LET'S TALK
← All work
EU 2019/1937SOX §806Dodd-Frank §922HinSchGSapin IIDeep Prototype

WhistleblowerIntake — EU 2019/1937 + SOX §806 Intake Queue

18 active reports across EU Whistleblower Directive 2019/1937, SOX §806, Dodd-Frank §922, German HinSchG, French Sapin II. Per-report: anonymity tier, channel, retaliation-risk score, 7-day acknowledgment clock + 3-month feedback clock (Art 9), workflow stage, assigned investigator. Includes one nested retaliation case and one SEC TCR Dodd-Frank §922 filing.

WhistleblowerIntake — EU 2019/1937 + SOX §806 Intake Queue preview
Open live →

What it is

The shape behind every whistleblower-intake platform — Whispli, NavexGlobal EthicsPoint, KonfidentNumberOne, Vault Platform, Convercent. The queue an ethics/compliance officer reads first thing on Monday with the statutory clock per report.

What’s in it

  • 18 active reports across 5 regimes:
    • EU 2019/1937 — Whistleblower Directive (7-day ack + 3-month feedback)
    • EU 2019/1937 + HinSchG — German implementation
    • Sapin II + EU 2019/1937 — French dual track
    • SOX §806 + 18 USC §1514A — US public company
    • Dodd-Frank §922 — SEC TCR + bounty / anti-retaliation Rule 21F-17
  • Topics seeded across the realistic catalog:
    • Bribery in DACH sales team
    • Working-time-violation (HinSchG retaliation invocation)
    • Personal-data breach suppressed internally (Sapin II + GDPR Art 33 cross-reference)
    • Conflict of interest at VP-level procurement
    • Revenue recognition (SOX §806 + Audit Committee + NYSE 303A.10)
    • SEC TCR Dodd-Frank §922 with simultaneous internal notification (heightened retaliation prohibition)
    • Pay-disparity (works-council engaged)
    • Pricing collusion / antitrust
    • One nested retaliation case — the reporter of WB-002445 alleging retaliation. HinSchG §36 reverse-burden-of-proof.
    • One reporter who escalated to French Defender of Rights (public-disclosure risk)
  • Statutory clocks — 7-day acknowledgment (EU Directive Art 9(1)(a)) + 3-month feedback (Art 9(1)(b)) tracked per report. Sorts by days-remaining-on-clock.
  • 5-stage workflow — intake → triage + ack → investigation → findings + remediation → feedback + close.
  • Anonymity tiers — anonymous / confidential / identified. Anonymous reports get an asymmetric communication channel via the intake portal so the company can still meet the 3-month feedback obligation.
  • Retaliation-risk score per report — low / medium / high / critical, driving investigator assignment (external counsel for critical cases).

Why this shape

EU Directive 2019/1937 made internal whistleblower channels mandatory for every company with 50+ employees. SOX §806 protects US public-company whistleblowers; Dodd-Frank §922 created the SEC bounty program plus the heightened anti-retaliation regime. HinSchG (Germany) implemented the EU Directive with the reverse-burden-of-proof under §36 / §37. Sapin II (France) added a mandatory internal-first reporting step. WhistleblowerIntake prototypes the queue that handles every regime in one place with the right clock on every row.

How it ships

Single HTML file, ~19KB. Zero dependencies. 18 reports × 5 regimes × 5-stage workflow + 7-day / 3-month clocks in 200 lines of vanilla JavaScript.

Open the tool →