Whistleblower program compliance
Whistleblower program compliance in the Technology, AI and Competition sector is under active scrutiny from multiple directions, with the U.S. Securities and Exchange Commission's whistleblower program imposing specific requirements on how firms handle internal reporting channels, and the U.S. Department of Justice's Corporate Enforcement Policy creating direct incentives for companies to self-disclose before a whistleblower beats them to it. The European Commission's Whistleblower Protection Directive, now transposed across EU member states, extends mandatory internal reporting obligations to technology firms operating in Europe, including those handling AI systems flagged as high-risk under the EU AI Act. Compliance teams at technology companies are currently auditing their internal reporting procedures against these overlapping regimes, particularly where antitrust conduct, algorithmic decision-making, and data handling create novel disclosure questions.
Watch
- DOJ Corporate Enforcement Policy: self-disclosure credit vs. whistleblower filing timing
- EU Whistleblower Protection Directive national transposition gaps still unresolved in several member states
- SEC Rule 21F-17: enforcement pattern targeting NDAs that chill protected reporting
- AI Act Article 87 whistleblower protections for reporting non-compliant high-risk AI systems
- FTC noncompete rule interaction with whistleblower retaliation claims in tech workforce disputes
Recent material activity in Technology, AI & Competition
-
NIST releases updated AI Risk Management Framework companion guide for critical infrastructure
NIST published AI RMF 1.1 companion guidance specifically addressing AI deployment in critical infrastructure sectors including energy, financial services, and healthcare. The guide introduces mandatory risk assessment c…
Read a full sample brief →