Frequently Asked Questions General questions What is the purpose of Law 2/2023, of February 20, regulating the protection of people who report breaches of law and the fight against corruption? What is considered retaliation? What obligations originates the entry into force of Law 2/2023? Reporters Which people are considered reporters, in accordance with Law 2/2023? How does the Law protect reporters? What support measures does the reporting person receive? Does anyone who publicly discloses information have a right to protection? How can an infringement be reported in accordance with Law 2/2023? Does any report of a breach made by the reporting person entitle to protection? Internal Information System What does the Internal Information System refer to in Law 2/2023 consist of? What is the deadline for having an Internal Information System? Which entities are required to have an Internal Information System? Where should the reporting channel and related information be located? At the moment of implementing the Internal Information System and the management procedure of the reporting channel, is it necessary to inform the legal representatives of the workers? How is the workforce calculated in private sector entities? In the case of groups of companies, when making the calculation, should the number of workers in each company be taken into account individually or as a whole? How should private companies based in Catalonia but at the same time form part of or are invested by a multinational group do the calculation of workers? Do the obligations relating to groups of companies apply only to those in which the parent company is Spanish, or also to those cases in which it is a foreign company? If the parent company is foreign, would it be enough to have a centralized policy and a single manager for the whole group? In the event that any entity has, since before the entry into force of Law 2/2023, a channel different from that required by the regulations (e.g. an ethical channel or a channel linked to the Next Generation funds), do they need to integrate it into the Internal Information System? Can different organizations share the Internal Information System and its manager? Do people who report an infringement within the scope of Law 2/2023, through the internal channel of a non-obligated entity, enjoy protection against this entity? What format and content should the register-book of internal investigations have? What anonymization criteria must be kept in mind to properly comply with the legal mandate? Responsible for the system Who must appoint the person responsible for the Internal Information System? What profile should the head of the Internal Information System have in private sector organizations? How should the Anti-Fraud Office be notified of the appointment and dismissal of the person(s) responsible for the Internal Information System? To which Authority must private companies with work centers in different autonomous communities notify the appointment of the head of the System? Can a third party (lawyer, secretary of the Board of Directors of a company...) communicate the appointment of the person responsible for the Internal Information System on behalf of the obliged entity? Can the management of the Internal Information System be outsourced? The Anti-Fraud Office | Whistleblower Protection Authority in Catalonia Who is the Independent Whistleblower Protection Authority in Catalonia? What powers does the Anti-Fraud Office have as the Independent Whistleblower Protection Authority in the private sector? What are the functions of the Anti-Fraud Office as an Independent Whistleblower Protection Authority? Can the decisions taken by the Independent Authority be contested?