People Covered By A Whistleblowing Procedure In The United Kingdom
Covered person category | Category description | Scope drafting note | Relationship type | Protection note |
|---|---|---|---|---|
Usually covered | ||||
Employees | Individuals employed under a contract of employment. | Name employees expressly and include permanent, fixed-term, full-time and part-time staff. | Internal workforce | Employees can receive statutory protection for qualifying protected disclosures. |
Workers | People who personally perform work but are not necessarily employees. | Use alongside employee wording because whistleblowing protection is not limited to employees. | Internal workforce | The statutory regime protects workers who make protected disclosures. |
Agency workers | Individuals supplied by an employment business to work for the organisation. | State whether reports go to the hirer, agency, or both, and coordinate non-retaliation duties. | External workforce | Whistleblowing protection can extend to individuals supplied through agency arrangements. |
Casual staff | Individuals engaged irregularly or as needed, often without guaranteed hours. | Avoid limiting the policy to permanent staff include casual and ad hoc workers. | Internal workforce | May be protected if they meet the statutory worker test. |
Zero-hours staff | Staff engaged under contracts with no guaranteed minimum hours. | Include them expressly and avoid assumptions that variable hours reduce access to reporting channels. | Internal workforce | May have employee or worker status and therefore whistleblowing protection. |
Fixed-term employees | Employees engaged for a defined period, task, funding term or project. | Make clear that temporary duration does not affect reporting rights or protection from retaliation. | Internal workforce | Protected on the same whistleblowing basis as other employees if disclosure requirements are met. |
Part-time employees | Employees working fewer hours than comparable full-time employees. | Avoid scope wording that could imply only full-time staff may use the procedure. | Internal workforce | Protected if they make a qualifying protected disclosure. |
Probationary employees | Employees in an initial probation or trial period. | State that probationary status does not limit access to the procedure. | Internal workforce | Whistleblowing dismissal protection is not dependent on ordinary unfair dismissal qualifying service. |
Apprentices | Individuals working while training under an apprenticeship arrangement. | Include apprentices and identify whether training provider contacts can also receive concerns. | Internal workforce | Generally likely to have employment or worker rights, including whistleblowing protection where criteria are met. |
Trainees | Individuals undertaking structured work-based training with the organisation. | Cover paid and unpaid trainees if they have access to workplace information. | Internal workforce | Specific training arrangements may be included within the extended whistleblowing worker definition. |
May be covered | ||||
Interns | Individuals gaining work experience, sometimes paid and sometimes unpaid. | Include interns expressly because status varies and they may be reluctant to report. | Internal workforce | Paid interns may be workers unpaid status can affect statutory protection, but coverage is good practice. |
Work experience students | Students or young people undertaking short workplace placements. | Provide age-appropriate reporting routes and consider safeguarding contacts. | Internal workforce | Statutory whistleblowing status may be uncertain include to support safe reporting. |
Volunteers | Individuals giving time without a contract of employment or wages. | Include volunteers where they work in services, fundraising, community, care or charity operations. | Internal workforce | Volunteers are often outside statutory worker protection, but inclusion is strong governance practice. |
Charity volunteers | Volunteers supporting a charity's operations, services, fundraising or events. | Signpost serious charity wrongdoing routes and trustees or safeguarding leads where relevant. | Internal workforce | Charity Commission guidance recognises volunteers may report serious wrongdoing, though employment protection depends on status. |
Consultants | Independent advisers or specialists engaged to provide services. | Specify whether individual consultants and consultancy firm staff may use internal channels. | External workforce | Protection depends on status many consultants should be invited to report as good practice. |
Independent contractors | Self-employed individuals contracted to deliver work or services. | Include where contractors have operational access, safety responsibilities or compliance visibility. | External workforce | May be protected if their relationship falls within worker or extended worker definitions. |
Personal service company contractors | Individuals providing services through their own company or intermediary. | Mention individuals supplied through intermediaries, not only direct contractors. | External workforce | Statutory position may be fact-specific include to reduce reporting gaps. |
Subcontractors | Individuals or firms engaged by a contractor to perform part of the work. | Include subcontractor personnel where they work on sites, systems or regulated activities. | External workforce | Legal protection depends on worker status, but policy access supports supply-chain risk detection. |
Outsourced service provider staff | Staff employed by third-party providers delivering services for the organisation. | Cover provider staff in facilities, IT, payroll, HR, finance, care, security and customer services. | External workforce | May have protection through their employer client-side reporting access is good practice. |
Facilities management staff | Cleaning, catering, maintenance, reception or building service personnel supplied externally. | Include where they work on premises and may spot safety, security or misconduct risks. | External workforce | Often protected by their own employer organisation should still allow risk reports. |
Security staff | In-house or contracted personnel responsible for site, event or asset security. | Include both employed and contracted security because they often see fraud, violence or safeguarding risks. | Internal workforce, External workforce | Protection depends on employment status reporting access is important for regulated security environments. |
Drivers and couriers | Individuals transporting goods, people or documents for the organisation. | Cover employed, agency, contractor and platform-based drivers where relevant. | Internal workforce, External workforce | Worker status can be fact-sensitive include because they may identify safety or logistics wrongdoing. |
Freelancers | Self-employed individuals providing project-based professional or creative services. | Include freelancers with ongoing access to confidential, client, safety or financial information. | External workforce | May lack statutory protection unless worker status is established policy inclusion is discretionary but useful. |
Usually covered | ||||
Inbound secondees | Individuals temporarily assigned to work within the organisation by another employer. | State that secondees may report to the host, home employer, or agreed contacts. | External workforce | May have statutory protection depending on worker status and assignment structure. |
Outbound secondees | Organisation staff temporarily assigned to another host organisation. | Clarify whether they can use the organisation's procedure for host-related concerns. | Internal workforce | Employees and workers remain protected where statutory disclosure requirements are met. |
Remote workers | Staff working away from the organisation's premises, including from home. | Ensure reporting channels are accessible off-site and outside office-based systems. | Internal workforce | Remote location does not reduce statutory protection for employees or workers. |
Hybrid workers | Staff splitting work between workplace, home and other locations. | Provide reporting routes that work equally for on-site and off-site staff. | Internal workforce | Protected if they meet employee or worker conditions and make a protected disclosure. |
May be covered | ||||
Overseas workers linked to UK operations | Staff based outside the UK but connected to UK business, management or reporting lines. | Define territorial scope and align with local law, group reporting channels and data transfer rules. | Internal workforce | UK statutory protection may depend on territorial connection include where UK management oversight exists. |
UK expatriate staff | UK staff assigned to work abroad for the organisation or group. | Clarify UK and host-country reporting routes and handling of cross-border investigations. | Internal workforce | Protection may turn on employment connection with Great Britain policy coverage can still apply contractually. |
Former employees | People whose employment has ended but who hold relevant information. | Include former staff if post-termination reports will be accepted and investigated. | Other | Post-employment detriment issues can arise accepting reports helps identify historic wrongdoing. |
Former workers | People who previously worked for the organisation outside employee status. | Allow reports after an assignment ends, especially for agency, casual and contractor roles. | Other | Protection may depend on prior status and alleged detriment policy access is useful. |
Job applicants | Candidates applying for employment or worker roles with the organisation. | Consider including applicants where recruitment misconduct, regulatory concerns or blacklisting risks may arise. | Other | Some sectors impose wider whistleblowing arrangements applicant protection may be sector-specific or limited. |
Prospective NHS workers | Applicants or prospective workers in NHS or health service contexts. | Health sector policies should align with Freedom to Speak Up and sector rules. | Other | The NHS has specific speaking-up arrangements and wider regulatory expectations. |
Usually covered | ||||
Executive directors | Board members with executive management responsibilities. | Include directors where they are employees or office-holders with governance oversight. | Governance role | Employee directors may have statutory protection all directors should have routes to raise governance concerns. |
May be covered | ||||
Non-executive directors | Board members providing independent oversight rather than day-to-day management. | Provide a route to the chair, senior independent director, audit committee or external contact. | Governance role | Statutory status may be uncertain inclusion supports board accountability and governance. |
Company officers | Company secretaries or other officers with formal corporate responsibilities. | Include officers who may identify Companies Act, governance or filing concerns. | Governance role | May be protected if also employees or workers otherwise coverage is governance-led. |
Charity trustees | People with legal responsibility for charity governance and administration. | Include trustees and cross-refer to serious incident reporting and charity regulator routes. | Governance role | Trustees may not be workers, but should have clear routes for serious wrongdoing concerns. |
School governors | Individuals with governance responsibilities in maintained schools or academy trusts. | Include governor routes where education, safeguarding or financial management concerns may arise. | Governance role | Statutory employment protection may not apply, but inclusion supports education governance. |
Partners in a partnership | Individuals who own or manage a partnership business. | For LLPs and partnerships, specify partner reporting routes and conflict escalation. | Governance role | Worker status may be complex professional firms should include partners for governance and regulatory reasons. |
LLP members | Members of a limited liability partnership involved in ownership or management. | Include members and align the process with the LLP agreement and regulatory duties. | Governance role | LLP members can fall within whistleblowing worker protection depending on circumstances. |
Committee members | Members of audit, risk, ethics, safeguarding or advisory committees. | Specify escalation routes if concerns involve senior management or the board. | Governance role | May not be statutory workers, but often need access due to oversight responsibilities. |
Group company employees | Employees of parent, subsidiary or sister companies in the same corporate group. | State whether the policy applies group-wide or only to named UK entities. | Business relationship | Protection depends on employer and UK connection group access supports consistent reporting. |
Joint venture personnel | People working in or for a joint venture involving the organisation. | Define whether joint venture concerns go through the organisation, JV entity or both. | Business relationship | Good practice where the organisation has operational control or compliance responsibility. |
Franchisee staff | People employed or engaged by franchisees using the organisation's brand or system. | Clarify whether franchisor channels accept brand, safety, fraud or compliance reports. | Business relationship | Often protected through the franchisee employer franchisor access helps protect brand and compliance. |
Not usually covered but may be invited to report | ||||
Supplier employees | Employees of organisations supplying goods or services. | Invite reports about bribery, modern slavery, safety, quality, sanctions or procurement misconduct. | Business relationship | Usually not protected by the customer as workers, but supply-chain reporting is good compliance practice. |
Supplier contacts | Named commercial, operational or compliance contacts at supplier organisations. | Provide external reporting details in supplier codes, purchase terms or contract schedules. | Business relationship | Inclusion is usually contractual or ethical rather than statutory worker protection. |
Customer contacts | Individuals at customer organisations who interact with the business. | Distinguish whistleblowing reports from complaints, service issues and contractual disputes. | Business relationship | Usually outside statutory worker protection for the organisation, but may report serious misconduct. |
Clients | Individuals or organisations receiving professional, regulated or contracted services. | For professional services, separate client complaints from reports of public interest wrongdoing. | Business relationship | Usually not statutory whistleblowers for the provider, but external reports may reveal regulatory breaches. |
Service users | People receiving services, especially in care, health, housing, education or charities. | Coordinate with complaints, safeguarding and regulatory incident procedures. | Other | Usually outside employment whistleblowing law, but reports can be vital for safeguarding and service quality. |
Patients | People receiving healthcare or treatment services. | Separate patient complaints from staff whistleblowing, but provide routes for serious safety concerns. | Other | Patients are not usually protected as workers, but health regulators accept concerns about care quality. |
Care home residents | Residents receiving regulated care or accommodation services. | Link to safeguarding, complaints and CQC reporting routes, not only internal HR routes. | Other | Usually outside employment whistleblowing protection but key to safeguarding risk identification. |
Students | Learners at schools, colleges, universities or training providers. | Education providers should distinguish student complaints, safeguarding and staff whistleblowing channels. | Other | Usually not statutory workers unless also working reporting access may be safeguarding-led. |
Parents and guardians | Parents, carers or guardians connected with schools, childcare or youth services. | Direct them to complaints or safeguarding routes unless reporting serious public interest wrongdoing. | Other | Not usually covered by employment whistleblowing law, but may raise safeguarding or governance concerns. |
Members of the public | People with no employment, governance or commercial relationship with the organisation. | Consider a separate public concerns or complaints route rather than the staff whistleblowing channel. | Other | Generally outside statutory whistleblowing protection, but reports may identify public safety or fraud issues. |
Shareholders | People or entities holding shares in a company. | Use investor relations, company secretary or audit committee routes for governance concerns. | Business relationship | Shareholding alone does not usually create worker protection, but governance reports may be valuable. |
Investors | External funders or investment stakeholders with an interest in governance or compliance. | Clarify when investor concerns should use whistleblowing, investor relations or contractual notice routes. | Business relationship | Usually outside worker protection, but may identify fraud, market abuse or governance failures. |
Lenders and funders | Banks, grant-makers or finance providers connected to the organisation. | Separate whistleblowing routes from finance covenant, audit or grant reporting mechanisms. | Business relationship | Not usually statutory whistleblowers, but may surface fraud, misuse of funds or financial irregularities. |
May be covered | ||||
External auditors | Independent audit professionals appointed to audit accounts or controls. | Coordinate with audit committee, audit engagement and professional reporting obligations. | Business relationship | May have professional duties and prescribed person routes policy access can support financial integrity. |
Professional advisers | Lawyers, accountants, tax advisers, consultants or other external professionals. | Address privilege, confidentiality, professional duties and agreed escalation contacts. | Business relationship | Statutory protection depends on status professional conduct duties may also apply. |
Usually covered | ||||
Temporary staff | Staff engaged for short-term cover, seasonal peaks or interim assignments. | Include temporary staff regardless of assignment length or payroll route. | Internal workforce, External workforce | May be employees, workers or agency workers with statutory whistleblowing protection. |
Seasonal workers | Workers engaged for recurring seasonal demand, events or production cycles. | Ensure short employment periods and language needs do not block reporting. | Internal workforce, External workforce | Often workers for statutory purposes and may be protected when making qualifying disclosures. |
Migrant workers | Workers in the UK with immigration, sponsorship or visa-related work arrangements. | Address fear of retaliation, sponsorship misuse, language access and modern slavery risks. | Internal workforce, External workforce | Worker protection may apply coverage is important where immigration vulnerability affects reporting. |
Sponsored workers | Workers employed under UK visa sponsorship arrangements. | Make clear that reporting concerns will not lead to victimisation or improper immigration threats. | Internal workforce | Employees or workers may be protected immigration dependency makes anti-retaliation wording important. |
Public sector workers | Employees and workers in central government, local government or public bodies. | Align internal routes with prescribed person and regulator reporting options. | Internal workforce | Protected disclosures can be made to employers or prescribed persons in relevant cases. |
NHS workers | Employees, workers and clinical staff working in NHS organisations or services. | Use Freedom to Speak Up arrangements and name guardians or equivalent contacts. | Internal workforce | Statutory protection may apply and NHS-specific speaking-up standards are expected. |
Healthcare professionals | Doctors, nurses, clinicians and allied health professionals working for or with the organisation. | Coordinate whistleblowing with clinical governance, duty of candour and professional regulator duties. | Internal workforce, External workforce | Often protected as employees or workers and may also have professional obligations to raise concerns. |
Financial services staff | Staff in banks, insurers, investment firms and other regulated financial services businesses. | Reflect FCA or PRA whistleblowing rules where the firm is within scope. | Internal workforce | Statutory employment protection may apply and regulated firms may have additional whistleblowing obligations. |
Senior managers | People with senior management, control, compliance or operational responsibility. | Provide escalation outside line management where allegations concern executives or control functions. | Internal workforce, Governance role | Can be protected as employees or workers regulated senior managers may face personal accountability. |
Compliance officers | Staff responsible for legal, regulatory, risk, ethics or audit compliance. | Give independent escalation routes if concerns involve legal, risk or executive teams. | Internal workforce | Usually protected if employees or workers often central to prescribed person or regulator reporting decisions. |
Data protection officers | Individuals designated to advise on and monitor data protection compliance. | Coordinate whistleblowing with data breach reporting, confidentiality and DPO independence. | Internal workforce, Governance role | May be protected as workers DPOs also have UK GDPR independence and non-penalisation safeguards. |
Health and safety representatives | Employee or worker representatives involved in workplace health and safety matters. | Align whistleblowing routes with health and safety reporting and consultation processes. | Internal workforce | Health and safety disclosures may qualify for whistleblowing protection and separate safety representative protections. |
May be covered | ||||
Trade union representatives | Union officials or workplace representatives supporting members or raising collective concerns. | Clarify whether representatives may report on their own behalf or support a whistleblower. | Internal workforce, Other | May be protected if workers trade union roles also have separate employment law protections. |
Employee representatives | Representatives in staff forums, consultation bodies or elected workplace roles. | State whether representatives can escalate concerns raised by colleagues with consent. | Internal workforce | May have worker protection and separate protections for representative activities. |
Colleagues supporting a whistleblower | Colleagues who assist, witness, accompany or support a person raising concerns. | Include anti-victimisation wording for supporters and witnesses where appropriate. | Internal workforce | Statutory whistleblowing protection mainly protects the discloser, but victimisation of supporters creates legal and cultural risk. |
Internal investigators | Staff asked to investigate, audit or fact-find following a concern. | Protect investigators from retaliation and require confidentiality and independence. | Internal workforce | May be protected if they make their own disclosure procedural safeguards are good practice. |
People named in a disclosure | Individuals alleged to be involved in wrongdoing or relevant events. | Clarify confidentiality, fairness, investigation rights and protection against malicious allegations. | Internal workforce, External workforce, Governance role, Business relationship, Other | Not protected as whistleblowers by being named, but fair process and data protection duties apply. |
Board chair | Person chairing the board or governing body. | Identify an alternative route if the chair is implicated, such as SID, trustee lead or external hotline. | Governance role | Often included for governance integrity even where worker status is uncertain. |
Senior independent director | Independent board member available for concerns not resolved through the chair or executives. | Use as escalation contact for concerns involving the chair, CEO or executive team. | Governance role | Coverage is governance-led listed companies should consider UK Corporate Governance Code expectations. |
Audit committee members | Board or governance members overseeing audit, risk and internal controls. | Provide direct escalation for financial reporting, fraud, audit or internal control concerns. | Governance role | May not be workers, but audit committee access is central to effective whistleblowing governance. |
Interim managers | Senior temporary managers engaged directly, through agencies or through service companies. | Include because they may hold control responsibilities and see strategic or financial wrongdoing. | External workforce, Internal workforce | Status is fact-specific seniority does not remove possible worker protection. |
Umbrella company workers | Workers paid by an umbrella company while assigned to an end client. | State whether reports can be made to the end client, umbrella company, agency or all three. | External workforce | May be protected through employment or worker status multiple parties should coordinate anti-retaliation. |
Platform workers | People obtaining work through digital platforms or apps. | Include if platform workers perform services integral to the organisation or brand. | External workforce | Worker status is fact-specific include where they may observe safety, fraud or exploitation risks. |
Gig economy workers | Individuals carrying out short-term, task-based or on-demand work. | Avoid excluding them by using only payroll-based definitions of staff. | External workforce | May qualify as workers depending on arrangements policy access is prudent. |
Usually covered | ||||
Professional trainees | Trainee solicitors, accountants, surveyors or other regulated profession trainees. | Align with professional regulator duties and training supervisor escalation routes. | Internal workforce | Often employees or workers and may have professional duties to raise concerns. |
May be covered | ||||
Self-employed advocates or barristers | Self-employed legal professionals providing advocacy or advisory services. | Consider confidentiality, legal privilege and professional reporting obligations. | Business relationship | Worker protection may be uncertain professional regulator routes may be relevant. |
External hotline provider staff | Third-party staff receiving, triaging or managing whistleblowing reports. | Cover confidentiality, data processing, escalation and conflicts in the service contract. | Business relationship | Usually protected by their own employer access rules should preserve confidentiality and legal compliance. |
Recruitment agency staff | Agency employees or consultants managing recruitment or labour supply for the organisation. | Allow reporting of recruitment fraud, right-to-work abuse, discrimination or labour exploitation concerns. | Business relationship | May have protection through their own employer customer-side access is good practice for labour supply risk. |
Payroll provider staff | Third-party personnel processing wages, benefits, tax or pension deductions. | Invite reports about wage fraud, tax evasion, pension failures or payroll manipulation. | Business relationship | Usually not workers of the organisation, but may identify serious financial wrongdoing. |
Pension scheme trustees | Trustees responsible for occupational pension scheme governance. | Coordinate with pension scheme reporting, trustee duties and The Pensions Regulator routes. | Governance role | May not be workers pension law and regulator reporting obligations may still be relevant. |
External trade union officials | Union officers who are not employed by the organisation but support its workers. | Clarify whether they may submit concerns for members and how consent and confidentiality are handled. | Other | Usually not protected as organisation workers, but may assist protected disclosures by members. |
Not usually covered but may be invited to report | ||||
Family members of workers | Relatives or household members who become aware of work-related wrongdoing. | If accepted, limit use to serious concerns and protect the worker's confidentiality where possible. | Other | Not usually within statutory worker protection, but may be important where the worker fears reporting directly. |
May be covered | ||||
Anonymous reporters | People who raise concerns without giving their identity. | State whether anonymous reports are accepted and explain investigation limits. | Internal workforce, External workforce, Governance role, Business relationship, Other | Anonymity may make statutory protection harder to enforce, but accepting reports can reveal serious wrongdoing. |
Usually covered | ||||
Confidential reporters | People who disclose their identity but ask for it to be protected. | Explain when confidentiality will be protected and when disclosure may be necessary. | Internal workforce, External workforce, Governance role, Business relationship, Other | Confidentiality does not determine statutory protection, but careful handling reduces victimisation risk. |
Workers reporting to prescribed persons | Workers who raise concerns with an approved regulator or prescribed body. | Explain internal reporting is encouraged but lawful external routes to prescribed persons may exist. | Internal workforce, External workforce | Disclosure to a prescribed person can be protected if statutory conditions are met. |
Who Should A UK Whistleblowing Policy Cover?
A UK whistleblowing procedure should usually cover the organisation’s internal workforce, including employees, workers, agency workers, casual staff, apprentices, trainees, interns and home or remote workers. This reflects the broad meaning of worker in the Public Interest Disclosure Act 1998 and section 43K of the Employment Rights Act 1996, which extends protection beyond standard employees.
Should Contractors, Volunteers And Suppliers Be Included?
Many non-employees may not have full statutory whistleblowing protection, but they often see the same risks. As a matter of good governance, a policy should normally invite reports from consultants, contractors, secondees, volunteers, trustees, supplier contacts and other business partners, while being clear that legal protections may depend on their status and relationship with the organisation.
What Scope Wording Avoids Gaps In Protection?
- Use broad wording: cover anyone working for, with, or on behalf of the organisation, including former staff and applicants where relevant.
- Separate access from legal protection: explain that the organisation will accept reports from wider categories even if statutory whistleblowing rights differ.
- Include group and overseas arrangements carefully: group employees, UK secondees and overseas staff linked to UK operations should be expressly addressed.
- Do not forget governance roles: directors, non-executive directors, trustees, partners, governors and members of committees can raise serious governance or regulatory concerns.

FAQs
You Might Also Be Interested In

