Docaro

People Covered By A Whistleblowing Procedure In The United Kingdom

Created:
This guide explains who is typically covered by whistleblowing procedures in the United Kingdom, helping readers understand workplace reporting rights, responsibilities, and policy scope. It supports the wider AI Generated Whistleblowing Policy for use in the United Kingdom category.
Covered person category
Category description
Scope drafting note
Relationship type
Protection note
Usually covered
Employees
Individuals employed under a contract of employment.
Name employees expressly and include permanent, fixed-term, full-time and part-time staff.
Internal workforce
Employees can receive statutory protection for qualifying protected disclosures.
Workers
People who personally perform work but are not necessarily employees.
Use alongside employee wording because whistleblowing protection is not limited to employees.
Internal workforce
The statutory regime protects workers who make protected disclosures.
Agency workers
Individuals supplied by an employment business to work for the organisation.
State whether reports go to the hirer, agency, or both, and coordinate non-retaliation duties.
External workforce
Whistleblowing protection can extend to individuals supplied through agency arrangements.
Casual staff
Individuals engaged irregularly or as needed, often without guaranteed hours.
Avoid limiting the policy to permanent staff
include casual and ad hoc workers.
Internal workforce
May be protected if they meet the statutory worker test.
Zero-hours staff
Staff engaged under contracts with no guaranteed minimum hours.
Include them expressly and avoid assumptions that variable hours reduce access to reporting channels.
Internal workforce
May have employee or worker status and therefore whistleblowing protection.
Fixed-term employees
Employees engaged for a defined period, task, funding term or project.
Make clear that temporary duration does not affect reporting rights or protection from retaliation.
Internal workforce
Protected on the same whistleblowing basis as other employees if disclosure requirements are met.
Part-time employees
Employees working fewer hours than comparable full-time employees.
Avoid scope wording that could imply only full-time staff may use the procedure.
Internal workforce
Protected if they make a qualifying protected disclosure.
Probationary employees
Employees in an initial probation or trial period.
State that probationary status does not limit access to the procedure.
Internal workforce
Whistleblowing dismissal protection is not dependent on ordinary unfair dismissal qualifying service.
Apprentices
Individuals working while training under an apprenticeship arrangement.
Include apprentices and identify whether training provider contacts can also receive concerns.
Internal workforce
Generally likely to have employment or worker rights, including whistleblowing protection where criteria are met.
Trainees
Individuals undertaking structured work-based training with the organisation.
Cover paid and unpaid trainees if they have access to workplace information.
Internal workforce
Specific training arrangements may be included within the extended whistleblowing worker definition.
May be covered
Interns
Individuals gaining work experience, sometimes paid and sometimes unpaid.
Include interns expressly because status varies and they may be reluctant to report.
Internal workforce
Paid interns may be workers
unpaid status can affect statutory protection, but coverage is good practice.
Work experience students
Students or young people undertaking short workplace placements.
Provide age-appropriate reporting routes and consider safeguarding contacts.
Internal workforce
Statutory whistleblowing status may be uncertain
include to support safe reporting.
Volunteers
Individuals giving time without a contract of employment or wages.
Include volunteers where they work in services, fundraising, community, care or charity operations.
Internal workforce
Volunteers are often outside statutory worker protection, but inclusion is strong governance practice.
Charity volunteers
Volunteers supporting a charity's operations, services, fundraising or events.
Signpost serious charity wrongdoing routes and trustees or safeguarding leads where relevant.
Internal workforce
Charity Commission guidance recognises volunteers may report serious wrongdoing, though employment protection depends on status.
Consultants
Independent advisers or specialists engaged to provide services.
Specify whether individual consultants and consultancy firm staff may use internal channels.
External workforce
Protection depends on status
many consultants should be invited to report as good practice.
Independent contractors
Self-employed individuals contracted to deliver work or services.
Include where contractors have operational access, safety responsibilities or compliance visibility.
External workforce
May be protected if their relationship falls within worker or extended worker definitions.
Personal service company contractors
Individuals providing services through their own company or intermediary.
Mention individuals supplied through intermediaries, not only direct contractors.
External workforce
Statutory position may be fact-specific
include to reduce reporting gaps.
Subcontractors
Individuals or firms engaged by a contractor to perform part of the work.
Include subcontractor personnel where they work on sites, systems or regulated activities.
External workforce
Legal protection depends on worker status, but policy access supports supply-chain risk detection.
Outsourced service provider staff
Staff employed by third-party providers delivering services for the organisation.
Cover provider staff in facilities, IT, payroll, HR, finance, care, security and customer services.
External workforce
May have protection through their employer
client-side reporting access is good practice.
Facilities management staff
Cleaning, catering, maintenance, reception or building service personnel supplied externally.
Include where they work on premises and may spot safety, security or misconduct risks.
External workforce
Often protected by their own employer
organisation should still allow risk reports.
Security staff
In-house or contracted personnel responsible for site, event or asset security.
Include both employed and contracted security because they often see fraud, violence or safeguarding risks.
Internal workforce, External workforce
Protection depends on employment status
reporting access is important for regulated security environments.
Drivers and couriers
Individuals transporting goods, people or documents for the organisation.
Cover employed, agency, contractor and platform-based drivers where relevant.
Internal workforce, External workforce
Worker status can be fact-sensitive
include because they may identify safety or logistics wrongdoing.
Freelancers
Self-employed individuals providing project-based professional or creative services.
Include freelancers with ongoing access to confidential, client, safety or financial information.
External workforce
May lack statutory protection unless worker status is established
policy inclusion is discretionary but useful.
Usually covered
Inbound secondees
Individuals temporarily assigned to work within the organisation by another employer.
State that secondees may report to the host, home employer, or agreed contacts.
External workforce
May have statutory protection depending on worker status and assignment structure.
Outbound secondees
Organisation staff temporarily assigned to another host organisation.
Clarify whether they can use the organisation's procedure for host-related concerns.
Internal workforce
Employees and workers remain protected where statutory disclosure requirements are met.
Remote workers
Staff working away from the organisation's premises, including from home.
Ensure reporting channels are accessible off-site and outside office-based systems.
Internal workforce
Remote location does not reduce statutory protection for employees or workers.
Hybrid workers
Staff splitting work between workplace, home and other locations.
Provide reporting routes that work equally for on-site and off-site staff.
Internal workforce
Protected if they meet employee or worker conditions and make a protected disclosure.
May be covered
Overseas workers linked to UK operations
Staff based outside the UK but connected to UK business, management or reporting lines.
Define territorial scope and align with local law, group reporting channels and data transfer rules.
Internal workforce
UK statutory protection may depend on territorial connection
include where UK management oversight exists.
UK expatriate staff
UK staff assigned to work abroad for the organisation or group.
Clarify UK and host-country reporting routes and handling of cross-border investigations.
Internal workforce
Protection may turn on employment connection with Great Britain
policy coverage can still apply contractually.
Former employees
People whose employment has ended but who hold relevant information.
Include former staff if post-termination reports will be accepted and investigated.
Other
Post-employment detriment issues can arise
accepting reports helps identify historic wrongdoing.
Former workers
People who previously worked for the organisation outside employee status.
Allow reports after an assignment ends, especially for agency, casual and contractor roles.
Other
Protection may depend on prior status and alleged detriment
policy access is useful.
Job applicants
Candidates applying for employment or worker roles with the organisation.
Consider including applicants where recruitment misconduct, regulatory concerns or blacklisting risks may arise.
Other
Some sectors impose wider whistleblowing arrangements
applicant protection may be sector-specific or limited.
Prospective NHS workers
Applicants or prospective workers in NHS or health service contexts.
Health sector policies should align with Freedom to Speak Up and sector rules.
Other
The NHS has specific speaking-up arrangements and wider regulatory expectations.
Usually covered
Executive directors
Board members with executive management responsibilities.
Include directors where they are employees or office-holders with governance oversight.
Governance role
Employee directors may have statutory protection
all directors should have routes to raise governance concerns.
May be covered
Non-executive directors
Board members providing independent oversight rather than day-to-day management.
Provide a route to the chair, senior independent director, audit committee or external contact.
Governance role
Statutory status may be uncertain
inclusion supports board accountability and governance.
Company officers
Company secretaries or other officers with formal corporate responsibilities.
Include officers who may identify Companies Act, governance or filing concerns.
Governance role
May be protected if also employees or workers
otherwise coverage is governance-led.
Charity trustees
People with legal responsibility for charity governance and administration.
Include trustees and cross-refer to serious incident reporting and charity regulator routes.
Governance role
Trustees may not be workers, but should have clear routes for serious wrongdoing concerns.
School governors
Individuals with governance responsibilities in maintained schools or academy trusts.
Include governor routes where education, safeguarding or financial management concerns may arise.
Governance role
Statutory employment protection may not apply, but inclusion supports education governance.
Partners in a partnership
Individuals who own or manage a partnership business.
For LLPs and partnerships, specify partner reporting routes and conflict escalation.
Governance role
Worker status may be complex
professional firms should include partners for governance and regulatory reasons.
LLP members
Members of a limited liability partnership involved in ownership or management.
Include members and align the process with the LLP agreement and regulatory duties.
Governance role
LLP members can fall within whistleblowing worker protection depending on circumstances.
Committee members
Members of audit, risk, ethics, safeguarding or advisory committees.
Specify escalation routes if concerns involve senior management or the board.
Governance role
May not be statutory workers, but often need access due to oversight responsibilities.
Group company employees
Employees of parent, subsidiary or sister companies in the same corporate group.
State whether the policy applies group-wide or only to named UK entities.
Business relationship
Protection depends on employer and UK connection
group access supports consistent reporting.
Joint venture personnel
People working in or for a joint venture involving the organisation.
Define whether joint venture concerns go through the organisation, JV entity or both.
Business relationship
Good practice where the organisation has operational control or compliance responsibility.
Franchisee staff
People employed or engaged by franchisees using the organisation's brand or system.
Clarify whether franchisor channels accept brand, safety, fraud or compliance reports.
Business relationship
Often protected through the franchisee employer
franchisor access helps protect brand and compliance.
Not usually covered but may be invited to report
Supplier employees
Employees of organisations supplying goods or services.
Invite reports about bribery, modern slavery, safety, quality, sanctions or procurement misconduct.
Business relationship
Usually not protected by the customer as workers, but supply-chain reporting is good compliance practice.
Supplier contacts
Named commercial, operational or compliance contacts at supplier organisations.
Provide external reporting details in supplier codes, purchase terms or contract schedules.
Business relationship
Inclusion is usually contractual or ethical rather than statutory worker protection.
Customer contacts
Individuals at customer organisations who interact with the business.
Distinguish whistleblowing reports from complaints, service issues and contractual disputes.
Business relationship
Usually outside statutory worker protection for the organisation, but may report serious misconduct.
Clients
Individuals or organisations receiving professional, regulated or contracted services.
For professional services, separate client complaints from reports of public interest wrongdoing.
Business relationship
Usually not statutory whistleblowers for the provider, but external reports may reveal regulatory breaches.
Service users
People receiving services, especially in care, health, housing, education or charities.
Coordinate with complaints, safeguarding and regulatory incident procedures.
Other
Usually outside employment whistleblowing law, but reports can be vital for safeguarding and service quality.
Patients
People receiving healthcare or treatment services.
Separate patient complaints from staff whistleblowing, but provide routes for serious safety concerns.
Other
Patients are not usually protected as workers, but health regulators accept concerns about care quality.
Care home residents
Residents receiving regulated care or accommodation services.
Link to safeguarding, complaints and CQC reporting routes, not only internal HR routes.
Other
Usually outside employment whistleblowing protection but key to safeguarding risk identification.
Students
Learners at schools, colleges, universities or training providers.
Education providers should distinguish student complaints, safeguarding and staff whistleblowing channels.
Other
Usually not statutory workers unless also working
reporting access may be safeguarding-led.
Parents and guardians
Parents, carers or guardians connected with schools, childcare or youth services.
Direct them to complaints or safeguarding routes unless reporting serious public interest wrongdoing.
Other
Not usually covered by employment whistleblowing law, but may raise safeguarding or governance concerns.
Members of the public
People with no employment, governance or commercial relationship with the organisation.
Consider a separate public concerns or complaints route rather than the staff whistleblowing channel.
Other
Generally outside statutory whistleblowing protection, but reports may identify public safety or fraud issues.
Shareholders
People or entities holding shares in a company.
Use investor relations, company secretary or audit committee routes for governance concerns.
Business relationship
Shareholding alone does not usually create worker protection, but governance reports may be valuable.
Investors
External funders or investment stakeholders with an interest in governance or compliance.
Clarify when investor concerns should use whistleblowing, investor relations or contractual notice routes.
Business relationship
Usually outside worker protection, but may identify fraud, market abuse or governance failures.
Lenders and funders
Banks, grant-makers or finance providers connected to the organisation.
Separate whistleblowing routes from finance covenant, audit or grant reporting mechanisms.
Business relationship
Not usually statutory whistleblowers, but may surface fraud, misuse of funds or financial irregularities.
May be covered
External auditors
Independent audit professionals appointed to audit accounts or controls.
Coordinate with audit committee, audit engagement and professional reporting obligations.
Business relationship
May have professional duties and prescribed person routes
policy access can support financial integrity.
Professional advisers
Lawyers, accountants, tax advisers, consultants or other external professionals.
Address privilege, confidentiality, professional duties and agreed escalation contacts.
Business relationship
Statutory protection depends on status
professional conduct duties may also apply.
Usually covered
Temporary staff
Staff engaged for short-term cover, seasonal peaks or interim assignments.
Include temporary staff regardless of assignment length or payroll route.
Internal workforce, External workforce
May be employees, workers or agency workers with statutory whistleblowing protection.
Seasonal workers
Workers engaged for recurring seasonal demand, events or production cycles.
Ensure short employment periods and language needs do not block reporting.
Internal workforce, External workforce
Often workers for statutory purposes and may be protected when making qualifying disclosures.
Migrant workers
Workers in the UK with immigration, sponsorship or visa-related work arrangements.
Address fear of retaliation, sponsorship misuse, language access and modern slavery risks.
Internal workforce, External workforce
Worker protection may apply
coverage is important where immigration vulnerability affects reporting.
Sponsored workers
Workers employed under UK visa sponsorship arrangements.
Make clear that reporting concerns will not lead to victimisation or improper immigration threats.
Internal workforce
Employees or workers may be protected
immigration dependency makes anti-retaliation wording important.
Public sector workers
Employees and workers in central government, local government or public bodies.
Align internal routes with prescribed person and regulator reporting options.
Internal workforce
Protected disclosures can be made to employers or prescribed persons in relevant cases.
NHS workers
Employees, workers and clinical staff working in NHS organisations or services.
Use Freedom to Speak Up arrangements and name guardians or equivalent contacts.
Internal workforce
Statutory protection may apply and NHS-specific speaking-up standards are expected.
Healthcare professionals
Doctors, nurses, clinicians and allied health professionals working for or with the organisation.
Coordinate whistleblowing with clinical governance, duty of candour and professional regulator duties.
Internal workforce, External workforce
Often protected as employees or workers and may also have professional obligations to raise concerns.
Financial services staff
Staff in banks, insurers, investment firms and other regulated financial services businesses.
Reflect FCA or PRA whistleblowing rules where the firm is within scope.
Internal workforce
Statutory employment protection may apply and regulated firms may have additional whistleblowing obligations.
Senior managers
People with senior management, control, compliance or operational responsibility.
Provide escalation outside line management where allegations concern executives or control functions.
Internal workforce, Governance role
Can be protected as employees or workers
regulated senior managers may face personal accountability.
Compliance officers
Staff responsible for legal, regulatory, risk, ethics or audit compliance.
Give independent escalation routes if concerns involve legal, risk or executive teams.
Internal workforce
Usually protected if employees or workers
often central to prescribed person or regulator reporting decisions.
Data protection officers
Individuals designated to advise on and monitor data protection compliance.
Coordinate whistleblowing with data breach reporting, confidentiality and DPO independence.
Internal workforce, Governance role
May be protected as workers
DPOs also have UK GDPR independence and non-penalisation safeguards.
Health and safety representatives
Employee or worker representatives involved in workplace health and safety matters.
Align whistleblowing routes with health and safety reporting and consultation processes.
Internal workforce
Health and safety disclosures may qualify for whistleblowing protection and separate safety representative protections.
May be covered
Trade union representatives
Union officials or workplace representatives supporting members or raising collective concerns.
Clarify whether representatives may report on their own behalf or support a whistleblower.
Internal workforce, Other
May be protected if workers
trade union roles also have separate employment law protections.
Employee representatives
Representatives in staff forums, consultation bodies or elected workplace roles.
State whether representatives can escalate concerns raised by colleagues with consent.
Internal workforce
May have worker protection and separate protections for representative activities.
Colleagues supporting a whistleblower
Colleagues who assist, witness, accompany or support a person raising concerns.
Include anti-victimisation wording for supporters and witnesses where appropriate.
Internal workforce
Statutory whistleblowing protection mainly protects the discloser, but victimisation of supporters creates legal and cultural risk.
Internal investigators
Staff asked to investigate, audit or fact-find following a concern.
Protect investigators from retaliation and require confidentiality and independence.
Internal workforce
May be protected if they make their own disclosure
procedural safeguards are good practice.
People named in a disclosure
Individuals alleged to be involved in wrongdoing or relevant events.
Clarify confidentiality, fairness, investigation rights and protection against malicious allegations.
Internal workforce, External workforce, Governance role, Business relationship, Other
Not protected as whistleblowers by being named, but fair process and data protection duties apply.
Board chair
Person chairing the board or governing body.
Identify an alternative route if the chair is implicated, such as SID, trustee lead or external hotline.
Governance role
Often included for governance integrity even where worker status is uncertain.
Senior independent director
Independent board member available for concerns not resolved through the chair or executives.
Use as escalation contact for concerns involving the chair, CEO or executive team.
Governance role
Coverage is governance-led
listed companies should consider UK Corporate Governance Code expectations.
Audit committee members
Board or governance members overseeing audit, risk and internal controls.
Provide direct escalation for financial reporting, fraud, audit or internal control concerns.
Governance role
May not be workers, but audit committee access is central to effective whistleblowing governance.
Interim managers
Senior temporary managers engaged directly, through agencies or through service companies.
Include because they may hold control responsibilities and see strategic or financial wrongdoing.
External workforce, Internal workforce
Status is fact-specific
seniority does not remove possible worker protection.
Umbrella company workers
Workers paid by an umbrella company while assigned to an end client.
State whether reports can be made to the end client, umbrella company, agency or all three.
External workforce
May be protected through employment or worker status
multiple parties should coordinate anti-retaliation.
Platform workers
People obtaining work through digital platforms or apps.
Include if platform workers perform services integral to the organisation or brand.
External workforce
Worker status is fact-specific
include where they may observe safety, fraud or exploitation risks.
Gig economy workers
Individuals carrying out short-term, task-based or on-demand work.
Avoid excluding them by using only payroll-based definitions of staff.
External workforce
May qualify as workers depending on arrangements
policy access is prudent.
Usually covered
Professional trainees
Trainee solicitors, accountants, surveyors or other regulated profession trainees.
Align with professional regulator duties and training supervisor escalation routes.
Internal workforce
Often employees or workers and may have professional duties to raise concerns.
May be covered
Self-employed advocates or barristers
Self-employed legal professionals providing advocacy or advisory services.
Consider confidentiality, legal privilege and professional reporting obligations.
Business relationship
Worker protection may be uncertain
professional regulator routes may be relevant.
External hotline provider staff
Third-party staff receiving, triaging or managing whistleblowing reports.
Cover confidentiality, data processing, escalation and conflicts in the service contract.
Business relationship
Usually protected by their own employer
access rules should preserve confidentiality and legal compliance.
Recruitment agency staff
Agency employees or consultants managing recruitment or labour supply for the organisation.
Allow reporting of recruitment fraud, right-to-work abuse, discrimination or labour exploitation concerns.
Business relationship
May have protection through their own employer
customer-side access is good practice for labour supply risk.
Payroll provider staff
Third-party personnel processing wages, benefits, tax or pension deductions.
Invite reports about wage fraud, tax evasion, pension failures or payroll manipulation.
Business relationship
Usually not workers of the organisation, but may identify serious financial wrongdoing.
Pension scheme trustees
Trustees responsible for occupational pension scheme governance.
Coordinate with pension scheme reporting, trustee duties and The Pensions Regulator routes.
Governance role
May not be workers
pension law and regulator reporting obligations may still be relevant.
External trade union officials
Union officers who are not employed by the organisation but support its workers.
Clarify whether they may submit concerns for members and how consent and confidentiality are handled.
Other
Usually not protected as organisation workers, but may assist protected disclosures by members.
Not usually covered but may be invited to report
Family members of workers
Relatives or household members who become aware of work-related wrongdoing.
If accepted, limit use to serious concerns and protect the worker's confidentiality where possible.
Other
Not usually within statutory worker protection, but may be important where the worker fears reporting directly.
May be covered
Anonymous reporters
People who raise concerns without giving their identity.
State whether anonymous reports are accepted and explain investigation limits.
Internal workforce, External workforce, Governance role, Business relationship, Other
Anonymity may make statutory protection harder to enforce, but accepting reports can reveal serious wrongdoing.
Usually covered
Confidential reporters
People who disclose their identity but ask for it to be protected.
Explain when confidentiality will be protected and when disclosure may be necessary.
Internal workforce, External workforce, Governance role, Business relationship, Other
Confidentiality does not determine statutory protection, but careful handling reduces victimisation risk.
Workers reporting to prescribed persons
Workers who raise concerns with an approved regulator or prescribed body.
Explain internal reporting is encouraged but lawful external routes to prescribed persons may exist.
Internal workforce, External workforce
Disclosure to a prescribed person can be protected if statutory conditions are met.

Who Should A UK Whistleblowing Policy Cover?

A UK whistleblowing procedure should usually cover the organisation’s internal workforce, including employees, workers, agency workers, casual staff, apprentices, trainees, interns and home or remote workers. This reflects the broad meaning of worker in the Public Interest Disclosure Act 1998 and section 43K of the Employment Rights Act 1996, which extends protection beyond standard employees.

Should Contractors, Volunteers And Suppliers Be Included?

Many non-employees may not have full statutory whistleblowing protection, but they often see the same risks. As a matter of good governance, a policy should normally invite reports from consultants, contractors, secondees, volunteers, trustees, supplier contacts and other business partners, while being clear that legal protections may depend on their status and relationship with the organisation.

What Scope Wording Avoids Gaps In Protection?

  • Use broad wording: cover anyone working for, with, or on behalf of the organisation, including former staff and applicants where relevant.
  • Separate access from legal protection: explain that the organisation will accept reports from wider categories even if statutory whistleblowing rights differ.
  • Include group and overseas arrangements carefully: group employees, UK secondees and overseas staff linked to UK operations should be expressly addressed.
  • Do not forget governance roles: directors, non-executive directors, trustees, partners, governors and members of committees can raise serious governance or regulatory concerns.
People covered by a whistleblowing procedure
Want to Generate Your own Whistleblowing Policy?
Docaro AI can help you write your own Whistleblowing Policy for use in the United Kingdom in minutes.
Generate Your Document Now

FAQs

A UK whistleblowing procedure usually covers employees, workers, agency workers, trainees, contractors, consultants and others who perform work for the organisation.
Show All FAQs

You Might Also Be Interested In

Whistleblowing policy section checklist
United Kingdom checklist for key whistleblowing policy sections, helping employers review reporting, protection, and compliance content.
Whistleblowing disclosure categories
Explore whistleblowing disclosure categories in the United Kingdom and why they matter for reporting protected concerns.

References and Information Sources