Edition I, 2026 · Tested April 2026

Classement des logiciels de signalement en France

Classement independant des plateformes de signalement pour la France sous la Loi Waserman et Sapin II. Barème fixe de 25 critères ; chaque score est justifié par une preuve.

Outils notés: 11
Base max: 50
Bonus France max: 8
Version du barème: v2

La France est l’un des rares marches de l’UE ou le bonus pays change vraiment le classement. Un simple discours “conforme a la directive europeenne” ne suffit pas : les acheteurs veulent savoir si l’editeur comprend la Loi Waserman, si Sapin II reste dans le perimetre pour les grandes organisations, et si le produit tient la route dans un cycle d’achat francais.

Cette edition combine donc deux couches :

le barème de base sur 50 points, agnostique au pays, qui mesure la qualite produit, la posture securite, la transparence tarifaire et la profondeur workflow ;
le modificateur France sur 8 points, qui recompense le cadrage explicite Waserman / Sapin II, l’UI en francais et, quand elle est publiee clairement, une option de residence des donnees en France.

Le resultat penalise deux echecs frequents du marche francais : les produits locaux anciens, bien cadres juridiquement mais faibles en profondeur produit, et les produits globaux solides techniquement mais presque muets sur le droit francais.

Top 11 — résumé

#	Tool	Niveau	Base / 50	France bonus / 8	Total	Dernière revue
1	EthicsPortal	P+R+H	41	5	46	2026-04-21
2	FaceUp	P+R+H	35	2	37	2026-04-20
3	Whispli	P	26	8	34	2026-04-21
4	Alertcys	P	22	8	30	2026-04-21
5	WeMoral	P	25	2	27	2026-04-21
6	Witik	P	19	7	26	2026-04-19
7	EQS Integrity Line	P	21	4	25	2026-04-20
8	IntegrityLog	P	23	2	25	2026-04-21
9	Whistleblower Software (Formalize)	P	21	3	24	2026-04-20
10	NAVEX	P	17	6	23	2026-04-20
11	Signalement.net	P	15	6	21	2026-04-21

Matrice critère par critère

● répond pleinement ◐ répond partiellement ○ ne répond pas / non vérifiable

Criterion	EthicsPortal	FaceUp	Whispli	Alertcys	WeMoral	Witik	EQS Integrity Line	IntegrityLog	Whistleblower Software (Formalize)	NAVEX	Signalement.net
Legal compliance · 16 pts max
A1 Local transposition law referenced with article numbers	●	◐	◐	◐	◐	◐	◐	◐	◐	◐	●
A2 Directive 2019/1937 Article 2(1) categories in intake	◐	◐	○	○	○	○	○	◐	○	◐	○
A3 Anonymous reporting default-on or equal-status	●	●	●	●	●	●	●	●	●	●	●
A4 7-day acknowledgment + 3-month feedback deadline tracking	●	◐	●	◐	○	○	○	●	◐	○	○
A5 Configurable retention with automatic deletion	●	●	○	○	○	○	○	○	○	○	○
A6 Report register / log	●	●	○	◐	◐	○	○	◐	○	○	◐
A7 Append-only handler audit trail	●	◐	◐	○	◐	◐	◐	○	◐	○	○
A8 DPA + DPIA support documented	◐	○	◐	○	○	○	○	○	○	○	○
Reporter experience · 10 pts max
B9 Web form, mobile-responsive, with file upload	●	●	●	●	●	●	●	●	●	●	●
B10 Two-factor reporter access (Case ID + passcode)	●	○	○	○	◐	○	●	◐	○	◐	◐
B11 Two-way anonymous communication	●	●	●	●	●	●	●	●	●	●	●
B12 Structured intake aligned to Article 2(1)	○	◐	◐	◐	◐	○	◐	◐	○	◐	○
B13 Reporter form in local language	●	●	●	●	●	●	●	●	●	●	●
Handler experience · 10 pts max
C14 Case management dashboard with status workflow	●	●	●	◐	◐	◐	●	●	●	●	◐
C15 Assign cases to handlers (rotation or multi-handler)	●	●	◐	◐	◐	◐	○	◐	○	○	○
C16 Deadline reminder notifications	●	●	●	○	○	○	○	●	○	○	○
C17 Internal notes (not visible to reporter)	●	●	○	○	◐	○	○	○	○	○	○
C18 Role-based access control (≥3 roles)	◐	●	○	◐	◐	○	○	●	○	○	○
Security and trust · 8 pts max
D19 ISO 27001 certified	○	●	●	○	○	●	●	●	●	●	○
D20 No EOL software components	●	●	●	●	●	○	○	●	○	○	○
D21 EU data residency with country disclosed	●	●	●	●	○	●	●	○	◐	◐	●
D22 Sub-processor list + right to object	◐	○	◐	○	○	○	○	○	◐	○	○
Commercial · 6 pts max
E23 Published pricing	●	○	○	●	●	◐	○	○	●	○	○
E24 Free trial available (self-serve)	◐	●	○	◐	●	◐	●	○	●	○	○
E25 Monthly contract option	●	○	○	○	●	◐	○	○	○	○	○
France bonus · 8 pts max · modificateur, hors base
FR·WASERMAN Loi Waserman compliance stated	●	○	●	●	○	◐	○	○	○	◐	○
FR·SAPIN2 Sapin 2 compliance stated	○	○	●	●	○	●	◐	○	◐	●	●
FR·RESIDENCY France data residency available	◐	○	●	●	○	●	◐	○	○	◐	●
FR·UI French-language UI (reporter + handler)	●	●	●	●	●	●	●	●	●	●	●
Total	46	37	34	30	27	26	25	25	24	23	21

Revues par outil

EthicsPortal

Poland · Whistleblower reporting portal hosted on Hetzner in Germany. Flat €49/month plan.

46 / 58

Base 41 · Bonus 5 · Niveau P+R+H

Legal

14/16

Reporter

8/10

Handler

9/10

Security

5/8

Commercial

5/6

Forces

Best article-level legal framing of any tool reviewed: /compliance/ enumerates Art 4, 6, 8, 9, 16, 18, 19–21
Deadline tracking is real, not marketing: code has eu_acknowledgment_deadline + feedback_due_at + overdue/due_soon scopes
Retention is configurable AND auto-purged: RETENTION_MONTHS_OPTIONS [12,24,36,60] + RetentionCleanupJob
Two-factor reporter access: Case ID + reporter-chosen 6-digit passcode (bcrypt digest), session-gated inbox; identifier is separated from secret
Modern stack with no EOL liabilities: Rails 8 + Turbo + Tailwind 4; no CKEditor or jQuery
Transparent monthly pricing (€49/mo) with EN/FR/PL UI
Multi-handler case assignment: per-report assigned_to FK on Membership, Pundit scope enforces admin-sees-all / member-sees-only-assigned, assignment changes are audit-logged and the assignee is notified automatically

Faiblesses

No structured intake questions: schema is Subject + Description + Files; does not ask relationship-to-org, source-of-info, prior reporting, or retaliation concerns
Audit log is append-only (DB trigger blocks UPDATE on semantic fields + TRUNCATE) but not hash-chained
Only 3 portal-facing languages (EN/FR/PL) against 24 EU official languages
No ISO 27001 certification of EthicsPortal itself (only Hetzner infrastructure is certified)
Pay-first with 30-day money-back rather than upfront self-serve free trial

Point distinctif

Article-level Directive framing backed by code that actually runs the deadline, retention, and two-factor passcode flows.

Fiche complète Visiter EthicsPortal

FaceUp

Czech Republic · Whistleblowing and employee-relations platform from Czech Republic.

37 / 58

Base 35 · Bonus 2 · Niveau P+R+H

Legal

10/16

Reporter

7/10

Handler

10/10

Security

6/8

Commercial

2/6

Forces

Perfect C-category score (10/10) — handler experience is the strongest of any tool reviewed so far
Unmatched RBAC granularity: 4 modules (Cases, Analytics, Settings, Surveys) × multiple permissions per module × per-case scoping ('All / Specific categories / Only assigned')
Three-phase Investigation workflow (Start → In progress → End) with structured fields: Date of start, Reported by, Raised against, Witnesses, Investigator
Configurable data retention with auto-delete (12/24/36/60 months) AND 30-day default auto-due-date
Explicit EU data residency: AWS eu-west-1 (Ireland), country-disclosed in org settings
End-to-end encryption offered as a toggle with honest trade-off disclosure (Recovery Key requirement stated)
Self-serve 7-day trial with no credit card required
113 reporting languages covers every EU official language, including FR and EL

Faiblesses

No article-level Directive citations — the product knows about the Directive but does not map features to Articles 4, 6, 8, 9, 16, 18 the way EthicsPortal does
Default category taxonomy (Bullying / OHS / Theft-corruption / Other) overlaps Art 2(1) partially but is not Directive-aligned
Pricing is quote-only: three tiers visible (Starter / Professional / Enterprise), no euro amounts published; drops E-category to 2/6
No monthly-cancellable contract option visible on the pricing page
Loi Waserman and Law 4990/2022 not mentioned on public pages — depresses FR and GR country bonuses
Sub-processor list not surfaced during this review (may exist in Trust Center, not verified)
Reporter access mechanism (single UUID vs Case ID + passcode) not verified in this session

Point distinctif

Handler-side product maturity is the strongest in the review. Case-management, investigation workflow, RBAC, and activity logging are all enterprise-grade. The gaps are in country-specific legal framing and commercial transparency, not in the product itself.

Fiche complète Visiter FaceUp

Whispli

Sydney, Australia (Paris office) · Enterprise case management and whistleblowing platform. Operates in 60+ countries.

34 / 58

Base 26 · Bonus 8 · Niveau P

Legal

7/16

Reporter

7/10

Handler

5/10

Security

7/8

Commercial

0/6

Forces

Strong France-specific legal framing: dedicated Loi Waserman page plus separate Sapin II positioning
Enterprise-grade intake breadth: web, mobile app, and Voice AI hotline in one product
Customer-managed encryption keys and selectable hosting jurisdiction are rare at public tier

Faiblesses

Pricing is fully sales-gated; public materials point to a 3-year contract and annual payment
Directive Article 2(1) breach taxonomy is not documented publicly
Reporter return-access mechanism is not documented publicly
Most handler-depth evidence stays at marketing level because no self-serve trial exists

Point distinctif

Among the France-market tools reviewed, Whispli is the strongest combination of Waserman/Sapin II positioning and enterprise-grade security architecture at public tier.

Fiche complète Visiter Whispli

Alertcys

France · French whistleblowing and psychosocial-risk platform with published annual pricing and optional outsourced mediation.

30 / 58

Base 22 · Bonus 8 · Niveau P

Legal

5/16

Reporter

7/10

Handler

3/10

Security

4/8

Commercial

3/6

Forces

One of the clearest public pricing pages in the France market
Strong France-specific copy: Sapin II and Loi Waserman are both explicit on public pages
France-hosted platform, mediator-led exchange, and a structured multi-step reporter form are all publicly observable

Faiblesses

Public product detail is thin: no documented reporter access mechanism, no structured intake, no public handler demo
No public security certifications or sub-processor documentation found
Annual contract model with referent caps is less flexible than monthly self-serve tools

Point distinctif

Alertcys is a France-native commercial offer first: public annual pricing, France-law framing, and optional outsourced handling make it easy for a buyer to understand the package before any sales call.

Fiche complète Visiter Alertcys

WeMoral

Poland · Whistleblowing platform with public monthly pricing, self-serve trial, and 25-language product coverage, legally seated in Poland.

27 / 58

Base 25 · Bonus 2 · Niveau P

Legal

5/16

Reporter

7/10

Handler

4/10

Security

2/8

Commercial

6/6

Forces

Transparent pricing with public monthly billing, self-serve trial, and no cancellation fees
French-language marketing path is live, alongside 25-language product coverage claims
Custom forms, encrypted two-way communication, and task / action workflows are all surfaced publicly

Faiblesses

France-law positioning is thin; no public Waserman or Sapin II framing was found
Hosting and security posture remain under-documented publicly
Reporter return-access mechanism is not documented publicly

Point distinctif

WeMoral has one of the strongest commercial surfaces in the set: public monthly pricing, a self-serve trial, and a clear feature page without forcing a sales cycle.

Fiche complète Visiter WeMoral

Witik

France · French GRC platform (GDPR + Sapin II + AI Act). Whistleblowing lives inside the Sapin II module; Premium from €100/month.

26 / 58

Base 19 · Bonus 7 · Niveau P

Legal

4/16

Reporter

6/10

Handler

2/10

Security

4/8

Commercial

3/6

Forces

French-sovereign infrastructure: ISO 27001 + HDS, hosted in France
Two-way anonymous messaging (chat box confidentielle) for reporter–handler threads
Published starting price (€100 HT/month) — unusual for FR compliance tools

Faiblesses

No Directive 2019/1937 reference anywhere on the site; Loi Waserman mentioned only in one FAQ line, no article citation
36-month contract is still the default commercial model; monthly billing only exists as a surcharge option
No public reporter demo; most product proof remains marketing-page level
Ad-hoc breach taxonomy; not aligned to Directive 2019/1937 Article 2(1)
Two-factor reporter access not documented

Point distinctif

French-sovereign stack (ISO 27001 + HDS, France-hosted) — a real differentiator for healthcare, public sector, and mutuals who rule out most pan-EU vendors

Fiche complète Visiter Witik

EQS Integrity Line

Munich, Germany · Whistleblowing module of the EQS Compliance COCKPIT. Three tiers; quote-based.

25 / 58

Base 21 · Bonus 4 · Niveau P

Legal

4/16

Reporter

9/10

Handler

2/10

Security

4/8

Commercial

2/6

Forces

Customer holds the encryption key: PGP with 2048-bit RSA — vendor states case content is inaccessible to EQS staff. Unique in this review.
80+ reporter languages including 19 EU languages (both FR and EL covered)
ISO 27001 certified + WACA Bronze (WCAG 2.1) on reporter form — accessibility claim backed by third-party audit
Part of publicly-traded EQS Group AG (Frankfurt Stock Exchange), with strong consolidation track record (Got Ethics 2020, Business Keeper 2021, Convercent 2024)
Essential tier offers a free trial and days-to-deploy timeline

Faiblesses

No article-level Directive citations on public pages reviewed
Neither Loi Waserman nor Law 4990/2022 cited despite supporting FR and international markets
Pricing entirely quote-only for all three tiers (Essential / Professional / Enterprise)
Telephone reporting channel only on Professional / Enterprise tiers — gated behind upgrade
Professional / Enterprise rollout 4–8 weeks (vendor-stated) — slow for self-serve expectations
Most Directive-compliance criteria unverifiable at public tier

Point distinctif

Customer-held encryption key (PGP 2048-bit RSA) is the strongest confidentiality claim reviewed. For buyers whose DPO reviews key custody, EQS has an answer no other incumbent matches.

Fiche complète Visiter EQS Integrity Line

IntegrityLog

France · Whistleblowing module inside the ComplyLog compliance suite, with free trial and ISO 27001 platform positioning.

25 / 58

Base 23 · Bonus 2 · Niveau P

Legal

6/16

Reporter

8/10

Handler

7/10

Security

4/8

Commercial

0/6

Forces

Public product detail is unusually concrete for a quote-led tool: statuses, reminders, permissions, and communication are all surfaced
French-language product surface plus ISO 27001 positioning make it easier to shortlist than many local incumbents
French-language product surface plus ISO 27001 positioning make it easier to shortlist than many local incumbents

Faiblesses

No explicit public Waserman or Sapin II framing found
Pricing is not published publicly
Reporter return-access mechanism and append-only audit guarantees are not documented publicly

Point distinctif

IntegrityLog is the strongest 'quiet' entrant in the France set: less legal-marketing theatre than local incumbents, but more public product detail and a real free-trial path.

Fiche complète Visiter IntegrityLog

Whistleblower Software (Formalize)

Copenhagen, Denmark · Whistleblower Software product from Formalize (Copenhagen). Tiered €70–€285/month by employee count.

24 / 58

Base 21 · Bonus 3 · Niveau P

Legal

5/16

Reporter

6/10

Handler

2/10

Security

4/8

Commercial

4/6

Forces

Strongest third-party credentials reviewed: ISO 27001 + ISAE 3000 Type 2, G2 4.9/5 across 157 reviews, 500+ consultancy partner network (PwC, Baker McKenzie, DLA Piper)
80+ reporter languages and 23 EU languages — broadest multilingual coverage in the category
Self-serve 14-day trial with no credit card — lowest friction among market leaders
Transparent tiered pricing published (€70 / €80 / €135 / €215 / €285 per month by headcount band)

Faiblesses

No article-level Directive citations on public pages — the dedicated /eu-whistleblowing-directive-summary covers themes but not Articles 4, 6, 8, 9, 16, 18, 19–21 by number
Loi Waserman and Law 4990/2022 not explicitly referenced on the public site despite supporting FR and GR markets
Annual billing only — no monthly option, 30-day renewal notice required
Most Directive-compliance criteria (deadline tracking, retention config, register, audit trail specifics) not verifiable at public tier

Point distinctif

Broadest language coverage in the category (80+ reporter / 23 EU) combined with the strongest cross-market credential stack (ISO 27001 + ISAE 3000 Type 2 + G2 Top Rated + enterprise consultancy network).

Fiche complète Visiter Whistleblower Software (Formalize)

#10

NAVEX

Lake Oswego, Oregon, United States · EthicsPoint hotline and WhistleB platform within the NAVEX One GRC suite.

23 / 58

Base 17 · Bonus 6 · Niveau P

Legal

4/16

Reporter

8/10

Handler

2/10

Security

3/8

Commercial

0/6

Forces

Dedicated country-law resource pages (France / Germany / Spain / Sweden / Belgium) under /solutions/regulations/ — useful procurement artefact
Sapin II dedicated page under /solutions/regulations/sapin-ii-compliance/
ISO 27001 certified (December 2025) + EU Data Privacy Framework
24/7 multilingual phone hotline in 150+ languages
13,000+ customers / 10M+ reports processed (vendor-stated scale)

Faiblesses

No article-level EU Directive citations anywhere on public pages (despite having country-law resource hubs)
Pricing is entirely demo-gated: 'Get Pricing' CTA routes to a sales form
No self-serve trial on either EthicsPoint Essentials or Professional
Neither Loi Waserman nor Law 4990/2022 cited on public pages (country pages use generic 'French/German Whistleblower Protection Law' framing)
Most Directive-compliance criteria (deadline tracking, retention, register, audit trail) unverifiable at public tier

Point distinctif

The compliance resource centre with country-specific landing pages is the most extensive reviewed. Useful for NAVEX's content marketing; not a product-quality signal.

Fiche complète Visiter NAVEX

#11

Signalement.net

France · France-hosted whistleblowing channel by Vaco, focused on anonymous alerts and a simple four-step handling flow.

21 / 58

Base 15 · Bonus 6 · Niveau P

Legal

5/16

Reporter

7/10

Handler

1/10

Security

2/8

Commercial

0/6

Forces

France-hosted and France-native in positioning
Sapin II framing is more concrete than many local competitors because public pages cite the law and decree
Anonymous reporting plus instant messaging are both public claims

Faiblesses

Very thin public product surface: deadlines, roles, retention, and audit semantics are mostly undocumented
No published pricing or self-serve trial
No public Waserman update / positioning found on the vendor surface reviewed

Point distinctif

Signalement.net is narrow and domestic: it wins on France-hosting simplicity and Sapin II grounding, not on product depth or commercial transparency.

Fiche complète Visiter Signalement.net

Méthodologie

Barème de notation

25 critères répartis en 5 catégories, pondérés par le nombre de critères. Chaque critère vaut 0, 1 ou 2 — affiché sous la forme ○ / ◐ / ●. Le score de base maximal est de 50. Les bonus spécifiques à France ajoutent jusqu’à 8 points par-dessus (modificateur, hors base).

Niveaux d’accès

Chaque outil porte un niveau d’accès qui reflète ce qui a réellement pu être testé :

P — pages publiques uniquement (marketing, prix, sécurité, URL signaleur).
P + R — idem, plus un test de dépôt de signalement.
P + R + H — idem, plus l’accès au tableau de bord handler / admin (via essai gratuit ou démo).

Les critères non vérifiables au niveau d’accès courant reçoivent 0 avec une ligne de preuve du type « Requires handler tier » ou « Not documented publicly ». Quand le score est déprimé par le niveau d’accès et non par la qualité produit, cela est signalé explicitement sur la fiche de l’outil.

Garanties d’intégrité

Le barème a été figé avant le scoring. Aucun critère n’a été ajouté en cours de test pour favoriser ou pénaliser un outil précis.
Chaque score porte une preuve — URL, citation ou chemin de fichier — visible sur la fiche de l’outil.
Les outils opérés par l’éditeur du site sont notés avec le même barème. Le classement suit le score, pas l’inverse.
Chaque outil affiche une date de dernière revue et fait l’objet d’un re-test au moins annuel.
Les éditeurs peuvent contester un score ou soumettre la preuve d’un correctif livré via l’adresse de contact du site. Les contestations et mises à jour apparaissent comme des addenda datés sur la fiche concernée.

Droit appliqué

Loi n° 2022-401 du 21 mars 2022 (Loi Waserman) + Loi Sapin II pour les organisations de 500+ salaries (France, c’est-à-dire la transposition France de la directive UE 2019/1937). Les outils sont notés d’abord contre la directive, puis contre les spécificités du droit local.

Périmètre

Ce classement couvre 11 outils avec un bloc de scoring publié. D’autres outils seront ajoutés au fur et à mesure que leur scoring est finalisé. Les outils non scorés apparaîtront dans le classement une fois leur bloc publié.

Tous les outils Autres classements pays