Skip to main content
EU Whistleblower Directory

Edition I, 2026 · Tested April 2026

Whistleblowing software ranking — Romania

Independent scored ranking of whistleblower-reporting tools for Romania under Law 361/2022, the local transposition of EU Directive 2019/1937. 25-criterion rubric fixed before scoring; every score carries evidence.

Tools scored
7
Base max
50
Romania bonus max
6
Rubric version
v2

Romania is not just a local-vendor market. Local-law posture still matters, but several imported tools now maintain Romanian-language commercial surfaces, public pricing, partner motions, or local case studies. The result is a market with thin domestic software depth, but more real cross-border competition than a first pass suggests.

This edition therefore uses two layers:

  • the 50-point base rubric, which stays country-agnostic and scores the product itself: legal workflow depth, reporter experience, handler workflow, security posture, and commercial clarity;
  • the 6-point Romania modifier, which rewards explicit Law 361/2022 framing, a named Romania-acceptable hosting posture, and a real Romanian-language reporter / handler surface.

That combination penalises the three most common Romania-market failure modes: local vendors with strong legal copy but weak product disclosure; foreign tools with Romanian-language marketing but no Romania-law posture; and service-led compliance offers whose underlying product is not independently reviewable.

This ranking is software-only and includes both Romania-native vendors and foreign tools with concrete Romania-market go-to-market signal. Advisory or investigations-led service firms are excluded unless the underlying whistleblowing product is identifiable and independently reviewable.

TOP 7 — summary

#ToolTierBase
/ 50		Romania bonus
/ 6		TotalLast reviewed
1EthicsPortal logo EthicsPortalP+R+H414452026-04-23
2Whistlelink logo WhistlelinkH396452026-04-23
3Whistle UP logo Whistle UPH274312026-04-23
4WeMoral logo WeMoralP253282026-04-23
5Whistleblow.ro / avertizori.eu logo Whistleblow.ro / avertizori.euP226282026-04-23
6WIBSO logo WIBSOP213242026-04-23
7Phoenix logo PhoenixP211222026-04-23

Criterion-by-criterion matrix

fully meets partially meets does not meet / not verifiable

CriterionEthicsPortal logo EthicsPortalWhistlelink logo WhistlelinkWhistle UP logo Whistle UPWeMoral logo WeMoralWhistleblow.ro / avertizori.eu logo Whistleblow.ro / avertizori.euWIBSO logo WIBSOPhoenix logo Phoenix
Legal compliance · 16 pts max
A1 Local transposition law referenced with article numbers
A2 Directive 2019/1937 Article 2(1) categories in intake
A3 Anonymous reporting default-on or equal-status
A4 7-day acknowledgment + 3-month feedback deadline tracking
A5 Configurable retention with automatic deletion
A6 Report register / log
A7 Append-only handler audit trail
A8 DPA + DPIA support documented
Reporter experience · 10 pts max
B9 Web form, mobile-responsive, with file upload
B10 Two-factor reporter access (Case ID + passcode)
B11 Two-way anonymous communication
B12 Structured intake aligned to Article 2(1)
B13 Reporter form in local language
Handler experience · 10 pts max
C14 Case management dashboard with status workflow
C15 Assign cases to handlers (rotation or multi-handler)
C16 Deadline reminder notifications
C17 Internal notes (not visible to reporter)
C18 Role-based access control (≥3 roles)
Security and trust · 8 pts max
D19 ISO 27001 certified
D20 No EOL software components
D21 EU data residency with country disclosed
D22 Sub-processor list + right to object
Commercial · 6 pts max
E23 Published pricing
E24 Free trial available (self-serve)
E25 Monthly contract option
Romania bonus · 6 pts max · modifier, not in base
RO·LAW Law 361/2022 referenced
RO·RESIDENCY Romania or named EU residency
RO·UI Romanian-language UI
Total45453128282422

Per-tool reviews

#1
EthicsPortal logo

EthicsPortal

Poland · Whistleblower reporting portal hosted on Hetzner in Germany. Flat €49/month plan.

45 / 56
Base 41 · Bonus 4 · Tier P+R+H
Legal
14/16
Reporter
8/10
Handler
9/10
Security
5/8
Commercial
5/6

Strengths

  • Best article-level legal framing of any tool reviewed: /compliance/ enumerates Art 4, 6, 8, 9, 16, 18, 19–21
  • Deadline tracking is real, not marketing: code has eu_acknowledgment_deadline + feedback_due_at + overdue/due_soon scopes
  • Retention is configurable AND auto-purged: RETENTION_MONTHS_OPTIONS [12,24,36,60] + RetentionCleanupJob
  • Two-factor reporter access: Case ID + reporter-chosen 6-digit passcode (bcrypt digest), session-gated inbox; identifier is separated from secret
  • Modern stack with no EOL liabilities: Rails 8 + Turbo + Tailwind 4; no CKEditor or jQuery
  • Transparent monthly pricing (€49/mo) with 8 live product locales, including Greek
  • Multi-handler case assignment: per-report assigned_to FK on Membership, Pundit scope enforces admin-sees-all / member-sees-only-assigned, assignment changes are audit-logged and the assignee is notified automatically

Weaknesses

  • No structured intake questions: schema is Subject + Description + Files; does not ask relationship-to-org, source-of-info, prior reporting, or retaliation concerns
  • Audit log is append-only (DB trigger blocks UPDATE on semantic fields + TRUNCATE) but not hash-chained
  • Only 8 portal-facing languages (7 EU official languages + Luxembourgish) against 24 EU official languages
  • No ISO 27001 certification of EthicsPortal itself (only Hetzner infrastructure is certified)
  • Pay-first with 30-day money-back rather than upfront self-serve free trial

Standout

Article-level Directive framing backed by code that actually runs the deadline, retention, and two-factor passcode flows.

Full profile Visit EthicsPortal
#3
Whistle UP logo

Whistle UP

Bucharest, Romania · Romanian whistleblowing platform launched by Bucharest business lawyers with public monthly pricing, a two-month free trial, and Directive-aligned structured intake.

31 / 56
Base 27 · Bonus 4 · Tier H
Legal
8/16
Reporter
7/10
Handler
4/10
Security
2/8
Commercial
6/6

Strengths

  • Directive Art 2(1) coverage in the intake wizard is materially stronger than most Romania-native peers, not a brochure claim
  • Handler permission model separates per-report access, per-entity access, user management, and billing — genuine RBAC, not all-admin
  • Self-serve trial actually provisions a working handler account in minutes, which is the exception in the Romanian SME segment

Weaknesses

  • Security disclosures remain thin in the trial: no ISO claim, no hosting country, no sub-processor list, and no DPA surfaced
  • Legal-deadline automation (7-day acknowledgement, 3-month feedback) was not visible on an empty queue and could not be verified
  • Reporter follow-up uses a single organisation-level access code; a per-case passcode model was not observed

Standout

The trial provisioned a live handler account with a full Directive-aligned intake wizard, an embedded Law 361/2022 text, and a genuine RBAC permission grid — commercial claims matched product reality on every point tested.

Full profile Visit Whistle UP
#4
WeMoral logo

WeMoral

Poland · Whistleblowing platform with public monthly pricing, self-serve trial, and 25-language product coverage, legally seated in Poland.

28 / 56
Base 25 · Bonus 3 · Tier P
Legal
5/16
Reporter
7/10
Handler
4/10
Security
2/8
Commercial
6/6

Strengths

  • Transparent pricing with public monthly billing, self-serve trial, and no cancellation fees
  • French-language marketing path is live, alongside 25-language product coverage claims
  • Custom forms, encrypted two-way communication, and task / action workflows are all surfaced publicly

Weaknesses

  • France-law positioning is thin; no public Waserman or Sapin II framing was found
  • Hosting and security posture remain under-documented publicly
  • Reporter return-access mechanism is not documented publicly

Standout

WeMoral has one of the strongest commercial surfaces in the set: public monthly pricing, a self-serve trial, and a clear feature page without forcing a sales cycle.

Full profile Visit WeMoral
#5
Whistleblow.ro / avertizori.eu logo

Whistleblow.ro / avertizori.eu

Bucharest, Romania · Romanian whistleblowing software marketed via Whistleblow.ro and sold through avertizori.eu, with a live public demo at app.whistleblow.ro.

28 / 56
Base 22 · Bonus 6 · Tier P
Legal
6/16
Reporter
4/10
Handler
3/10
Security
6/8
Commercial
3/6

Strengths

  • Most complete Romania-native commercial package reviewed: public pricing, public signup, and a 14-day self-serve trial
  • Security posture is unusually explicit for the local SME segment: named EU hosting, 2FA, audit logs, DPA, and certification claims
  • Software signal is strong for a local incumbent: Whistleblow.ro shows pricing, avertizori.eu handles the self-serve product flow, and app.whistleblow.ro exposes a live demo endpoint

Weaknesses

  • The 14-day free trial checkout completes commercially but does not provision a working account in the tested flow, so the public self-serve path leads nowhere without a manual handoff
  • Two separate brand / pricing surfaces create avoidable confusion for buyers
  • Reporter follow-up access still appears to rely on a single system-issued 16-digit identifier rather than a stronger two-factor model
  • Workflow depth is thin publicly: deadlines, status transitions, structured intake, and note-taking are not clearly documented

Standout

Behind the split branding sits a real software product: pricing on Whistleblow.ro, self-serve commerce on avertizori.eu, and a live demo on app.whistleblow.ro.

Full profile Visit Whistleblow.ro / avertizori.eu
#6
WIBSO logo

WIBSO

Bucharest, Romania · Romanian whistleblowing platform built by fraud and integrity specialists for private-sector compliance with Law 361/2022.

24 / 56
Base 21 · Bonus 3 · Tier P
Legal
10/16
Reporter
4/10
Handler
3/10
Security
4/8
Commercial
0/6

Strengths

  • Strongest public Romania-law framing among the local software-first vendors reviewed: Law 361/2022, Article 9, and Annex 2 are all surfaced publicly
  • Public feature claims go beyond compliance slogans: electronic register, automatic acknowledgement, reminders, statistics, and 5-year retention are all named
  • ISO 27001 is claimed prominently and the site runs a current public web stack without obvious EOL liabilities

Weaknesses

  • Commercial transparency is poor: no public pricing, no public trial, and no live reporter or handler environment
  • Hosting country is not disclosed publicly despite strong legal positioning
  • Structured intake, reporter access method, assignment logic, and RBAC depth are not verifiable at public tier

Standout

WIBSO is the most law-literate Romania-native brochure in the set, but it still asks the buyer to trust too much of the product unseen.

Full profile Visit WIBSO
#7
Phoenix logo

Phoenix

Switzerland · Swiss whistleblowing SaaS with Bulgarian and Romanian language pages, public pricing, and a free starter tier.

22 / 56
Base 21 · Bonus 1 · Tier P
Legal
4/16
Reporter
3/10
Handler
7/10
Security
1/8
Commercial
6/6

Strengths

  • Bulgarian and Romanian commercial entry points are live even though the vendor is Swiss
  • Commercial transparency is strong: free starter tier, public monthly pricing, and no-credit-card messaging
  • Public product scope is broad for P-tier review: multi-channel intake, case management, multi-org support, and multiple user roles

Weaknesses

  • No explicit Bulgaria-law or Romania-law positioning found
  • Hosting is framed around Switzerland rather than named EU residency
  • Public pricing pages load a WordPress TinyMCE asset chain, which weakens the trust posture under the EOL-components check
  • Security claims are broad, but no public ISO 27001 or equivalent certification was found

Standout

Phoenix is a real software competitor with a better self-serve commercial surface than most local Bulgaria- and Romania-facing challengers, but a much weaker local-law posture.

Full profile Visit Phoenix

Methodology

Scoring rubric

25 criteria across 5 categories, weighted by criterion count. Each criterion scores 0, 1, or 2 — rendered as ○ / ◐ / ●. Maximum base score is 50. Romania-specific bonuses add up to 6 on top (modifier, not part of base).

Access tiers

Each tool carries an access tier reflecting what was testable:

  • P — public pages only (marketing, pricing, security, reporter URL).
  • P + R — above plus a test report submission.
  • P + R + H — above plus handler / admin dashboard (via free trial or demo).

Criteria that cannot be verified at the current tier score 0 with the evidence line "Requires handler tier" or "Not documented publicly". Scores depressed by tier, not by product quality, are explicitly flagged on each tool's profile.

Integrity guarantees

  1. The rubric was fixed before scoring. No criterion was added mid-test to favour or punish a specific tool.
  2. Every score carries evidence — a URL, a quote, or a file path — visible in each tool's profile.
  3. Tools operated by the publisher are scored by the same rubric. Placement is by score, not by construction.
  4. Each tool carries a Last reviewed date and is re-tested at least annually.
  5. Vendors can dispute a score or submit evidence of a shipped fix using the contact address in the site footer. Disputes and updates appear as dated addenda on the respective tool profile.

Law applied

Law 361/2022 (the Romania transposition of EU Directive 2019/1937). Tools are scored against the Directive first and against the local law's specifics second.

Coverage note

This ranking covers 7 tools with a scoring block published. Additional tools are being added as scoring completes. Unscored tools will appear in the ranking once they have a published scoring block.

All tools Other country rankings