Whistleblowing in Ukraine: Legal Protections, Risks, and Realities With Oleksandr Kalitenko

Author(s): Scott Douglas Jacobsen

Publication (Outlet/Website): The Good Men Project

Publication Date (yyyy/mm/dd): 2025/09/16

 Oleksandr Kalitenko is a legal advisor at Transparency International Ukraine and a specialist in whistleblower protection, conflicts of interest, and anticorruption policy. Since 2014, he has contributed to Ukraine’s reform agenda, analyzing the National Agency on Corruption Prevention and advising on safeguards and secure reporting. Previously, he researched whistleblower protections across all EU member states with a human-rights focus, drafting recommendations for Transparency International Latvia and a prime minister-led expert group, supported by an EU grant. He writes, speaks, and trains on practical whistleblowing, helping align Ukrainian practice with European standards and strengthen institutional resilience during wartime through evidence-based legal reforms.

In this interview with Scott Douglas Jacobsen, Oleksandr Kalitenko is a leading expert on anticorruption policy and whistleblower protection in Ukraine. With years of experience analyzing governance reforms, legal frameworks, and transparency initiatives, Kalitenko provides critical insights into how whistleblowing functions in practice under Ukrainian law. He has collaborated with civil society, public institutions, and international organizations to enhance accountability mechanisms and protect those who expose corruption. His expertise covers the challenges of secure reporting, protections against retaliation, and the risks whistleblowers face in high-stakes environments such as wartime Ukraine. Kalitenko’s work contributes to shaping a more transparent, resilient, and democratic society.

Scott Douglas Jacobsen: Thank you again for taking part in a second interview. When we refer to individuals who speak out about corruption or similar issues, they are typically called whistleblowers. I am unsure if there are different casual terms used in various contexts, but who is considered a whistleblower in Ukraine today? Who falls under that definition?

Oleksandr Kalitenko: Under Ukrainian law, a whistleblower is an individual who, believing the information to be reliable, reports possible facts of corruption or corruption-related offences committed by another person. This applies when the information became known to the person in connection with their labour, professional, economic, public, or scientific activities, their service or studies, or their participation in procedures provided for by law that are mandatory for the commencement of such activities, service, or training. In short, whistleblowers must be reasonably confident in the truthfulness and reliability of the information they disclose.

It is important to note that Ukraine’s whistleblowing regime is explicitly focused on corruption (there is no separate, general whistleblowing law that covers all types of wrongdoing). This narrower scope is often contrasted with broader European approaches.

As for protections, the law provides that a whistleblower’s rights and guarantees apply from the moment a report is submitted, not after a later legal determination of whether the facts qualify as a corruption offence. Later reclassification of a case by law enforcement does not retroactively erase the fact that a report was made or the protections associated with reporting; however, eligibility for a monetary reward arises only if a court issues a conviction in a qualifying corruption case.

Regarding rewards, Ukrainian law allows a whistleblower to receive 10% of the value of the corruption subject matter or damages recovered for the state (capped at a minimum of three thousand minimum wages at the time of the offence), payable after a guilty verdict. Recent cases have confirmed the practical payment of such awards.

It is also important to distinguish between anticorruption whistleblowers and people engaged in confidential cooperation with law enforcement (e.g., informants or “agents”) under criminal-procedure rules. These are distinct legal concepts with varying rights and regimes, and Ukrainian scholars and institutions have highlighted inconsistencies between the criminal-procedure terminology and the anticorruption law’s definition. Work is ongoing to harmonize these frameworks; the existence of confidential cooperation does not, by itself, make someone a whistleblower under the anticorruption law.

Jacobsen: Now, if someone witnesses corruption in the workplace, what is the safest first step?

Kalitenko: Preparation. You should build your case carefully and, if possible, consult a lawyer—preferably one with experience in law enforcement. A lawyer can help you understand the real situation, because not everything that feels like corruption in the mind of an individual qualifies as corruption under the law. Ukraine has a precise legal definition of corruption, and that distinction can make a significant difference.

An individual should also consider the possible impact of whistleblowing on their career, health, and social status. They should reflect on whether there is anything in their past that could be used against them—such as unlawful actions or procedural violations. It is also important to gather strong evidence: facts that can convince judges, law enforcement bodies, and others of the truth of your statements.

Equally important is psychological preparation. A whistleblower should be ready to testify in court, allocate the necessary time and emotional resources, and anticipate possible rejection by colleagues or attempts by wrongdoers to discredit them. Understanding relevant case law can also help in evaluating the prospects of a case.

One should not disclose sensitive information to outsiders prematurely, nor threaten exposure, provoke scandals at work, or post about the case on social media. Such actions can backfire, leading to persecution or dismissal even before a formal report is filed. Otherwise, it may come down to your word against the perpetrator’s. The safest first step remains preparation and developing a strategy.

Jacobsen: How can a whistleblower report externally, internally, or anonymously?

Kalitenko: Ukrainian law allows whistleblowers to report internally, externally, or anonymously.

• Internal channels include secure methods—often allowing anonymity—for reporting to the head, authorized department, or designated compliance officer of the institution or enterprise where the whistleblower works, serves, or studies. Internal reports may also be directed to a higher-level body responsible for overseeing anticorruption compliance in subordinate organizations.
• External channels include reports made outside the whistleblower’s workplace. These may be submitted to journalists, NGOs, trade unions, or other civil society organizations, provided the information concerns corruption. Reports may also be made to authorized public bodies, such as the National Police, the Prosecutor’s Office, the National Anticorruption Bureau (NABU), the State Bureau of Investigations, or the National Agency for the Prevention of Corruption (NACP)..

In practice, the law limits the definition of “regular channels” to these designated institutions. This means whistleblowers currently cannot, for example, submit reports directly to a Verkhovna Rada committee or a temporary investigative commission of Parliament, as these are not formally recognized reporting channels.

Whistleblowers are not currently able to report to the Anti-Monopoly Committee or the Accounting Chamber. Therefore, it would be necessary to extend the definition of “regular reporting channels” to include public authorities whose mandate covers the issues to which the information relates.

Anonymous reports on possible facts of corruption or corruption-related offences must be considered if they contain information about a specific person and verifiable factual data. Such reports may be submitted anonymously through both internal and regular channels.

Jacobsen: What about concrete protections against retaliation that work for whistleblowers? Moreover, on the other side of the question, which protections exist in the law but do not work effectively in practice?

Kalitenko: Ukrainian law provides many protections for whistleblowers, but not all of them function effectively in practice. Some face barriers to proper implementation.

• Labour guarantees: The NACP can issue a mandatory order (a precept) requiring the reinstatement of a whistleblower who was unlawfully dismissed. These protections are generally adequate, and whistleblowers can also obtain compensation through the courts for lost wages during dismissal. However, problems remain. Even after winning a reinstatement order, some employees may still face renewed dismissal or be blocked from returning to their positions.
• Compensation for damages: Court-ordered compensation for lost salaries during unlawful dismissal has proven to be a reliable approach.
• Free legal aid: In practice, this state guarantee is weak. Whistleblowing cases are legally complex, but the system provides only limited attorney hours under pro bono arrangements, which are often insufficient for proper representation in court.
• Civil society initiatives: NGOs supported by external donors—such as Labour Initiatives (Trudovi Initsiatyvy)—have been more successful in practice. They have provided professional protection and legal representation for whistleblowers, even winning reinstatement cases in court.
• NACP representation in court: While the NACP can represent whistleblowers as a third party, results have been mixed. Some cases are lost, and it is not easy to analyze the reasons. The NACP does not share detailed data, citing the need to protect the identities of whistleblowers, which limits broader evaluation.

Overall, it is hard to assess with certainty which guarantees consistently succeed or fail. Outcomes may be affected by the mistakes of whistleblowers, the NACP, judges, or by gaps in the law itself. These gaps require future legislative improvement.

Jacobsen: What is the core evidence a whistleblower should collect before they file any report?

Kalitenko: Reporting corruption without any evidence may be treated as damaging to someone’s honour, dignity, or business reputation, and it can expose a whistleblower to a defamation lawsuit. Knowingly filing a false report of a crime can also result in criminal liability. Therefore, a whistleblower must ensure that the alleged fact of corruption is adequately documented.

This could include, for example, an audio recording of a bribe being demanded. It is often better to use a device other than a regular smartphone, as the sound quality from a concealed phone may be poor. The recording should ideally capture details such as the purpose of the bribe, the exact amount, and the payment procedure. If the bribe taker writes the amount on paper, the whistleblower can state the figure aloud to confirm it is recorded.

However, the whistleblower must be conscientious not to appear as if they are taking the initiative in the conversation, as this could be interpreted as provoking the bribe. Instead, they should clarify ambiguous hints or improper requests without suggesting or offering the bribe themselves.

A video recording may also be helpful. If an intermediary is involved, the whistleblower should attempt to confirm, on record, the intermediary’s authority and connection to the bribe taker. Throughout, they should watch their language, avoid signalling eagerness to pay, and avoid blunt refusals. For instance, they could politely say they need to consult with a spouse or supervisor, or that they currently lack the necessary funds. The goal is to give the bribe taker space to reveal as much incriminating information as possible.

That said, Ukrainian legal practice is inconsistent regarding the admissibility of such evidence. The Constitutional Court of Ukraine ruled in 2011 that a recording obtained intentionally without the consent of participants may not be admissible. However, if a recording comes from a device like a 24/7 CCTV camera, it could be considered valid evidence. Courts and investigators have treated similar cases differently in practice.

The safest course of action is to report directly to the law enforcement authorities. Authorities can provide instructions on how to collect evidence in a lawful manner. They may supply specialized equipment and mark banknotes for controlled handovers. Such marked money is later seized as material evidence and returned to the whistleblower after court proceedings.

Finally, whistleblowers should only collect evidence that they have legal access to within the scope of their official duties. This reduces the risk that the evidence will be excluded or that they will face liability themselves.

Whistleblowers should not engage in unlawful activities such as obtaining secret passwords, hacking databases, or similar actions. The basic elements of valid evidence are standard: a description of the event, dates, places, names of officials, as well as documents, letters, photos, or audio that can be independently verified.

It is advisable to submit documents that are accessible to other employees, because providing materials available only to you may expose your identity. Whistleblowers should also ensure they cannot be identified by their writing style, the nature of the information, or unique facts that only they would know.

For digital security, reports can be submitted using public Wi-Fi networks (not corporate ones) and with a VPN. Ideally, this should be done outside the home—for example, from a café or station—while leaving your personal phone at home to reduce the chance of tracking. At the same time, it is important to avoid areas where CCTV cameras might record you sending or receiving the information.

Jacobsen: Do monetary rewards help people come forward? What other incentive structures exist? Could some incentives encourage false reports?

Kalitenko: Rewards in Ukraine remain a problematic issue. By law, whistleblowers may receive 10% of the bribe amount or damages prevented/recovered for the state, capped at a minimum of three thousand times the minimum wage. In practice, however, this provision creates risks of abuse, since the percentage can be calculated from the notional value of a bribe rather than actual recovered funds.

Experiences in other countries also suggest that financial incentives are not the primary motivation for many whistleblowers. The driving force is often a sense of justice, a zero-tolerance approach to corruption, and a rejection of corrupt practices. Whistleblowers are typically aware that monetary rewards cannot compensate for the career setbacks, reputational harm, or personal risks they may face.

At the same time, rewards can create risks of manipulation, particularly in Ukraine, where a post-Soviet culture of bribery and provocation persists. There is even a risk of hidden cooperation between a potential whistleblower and corrupt law enforcement officials to stage situations for financial gain.

Excessive emphasis on money can also be counterproductive within organizations. It may be perceived as “paid denunciation” rather than genuine reporting, which undermines credibility. Other incentives—such as compensation for damages, protection from retaliation, and a cultural shift toward respecting whistleblowers—are equally, if not more, important motivators than financial rewards.

Jacobsen: Let us say you are dealing with small organizations. Some may be so small that they are advocacy groups. Others are just starting but have big ambitions. Still others may team up with larger organizations or form networks of smaller groups to build channels for reporting. How can small organizations create trusted reporting channels in such circumstances?

Kalitenko: If the Unified Whistleblower Reporting Portal of the NACP functioned reliably, I recommend using it as the primary channel. That was the original purpose of the portal—to avoid a “zoo” of different reporting systems with varying levels of protection.

Unfortunately, the portal administered by the NACP does not yet guarantee complete anonymity and confidentiality. For example, reports may be visible to the head of an organization through an “archive” button, and the system lacks advanced security features such as a Tor version. There have also been technical glitches that could be exploited to compromise whistleblower protection. The NACP itself acknowledges Portal’s shortcomings, noting that, like much of Ukraine’s public sector, it struggles to recruit qualified IT specialists and cannot achieve modernization to international best standards on its own.

Given this reality, small organizations have a few practical options:

• Outsourcing: They can outsource the processing of reports to independent structures, such as law firms or individual lawyers. This helps ensure reports are not filtered through managers who may be implicated. A subscription-based legal service model can be effective, as it avoids drawing attention when a report is filed. If payment occurs only after a whistleblower submits a report, management might immediately suspect who filed it.
• Internal culture and training: Beyond technical channels, small organizations should prioritize building a culture of respect for whistleblowers. Staff should be trained to understand reporting procedures and the protections available.
• Governance options: Larger entities may establish supervisory or advisory boards to handle reports. For small organizations, however, this can be too burdensome or impractical. It is not appropriate for whistleblower information to be sent directly to the head of the organization, as this creates conflicts of interest and undermines trust.
• Internal policies: Even small organizations should have a written policy for whistleblowing. This should define what facts must be reported, to whom, within what timeframe, and what rights and guarantees apply. It should also outline procedures for appeals and specify the technical means of reporting.

In practice, some traditional mechanisms like hotlines or physical “suggestion boxes” do not function effectively. The emphasis should instead be on secure digital solutions and independent handling of reports.

Traditional so-called “anonymous reporting” methods—like leaving a letter in a box in the corridor—do not work in practice. They fail to create trust in the system. In small organizations, setting up a box or even an internal hotline often results in zero reports.

A better option is email, but it should be used securely. Employees should be instructed to send reports via Tor or a VPN, and the reporting address should be created on a secure and reliable service, such as Proton Mail. These instructions must be written into the organization’s whistleblowing policy.

That policy should not only define reporting procedures but also foster a corporate culture that respects whistleblowers. Even small organizations should conduct training to ensure employees understand how to report incidents and how their rights will be protected. Building such a culture is difficult, but it is achievable.

Jacobsen: What about disclosures involving state secrets, especially during wartime, when risks around reporting are higher?

Kalitenko: This issue is not regulated by the EU Whistleblower Directive. The Directive does not explicitly address the disclosure of restricted information, including state secrets, but leaves such regulation to the discretion of EU member states. It does, however, guarantee minimum standards—such as the whistleblower’s right to choose whether to report internally or externally. Ukraine, as an EU candidate state, is expected to adopt this Directive as part of aligning with the EU acquis.

In Ukraine, the absence of specialized reporting channels for state secrets creates a legal trap. Whistleblowers risk prosecution for disclosing restricted information, even when acting in the public interest. Another issue is that only individuals with the appropriate clearance may access state secret materials. Currently, new employees are not informed about who in their organization has such clearance and thus could lawfully receive a report.

Ukraine also lacks a military ombudsman law, which could serve as a safe reporting channel for defence-related whistleblowing. Furthermore, the Criminal Code of Ukraine does not protect whistleblowers who disclose socially necessary information involving restricted access.

By contrast, the Law of Ukraine on Information (Articles 30 and 29) and the Law on Access to Public Information (Article 11) contain guarantees: they exempt individuals from liability when disclosing socially necessary information with restricted access, provided a court recognizes that the disclosure served the public interest or related to an offence. However, this protection is not consistently mirrored in the Criminal Code, which leaves whistleblowers vulnerable despite protections on paper.

The final point I would like to mention is that the Criminal Code of Ukraine already provides an exemption from liability for disclosing commercial or banking secrets when it is deemed socially necessary. This guarantee should be expanded to cover state secrets as well. However, that would require political will in Parliament to adopt legislation creating special channels for whistleblowers dealing with classified information. Without such legal reform, there will be no progress.

Jacobsen: What are common mistakes made by whistleblowers? This seems particularly important, since mistakes can be costly.

Kalitenko: From practice—including our whistleblower support projects within Transparency International Ukraine—I can identify several recurring mistakes:

• Confusing roles: Whistleblowers sometimes confuse themselves with activists, and activists sometimes confuse themselves with whistleblowers. Activists can also face persecution, but they are not formally protected under the law. For example, if someone is fighting against a mayor through protests, that is activism—not whistleblowing. The distinction is often difficult for individuals to understand.
• Using the wrong reporting channel: Some individuals select the incorrect channel for their report, which delays investigations and weakens protections.
• Making vague or unverified claims: General accusations, such as “everyone in the prosecutor’s office is stealing money,” without specific names, dates, or facts, are ineffective and reduce the chance of protection.
• Incorrect evidence handling: Some whistleblowers rely on unreliable methods, such as creating an email account under a false name, believing that it will protect them. In reality, every internet connection has an IP address that can be traced. If someone does use a separate anonymous email, they must ensure that their username, password, and details reveal nothing personal. They should avoid opening attachments, visiting social media with trackers, or checking their real mailbox while logged into the anonymous one. The anonymous mailbox should never be reused for other services.
• Metadata leaks: Documents can contain metadata, such as the time, date, location, or author information, that may reveal the whistleblower’s identity. Such metadata should be deleted manually or with special software, and documents should be converted to PDF format, which strips most metadata present in Word (.docx) files.
• Weak digital security: Whistleblowers sometimes send reports from computers infected with malware or outdated systems. It is essential to use updated antivirus software, patched operating systems, and secure networks.
• Over-reporting: Some whistleblowers send the same information to dozens of agencies, journalists, and NGOs simultaneously. This creates “noise” and can make the report look like spam. It may also lead to conflicting investigations or slow down proceedings. Reporting everywhere at once can damage credibility and effectiveness.
• Delays due to misdirection: Submitting a report to the wrong body can waste critical time. During delays, employers may spread rumours or take retaliatory action, such as dismissal, before protections are triggered.

In short, effective whistleblowing requires precision, discipline, and careful planning—both in terms of legal channels and digital hygiene.

Once you become a whistleblower, you may already have the attention of your boss or colleagues. Some people make the mistake of threatening their colleagues or superiors—for example, saying, “I will expose you,” or creating a scandal, or even posting prematurely on social media platforms like X, Facebook, or Instagram.

Such actions rarely lead to sanctions against bribe-takers. Instead, they make wrongdoers more cautious, which weakens the chance of gathering objective evidence. If you want to see perpetrators held accountable legally, you must cooperate with the police and prosecutors, not with friends, relatives, or social media followers.

Another common mistake is disclosing to family or close friends that you are a whistleblower. Even well-meaning relatives might accidentally reveal your status. Only the prosecutor, police officer, or relevant law enforcement official should know you are a whistleblower. Do not “show off” to friends or loved ones about it. These mistakes compromise safety and the investigation.

Jacobsen: What public metrics demonstrate that the whistleblower system is working?

Kalitenko: The European Commission currently points to the percentage of organizations connected to the NACP’s Unified Whistleblower Portal as the key public metric. Currently, only about 10% of the expected 90,000 organizations—roughly 9,000—are connected. However, this is not a meaningful measure. A mere connection to the portal does not prove the quality of investigations or that corruption risks are being effectively eliminated.

Better metrics would include:

• Follow-up inspections: Whether inspections are actually conducted after a report is submitted.
• Elimination of risks: More importantly, whether violations or their root causes are effectively addressed and eliminated. For example, if customs officers are known to demand bribes at the border, ensuring body cameras are always turned on could serve as a prevention mechanism.
• Systemic change: Success should not only be measured by whistleblowers winning cases in court, but also by environmental changes that reduce corruption risks in practice.
• Protection outcomes: If individuals who submit reports via the NACP portal face pressure or dismissal, this suggests that confidentiality and anonymity are not secure, and that the portal is leaking sensitive information.
• Court statistics: Another valuable metric would be data on court disputes involving whistleblowers. Unfortunately, although the NACP collects such information, it does not currently provide full public access, citing confidentiality concerns. This prevents NGOs and society from independently assessing the effectiveness of the legal protection mechanisms.

So, meaningful metrics should go beyond portal enrollment and instead track real-world changes, protections, and outcomes.

As a result, without systemic changes to the law and the introduction of effective mechanisms to address the portal’s issues, the current model for working with whistleblowers will remain vulnerable and unable to fully guarantee safety and effectiveness. That is the main conclusion of everything I have said.

Jacobsen: All right, Oleksandr, thank you very much for your time today. 

Kalitenko: Thank you very much for the opportunity to speak and for the invitation to this interview. It is precious to me, and I value it greatly. Thank you for your work and your contribution.

Jacobsen: Excellent, thank you. Take care.

Kalitenko: Bye.

Last updated May 3, 2025. These terms govern all In-Sight Publishing content—past, present, and future—and supersede any prior notices.  In-Sight Publishing by Scott  Douglas  Jacobsen is licensed under a Creative Commons BY‑NC‑ND 4.0; © In-Sight Publishing by Scott  Douglas  Jacobsen 2012–Present. All trademarks, performances, databases & branding are owned by their rights holders; no use without permission. Unauthorized copying, modification, framing or public communication is prohibited. External links are not endorsed. Cookies & tracking require consent, and data processing complies with PIPEDA & GDPR; no data from children < 13 (COPPA). Content meets WCAG 2.1 AA under the Accessible Canada Act & is preserved in open archival formats with backups. Excerpts & links require full credit & hyperlink; limited quoting under fair-dealing & fair-use. All content is informational; no liability for errors or omissions: Feedback welcome, and verified errors corrected promptly. For permissions or DMCA notices, email: scott.jacobsen2025@gmail.com. Site use is governed by BC laws; content is “as‑is,” liability limited, users indemnify us; moral, performers’ & database sui generis rights reserved.