the information is intended and that allows the unchanged reproduction of the stored information.

19. "Privacy of personal life" is any interference with personal space within the meaning of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 on the processing of personal data and the protection of the right to privacy in the sector of electronic communications (Directive on privacy and electronic communications) (OJ L 201/37 of 31 July 2002).

§ 2. This Act shall introduce the requirements of Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons, who report breaches of EU law (OJ, L 305/17 of 26 November 2019 ), amended by Regulation (EU) 2020/1503 of the European Parliament and of the Council of 7 October 2020 on European crowdfunding service providers and amending Regulation (EU) 2017/1129 and Directive (EU) 2019/1937 (OJ, L 347/1, 20 October 2020).

Concluding provisions

§ 3. In the Protection of Personal Data Act (prom., SG, 1/02; amend., SG, 70 and 93/04, SG, 43 and 103/05, 30 and 91/06, SG, 57/07, 42/09, 94 and 97/10, 39, 81 and 105/11, 15/13, 81/16, 85 and 103/17, 7/18, 17/19; Decision No. 8 of the Constitutional Court of 2019 - no. 93/19) the following amendments and supplementations have been made:

1. In Art. 7, Para. 4, sentence one after the words: "National Statistical Institute" a comma is placed and "increased by 20 percent" is added.

2. In Art. 9 Para. 5 is created:

"(5) The meetings of the Commission, in which decisions are taken in implementation of the Act on the Protection of Persons, Reporting Information or Publicly Disclosing Information on Breaches, shall be closed”.

3. Art. 10b shall be amended as follows:

"Art. 10b. (1) The Commission shall perform the functions of a central body for external whistleblowing in the sense of the Act on the Protection of Persons Reporting Information or Publicly Disclosing Information on Breaches.

(2) The Commission may be assigned other tasks and powers only by an Act."

4. In Art. 25f, Para. 2, a comma is placed at the end and the following shall be added: "within the terms of Art.12, Para. 3 and 4, and under the conditions of Para. 5 and 6 of Regulation (EU) 2016/679, unless otherwise provided by an Act."

5. In Art. 38:

a) New Para. 7 shall be added:

"(7) Complaint under Para. 1 may be withdrawn until the expiry of the period for appealing the decision of the Commission under Para. 3 and 4.";

b) the previous Para. 7 becomes Para. 8.

6. In Art. 85:

a) in para. 2 the words: "Art. 12a, Para. 2" are replaced by "Art. 12a, Para. 1, Art. 25d, Art. 25f, Para. 2";

b) Para. 7 shall be added:

"(7) For a violation under Para. 2, an administrative measure may be imposed and/or coercive measure under Art. 58, Para. 2, letters "a" - "h" and "j" of Regulation (EU) 2016/679."

§ 4. In the Legal Aid Act (prom., SG No. 79/05; amend., No. 105/05, No. 17 and 30/06, No. 42/09, Nos. 32, 97 and 99/10, Nos. 9, 82 and 99/11, No. 82/12, Nos. 15 and 28/13, No. 53/14, No. 97/16, Nos. 13 and 63/17, Nos. 7, 56, 77 and 92/18, Nos. 24 and 101/19 and No. 102/22.) in Art. 8, item 14 is created:

"14. provides legal assistance in criminal, civil, administrative and international disputes in civil cases in connection with a sent report or publicly disclosed information under the conditions and in accordance with the Act on the Protection of Persons, Reporting Information or Publicly Disclosing Information on Breaches."

§ 5. In the Ombudsman Act (prom., SG No. 48/03; amend., Nos. 30 and 68/06, No. 42/09, No. 97/10, No. 29/12, No. 15/13 and Nos. 7 and 20/18) in Art. 19, Para. 1 item 14 is created:

"14. performs an external audit of the activity of working with reports and protection of whistleblowers under the Act on the Protection of Persons Reporting Information or Publicly Disclosing Information on Breaches."

§ 6. The funds, necessary to cover the costs of the implementation of the activities, assigned by the Act shall be provided by the budgets of the Protection of Personal Data Commission and the Ombudsman by the Ministry of Finance. If necessary, the chairman of the Personal Data Protection Commission and the Ombudsman may make a proposal to the Minister of Finance to provide additional funds to ensure the assigned activities

§ 7. The Personal Data Protection Commission shall give instructions on the application of the Act to all obliged entities and supervise their implementation of its provisions.

§ 8. Within a period of three months from the promulgation of this Act in the State Gazette, the Personal Data Protection Commission shall bring its Rules of Procedure into line with it.

§ 9. Within 6 months of the promulgation of this Act in the "State Gazette", the Personal Data Protection Commission shall adopt the Ordinance under Art. 19, Para. 1, item 3 and the instructions to the obliged entities under Art. 12, Para. 1, develop a model information report register and report acceptance form, which shall be made available free of charge for use by all obliged subjects.

§ 10. The Act shall enter into force three months after its promulgation in the "State Gazette", as Chapter Two, Section I with Art. 12 - 18 shall apply in relation to employers in the private sector, who have between 50 and 249 workers or employees, from 17 December 2023.

-------------------------

The Act was adopted by the 48th National Assembly on January 27, 2023 and was stamped with the official seal of the National Assembly.

Annex to Art. 3, Para. 1 and 3

Part I

А. Art. 3, Para. 1, item 1, letter "a" - public procurement:

1. Rules for the award of public procurement and concession contracts, for the award of defense and security contracts and for the award of contracts by entities, operating in the water, energy, transport and postal services sectors and any other contracts as is stated in:

a) Directive 2014/23/EU of the European Parliament and of the Council of 26 February 2014 on the award of concession contracts (OJ, L 94, 28.3.2014, p. 1);

b) Directive 2014/24/EU of the European Parliament and of the Council of 26 February 2014 on public procurement and repealing Directive 2004/18/EC (OJ, L 94, 28.3.2014, p. 65);

c) Directive 2014/25/EU of the European Parliament and of the Council of 26 February 2014 on the award of contracts by contracting entities, operating in the water supply, energy, transport and postal services sectors and repealing Directive 2004/17/EC (OJ, L 94, 28.3.2014, p. 243);

d) Directive 2009/81/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of procedures for the award of certain works, supply and service contracts by contracting authorities or contracting entities in the field of defense and security and amending Directives 2004 /17/EC and 2004/18/EC (OJ, L 216, 20.8.2009, p. 76).

B. 2. Review procedures, governed by:

a) Council Directive 92/13/EEC of 25 February 1992 on the coordination of law, regulations and administrative provisions, concerning the application of Community rules on the award of public contracts to entities, operating in the water, energy, transport and telecommunications sectors (OJ, L 76, 23.3.1992, p. 14);

b) Council Directive 89/665/EEC of 21 December 1989 on the coordination of statutory, regulatory and administrative provisions, relating to the application of appeal procedures in the award of public supply and construction contracts (OJ, L 395, 30.12. 1989, p. 33).

C. Art. 3, Para. 1, item 1, letter "b" - financial services, products and markets and prevention of money laundering and terrorist financing:

Rules, establishing a regulatory and supervisory framework and protecting consumers and investors in the field of EU financial services and capital markets, banking, lending, investment, insurance and reinsurance, occupational or personal pensions, products, securities, investment funds, services in the field of payments and activities, listed in Annex I to Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activities of credit institutions and on the prudential supervision of credit institutions and investment intermediaries, amending Directive 2002/87 /EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ, L 176, 27.6.2013, p. 338), as stated in:

a) Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the undertaking, exercise and prudential supervision of the activities of electronic money institutions and amending Directives 2005/60/EC and 2006/48/EC, and for the repeal of Directive 2000/46/EC (OJ, L 267, 10.10.2009, p. 7);

b) Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on alternative investment fund managers and amending Directives 2003/41/EC and 2009/65/EC and Regulation (EC) No 1060 /2009 and (EU) No. 1095/2010 (OJ, L 174, 1.7.2011, p. 1);

c) Regulation (EU) No 236/2012 of the European Parliament and of the Council of 14 March 2012 on short selling and certain aspects of credit default swaps (OJ, L 86, 24.3.2012, p. 1);

d) Regulation (EU) No. 345/2013 of the European Parliament and of the Council of 17 April 2013 on European venture capital funds (OJ, L 115, 25.4.2013, p. 1);

e) Regulation (EU) No. 346/2013 of the European Parliament and of the Council of 17 April 2013 on European funds for social entrepreneurship (OJ, L 115, 25.4.2013, p. 18);

f) Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on residential real estate credit agreements for consumers and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) no. 1093/2010 (OJ, L 60, 28.2.2014, p. 34);

g) Regulation (EU) No. 537/2014 of the European Parliament and of the Council of 16 April 2014 on specific requirements, regarding the mandatory audit of public interest undertakings and repealing Commission Decision 2005/909/EC (OJ, L 158, 27.5.2014, p. 77);

h) Regulation (EU) No. 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No. 648/2012 (OJ, L 173, 12.6.2014, p 84);

i) Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No. 1093/2010 and repealing Directive 2007/64/EC (OJ, L 337, 23.12.2015, p. 35);

j) Directive 2004/25/EC of the European Parliament and of the Council of 21 April 2004 on takeover proposals (OJ L 142, 30.4.2004, p. 12);

k) Directive 2007/36/EC of the European Parliament and of the Council of 11 July 2007 on the exercise of certain rights of shareholders of companies, admitted to a regulated market (OJ, L 184, 14.7.2007, p. 17);

l) Directive 2004/109/EC of the European Parliament and of the Council of 15 December 2004 on the harmonization of transparency requirements with regard to information on issuers, whose securities are admitted to trading on a regulated market and amending Directive 2001/34 / EC (OJ, L 390, 31.12.2004, p. 38);

m) Regulation (EU) No 648/2012 of the European Parliament and of the Council of 4 July 2012 on OTC derivatives, central counterparties and trade repositories (OJ, L 201, 27.7.2012, p. 1);

n) Regulation (EU) 2016/1011 of the European Parliament and of the Council of 8 June 2016 on indices used as benchmarks for the purposes of financial instruments and financial contracts or to measure the performance of investment funds and amending Directive 2008/48 /EC and 2014/17/EU and Regulation (EU) No. 596/2014 (OJ, L 171, 29.6.2016, p. 1);

o) Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking up and pursuit of insurance and reinsurance business (Solvency II) (OJ, L 335, 17.12.2009, p. 1);

p) Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014р establishing a framework for the recovery and restructuring of credit institutions and investment firms and amending Council Directive 82/891/EEC and Directives 2001/24/ EC, 2002/47/EC, 2004/25/EC, 2005/56/EC, 2007/36/EC, 2011/35/EC, 2012/30/EC and 2013/36/EC and of Regulations (EC) No. 1093/2010 and (EU) No. 648/2012 of the European Parliament and of the Council (OJ, L 173, 12.6.2014, p. 190);

q) Directive 2002/87/EC of the European Parliament and of the Council of 16 December 2002 on the additional supervision of credit institutions, insurance undertakings and investment intermediaries to a financial conglomerate and amending Directives 73/239/EEC, 79/267/ EEC, 92/49/EEC, 92/96/EEC, 93/6/EEC and 93/22/EEC of the Council and Directives 98/78/EC and 2000/12/EC of the European Parliament and of the Council (OJ, L 35, 11.2.2003, p. 1);

r) Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 on deposit guarantee schemes (OJ, L 173, 12.6.2014, p. 149);

s) Directive 97/9/EC of the European Parliament and of the Council of 3 March 1997 on investor compensation schemes (OJ, L 84, 26.3.1997, p. 22);

t) Regulation (EU) No. 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment intermediaries and amending Regulation (EU) No. 648/2012 (OJ, L 176, 27.6.2013 d., p. 1);

u) Regulation (EU) 2020/1503 of the European Parliament and of the Council of 7 October 2020 on European crowdfunding service providers for businesses and amending Regulation (EU) 2017/1129 and Directive (EU) 2019/1937 (OJ, L 347, 20.10.2020, p. 1).

C. Art. 3, Para. 1, item 1, letter "c" - product safety and compliance:

1. Safety and compliance requirements for products, placed on the EU market, defined and regulated by:

a) Directive 2001/95/EC of the European Parliament and of the Council of 3 December 2001 on general product safety (OJ, L 11, 15.1.2002, p. 4);

b) the EU harmonization legislation, relating to industrial products, including labeling requirements other than food, feed, medicinal products for human and veterinary use, live plants and animals, products of human origin and plant and animal products, directly related to their future reproduction, listed in Annexes I and II to Regulation (EU) 2019/1020 of the European Parliament and of the Council of 20 June 2019 on market surveillance and product conformity checks and amending Directive 2004/42/EC and regulations (EC ) No. 765/2008 and (EU) No. 305/2011 (OJ, L 169, 25.6.2019, p. 1);

c) Regulation (EU) 2018/858 of the European Parliament and of the Council of 30 May 2018 on the approval and market surveillance of motor vehicles and their trailers, as well as systems, components and separate technical units intended for such vehicles, amending Regulations (EC) No. 715/2007 and (EC) No. 595/2009 and repealing Directive 2007/46/EC (OJ, L 151, 14.6.2018, p. 1 - 218).

2. Rules for the marketing and use of sensitive and dangerous products, as specified in:

a) Directive 2009/43/EC of the European Parliament and of the Council of 6 May 2009, simplifying the terms and conditions for the intra-Community transfer of defense-related products (OJ, L 146, 10.6.2009, p. 1);

b) Council Directive 91/477/EEC of 18 June 1991 on the control of the acquisition and possession of arms (OJ, L 256, 13.9.1991, p. 51);

c) Regulation (EU) 2019/1148 of the European Parliament and of the Council of 20 June 2019 on the marketing and use of explosives precursors, amending Regulation (EC) No. 1907/2006 and repealing Regulation (EU) No. 98/2013 (OJ, L 186, 11.7.2019, p. 1 - 20).

D. Art. 3, Para. 1, item 1, letter "d" - transport safety:

1. Safety requirements in the rail transport sector, regulated by Directive (EU) 2016/798 of the European Parliament and of the Council of 11 May 2016 on rail safety (OJ L 138, 26.5.2016, p. 102).

2. Safety requirements in the civil aviation sector, regulated by Regulation (EU) No 996/2010 of the European Parliament and of the Council of 20 October 2010 on the investigation and prevention of accidents and incidents in civil aviation and repealing Directive 94/56 /EC (OJ, L 295, 12.11.2010, p. 35).

3. Safety requirements in the road transport sector regulated by:

a) Directive 2008/96/EC of the European Parliament and of the Council of 19 November 2008 on the safety management of road infrastructures (OJ, L 319, 29.11.2008, p. 59);

b) Directive 2004/54/EC of the European Parliament and of the Council of 29 April 2004 on minimum safety requirements for tunnels on the trans-European road network (OJ, L 167, 30.4.2004, p. 39);

c) Regulation (EC) No. 1071/2009 of the European Parliament and of the Council of 21 October 2009, establishing general rules on the conditions to be met for exercising the profession of road transport operator and repealing Directive 96/26/EC of the Council (OJ, L 300, 14.11.2009, p. 51).

4. Safety requirements in the maritime sector, regulated by:

a) Regulation (EC) No. 391/2009 of the European Parliament and of the Council of 23 April 2009 on general rules and standards for ship inspection and survey organizations (OJ, L 131, 28.5.2009, p. 11);

b) Regulation (EC) No. 392/2009 of the European Parliament and of the Council of 23 April 2009 on the liability of carriers of passengers by sea in the event of accidents (OJ, L 131, 28.5.2009, p. 24);

c) Directive 2014/90/EU of the European Parliament and of the Council of 23 July 2014 on marine equipment and repealing Council Directive 96/98/EC (OJ, L 257, 28.8.2014, p. 146);

d) Directive 2009/18/EC of the European Parliament and of the Council of 23 April 2009, laying down the basic principles governing the investigation of accidents in the field of maritime transport and amending Council Directive 1999/35/EC and Directive 2002 /59/EC (OJ, L 131, 28.5.2009, p. 114);

e) Directive 2008/106/EC of the European Parliament and of the Council of 19 November 2008 on the minimum level of training for seafarers (OJ, L 323, 3.12.2008, p. 33);

f) Council Directive 98/41/EC of 18 June 1998 on the registration of persons, sailing on board passenger ships operating to or from ports of the Member States of the Community (OJ, L 188, 2.7 .1998, p. 35);

g) Directive 2001/96/EC of the European Parliament and of the Council of 4 December 2001, establishing harmonized requirements and procedures for the safe loading and unloading of bulk carriers (OJ L 13, 16.1.2002, p. 9).

5. Safety requirements, regulated by Directive 2008/68/EC of the European Parliament and of the Council of 24 September 2008 on the inland transport of dangerous goods (OJ, L 260, 30.9.2008, p. 13).

E. Art. 3, Para. 1, item 1, letter "e" - environmental protection:

1. Any crime against the protection of the environment, as defined by Directive 2008/99/EC of the European Parliament and of the Council of 19 November 2008 on the protection of the environment through criminal law (OJ, L 328, 6.12.2008, page 28), or any illegal act in violation of the legislation, specified in the Annexes to Directive 2008/99/EC.

2. Environment and climate rules, as set out in:

a) Directive 2003/87/EC of the European Parliament and of the Council of 13 October 2003, establishing a scheme for trading greenhouse gas emission allowances within the Community and amending Directive 96/61/EC of the Council (OJ, L 275, 25.10.2003, p. 32);

b) Directive 2009/28/EC of the European Parliament and of the Council of 23 April 2009 on the promotion of the use of energy from renewable sources and amending and subsequently repealing Directives 2001/77/EC and 2003/30/EC (OJ, L 140, 5.6.2009, p. 16);

c) Directive 2012/27/EU of the European Parliament and of the Council of 25 October 2012 on energy efficiency, amending Directives 2009/125/EC and 2010/30/EU and repealing Directives 2004/8/EC and 2006/ 32/EC (OJ, L 315, 14.11.2012, p. 1);

d) Regulation (EU) No 525/2013 of the European Parliament and of the Council of 21 May 2013 on a mechanism for monitoring and reporting greenhouse gas emissions and reporting other information, related to climate change at national and regional level of the EU and for the repeal of Decision No. 280/2004/EC (OJ, L 165, 18.6.2013, p. 13);

e) Directive (EU) 2018/2001 of the European Parliament and of the Council of 11 December 2018 on the promotion of the use of energy from renewable sources (OJ, L 328, 21.12.2018, p. 82).

3. Rules on sustainable development and waste management, as set out in:

a) Directive 2008/98/EC of the European Parliament and of the Council of 19 November 2008 on waste and repealing certain Directives (OJ, L 312, 22.11.2008, p. 3);

b) Regulation (EU) No. 1257/2013 of the European Parliament and of the Council of 20 November 2013 on ship recycling and amending Regulation (EC) No. 1013/2006 and Directive 2009/16/EC (OJ, L 330, 10.12.2013, page 1);

c) Regulation (EU) No. 649/2012 of the European Parliament and of the Council of 4 July 2012 on the export and import of hazardous chemicals (OJ, L 201, 27.7.2012, p. 60).

4. Rules on marine water pollution, air pollution and noise pollution, as set out in:

a) Directive 1999/94/EC of the European Parliament and of the Council of 13 December 1999 on the availability of user information on fuel consumption and CO2 emissions in relation to the marketing of new passenger cars (OJ, L 12, 18.1.2000, p. 16);

b) Directive 2001/81/EC of the European Parliament and of the Council of 23 October 2001 on national emission ceilings for certain atmospheric pollutants (OJ, L 309, 27.11.2001, p. 22);

c) Directive 2002/49/EC of the European Parliament and of the Council of 25 June 2002 on the assessment and management of noise in the environment (OJ, L 189, 18.7.2002, p. 12);

d) Regulation (EC) No. 782/2003 of the European Parliament and of the Council of 14 April 2003 on the prohibition of the use of organic compounds on ships (OJ, L 115, 9.5.2003, p. 1);

e) Directive 2004/35/EC of the European Parliament and of the Council of 21 April 2004 on environmental liability with regard to the prevention and remedying of environmental damage (OJ L 143, 30.4.2004, p. 56);

f) Directive 2005/35/EC of the European Parliament and of the Council of 7 September 2005 on pollution from ships and the imposition of penalties for infringements (OJ, L 255, 30.9.2005, p. 11);

g) Regulation (EC) No. 166/2006 of the European Parliament and of the Council of 18 January 2006, establishing a European register for the release and transfer of pollutants and amending Directives 91/689/EEC and 96/61/EC of the Council ( OJ, L 33, 4.2.2006, p. 1);

h) Directive 2009/33/EC of the European Parliament and of the Council of 23 April 2009 on the promotion of clean and energy-efficient road vehicles (OJ, L 120, 15.5.2009, p. 5);

i) Regulation (EC) No 443/2009 of the European Parliament and of the Council of 23 April 2009, setting emission standards for new passenger cars as part of a comprehensive Community approach to reducing CO2 emissions from light-duty vehicles (OJ, L 140, 5.6.2009, p. 1);

j) Regulation (EC) No. 1005/2009 of the European Parliament and of the Council of 16 September 2009 on substances that deplete the ozone layer (OJ, L 286, 31.10.2009, p. 1);

k) Directive 2009/126/EC of the European Parliament and of the Council of 21 October 2009 on Stage II capture of petrol vapors when refueling motor vehicles at petrol stations (OJ, L 285, 31.10.2009, p. 36);

l) Regulation (EU) No 510/2011 of the European Parliament and of the Council of 11 May 2011, setting emission standards for new light commercial vehicles as part of a comprehensive EU approach to reducing CO2 emissions from light-duty vehicles means (OJ, L 145, 31.5.2011, p. 1);

m) Directive 2014/94/EU of the European Parliament and of the Council of 22 October 2014 on the deployment of infrastructure for alternative fuels (OJ, L 307, 28.10.2014, p. 1);

n) Regulation (EU) 2015/757 of the European Parliament and of the Council of 29 April 2015 on the monitoring, reporting and verification of carbon dioxide emissions from maritime transport and amending Directive 2009/16/EC (OJ, L 123, 19.5.2015, p. 55);

o) Directive (EU) 2015/2193 of the European Parliament and of the Council of 25 November 2015 on the limitation of air emissions of certain pollutants emitted by medium combustion installations (OJ, L 313, 28.11.2015, p. 1).

5. Rules, regarding the protection and management of water and soil, as specified in:

a) Directive 2007/60/EC of the European Parliament and of the Council of 23 October 2007 on the assessment and management of flood risk (OJ L 288, 6.11.2007, p. 27);

b) Directive 2008/105/EC of the European Parliament and of the Council of 16 December 2008 on setting environmental quality standards in the field of water policy, amending and subsequently repealing Directives 82/176/EEC, 83 /513/EEC, 84/156/EEC, 84/491/EEC and 86/280/EEC of the Council and amending Directive 2000/60/EC of the European Parliament and of the Council (OJ, L 348, 24.12.2008 ., p. 84);

c) Directive 2011/92/EU of the European Parliament and of the Council of 13 December 2011 on the assessment of the impact of certain public and private projects on the environment (OJ, L 26, 28.1.2012, p. 1).

6. Rules, regarding the protection of nature and biological diversity, as specified in:

a) Council Regulation (EC) No 1936/2001 of 27 September 2001, laying down control measures applicable to fishing activities in relation to certain stocks of highly migratory species (OJ L 263, 3.10.2001, p. 1);

b) Council Regulation (EC) No. 812/2004 of 26 April 2004, laying down measures concerning by-catches of representatives of the cetacean order in fishing grounds and amending Regulation (EC) No. 88/98 (OJ, L 150, 30.4.2004, page 12);

c) Regulation (EC) No. 1007/2009 of the European Parliament and of the Council of 16 September 2009 on trade in seal products (OJ, L 286, 31.10.2009, p. 36);

d) Council Regulation (EC) No. 734/2008 of 15 July 2008 on the protection of vulnerable marine ecosystems in the high seas from the adverse effects of bottom fishing gear (OJ, L 201, 30.7.2008, p. 8);

e) Directive 2009/147/EC of the European Parliament and of the Council of 30 November 2009 on the conservation of wild birds (OJ, L 20, 26.1.2010, p. 7);

f) Regulation (EU) No. 995/2010 of the European Parliament and of the Council of 20 October 2010, laying down the obligations of operators, who place timber and timber products on the market (OJ, L 295, 12.11.2010., p. 23);

g) Regulation (EU) No. 1143/2014 of the European Parliament and of the Council of 22 October 2014 on the prevention and management of the introduction and spread of invasive alien species (OJ, L 317, 4.11.2014, p. 35).

7. Rules on chemicals, as set out in Regulation (EC) No 1907/2006 of the European Parliament and of the Council of 18 December 2006 on the Registration, Evaluation, Authorization and Restriction of Chemicals (REACH), establishing a European Chemicals Agency, amending Directive 1999/45/EC and repealing Council Regulation (EEC) No 793/93 and Commission Regulation (EC) No. 1488/94, as well as Council Directive 76/769/EEC and Commission Directives 91/155/EEC, 93/67/EEC, 93/105/EC and 2000/21/EC (OJ, L 396, 30.12.2006, p. 1).

8. Rules on organic products, as set out in Regulation (EU) 2018/848 of the European Parliament and of the Council of 30 May 2018 on organic production and labeling of organic products and repealing Council Regulation (EC) No 834/2007 (OJ, L 150, 14.6.2018, p. 1).

F. Art. 3, Para. 1, item 1, letter "f" - radiation protection and nuclear safety

Nuclear Safety Rules, as set out in:

a) Council Directive 2009/71/Euratom of 25 June 2009, establishing a Community Framework for the nuclear safety of nuclear installations (OJ L 172, 2.7.2009, p. 18);

b) Directive 2013/51/Euratom of the Council of 22 October 2013 to determine requirements for the protection of public health with regard to radioactive substances in water intended for human consumption (OJ, L 296, 7.11.2013, p. 12);

c) Council Directive 2013/59/Euratom of 5 December 2013, laying down basic safety standards for protection against the dangers, arising from exposure to ionizing radiation and repealing Directives 89/618/Euratom, 90/641/Euratom, 96 /29/Euratom, 97/43/Euratom and 2003/122/Euratom (OJ, L 13, 17.1.2014, p. 1);

d) Council Directive 2011/70/Euratom of 19 July 2011, establishing a Community Framework for the responsible and safe management of spent fuel and radioactive waste (OJ, L 199, 2.8.2011, p. 48);

e) Council Directive 2006/117/Euratom of 20 November 2006 on the supervision and control of the transport of radioactive waste and spent fuel (OJ, L 337, 5.12.2006, p. 21);

f) Council Regulation (Euratom) 2016/52 of 15 January 2016, establishing the maximum permissible levels of radioactive contamination of food and feed following a nuclear accident or other case of a radiation emergency and repealing Regulation (Euratom) No. 3954 /87 and regulations (Euratom) No. 944/89 and (Euratom) No. 770/90 of the Commission (OJ, L 13, 20.1.2016, p. 2);

g) Council Regulation (Euratom) No 1493/93 of 8 June 1993 on the supply of radioactive substances between Member States (OJ L 148, 19.6.1993, p. 1).

G. Art. 3, Para. 1, item 1, letter "g" - food and feed safety, animal health and humane treatment of animals:

1. EU law in the field of food and feed, governed by the general principles and requirements set out in Regulation (EC) No. 178/2002 of the European Parliament and of the Council of 28 January 2002, establishing the general principles and requirements for legislation in the field of food, establishing a European Food Safety Authority and laying down procedures regarding food safety (OJ L 31, 1.2.2002, p. 1).

2. Animal health, regulated by:

a) Regulation (EU) 2016/429 of the European Parliament and of the Council of 9 March 2016 on contagious animal diseases and amending and repealing certain acts in the field of animal health (Animal Health Legislation) (OJ L 84, 31.3.2016, page 1);

b) Regulation (EC) No. 1069/2009 of the European Parliament and of the Council of 21 October 2009, laying down health rules on animal by-products and derived products not intended for human consumption and repealing Regulation (EC) No. 1774/2002 (Regulation on animal by-products) (OJ, L 300, 14.11.2009, p. 1).

3. Regulation (EU) 2017/625 of the European Parliament and of the Council of 15 March 2017 on official controls and other official activities carried out to ensure the application of food and feed law, animal health and humane rules relation to them, plant health and plant protection products, amending Regulations (EC) No. 999/2001, (EC) No. 396/2005, (EC) No. 1069/2009, (EC) No. 1107/2009, ( (EU) No. 1151/2012, (EU) No. 652/2014, (EU) 2016/429 and (EU) 2016/2031 of the European Parliament and of the Council, Council Regulations (EC) No. 1/2005 and (EC) No. 1099/2009 and Directives 98/58/EC, 1999/74/EC, 2007/43/EC, 2008/119/EC and 2008/120/EC of Council, and repealing Regulations (EC) No. 854/2004 and (EC) No. 882/2004 of the European Parliament and of the Council, Directives 89/608/EEC, 89/662/EEC, 90/425/EEC, 91/ 496/EEC, 96/23/EC, 96/93/EC and 97/78/EC of the Council and Decision 92/438/EEC of the Council (Regulation on official controls) (OJ, L 95, 7.4.2017, page 1).

4. Rules and standards, concerning the protection of animal health and welfare, as set out in:

a) Council Directive 98/58/EC of 20 July 1998 on the protection of animals, kept for agricultural purposes (OJ, L 221, 8.8.1998, p. 23);

b) Council Regulation (EC) No. 1/2005 of 22 December 2004 on the protection of animals during transport and related operations and amending Directives 64/432/EEC and 93/119/EC and Regulation (EC) No. 1255/97 (OJ, L 3, 5.1.2005, p. 1);

c) Council Regulation (EC) No 1099/2009 of 24 September 2009 on the protection of animals at the time of killing (OJ L 303, 18.11.2009, p. 1);

d) Directive 1999/22/EC of 29 March 1999 on the keeping of wild animals in zoos (OJ, L 94, 9.4.1999, p. 24);

e) Directive 2010/63/EU of the European Parliament and of the Council of 22 September 2010 on the protection of animals, used for scientific purposes (OJ, L 276, 20.10.2010, p. 33).

H. Art. 3, Para. 1, item 1, letter "h" - public health:

1. Measures, establishing high standards of quality and safety of organs and substances of human origin, regulated by:

a) Directive 2002/98/EC of the European Parliament and of the Council of January 27, 2003 to determine quality and safety standards for the collection, diagnosis, processing, storage and distribution of human blood and blood components and to amend Directive 2001 /83/EC (OJ, L 33, 8.2.2003, p. 30);

b) Directive 2004/23/EC of the European Parliament and of the Council of 31 March 2004 on the establishment of quality and safety standards for the donation, supply, control, processing, preservation, storage and distribution of human tissues and cells (OJ L 102, 7.4.2004, p. 48);

c) Directive 2010/53/EU of the European Parliament and of the Council of 7 July 2010 on quality and safety standards for human organs, intended for transplantation (OJ, L 207, 6.8.2010, p. 14).

2. The measures, establishing high standards of quality and safety of medicinal products and devices for medical use, regulated by:

a) Regulation (EC) No. 141/2000 of the European Parliament and of the Council of 16 December 1999 on orphan medicinal products (OJ, L 18, 22.1.2000, p. 1);

b) Directive 2001/83/EC of the European Parliament and of the Council of 6 November 2001, approving the Community code, relating to medicinal products for human use (OJ, L 311, 28.11.2001, p. 67);

c) Regulation (EU) 2019/6 of the European Parliament and of the Council of 11 December 2018 on veterinary medicinal products and repealing Directive 2001/82/EC (OJ, L 4, 7.1.2019, p. 43);

d) Regulation (EC) No. 726/2004 of the European Parliament and of the Council of 31 March 2004, establishing Community procedures for the authorization and control of medicinal products for human and veterinary use and establishing the European Medicines Agency (OJ, L 136, 30.4.2004, p. 1);

e) Regulation (EC) No. 1901/2006 of the European Parliament and of the Council of 12 December 2006 on medicinal products for pediatric use and amending Regulation (EEC) No. 1768/92, Directive 2001/20/EC, Directive 2001 /83/EC and Regulation (EC) No. 726/2004 (OJ, L 378, 27.12.2006, p. 1);

f) Regulation (EC) No. 1394/2007 of the European Parliament and of the Council of 13 November 2007 on medicinal products for advanced therapy and amending Directive 2001/83/EC and Regulation (EC) No. 726/2004 (OJ, L 324, 10.12.2007, p. 121);

g) Regulation (EU) No. 536/2014 of the European Parliament and of the Council of 16 April 2014 on clinical trials of medicinal products for human use and repealing Directive 2001/20/EC (OJ, L 158, 27.5.2014, p. 1).

3. Patients` rights, regulated by Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the exercise of patients` rights in cross-border healthcare (OJ, L 88, 4.4.2011, p. 45).

4. The production, presentation and sale of tobacco and related products, regulated by Directive 2014/40/EU of the European Parliament and of the Council of 3 April 2014 on the approximation of the laws, legislative and administrative provisions of the Member States, regarding the production, presentation and the sale of tobacco and related products and for the repeal of Directive 2001/37/EC (OJ, L 127, 29.4.2014, p. 1).

I. Art. 3, Para. 1, item 1, letter "i" - consumer protection:

Consumer rights and consumer protection, governed by:

a) Directive 98/6/EC of the European Parliament and of the Council of 16 February 1998 on the protection of consumers in the indication of the prices of goods, offered to consumers (OJ, L 80, 18.3.1998, p. 27);

b) Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects of contracts for the provision of digital content and digital services (OJ, L 136, 22.5.2019, p. 1);

c) Directive (EU) 2019/771 of the European Parliament and of the Council of 20 May 2019 on certain aspects of contracts for the sale of goods, amending Regulation (EU) 2017/2394 and Directive 2009/22/EC and repealing of Directive 1999/44/EC (OJ, L 136, 22.5.2019, p. 28);

d) Directive 1999/44/EC of the European Parliament and of the Council of 25 May 1999 on certain aspects of the sale of consumer goods and related guarantees (OJ, L 171, 7.7.1999, p. 12);

e) Directive 2002/65/EC of the European Parliament and of the Council of 23 September 2002 on distance marketing of consumer financial services and amending Council Directive 90/619/EEC and Directives 97/7/EC and 98/ 27/EC (OJ, L 271, 9.10.2002, p. 16);

f) Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005, concerning unfair commercial practices by traders to consumers in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No. 2006/2004 of the European Parliament and of the Council (Unfair Commercial Practices Directive) (OJ, L 149, 11.6.2005., p. 22);

g) Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on consumer credit agreements and repealing Council Directive 87/102/EEC (OJ L 133, 22.5.2008, p 66);

h) Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending and repealing Directive 93/13/EEC of the Council and Directive 1999/44/EC of the European Parliament and of the Council of Directive 85/577/EEC of the Council and Directive 97/7/EC of the European Parliament and of the Council (OJ, L 304, 22.11.2011, p. 64);

i) Directive 2014/92/EU of the European Parliament and of the Council of 23 July 2014 on the comparability of payment account fees, the transfer of payment accounts and access to payment accounts for basic transactions (OJ, L 257, 28.8.2014., p. 214).

J. Art. 3, Para. 1, item 1, letter "j" - protection of privacy and personal data and security of networks and information systems:

a) Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 on the processing of personal data and the protection of the right to privacy in the electronic communications sector (Directive on the right to privacy and electronic communications) (OJ, L 201, 31.7.2002, p. 37);

b) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ, L 119, 4.5.2016, p. 1);

c) Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 on measures for a high general level of security of networks and information systems in the EU (OJ, L 194, 19.7.2016, p. 1).

Part II

Art. 3, Para. 3 refers to acts of the European Union in the field of:

A. Financial services, products and markets and prevention of money laundering and terrorist financing:

1. Financial services:

a) Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS) (OJ L 302, 17.11.2009, p. 32);

b) Directive (EU) 2016/2341 of the European Parliament and of the Council of 14 December 2016 on the activities and supervision of institutions for occupational retirement provision (IPO) (OJ, L 354, 23.12.2016, p. 37);

c) Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on the mandatory audit of annual accounts and consolidated accounts, amending and repealing Council Directives 78/660/EEC and 83/349/EEC of Council Directive 84/253/EEC (OJ, L 157, 9.6.2006, p. 87);

d) Regulation (EU) No. 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (Market Abuse Regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council and Directives 2003 /124/EC, 2003/125/EC and 2004/72/EC of the Commission (OJ, L 173, 12.6.2014, p. 1);

e) Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activities of credit institutions and on the prudential supervision of credit institutions and investment intermediaries, amending and repealing Directive 2002/87/EC of Directives 2006/48/EC and 2006/49/EC (OJ, L 176, 27.6.2013, p. 338);

f) Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ, L 173, 12.6 .2014, p. 349);

g) Regulation (EU) No. 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving the settlement of securities in the European Union and on central securities depositories, as well as amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No. 236/2012 (OJ, L 257, 28.8.2014, p. 1);

h) Regulation (EU) No. 1286/2014 of the European Parliament and of the Council of 26 November 2014 on the basic information documents for bundled retail investment products and insurance-based investment products (BRIPIIP) (OJ, L 352, 9.12 .2014, p. 1);

i) Regulation (EU) 2015/2365 of the European Parliament and of the Council of 25 November 2015 on transparency in securities financing transactions and in re-use and amending Regulation (EU) No 648/2012 (OJ, L 337, 23.12.2015, page 1);

j) Directive (EU) 2016/97 of the European Parliament and of the Council of 20 January 2016 on the distribution of insurance products (OJ, L 26, 2.2.2016, p. 19);

k) Regulation (EU) 2017/1129 of the European Parliament and of the Council of 14 June 2017 on the prospectus to be published when securities are offered to the public or admitted to trading on a regulated market and repealing Directive 2003/71/EC (OJ, L 168, 30.6.2017, p. 12).

2. Prevention of money laundering and terrorist financing:

a) Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on preventing the use of the financial system for the purposes of money laundering and terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council and for the repeal of Directive 2005/60/EC of the European Parliament and of the Council and Directive 2006/70/EC of the Commission (OJ, L 141, 5.6.2015, p. 73);

b) Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (OJ, L 141, 5.6.2015 d., p. 1).

B. transport safety:

a) Regulation (EU) No. 376/2014 of the European Parliament and of the Council of 3 April 2014 on the reporting, analysis and follow-up of incidents in civil aviation, amending Regulation (EU) No. 996/2010 of the European Parliament and of the Council and for the repeal of Directive 2003/42/EC of the European Parliament and of the Council and Regulations (EC) No. 1321/2007 and (EC) No. 1330/2007 of the Commission (OJ, L 122, 24.4.2014, p. 18);

b) Directive 2013/54/EU of the European Parliament and of the Council of 20 November 2013 on certain responsibilities of the flag State for compliance with and application of the Maritime Labor Convention of 2006 (OJ, L 329, 10.12.2013, p. 1);

c) Directive 2009/16/EC of the European Parliament and of the Council of 23 April 2009 on port state control (OJ, L 131, 28.5.2009, p. 57).

C. Environmental Protection:

Directive 2013/30/EU of the European Parliament and of the Council of 12 June 2013 on the safety of oil and gas-related activities in coastal waters and amending Directive 2004/35/EC (OJ, L 178, 28.6.2013., p. 66).

Download files

Act on Protection of Persons, Reporting Information, or Publicly Disclosing Information about Breaches (PDF)
Act on Protection of Persons, Reporting Information, or Publicly Disclosing Information about Breaches (DOC)

Messages