Cambridge Commentary on EU General-Purpose AI Law

2. Substance

2.1. Purpose, mode and date of application

10The primary regulatory purpose of Article 87 is to protect persons who report breaches of the provisions of the AI Act.³² By incorporating breaches of the AI Act into the material scope of the WBD, the other regulatory objectives pursued by the WBD are also indirectly incorporated into the regulatory framework of the AI Act, foremost amongst them the objective of a more effective enforcement of EU AI law.³³ To this end, the referential provision of Article 87 is intended to extend the WBD’s existing material scope³⁴ to include breaches of all provisions of the AI Act, including the GPAI model provisions in Articles 53 to 55. The fact that Article 87 refers to ‘infringements’ rather than ‘breaches’, which is the language of the WBD, is a minor terminological mix-up without legal consequence.

11Much more legally significant, however, is the fact that the legislature uses the AI Act as a regulation to amend the WBD as a directive. This is not unusual in EU whistleblowing law, given that the legislature has used similar provisions in both directives and regulations in order to amend the WBD’s material scope of application.³⁵ It does, however, lead to the somewhat unusual situation that even though Article 87 forms part of a (directly applicable) regulation, its legal effects do – at least in principle – still require an act of transposition by each Member State. This causes several complications.³⁶ Based on the wording of Article 87 alone,³⁷ one might argue that rather than simply amending the WBD, Article 87’s true purpose is to incorporate all of the WBD’s provisions into the AI Act itself. If correct, the effect of this would be to transform the WBD’s provisions into directly applicable provisions of the AI Act.³⁸ Such an effect appears, however, not intended by the EU legislature, who has generally understood provisions equivalent to Article 87 in other EU regulations to be amendments of the WBD.³⁹ Further, the ‘incorporation reading’ would not be able to achieve Article 87’s legislative purpose,⁴⁰ since most of the WBD’s provisions are not designed to be directly applicable⁴¹ and require integration into the Member States’ various national legal systems to operate properly.⁴² While Article 87 is therefore to be read as an amendment to the WBD’s material scope of application, this interpretation presents its own set of problems and legal uncertainties, to which the discussion now turns.

12When reporting breaches of the AI Act, the provisions of the WBD take precedence over those of the AI Act in accordance with the lex specialis principle. The fact that the AI Act is a regulation and the WBD is a directive is of no consequence in this respect since there is no hierarchy between these two forms of EU legislation.⁴³ The fact that the WBD takes precedence over the AI Act insofar as whistleblowing is concerned is particularly relevant in view of the confidentiality provisions of Article 78 AI Act, which take a back seat whenever the WBD’s conditions for whistleblower protection are met. In particular, employees of GPAI model providers Article 3(3) AI Act: ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge. (as well as employees of downstream AI systems Article 3(1) AI Act: ‘AI system’ means a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. providers Article 3(3) AI Act: ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge. ), business partners of such providers Article 3(3) AI Act: ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge. , and employees of notified bodies Article 3(22) AI Act: ‘notified body’ means a conformity assessment body notified in accordance with this Regulation and other relevant Union harmonisation legislation. ⁴⁴ may be allowed to report and disclose information, including trade secrets.⁴⁵ In this context, reporting breaches of the GPAI model providers Article 3(3) AI Act: ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge. ’ obligations in Articles 53 and 55 by employees and business partners may turn out to be of particular practical relevance given the fact that the technical complexity of many AI models and systems, as well as their compliance with the AI Act, may often prove practically difficult for outsiders to accurately assess.⁴⁶

13Under the second sentence of Article 288(2) TFEU,⁴⁷ regulations are generally binding in their entirety and directly applicable in every Member State. However, Article 87 constitutes a special case in that its intended legal effect is to amend a directive.⁴⁸ According to Article 288(3) TFEU, a directive is binding on each Member State to which it is addressed as regards the result to be achieved but leaves national legislators and authorities the choice of form and methods. Each Member State must therefore first transpose Article 87 by including breaches of the AI Act as potential whistleblowing information covered by their respective national whistleblowing laws by 2 August 2026.⁴⁹ Only once the material scope of national laws implementing the WBD has been extended to include the AI Act will these laws apply in full to the reporting and disclosure of breaches of the AI Act. The AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. ’s FAQs about its external whistleblowing channel imply that persons who report or disclose breaches of the AI Act will be comprehensively protected under the WBD from 2 August 2026.⁵⁰ However, such a direct effect of a directive’s (amended) provisions is possible only under narrow circumstances according to the Court of Justice of the European Union’s (CJEU) long-standing case law.⁵¹ Whilst it is conceivable that the CJEU might recognise such direct effect in favour of AI whistleblowers once the issue is to be determined by the court, this outcome is by no means certain.⁵²

14Nevertheless, there are good reasons to believe that reporting and disclosing breaches of the AI Act are already protected in most Member States, even before 2 August 2026. This is because, pursuant to Article 2(1)(a)(iii) WBD, breaches of product safety and compliance rules have fallen within its scope ever since the WBD’s original adoption. If a Member State has transposed the WBD in such a way that its national whistleblowing laws cover all EU law or all breaches of EU product safety rules (as is often the case),⁵³ the national law may already provide protections for the reporting of breaches of the AI Act. This is because the AI Act is, in essential respects, a continuation of EU product safety law and draws upon well-established regulatory features of product safety law in many of its core provisions.⁵⁴ In particular, this applies to the rules on product conformity for high-risk AI systems Article 3(1) AI Act: ‘AI system’ means a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. in Articles 8 to 50 AI Act, which are inspired by earlier acts such as the Medical Device Regulation.⁵⁵ Whether the same is true for the comparatively novel GPAI model rules in Articles 51 to 56 AI Act, particularly the risk Article 3(2) AI Act: ‘risk’ means the combination of the probability of an occurrence of harm and the severity of that harm. mitigation obligations of Articles 53 and 55 AI Act, is less clear.⁵⁶ One argument against characterising these provisions as product safety law is that there are no directly comparable provisions in prior product safety regulation that match the approach taken to regulate GPAI model providers Article 3(3) AI Act: ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge. . It is particularly noteworthy that the reference to ‘ systemic risks Article 3(65) AI Act: ‘systemic risk’ means a risk that is specific to the high-impact capabilities of general-purpose AI models, having a significant impact on the Union market due to their reach, or due to actual or reasonably foreseeable negative effects on public health, safety, public security, fundamental rights, or the society as a whole, that can be propagated at scale across the value chain. ’ in Article 55 AI Act derives not from product safety law but from financial market regulation.⁵⁷

15Nevertheless, there are some compelling arguments in favour of treating the AI Act’s rules on GPAI models as substantively being product safety law in nature,⁵⁸ and thus for regarding the reporting and disclosure of breaches even prior to 2 August 2026 as protected, provided that national whistleblowing laws transposing the WBD do contain a dynamic reference to EU (product safety) law. For one, the main blueprint for the AI Act was prior product safety legislation and the act’s core elements are derived from similar product safety rules.⁵⁹ While those rules have been adapted to fit the needs of AI regulation and not all of the new rules have direct counterparts in prior legislation, the AI Act’s provisions are often inseparably intertwined, making any attempt to neatly distinguish between product safety and non-product safety provisions or even paragraphs within provisions almost impossible and ultimately rather meaningless. Secondly, the mere use of some new rules and mechanisms to regulate the novel challenges posed by GPAI models does not mean that the new rules enshrined by the AI Act are not product safety law by nature. In particular, the GPAI model provider Article 3(3) AI Act: ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge. obligations under Articles 53 and 55 AI Act can be understood as a logical evolution of traditional product safety law, in part even clearly drawing from traditional product safety terminology and concepts.⁶⁰ Consequently, AI whistleblowers can be assumed to already fall under the umbrella of national whistleblowing laws to the extent that those laws contain a reference to product safety law even before Member States explicitly expand the material scope of their respective laws.⁶¹ While this result could certainly improve AI whistleblowers‘ legal protection if they are covered by such a law, the overall situation remains one of legal uncertainty at this point. This is unfortunate given that the practical effectiveness of whistleblowing laws is predicated on a high level of legal certainty: the decision whether or not to become a whistleblower is typically made in a state of high personal uncertainty and risk Article 3(2) AI Act: ‘risk’ means the combination of the probability of an occurrence of harm and the severity of that harm. .⁶²

2.2. Overview of the WBD’s structure and substance

16The WBD is the first legal framework in Union law that comprehensively deals with the issue of whistleblowing across various legal areas, thereby being the foundational document of what is, arguably, an independent area of Union law.⁶³ The main objective of the WBD is to enhance the enforcement of Union law, provide for a high level of whistleblower protection and unify the previous patchwork of different national laws.⁶⁴ While the transposition process was precarious and led to infringement proceedings against all but three Member States with no less than six sanctions issued by the CJEU,⁶⁵ the WBD led to the creation and/or modification of self-standing whistleblowing laws in all Member States, most of which did not have distinct whistleblowing laws before.⁶⁶ When drafting the WBD, the legislature drew on the experiences of whistleblowing legislation from various jurisdictions, in particular from US whistleblowing law and previous whistleblowing laws of individual Member States.⁶⁷ 

17The personal scope of the WBD is – deliberately – very broad.⁶⁸ First and foremost, the WBD refers to workers within the meaning of Article 45(1) TFEU, including civil servants.⁶⁹ However, it also covers, for example, shareholders, board members,⁷⁰ and self-employed persons.⁷¹ The only limiting factor is that potential whistleblowers must have obtained their information in a ‘work-related context’, that is, during any current or past work activity in the private or public sector,⁷² excluding whistleblowing in a private context. Apart from the whistleblowers themselves, other persons such as facilitators (e.g. colleagues who support the whistleblower) or persons connected to the whistleblower (e.g. relatives working in the same company) may also invoke the protection of the WBD if they suffer retaliation.⁷³ The material scope of the WBD is determined by the kind of information whistleblowers report or disclose, covering breaches against a wide range of key regulatory areas of EU law.⁷⁴ When transposing the WBD, most Member States have opted to voluntarily extend the material scope of their national laws to also cover various kinds of breaches of national law to avoid unequal treatment and legal uncertainty.⁷⁵ However, the WBD – and with it most Member States laws – does not affect certain sensitive areas such as national security and legal as well as medical professional privilege.⁷⁶ That said, it should be noted that these exceptions do not exclude certain professionals, such as attorneys, from the WBD’s protections entirely; it only excludes them insofar as the applicable national or Union rules on professional confidentiality prohibit them from forwarding certain types of information to anyone. Hence, legal professionals working for GPAI model providers Article 3(3) AI Act: ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge. could, for example, report acts of their provider Article 3(3) AI Act: ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge. manipulating model algorithms or training data Article 3(29) AI Act: ‘training data’ means data used for training an AI system through fitting its learnable parameters. insofar as the information obtained does not fall under the attorney-client privilege according to relevant national law.

18The WBD sets up several material conditions for protection, which, if met, grant whistleblowers and other protected persons the rights and privileges required by the WBD.⁷⁷ Among these, the two core conditions are a report or disclosure in accordance with the WBD and the whistleblower’s belief in a breach having occurred or being very likely to occur. The first condition requires the whistleblower to report information about (potential) breaches either through an internal or external reporting channel required by the WBD (‘internal/external reporting’) or to disclose such information to the public either directly or via proxy, for example by passing on information to journalists (‘public disclosure’).⁷⁸ The second core condition requires the whistleblower to have reasonable grounds to believe that the information was true at the time of the report or disclosure and that it fell within the material scope of the WBD.⁷⁹ Importantly, this means that the whistleblower does not bear the risk Article 3(2) AI Act: ‘risk’ means the combination of the probability of an occurrence of harm and the severity of that harm. of proving that a breach has in fact occurred, and it protects whistleblowers even if they make mistakes in law or in fact, as long as they reasonably believe in the existence of a breach. Following other whistleblowing laws, this ‘reasonable belief standard’ is intentionally lenient in order to encourage people to come forward with reports or disclosures and avoid legal uncertainties.⁸⁰ Consequently, this condition is mainly meant as a safeguard against malicious and frivolous or abusive reports. However, it is worth noting that the standard exclusively focuses on the whistleblower’s belief in the information being true, without requiring any kind of specific altruistic motivation.⁸¹

19With respect to the appropriate recipients of a report, the WBD follows a strict approach by granting protection only to reports made via the specific channels set out in the WBD. This condition for protection is directly linked to the structural regulatory instrument of requiring all legal entities in the private and public sector with 50 or more workers to establish internal channels and procedures to receive and follow up on internal reports⁸² to ensure that potential whistleblowers have a suitable point of contact within their respective organisation. In addition to internal reporting channels, the WBD requires Member States to establish external whistleblowing channels, that is, designate competent institutions or administrative units that serve as professional whistleblowing authorities.⁸³ With respect to external reports on breaches of the GPAI model rules in Articles 53 to 56 AI Act, the competent authority to receive such reports sits at Union level in the form of the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. and its dedicated whistleblowing channel, discussed in more detail below.⁸⁴ Importantly, whistleblowers are free to choose between internal and external reporting channels, without being required to report a breach internally first before contacting the competent authorities.⁸⁵

20The WBD contains certain rules in common for both internal and external reporting channels and their responsible personnel, including, inter alia, provisions on the required follow-up and timely feedback to the whistleblower,⁸⁶ record-keeping⁸⁷ and a comparatively strict duty of confidentiality subject to penalties in case of violations.⁸⁸ The latter is a particularly important aspect in whistleblowing practice, since protecting the confidentiality of the whistleblower’s identity as well as information from which their identity may be inferred is the first and sometimes only line of defence to effectively shield whistleblowers from subsequent acts of retaliation.⁸⁹ This is particularly true for potential whistleblowers who report infringements concerning GPAI model provider Article 3(3) AI Act: ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge. obligations; they often will not benefit from the WBD’s other protective features if they fall outside the territorial scope of such protections.⁹⁰

21Unlike internal and external reporting, disclosing information publicly requires additional justification falling into one of two categories: (i) either the whistleblower has already reported the breach externally, but no appropriate action has been taken by the competent authority within three to six months (report-dependent disclosure)⁹¹ or (ii) the whistleblower has reasonable grounds to believe that the breach constitutes an imminent or manifest danger to the public interest or to believe that the breach would not be addressed effectively or cause retaliation when reported externally (report-independent disclosure).⁹² Report-dependent disclosures will, as a rule, not be available to GPAI model whistleblowers, since the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. is not bound by the WBD’s follow-up and feedback rules.⁹³ The requirements for report-independent disclosures on the other hand are, in effect, strict and will rarely be fulfilled in practice.⁹⁴ The main reason behind this comparatively restrictive approach is that the WBD views whistleblowing primarily as a tool for effective law enforcement Article 3(46) AI Act: ‘law enforcement’ means activities carried out by law enforcement authorities or on their behalf for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and preventing threats to public security. rather than a human rights issue and enabler of democratic transparency and debate.⁹⁵ As a consequence, GPAI model whistleblowers who consider making public disclosures might prefer to rely on the second pillar of European whistleblower protection: the European Court of Human Right’s (ECtHR) whistleblowing case law. Unlike the WBD, the ECtHR determines whether a whistleblower is protected based on a flexible six-factor balancing test which places particular importance on the public interest in the information being disclosed and may lend itself to GPAI whistleblowing cases of general importance that may give rise to public debate as to whether certain developments cause harm to the public interest.⁹⁶ However, the clear drawbacks of this second pillar of European whistleblowing law as a source of protection for potential whistleblowers are that the result of a given case is far less predictable than under the WBD’s bright-line rules and that the overall level of protection is lower than that under WBD’s specific anti-retaliation framework.⁹⁷

22Focusing again on the WBD and its conditions for protection, it should be noted that the WBD contains a hidden, additional requirement known as the ‘necessity criterion’.⁹⁸ Apart from having reasonable grounds to believe in the existence of a breach, whistleblowers must also have reasonable grounds to believe that the reported or publicly disclosed information was necessary for revealing that breach, thereby limiting the scope of information that may be forwarded. This does not, however, mean that whistleblowers may only forward specific pieces of information strictly relating to vital details of the breach; rather, it is intended to avoid the disclosure of superfluous (and potentially harmful) information without any justification.⁹⁹ Consequently, under this interpretation, GPAI whistleblowers would, for example, also be allowed to send complete sets of training data Article 3(29) AI Act: ‘training data’ means data used for training an AI system through fitting its learnable parameters. as potential pieces of evidence for alleged breaches as well as further information about internal practices and procedures to contextualise the environment in which breaches have occurred and help authorities understand and investigate the matter.¹⁰⁰ 

23If the abovementioned conditions are met, reporting and/or disclosing information as well as further acts of communication relating to a report or disclosure are protected. ¹⁰¹ Furthermore, the WBD also protects the prior acquisition of, or access to, the information that is being reported or disclosed, as long as these acts do not constitute a ‘self-standing criminal offence’.¹⁰² Most scholars agree that this means whistleblowers may breach certain legal obligations in certain cases to access relevant information and evidence, for example by copying documents or accessing and forwarding files in violation of contractual duties owed to their employer, but does not allow them to commit crimes in order to gain access to such information.¹⁰³ It should be noted that, arguably, the Commission extends this by indicating that the WBD allows whistleblowers to commit (any) kind of criminal offence as long as it is necessary to obtain information relevant to a later report or disclosure, deeming only criminal offences that are not necessary for, or have nothing to do with, the later report or disclosure to be ‘self-standing’ and therefore not justified.¹⁰⁴ Committing a criminal offence to access information, such as hacking into a computer system or trespassing on restricted physical property, may of course be justified in certain cases in accordance with relevant national criminal law. There is, however, no indication that the WBD’s legislature intended to provide whistleblowers with carte blanche to commit any kind of crime they deem necessary to access information, thereby effectively granting them private investigative powers which would far surpass those of any public investigative authority.¹⁰⁵ Accordingly, it should be noted that an authoritative reading of the term ‘self-standing criminal offence’ under EU law may be given only by the CJEU. As a consequence, whistleblowers will generally be best advised not to obtain potential whistleblowing information in a way that might bring them in conflict with national criminal law but instead point the competent authorities towards where such information and evidence can be found and seized using authorised or formal powers, if necessary.

24To the extent a person has the status of a protected whistleblower under the WBD, there are three main layers of protection that apply. First, as a pre-emptive measure against retaliation, the whistleblower’s identity, and information from which their identity could be inferred, may not be disclosed by the authorised staff members competent to receive or investigate internal or external reports.¹⁰⁶ Second, any protected activity¹⁰⁷ is justified in the sense that it is considered not to be a breach of any kind of confidentiality restriction or similar statutory or contractual obligation, meaning that it may not serve as legal grounds for any kind of liability.¹⁰⁸ In effect, this protective measure is designed to shield whistleblowers across all areas of law and can, for example, be invoked in civil proceedings to avoid liability in (i) defamation lawsuits, (ii) claims for damages based on a violation of trade-secret laws, (iii) criminal proceedings as justification for alleged criminal offenses, and/or (iv) labour law proceedings to counter dismissals and other employment-related consequences.¹⁰⁹ Finally, the WBD prohibits any kind of retaliation against the whistleblower and requires Member States to ensure that remedies and full compensation are provided for all damages suffered,¹¹⁰ including interim relief against retaliatory actions and compensation for pain and suffering as well as (future) lost income.¹¹¹ To exemplify the kinds of retaliation typical in whistleblowing cases, the WBD contains a non-exhaustive list of detrimental actions that may not be taken, threatened or attempted against whistleblowers, including dismissals, demotions, transfers of duties, intimidation, coercion, ostracism, and blacklisting within the industry.¹¹² Crucially, the WBD provides for a reversal of the burden of proof with respect to the causal link between the protected activity and the detriments suffered, meaning that whoever takes detrimental action against a whistleblower has to prove that the action was not based on whistleblowing but instead on other unrelated grounds.¹¹³ 

2.3. The AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. ’s external whistleblowing channel

25In November 2025, the European Commission’s AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. established an external reporting channel for breaches of the AI Act, referred to as the ‘AI Act Whistleblower Tool’.¹¹⁴ The competences of the reporting channel and its authorised staff members follow the supervisory competences of the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. and thus cover receiving and following-up on reports on any breaches of the GPAI model provisions in Articles 51 to 56 AI Act, as well breaches of other provisions of the AI Act relating to AI systems Article 3(1) AI Act: ‘AI system’ means a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. , provided that the system in question is based on a GPAI model and was developed by the same provider Article 3(3) AI Act: ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge. .¹¹⁵ The competence to enforce other kinds of breaches primarily lies with the Member States and their national market surveillance authorities Article 3(26) AI Act: ‘market surveillance authority’ means the national authority carrying out the activities and taking the measures pursuant to Regulation (EU) 2019/1020. ,¹¹⁶ although Member States are free to designate other national authorities as competent AI whistleblowing authorities to receive and investigate reports. The AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. is not competent to independently follow up on and address breaches of AI Act provisions that fall under the authority of the Member States, for example to investigate providers Article 3(3) AI Act: ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge. of high-risk AI systems Article 3(1) AI Act: ‘AI system’ means a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. not built in-house on the basis of an own GPAI model, with respect to breaches of the high-risk AI rules in Articles 8 to 49. That said, the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. has expressed that where it receives such reports that fall outside its remit, it will still assess the report and, if possible, refer whistleblowers to the appropriate national whistleblowing authority.¹¹⁷

26Compared to other external reporting channels, such as those established by the European Anti-Fraud Office (“OLAF”)¹¹⁸ or for reports on other breaches of EU digital laws such as the Digital Services Act (“DSA”) and Digital Markets Act (“DMA”),¹¹⁹ the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. ’s external reporting channel provides whistleblowers with more detailed information on the reporting procedure and mechanisms for protection.¹²⁰ However, no mention is made of one crucial weakness which the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. ’s reporting channel shares with all other EU reporting channels – namely, unlike national whistleblowing authorities and their reporting channels, the EU and its institutions are not bound by the provisions of the WBD. This is because directives only address and bind the Member States, not the EU institutions themselves. This means that (i) the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. is, inter alia, not obliged to provide feedback to whistleblowers within three to six months¹²¹ (see Article 13 WBD); (ii) AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. staff members are not subject to a strict duty of confidentiality nor are they vulnerable to penalties in case of its violation;¹²² and (iii) whistleblowers do not have the right to disclose whistleblowing information publicly if the external channel does not act within given time limits.¹²³ In practice, the absence of such legal safeguards is likely to have contributed to the fact that potential whistleblowers tend to refrain from reporting to EU institutions and turn to other recipients instead.¹²⁴

27To resolve this issue, one might argue that by establishing an external reporting channel that is supposed to grant whistleblowers protection in accordance with the WBD and its national transposition laws,¹²⁵ the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. has also bound itself to the WBD’s provisions on the external reporting channel, thereby requiring the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. (and all other EU reporting channels) to comply with the same rules and standards set out for national external reporting channels. A line of CJEU case law has already established that if the Commission employs phrases and standards in internal staff regulations which are already established by secondary Union law, these phrases and standards are to be interpreted in the same way.¹²⁶ However, the situation at hand is distinguishable from those cases in several ways. First, even though the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. has drafted a whistleblowing policy that is much closer to the WBD’s provisions than is the EU’s other external channel, it has refrained from simply copying the WBD’s provisions; instead, it uses its own language and rules, for example by referring to the Commission’s (internal) Security Notice C(2019)1903.¹²⁷ Second, several of the WBD’s requirements on external reporting channels require an act of transposition which the Commission has not carried out.¹²⁸ Third and most importantly, overriding the Commission’s internal whistleblowing policies by directly applying the WBD’s provisions would go against the established legal nature of directives as legal acts that (only) address the Member States, according to Article 288(3) TFEU. Hence, even though it may be desirable from a policy perspective, forcing EU institutions to abide by the same rules they apply to Member States, requiring the Commission to fully comply with the WBD would depart from a core doctrine of EU law. The one instance where it could be argued that the WBD effectively applies is with respect to the right to go public in accordance with Article 15(1) WBD if the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. does not provide feedback within 3–6 months. Strictly speaking, this is not a question of forcing an EU institution to comply with a directive, but rather an extension of the whistleblower’s individual rights. Furthermore, the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. has voluntarily adopted the same 3–6 month feedback period as the WBD in its internal whistleblowing policy.¹²⁹ This would make it reasonable, from a whistleblower’s perspective, to believe that publicly disclosing information in accordance with Article 15(1) WBD is permissible if the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. violates its own rules.

28It should be noted, however, that the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. ’s external reporting channel does offer a higher degree of protection than do other EU reporting mechanisms, due to the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. ’s adoption of a unique and comparatively strict confidentiality policy, the provisions of which have been largely modelled on the requirements of the WBD.¹³⁰ According to this policy, only three designated staff members have access to the external reporting channel, which itself is subject to various cybersecurity measures. As a general rule, the content of reports may be shared with third parties, including other members of the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. , only if, and to the extent that, the whistleblower has explicitly consented to the information being forwarded.¹³¹ This policy significantly reduces the risk Article 3(2) AI Act: ‘risk’ means the combination of the probability of an occurrence of harm and the severity of that harm. that the identity of a GPAI whistleblower will be disclosed by accident and makes the inherent risks Article 3(2) AI Act: ‘risk’ means the combination of the probability of an occurrence of harm and the severity of that harm. associated with the decision to report breaches easier to assess and control. While this kind of self-imposed confidentiality regime still lags behind the obligations imposed on national whistleblowing authorities in terms of substance, legal certainty and enforceability, it does grant a noticeably higher level of protection than is common among other EU-level reporting mechanisms. The AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. was willing to voluntarily bind itself to rules similar to those found in the WBD because its channel is primarily aimed at potential whistleblowers from outside the EU due to the EU’s relative industrial insignificance to the GPAI model layer of the AI value chain.¹³² Since employees of influential GPAI model providers Article 3(3) AI Act: ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge. and other people with relevant insider knowledge about breaches of GPAI model provider Article 3(3) AI Act: ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge. obligations are likely to work in countries such as the US and China, they will usually not benefit from protection such as the WBD’s anti-retaliation law, which generally only apply within the European Union.¹³³ Hence, the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. ’s offer of a heightened level of preventative protection via a comparatively strict confidentiality policy is one of the few effective ways to mitigate the personal risks Article 3(2) AI Act: ‘risk’ means the combination of the probability of an occurrence of harm and the severity of that harm. faced by potential whistleblowers, especially from outside the EU, and increase the likelihood of valuable reports being made.

29A report made to the external reporting channel of the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. constitutes an external report within the meaning of the WBD.¹³⁴ Provided that the WBD’s other conditions for protection are met, the legal protections and rights under the respective Member State’s whistleblowing laws are in principle triggered by reports on breaches of GPAI model provider Article 3(3) AI Act: ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge. obligations to the AI Office Article 3(47) AI Act: ‘AI Office’ means the Commission’s function of contributing to the implementation, monitoring and supervision of AI systems and general-purpose AI models, and AI governance, provided for in Commission Decision of 24 January 2024; references in this Regulation to the AI Office shall be construed as references to the Commission. . However, this requires both that the GPAI whistleblower falls within the international scope of application of the respective national whistleblowing law and that its material scope of application covers breaches of the AI Act.¹³⁵ From the perspective of potential GPAI whistleblowers, both aspects should be examined carefully when assessing the risk Article 3(2) AI Act: ‘risk’ means the combination of the probability of an occurrence of harm and the severity of that harm. of falling into the existing gaps of protection under the current legal framework.