BRS article

A new era for Whistleblowers: Assessing the changes

By:

Gert Venter,

Sanmarie Storm

22 May 20269 min read

Assessing the changes

What will change under South Africa’s Protected Disclosures Bill, 2026?

The Department of Justice and Constitutional Development in South Africa gazetted the Draft Protected Disclosures Bill, 2026 for public comment with submissions closed on 14 May 2026. It is not yet been enacted as law, but it is significant because it proposes to repeal and replace the current Protected Disclosures Act 26 of 2000, as amended in 2017, with a more detailed whistleblowing framework for both the public and private sectors. Legal commentary on the draft has also highlighted that the Bill reflects concerns raised by the Zondo Commission about gaps in South Africa’s current whistleblower protection framework.

For organisations, the implications extend beyond legal compliance. In our view, the Bill signals a shift toward a more managed and accountable whistleblowing regime. One that will require employers to move from policy level commitments to operational readiness. This includes structured intake procedures, tighter confidentiality controls, and documented case-handling processes. For organisations, including those investing in ethics management, fraud prevention, and whistleblowing case-handling services, as well as those on a journey to strengthen their ethical culture, the proposed reform is likely to raise the standard for internal systems and response capability, particularly in how whistleblowing processes are designed, managed, trusted and aligned with best practice.

In our view, the Bill signals a shift toward a more managed and accountable whistleblowing regime.

Comparison:

Current Protected Disclosures Act of 2000 and the Protected Disclosures Amendment Act of 2017 (“PDA”) Framework vs the Protected Disclosures Bill of 2026 (“Bill”)

Theme	Current position under the PDA	How the proposed Bill changes the current framework
1. Protection of whistleblowers	The current framework protects employees and certain workers. Protection applies where a protected disclosure leads to occupational detriment. The focus remains largely on employment status and workplace-related harm.	The Bill shifts from an employee-focused model to the broader concept of a ‘discloser’. Protection is intended to extend to employees in both the public and private sectors and to certain non-employees. Related persons may also be protected where they face retaliation because of a disclosure. This significantly broadens the scope of who may receive protection.
2. Encouraging ethical reporting	The Act encourages internal reporting and early disclosure of wrongdoing. It does not prescribe a detailed operating model for internal speak-up systems. Many organisations therefore rely on policy-level commitments rather than robust processes	Employers will need formal procedures for receiving and handling disclosures. Reporting routes and internal responsibilities are expected to be clearer. The Bill places more weight on ethics culture, fraud prevention, and early intervention. (Which will require practical investment, not just policy updates.)
3. Good faith and reasonable belief	A disclosure does not have to be proven true at the time it is made. The person making the disclosure must generally have reason to believe wrongdoing is indicated. Good faith has historically been an important part of the protection analysis.	The Bill keeps the principle that disclosures need not be proven in advance. The key issue remains whether the discloser reasonably believes the information indicates improper conduct. Employers will need to assess reports on credibility and process rather than dismissing unproven allegations too quickly.
4. Proper disclosure channels	The current Act distinguishes between internal, regulatory, and wider public disclosures. Protection becomes harder to secure as disclosures move into more public channels. The overall pathway is often seen as fragmented and unclear in practice.	The Bill introduces a more structured disclosure architecture. It provides clearer procedures, authorised recipients, and handling requirements. Informal reporting arrangements are likely to be insufficient under the proposed regime.
5. Occupational detriment and retaliation	The current Act prohibits occupational detriment linked to a protected disclosure. This includes dismissal, suspension, harassment, intimidation, and similar prejudicial treatment. The 2017 amendment strengthened parts of the framework, but practical enforcement challenges remain.	The Bill distinguishes between occupational detriment for employee disclosers and detrimental action for other disclosers and related persons. Commentary suggests it broadens the kinds of harm that may be recognised, including emotional and psychological trauma as noted in legal commentary. Retaliation may attract more serious consequences, including possible criminal liability. Employers may face a heavier evidential burden where retaliation is alleged.
6. Accountability and governance	The current Act supports governance principles indirectly. It does not prescribe a detailed internal governance model for disclosure handling. Oversight arrangements therefore vary significantly between organisations.	The Bill brings disclosure handling closer to the centre of governance and compliance oversight. It requires more structured internal procedures and designated responsibility. It also introduces system-level coordination measures such as a central database. This aligns whistleblowing more closely with ethics governance, risk management, and board oversight.
7. Confidentiality and anonymity	The current framework recognises the importance of confidentiality. It does not create a highly detailed confidentiality regime for modern whistleblowing systems. Identity leakage remains a practical risk in many organisations. Anonymous reporting may be possible in practice, but it is not comprehensively regulated, and protections depend on how disclosures are handled internally.	The Bill places much stronger emphasis on confidentiality, requiring that a discloser’s identity, or information likely to identify them, may not be disclosed except where strictly necessary and lawful. The Bill draws a clearer distinction between anonymity and confidentiality: anonymity applies where the discloser’s identity is not known; confidentiality applies where the identity is known but must be protected on a strict need-to-know basis. Organisations will be expected to preserve anonymity where reports are made anonymously and to implement appropriate systems and controls to prevent identify leakage. Where a discloser’s identity is known, it must be protected and only disclosed in a controlled and justified manner. Any waiver of anonymity or confidentiality should be informed, explicit, and documented. In limited circumstances where identity disclosure is necessary (e.g. for investigation or legal purposes), it should be assessed, limited to what is strictly required, and, where possible, discussed with the discloser in advance. Breaches may constitute criminal offences, reinforcing the need for secure case management and restricted access controls.
8. Fair and objective investigations	The current Act protects disclosures but says less about post-report operating standards. It provides limited detail on how disclosures should be processed and investigated after receipt. This has led to inconsistent organisational practice.	The Bill introduces more detailed procedural requirements for receiving, assessing, referring, investigating, and tracking disclosures Investigations will need to be timely, documented, and procedurally fair. Organisations will need defensible case management rather than policy-only compliance.
9. Balancing rights	The current position requires protection for whistleblowers to be balanced against fairness to implicated persons. That principle exists, but it is not always applied consistently in practice.	The Bill does not remove the need for fairness to implicated persons. It raises the stakes by requiring stronger protection for disclosers while allegations are handled objectively and lawfully. This makes triage, confidentiality, evidence control, and impartial investigation design even more important.
10. Organisational culture	The current Act assumes legal protection will encourage reporting. In practice, legislation alone does not create trust. Many organisations comply formally while employees still fear retaliation or exclusion.	The Bill reinforces that culture remains critical to effective whistleblowing. By broadening protection, formalising procedures, and increasing liability, it pushes organisations toward more credible speak-up systems. Leadership behaviour and visible follow-through will remain decisive in practice.

What is new and especially important for organisations?

The proposed Bill is not just an update to definitions. It signals a move toward a more managed whistleblowing regime. Published commentary from Bowmans[1], has described it as a substantial operational shift for employers because it broadens the protected population, introduces more detailed procedures, and increases accountability for how disclosures are handled. From a practical business perspective, the most important proposed developments are the following:

Broader protection categories, including non-traditional reporting persons and related persons affected by retaliation.
Mandatory internal procedures for receiving, assessing, escalating, and managing disclosures.
Designated responsibility within organisations for handling disclosures.
Stricter timelines for acknowledgment, assessment, feedback, and investigation progress.
Stronger confidentiality duties and greater consequences for identity leakage.
More serious exposure for retaliation, including potential criminal sanctions.
Greater pressure on employers to show that adverse action was not retaliatory.

Increased expectation that investigations will be independent, documented, secure, and procedurally fair.
Possible centralised oversight and data tracking of disclosures.
A compliance environment that increasingly overlaps with ethics management, fraud prevention, governance, labour practice, and privacy controls.

What organisations should do next

Although the Bill has not yet been enacted, we recommend that organisations begin assessing their readiness now rather than waiting for the legislative process to conclude. A sensible starting point is to assess whether current whistleblowing arrangements are credible, confidential, and capable of handling reports consistently. That review should cover policy wording, reporting channels, anonymous intake options, case ownership, investigation protocols, anti-retaliation controls, management oversight, and alignment with broader ethics, labour, fraud, and privacy frameworks.

Practical readiness checklist for organisations

The checklist below reflects our practical assessment of the areas organisations should begin reviewing now. Final implementation steps should, of course, be aligned to the wording of the enacted legislation once the legislative process is complete.

Policy framework: Review whistleblowing, ethics, fraud, grievance, and disciplinary policies to ensure they are aligned and clearly define how protected disclosures will be received and handled.
Intake channels: Confirm that reporting channels are accessible, trusted, and capable of receiving disclosures confidentially, including anonymous reports where appropriate.
Assigned responsibility: Designate responsible persons or functions to receive, assess, escalate, and oversee disclosures.
Confidentiality controls: Limit access to whistleblowing information on a strict need-to-know basis and strengthen safeguards against identity leakage.
Case triage: Put in place a structured process for classifying matters, assessing urgency and risk, and deciding how each disclosure should be routed.
Investigator independence: Ensure investigations can be conducted impartially, with appropriate separation from implicated management or business units.
Anti-retaliation controls: Build monitoring mechanisms to detect dismissal, exclusion, disciplinary pressure, role changes, intimidation, or other forms of retaliation after a disclosure.
Investigation protocols: Standardise evidence handling, documentation, escalation, decision-making, and case closure processes.
Management and board reporting: Establish regular reporting lines so leadership has visibility over disclosure volumes, themes, response times, and retaliation risk.
Training and awareness: Train managers, investigators, HR, ethics teams, and employees on disclosure handling, confidentiality, and non-retaliation expectations.
Recordkeeping: Maintain secure, consistent records of disclosures, actions taken, outcomes, and follow-up steps.
Legal alignment: Check alignment not only with whistleblowing requirements, but also with labour law, privacy obligations, governance expectations, and investigation fairness principles.

Used well, this checklist can help organisations move the discussion from whether a hotline exists to whether the broader whistleblowing framework is credible, controlled, and ready for a more demanding regulatory environment.

Conclusion

In our view, the Protected Disclosures Bill, 2026 points toward a more structured, more protective, and more demanding whistleblowing regime than the current Act. For organisations, the key question is no longer whether a whistleblowing channel exists, but whether the organisation can receive, protect, investigate, and respond to disclosures in a way that is credible, lawful, and operationally robust.

We are well placed to support organisations in assessing and strengthening their whistleblowing frameworks ahead of any legislative changes. If you would like to discuss what these developments mean for your organisation, we would welcome the conversation.