Whistleblowing to the ISP
Whistleblowing provisions are contained in the Act on the Protection of Persons Reporting Irregularities (2021:890) (the ”Whistleblower Act”) and the Ordinance on the Protection of Persons Reporting Irregularities (2021:949) (the ”Whistleblower Ordinance”).
ISP's area of responsibility
ISP receives reports from people who, in a work-related context, want to provide information about violations that are covered by ISP's area of responsibility according to the whistleblower regulations. The person reporting must assume that the information is true.
The ISP's area of responsibility includes violations within the authority's supervisory responsibility in the area of product safety and product compliance.
The ISP receives reports of violations of the Military Equipment Act (1992:1300) regarding the following:
- the List of Military Equipment,
- general, global and individual export licenses,
- supplying technical assistance,
- transfer within the EEA,
- certification,
- obligation to keep records regarding transfers within the EEA; and
- obligation to provide information regarding transfers within the EEA.
When the law does not apply
The Whistleblower Act does not apply to reporting of:
- classified information under the Protective Security Act (2018:585),
- information pertaining to national security in the activities of a public authority in the area of defence and security, including the ISP,
- information that only relates to the reporting person's own work or employment conditions; or
- general complaints, questions, etc.
Who can whistleblow?
Reporting can be done by a wide range of people. It can be employees and other persons who are active in or perform any form of work for the business to which the report relates.
How reporting should take place
In order for the protection to apply the reporting must be done via designated e-mail, post, telephone call or a physical meeting. When reporting, you need to provide an account of the violation and preferably provide any documents that supplement the account. Reporting can be done anonymously.
Anonymity and confidentiality
The confidentiality that protects the identity of the informant is absolute. This means that information may not be disclosed, even if it is clear that you who report it will not be negatively affected if the information is disclosed.
It is possible that the reporting will form the basis of a case at the ISP, another public authority or a court. Within the framework of such a case, there is a possibility that the report, or parts of it, can be disclosed to the person who is a party to the case due to the right for the party to access the case.
The ISP does not save personal data that appears in a case longer than necessary in accordance with the procedures that apply to the processing of personal data. ISP archives and preserves documents in whistleblower cases as public documents according to law.
Reporting channels
The ISP provides the following reporting channels. Mail should be sent by registered post.
Phone
08-406 31 00
Ask to speak to the whistleblower function.
E-mail
visselblasning@isp.se
ISP (VB)
Box 6086
171 06 Solna
Mark the envelope with EXTERNAL.
Confirmation, investigation and feedback
You will receive confirmation of the received report within seven days. If the information you have provided is not complete or if it needs to be clarified, the ISP will contact you in the same way as you contacted the ISP, if we judge that this can be done without the risk of your identity being revealed.
ISP investigates the matter, which can lead to, for example, handing it over to the police or the public prosecutor, or the matter being dropped/dismissed. within three months you will get feedback on measures taken is given.
If reporting is done anonymously, the ISP cannot provide a confirmation, ask follow-up questions or provide feedback.
Protection and possibilities
There are protections and possibilities for anyone who wants to report a misconduct. For further information, we recommend that you either contact an employee organization, a legal representative or the ISP through specified channels.
Exemption from liability, prohibition of preventive measures and reprisals and damages
Under the Whistleblower Act, a reporting person may not be held liable for breach of confidentiality, provided that the person making the report had reasonable grounds to believe that the reporting was necessary to disclose the reported violation and believed the information to be true.
Exemption from liability does not entail the right to release documents, nor does it apply if the reporting person is guilty of a crime through the collection.
Anyone who is guilty of a crime through the reporting or gathering of information is not protected against retaliations. A business operator may not prevent or attempt to prevent reporting, or, because of reporting, take reprisals against a reporting person.
An operator that violates any of the prohibitions of obstructive measures or retaliation must pay damages for the loss incurred or for the harm cause by the infringement.
You also have other protections that always apply
In addition to the protection you have via the Whistleblower Act, there are several other regulations that always apply, such as the Freedom of the Press Act and the Fundamental Law on Freedom of Expression.