Edition I, 2026 · Tested April 2026

Whistleblowing software ranking — Greece

Independent scored ranking of whistleblower-reporting tools for Greece under Law 4990/2022, the local transposition of EU Directive 2019/1937. 25-criterion rubric fixed before scoring; every score carries evidence.

Tools scored: 6
Base max: 50
Greece bonus max: 6
Rubric version: v2

TOP 6 — summary

#	Tool	Tier	Base / 50	Greece bonus / 6	Total	Last reviewed
1	EthicsPortal	P+R+H	39	0	39	2026-04-21
2	FaceUp	P+R+H	35	2	37	2026-04-20
3	EQS Integrity Line	P	21	3	24	2026-04-20
4	myETHOS	P+R+H	20	4	24	2026-04-19
5	Whistleblower Software (Formalize)	P	21	2	23	2026-04-20
6	NAVEX	P	16	2	18	2026-04-20

Criterion-by-criterion matrix

● fully meets ◐ partially meets ○ does not meet / not verifiable

Criterion	EthicsPortal	FaceUp	EQS Integrity Line	myETHOS	Whistleblower Software (Formalize)	NAVEX
Legal compliance · 16 pts max
A1 Local transposition law referenced with article numbers	●	◐	◐	◐	◐	◐
A2 Directive 2019/1937 Article 2(1) categories in intake	◐	◐	○	○	○	◐
A3 Anonymous reporting default-on or equal-status	●	●	●	●	●	●
A4 7-day acknowledgment + 3-month feedback deadline tracking	●	◐	○	◐	◐	○
A5 Configurable retention with automatic deletion	●	●	○	○	○	○
A6 Report register / log	●	●	○	○	○	○
A7 Append-only handler audit trail	●	◐	◐	○	◐	○
A8 DPA + DPIA support documented	◐	○	○	○	○	○
Reporter experience · 10 pts max
B9 Web form, mobile-responsive, with file upload	●	●	●	●	●	●
B10 Two-factor reporter access (Case ID + passcode)	●	○	●	○	○	◐
B11 Two-way anonymous communication	●	●	●	●	●	●
B12 Structured intake aligned to Article 2(1)	○	◐	◐	○	○	◐
B13 Reporter form in local language	○	●	●	●	●	◐
Handler experience · 10 pts max
C14 Case management dashboard with status workflow	●	●	●	●	●	●
C15 Assign cases to handlers (rotation or multi-handler)	●	●	○	◐	○	○
C16 Deadline reminder notifications	●	●	○	◐	○	○
C17 Internal notes (not visible to reporter)	●	●	○	○	○	○
C18 Role-based access control (≥3 roles)	◐	●	○	○	○	○
Security and trust · 8 pts max
D19 ISO 27001 certified	○	●	●	○	●	●
D20 No EOL software components	●	●	○	○	○	○
D21 EU data residency with country disclosed	●	●	●	○	◐	◐
D22 Sub-processor list + right to object	◐	○	○	○	◐	○
Commercial · 6 pts max
E23 Published pricing	●	○	○	●	●	○
E24 Free trial available (self-serve)	◐	●	●	●	●	○
E25 Monthly contract option	●	○	○	●	○	○
Greece bonus · 6 pts max · modifier, not in base
GR·LAW Law 4990/2022 referenced	○	○	○	●	○	○
GR·RESIDENCY Greece-acceptable residency	○	○	◐	○	○	◐
GR·UI Greek-language UI	○	●	●	●	●	◐
Total	39	37	24	24	23	18

Per-tool reviews

EthicsPortal

Poland · Whistleblower reporting portal hosted on Hetzner in Germany. Flat €49/month plan.

39 / 56

Base 39 · Bonus 0 · Tier P+R+H

Legal

14/16

Reporter

6/10

Handler

9/10

Security

5/8

Commercial

5/6

Strengths

Best article-level legal framing of any tool reviewed: /compliance/ enumerates Art 4, 6, 8, 9, 16, 18, 19–21
Deadline tracking is real, not marketing: code has eu_acknowledgment_deadline + feedback_due_at + overdue/due_soon scopes
Retention is configurable AND auto-purged: RETENTION_MONTHS_OPTIONS [12,24,36,60] + RetentionCleanupJob
Two-factor reporter access: Case ID + reporter-chosen 6-digit passcode (bcrypt digest), session-gated inbox; identifier is separated from secret
Modern stack with no EOL liabilities: Rails 8 + Turbo + Tailwind 4; no CKEditor or jQuery
Transparent monthly pricing (€49/mo) with EN/FR/PL UI
Multi-handler case assignment: per-report assigned_to FK on Membership, Pundit scope enforces admin-sees-all / member-sees-only-assigned, assignment changes are audit-logged and the assignee is notified automatically

Weaknesses

No structured intake questions: schema is Subject + Description + Files; does not ask relationship-to-org, source-of-info, prior reporting, or retaliation concerns
Audit log is append-only (DB trigger blocks UPDATE on semantic fields + TRUNCATE) but not hash-chained
Only 3 portal-facing languages (EN/FR/PL) against 24 EU official languages
No ISO 27001 certification of EthicsPortal itself (only Hetzner infrastructure is certified)
Pay-first with 30-day money-back rather than upfront self-serve free trial

Standout

Article-level Directive framing backed by code that actually runs the deadline, retention, and two-factor passcode flows.

Full profile Visit EthicsPortal

FaceUp

Czech Republic · Whistleblowing and employee-relations platform from Czech Republic.

37 / 56

Base 35 · Bonus 2 · Tier P+R+H

Legal

10/16

Reporter

7/10

Handler

10/10

Security

6/8

Commercial

2/6

Strengths

Perfect C-category score (10/10) — handler experience is the strongest of any tool reviewed so far
Unmatched RBAC granularity: 4 modules (Cases, Analytics, Settings, Surveys) × multiple permissions per module × per-case scoping ('All / Specific categories / Only assigned')
Three-phase Investigation workflow (Start → In progress → End) with structured fields: Date of start, Reported by, Raised against, Witnesses, Investigator
Configurable data retention with auto-delete (12/24/36/60 months) AND 30-day default auto-due-date
Explicit EU data residency: AWS eu-west-1 (Ireland), country-disclosed in org settings
End-to-end encryption offered as a toggle with honest trade-off disclosure (Recovery Key requirement stated)
Self-serve 7-day trial with no credit card required
113 reporting languages covers every EU official language, including FR and EL

Weaknesses

No article-level Directive citations — the product knows about the Directive but does not map features to Articles 4, 6, 8, 9, 16, 18 the way EthicsPortal does
Default category taxonomy (Bullying / OHS / Theft-corruption / Other) overlaps Art 2(1) partially but is not Directive-aligned
Pricing is quote-only: three tiers visible (Starter / Professional / Enterprise), no euro amounts published; drops E-category to 2/6
No monthly-cancellable contract option visible on the pricing page
Loi Waserman and Law 4990/2022 not mentioned on public pages — depresses FR and GR country bonuses
Sub-processor list not surfaced during this review (may exist in Trust Center, not verified)
Reporter access mechanism (single UUID vs Case ID + passcode) not verified in this session

Standout

Handler-side product maturity is the strongest in the review. Case-management, investigation workflow, RBAC, and activity logging are all enterprise-grade. The gaps are in country-specific legal framing and commercial transparency, not in the product itself.

Full profile Visit FaceUp

EQS Integrity Line

Munich, Germany · Whistleblowing module of the EQS Compliance COCKPIT. Three tiers; quote-based.

24 / 56

Base 21 · Bonus 3 · Tier P

Legal

4/16

Reporter

9/10

Handler

2/10

Security

4/8

Commercial

2/6

Strengths

Customer holds the encryption key: PGP with 2048-bit RSA — vendor states case content is inaccessible to EQS staff. Unique in this review.
80+ reporter languages including 19 EU languages (both FR and EL covered)
ISO 27001 certified + WACA Bronze (WCAG 2.1) on reporter form — accessibility claim backed by third-party audit
Part of publicly-traded EQS Group AG (Frankfurt Stock Exchange), with strong consolidation track record (Got Ethics 2020, Business Keeper 2021, Convercent 2024)
Essential tier offers a free trial and days-to-deploy timeline

Weaknesses

No article-level Directive citations on public pages reviewed
Neither Loi Waserman nor Law 4990/2022 cited despite supporting FR and international markets
Pricing entirely quote-only for all three tiers (Essential / Professional / Enterprise)
Telephone reporting channel only on Professional / Enterprise tiers — gated behind upgrade
Professional / Enterprise rollout 4–8 weeks (vendor-stated) — slow for self-serve expectations
Most Directive-compliance criteria unverifiable at public tier

Standout

Customer-held encryption key (PGP 2048-bit RSA) is the strongest confidentiality claim reviewed. For buyers whose DPO reviews key custody, EQS has an answer no other incumbent matches.

Full profile Visit EQS Integrity Line

myETHOS

Chania, Crete, Greece · Greek corporate-compliance platform bundling whistleblowing with labour-dispute resolution, incident management, and background checks.

24 / 56

Base 20 · Bonus 4 · Tier P+R+H

Legal

4/16

Reporter

6/10

Handler

4/10

Security

0/8

Commercial

6/6

Strengths

Law 4990/2022 explicitly cited on the whistleblowing subpage — strongest Greek-legal framing of any incumbent reviewed
Fully transparent commercial terms: SME €120/mo monthly billing, self-serve registration, Advanced tier quote-based
EL + EN UI on both reporter and handler surfaces — native Greek market fit

Weaknesses

Critical: CKEditor 4 EOL warning rendered inside the Settings admin UI, twice (EOL June 2023)
Single-factor reporter access — raw UUID access code only, no user-chosen passcode
Ad-hoc 15-item breach taxonomy ('Sexism', 'Auditors act and/or Omission', 'Rights & protection of individuals') not aligned to Directive Art 2(1)
'Powered by MyEthos' footer on reporter pages with no white-label in the demo tier
Data residency not disclosed (Greek-owned, hosting location not stated)
No ISO 27001 or equivalent certification claimed
Reporter intake is minimal: Subject + Description + Files + message thread — no structured questions, no writing guide

Standout

Only Greek vendor publishing monthly pricing with a self-serve trial. Paradoxically, the commercial transparency is financed by security debt (CKEditor 4 EOL + single-factor access).

Full profile Visit myETHOS

Whistleblower Software (Formalize)

Copenhagen, Denmark · Whistleblower Software product from Formalize (Copenhagen). Tiered €70–€285/month by employee count.

23 / 56

Base 21 · Bonus 2 · Tier P

Legal

5/16

Reporter

6/10

Handler

2/10

Security

4/8

Commercial

4/6

Strengths

Strongest third-party credentials reviewed: ISO 27001 + ISAE 3000 Type 2, G2 4.9/5 across 157 reviews, 500+ consultancy partner network (PwC, Baker McKenzie, DLA Piper)
80+ reporter languages and 23 EU languages — broadest multilingual coverage in the category
Self-serve 14-day trial with no credit card — lowest friction among market leaders
Transparent tiered pricing published (€70 / €80 / €135 / €215 / €285 per month by headcount band)

Weaknesses

No article-level Directive citations on public pages — the dedicated /eu-whistleblowing-directive-summary covers themes but not Articles 4, 6, 8, 9, 16, 18, 19–21 by number
Loi Waserman and Law 4990/2022 not explicitly referenced on the public site despite supporting FR and GR markets
Annual billing only — no monthly option, 30-day renewal notice required
Most Directive-compliance criteria (deadline tracking, retention config, register, audit trail specifics) not verifiable at public tier

Standout

Broadest language coverage in the category (80+ reporter / 23 EU) combined with the strongest cross-market credential stack (ISO 27001 + ISAE 3000 Type 2 + G2 Top Rated + enterprise consultancy network).

Full profile Visit Whistleblower Software (Formalize)

NAVEX

Lake Oswego, Oregon, United States · EthicsPoint hotline and WhistleB platform within the NAVEX One GRC suite.

18 / 56

Base 16 · Bonus 2 · Tier P

Legal

4/16

Reporter

7/10

Handler

2/10

Security

3/8

Commercial

0/6

Strengths

Dedicated country-law resource pages (France / Germany / Spain / Sweden / Belgium) under /solutions/regulations/ — useful procurement artefact
Sapin II dedicated page under /solutions/regulations/sapin-ii-compliance/
ISO 27001 certified (December 2025) + EU Data Privacy Framework
24/7 multilingual phone hotline in 150+ languages
13,000+ customers / 10M+ reports processed (vendor-stated scale)

Weaknesses

No article-level EU Directive citations anywhere on public pages (despite having country-law resource hubs)
Pricing is entirely demo-gated: 'Get Pricing' CTA routes to a sales form
No self-serve trial on either EthicsPoint Essentials or Professional
Neither Loi Waserman nor Law 4990/2022 cited on public pages (country pages use generic 'French/German Whistleblower Protection Law' framing)
Most Directive-compliance criteria (deadline tracking, retention, register, audit trail) unverifiable at public tier

Standout

The compliance resource centre with country-specific landing pages is the most extensive reviewed. Useful for NAVEX's content marketing; not a product-quality signal.

Full profile Visit NAVEX

Methodology

Scoring rubric

25 criteria across 5 categories, weighted by criterion count. Each criterion scores 0, 1, or 2 — rendered as ○ / ◐ / ●. Maximum base score is 50. Greece-specific bonuses add up to 6 on top (modifier, not part of base).

Access tiers

Each tool carries an access tier reflecting what was testable:

P — public pages only (marketing, pricing, security, reporter URL).
P + R — above plus a test report submission.
P + R + H — above plus handler / admin dashboard (via free trial or demo).

Criteria that cannot be verified at the current tier score 0 with the evidence line "Requires handler tier" or "Not documented publicly". Scores depressed by tier, not by product quality, are explicitly flagged on each tool's profile.

Integrity guarantees

The rubric was fixed before scoring. No criterion was added mid-test to favour or punish a specific tool.
Every score carries evidence — a URL, a quote, or a file path — visible in each tool's profile.
Tools operated by the publisher are scored by the same rubric. Placement is by score, not by construction.
Each tool carries a Last reviewed date and is re-tested at least annually.
Vendors can dispute a score or submit evidence of a shipped fix using the contact address in the site footer. Disputes and updates appear as dated addenda on the respective tool profile.

Law applied

Law 4990/2022 (Greek transposition of EU Directive 2019/1937) (the Greece transposition of EU Directive 2019/1937). Tools are scored against the Directive first and against the local law's specifics second.%!(EXTRA string=Greece)

Coverage note

This ranking covers 6 tools with a scoring block published. Additional tools are being added as scoring completes. Unscored tools will appear in the ranking once they have a published scoring block.

All tools Other country rankings