36 questions and answers about Law 2/2023


  1. What is the objective of Law 2/2023, of February 20, regulating the protection of people who report on regulatory violations and the fight against corruption?

 Its objective is to protect people who report or denounce violations in their workplace from retaliation they may suffer.

The Law transposes Directive 2019/1937 of the European Parliament on the protection of persons who report violations of Union Law.

Law 11/2016 creating the Agency for the Prevention and Fight against Fraud and Corruption of the Valencian Community, anticipated the Directive, creating an external complaints mailbox open to all citizens and a statute of protection of people who denounce, whether natural or legal persons.

  1. Who can report or denounce an irregularity in their workplace?

Any person linked by a labor or professional relationship may report to the Independent Informant Protection Authority (AIPI), which has not yet been created, or to the corresponding authorities or autonomous bodies.

In the case of the Valencian Community, the competent authority is the Valencian Anti-Fraud Agency. 

  1. What type of information or complaints are included within the scope of application of the Law and give the right to protection?

Actions or omissions that may constitute a serious or very serious criminal or administrative offense. For example: passing the questions on an exam, manipulating a contract, building where you can’t, accessing a grant without having the requirements…

In the case of the Valencian Anti-Fraud Agency, these are those facts or conduct that may constitute corruption, fraud, administrative irregularities, conduct constituting an administrative or disciplinary offence, and conduct or activities that are reprehensible for being contrary to integrity and public ethics.

  1. Does the Valencian Antifraud Agency have powers in the private sector?

It could only have said competence if Law 11/2016 creating the Agency is modified, expanding its scope of action.

Therefore, for the private sector, the competent body is the Independent Informant Protection Authority (AIPI), which has not yet been created. 

  1. What are the ways and means to report or denounce an infringement in accordance with Law 2/2023?

Through the internal channel that each entity must have, or through the external channel, which in the case of the Valencian Community is that of the Valencian Antifraud Agency.

The Law allows the whistleblower to choose between the internal or external channel, depending on the circumstances and the risks of reprisals that he considers.

The complaint may be anonymous or identified, and may be made by any means: written, verbal, by email, postal mail, voice mail, etc.

  1. Who can be reporting persons according to Law 2/2023?

Law 2/2023 uses the term “informant” as a synonym for whistleblower to refer to people in the public or private sector who communicate or reveal information about irregularities of which they are aware in their professional or work environment.

Are included:

  • People who work in public administrations regardless of their employment relationship (career officials, interim, labor, temporary…)
  • People who work in the private sphere.
  • People who are doing internships, interns, in training or who are participating in a selection process.
  • People who work for companies related to the administration, whether they are contractors, subcontractors, suppliers, etc.

In any case, these people who report violations must report in accordance with the requirements of the Law and have reasonable grounds to believe that the information they are providing is true. 

  1. Can I go to the external reporting channel or should I first report through the internal channel? 

The internal channel should be used preferentially, since a diligent and effective action within the organization itself could paralyze the harmful consequences.

However, the Law allows the whistleblower to choose the internal or external channel, depending on the circumstances and the risks of reprisals that he considers.

In any case, the AVAF is the external channel that may be used in accordance with the provisions of Law 2/2023 and in its regulatory regional regulations.

  1. What are the support measures established by Law 2/2023 for the person who denounces or informs? 
  • Free information and advice on the procedures and resources available, protection against retaliation and the rights of the affected person.
  • Effective assistance by the competent authorities before any authority involved in their protection against retaliation, including the certification that they can avail themselves of protection under this law.
  • Legal assistance in criminal proceedings and cross-border civil proceedings in accordance with community regulations.
  • Financial and psychological support, exceptionally, after assessing the circumstances.

All this, regardless of the assistance that may correspond according to Law 1/1996 on free legal assistance, for the representation and defense in judicial proceedings derived from the presentation of the communication or public disclosure.

  1. Who can access the protection measures included in the Law?

In addition to the informants or denouncers, those related to them who may be harmed or retaliated against, such as family members or co-workers, will be able to access.

  1. What about retaliation? 

Acts of retaliation, including threats and attempted retaliation, are expressly prohibited.

Retaliation is understood as any act or omission prohibited by Law, or that directly or indirectly involves unfavorable treatment that places the people who suffer it at a disadvantage with respect to another in the labor or professional context, solely because of their status as informants.

  1. What are the most common reprisals? 
  • Opening of disciplinary files and dismissal.
  • Demotion or denial of promotions and substantial modifications of working conditions.
  • Damages, including those of a reputational nature, or economic losses, coercion, intimidation, harassment or ostracism.
  • Denial or cancellation of licences, permits or training.
  • Discrimination, or unfavorable or unfair treatment.
  1. What are the protection measures against retaliation? 

The best protection is anonymity.

The Law requires the creation and implementation of secure channels that guarantee confidentiality, admitting both anonymous and identifying complaints.

The people who communicate this information are not liable, provided that access to the information does not constitute a crime and except for legal liabilities that may arise. However, the protection does not exempt the complainant from the responsibilities that may have been incurred for events other than the complaint.

In judicial proceedings or before another authority, related to the damages suffered by the whistleblower, once he has reasonably demonstrated that he has suffered damage, it will be presumed that it is a retaliation.

In the judicial processes in which the reporting person may be immersed, he or she will have the right to plead in his favor, having made a complaint or provided information.

  1. What obligations does the entry into force of Law 2/2023 give rise to?
  • Creation of an internal information system (internal channel), which must meet certain requirements and guarantees, and must be designed, established and managed in a secure manner, allowing the presentation and processing of anonymous complaints.
  • Regulate the channel management procedure for the processing of communications or complaints in accordance with the Law.
  • Appoint a person in charge of the internal information system, which can be a natural person or a collegiate body.
  • Notify the competent Authority (in the Valencian Community, the Valencian Anti-Fraud Agency with respect to the public sector) the designation of the person in charge of the internal information system.
  • Have a book-registry of the information received and of the internal investigations to which they have given rise.
  • Inform in a clear and accessible way to those who carry out the communication through the internal channel about the existence of the external channel.


  1. What is an Internal Information System?

An internal information system is a structure whose objective is to guarantee that employees, public or private, can communicate within the organization itself the irregularities they are aware of, so that they can be monitored.

The internal information system is made up of:

  • An internal channel for receiving information or complaints.
  • A procedure for the management of such information or complaints,
  • A person responsible for the management and processing.

The System must offer full guarantees of independence, confidentiality, security and that those who use the channel do not suffer reprisals.

The internal information system must form part of the organization’s integrity strategy, as well as promote good public governance and safeguard the general interest through ethical commitment, allowing the elimination of bad practices and consolidating the trust of citizens in their institutions. 

  1. Which entities are required to have an internal information system? 

In the PUBLIC SECTOR: all administrations and public entities.

They may share the internal information system and the resources for investigations and procedures:

  • Municipalities with fewer than 10,000 inhabitants.
  • Entities belonging to the public sector that have less than 50 workers linked to or dependent on bodies of the territorial Administrations

In any case, it must be guaranteed that the systems are independent from each other and that the channels appear differentiated. 

In the PRIVATE SECTOR: individuals or legal entities that have 50 or more workers.

Legal persons in the private sector with between 50 and 249 workers may share the internal information system and the resources for the management and processing of communications.

  1. What are the requirements that the management procedure of the Internal Information System (SII) must meet?

 Identification of the internal information channel (web, bulletin board, banners…).

  • Include clear and accessible information about external channels.
  • Send acknowledgment of receipt to the informant, without jeopardizing confidentiality.
  • Determine the maximum term to respond to the investigation actions.
  • Possibility of communication with the informant and how to request additional information.
  • The affected person’s right to information, as well as to be heard at any time, respecting the presumption of innocence and their honor.
  • Protection of personal data.
  • Referral to the Public Prosecutor’s Office of facts that may constitute a crime, and to the European Public Prosecutor’s Office if they affect the interests of the European Union.
  1. What happens if an entity already has an Internal Information System (SII)? 

It may be used to comply with Law 2/2023, adapting to the requirements established therein.

  1. Is it possible for the Internal Information System (SII) to be managed by an external third party?

In the field of public administrations, the reception of the information by a third party may only be agreed.

In any case, the insufficiency of own resources must be justified in accordance with the Public Sector Contracts Law.

The Valencian Antifraud Agency offers information and advice on how to install internal channels at no financial cost, for which the prior signing of a collaboration protocol is necessary.

  1. Within the Internal Information System (SII) can various channels coexist in addition to the channel provided for in Law 2/2023?

Yes, as long as they appear differentiated so as not to create confusion.

  1. Can the same channel act at the same time as an internal channel of an organism and as an external channel of another?

No. Internal channels must always form part of the structure of the body or entity, and external channels will depend on the competent administrative authority, whether state or regional.

  1. Should public bodies with infringement investigation functions have an internal channel and also an external channel?

Yes. The external channel must be created for communications of non-compliance wished by persons outside the organization and whose investigation depends on the entity. 


  1. Who can be Responsible for Internal Information Systems (RSII)?

Individuals or collegiate bodies. If it is a collegiate body, it must delegate to one of its members the powers of management of the internal information system and processing of investigation files.

It must carry out its functions independently and autonomously from the rest of the entity’s bodies, reporting directly to the governing body. In addition, it must offer full guarantees of confidentiality and security regarding the information it handles. 

  1. Who should appoint the person Responsible for the Internal Information System (RSII)?

The governing body or administrative body, after consultation with the legal representation of the workers. 

  1. What profile is most appropriate to fulfill the functions of Head of the Internal Information System (RSII)?

In the entities or organizations in which there is already a person responsible for the function of regulatory compliance or integrity policies, they may be designated as System Manager, provided they meet the requirements established in the Law.

Each entity has to assess the suitability of the corresponding person, who offers the greatest guarantees of independence and autonomy necessary to perform their functions and with the necessary preparation and training. 

  1. What happens if there is a conflict of interest of the person in charge of the Internal Information System (RSII)? 

You must refrain from the procedure in accordance with the provisions of Law 40/2015, of October 1, on the Legal Regime of the Public Sector.

It is recommended that the governing body or administrative body has pre-established a system of substitutions.

  1. What is the deadline within which the Valencian Anti-Fraud Agency must be notified to the Head of the Internal Information System (RSII)?

10 business days from your appointment.

  1. What is the regulation that regulates the Register of Persons Responsible for the Internal Information System (RSII) in the Valencian Community?

The applicable standard is Resolution no. 504/2023 of the director of the Agency, which creates the Register of Managers of Internal Information Systems (DOGV no. 9601, of 05.23.2023).


  1. How should communication be made to the Valencian Anti-Fraud Agency of the person in charge of the internal information system (RSII)?

At its electronic headquarters, through the specific procedure that appears in the section “Law 2/2023” – “Responsible for the Internal Information System”.

  1. What must be provided to notify the Valencian Anti-Fraud Agency of the Head of the Internal Information System (RSII)?
  • The completed electronic office procedure form.
  • Copy or certificate of the governing body that accredits the designation of the natural person or collegiate body. 


  1. What is the implementation period for the Internal Information System (SII) for administrations, agencies, companies and other obligated entities?

The term expires on June 13, 2023.

  1. What is the implementation period for the Internal Information System (SII) for municipalities with fewer than 10,000 inhabitants?

Until December 1, 2023.

  1. What is the implementation period for the Internal Information System (SII) for municipalities with more than 10,000 inhabitants?

The term expires on June 13, 2023 

  1. What is the implementation period of the Internal Information System (SII) for legal entities in the private sector with 249 or fewer workers?

Until December 1, 2023

  1. What is the implementation period for the Internal Information System for legal entities in the private sector with 250 or more workers?

The term expires on June 13, 2023 


  1. Why does an administration or public entity need to sign a collaboration protocol with the Valencian Anti-Fraud Agency? 

Through the signing of protocols, the Agency provides help and advice for the implementation of a free complaints channel, as well as offering training and information on the application of Law 2/2023.

If you are interested in signing up for a protocol, you can send an email to juridico@antifraucv.es

Lousy here to see the protocol model. 

  1. Is it necessary for a public sector entity, attached to or linked to a public administration of the Valencian Community, to sign a protocol with the Valencian Anti-Fraud Agency?

If the public sector entity is attached to or linked to a public administration that has already signed a protocol with the Agency, it will not be necessary to sign a new protocol to obtain this collaboration. However, if you wish, you can subscribe to a specific protocol.

In the case of a consortium, it will not be necessary to sign a protocol if it has already been signed by the public administration participating in the consortium as a majority.

Subscribe to our blog and Newsletter

* required fields

19 German lawyers in training visit the Valencian Anti-Fraud Agency to learn how it works

Valencia, June 12, 2023.- A total of 19 German lawyers in training from Cologne have visited the Valencian Anti-Fraud Agency to learn first-hand about aspects of the Agency’s operation such as the development of investigations, the complaints mailbox or the protection of whistleblowers of corruption.

Throughout the morning staff of the Agency in the areas of analysis and research, legal, prevention, computer and training have explained to them what the work that is carried out on a day-to-day basis in each of the departments consists of.

The group is composed of 19 lawyers who have passed the entrance exam and this visit is part of the training program. The students have actively participated by asking questions about different aspects of the work carried out by the Agency.

Once the visit to the Agency was over, the group took a guided tour of the Corts Valencianes, headquarters of the Valencian Parliament.

The Hay Derecho Foundation presents “El Dedómetro” where it analyzes the level of politicization and cronyism in the appointment of the heads of 30 public entities of the Valencian Community

Valencia, June 8, 2023.- The Hay Derecho Foundation has presented at a press conference at the headquarters of the Valencian Anti-Fraud Agency the investigation that bears the name “El Dedómetro”.

This study is analyzed through the collection and analysis of public data, the curriculum of 66 heads of the main public entities of the Valencian Community in the last decade and under governments of different political signs. The final analysis reveals that 33 of them fail in terms of the principles of merit and ability, with less than a 5 on a scale of 1 to 10. 

The result is part of the conclusions of a data research carried out by Hay Derecho that analyzes, in total, 101 CVs of management personnel of 43 public entities of two autonomous communities of opposite political sign: the Community of Madrid and the Valencian Community.

Hay Derecho, a non-profit organization that defends the rule of law and fights against corruption, has created indicators that, based on the collection and analysis of public data, allow evaluating whether the selection processes of the highest managers reflect the principles of merit and capacity or on the contrary it is cronyism and exchange of favors

For the analysis of the suitability of top managers, the methodology takes into account academic training, general and specific professional experience in the sector he directs, as well as management experience, time spent in the position and political linkage.

The research, which is called “The Dedometer”, highlights that the system does not establish objective, transparent and concurrent procedures to guarantee the principles of merit and capacity in its selection. And yet, these managers manage average budgets of 184 million euros of public money and have salaries of up to 220,000 euros per year.

Those responsible for managing public companies in key sectors such as transport, media or finance, among others, are exposed to very high levels of turnover, mainly linked to changes in government. In the Valencian Community, 3 entities stand out that have come to have between 5 and 7 different managers in a decade.

The Dedometer analyzes data between 2012 and 2022 and points to a slight improvement in the profile of the heads of public entities when governments lack an absolute majority. The very high turnover of managers is striking, which highlights that appointments and dismissals are linked to political cycles and not to management performance or other professional criteria.

The results, however, improve in the case of public entities that have a selection regulation that specifies the process and the type of professional experience required for the position. In these cases, the analysis of the Dedometer shows that there is a tendency to select candidates with a longer and specialized professional career, although unfortunately not always with greater management experience.

However, even in these entities, turnover does not decrease, except in cases where there are fixed periods of mandate.

Another key feature of the report is the analysis of compliance with transparency laws: only 6 entities fully comply with transparency regulations. 80% fail to comply with at least one of the legal obligations such as publication of accounting information, or the name and professional career of its chief executive, among other data. Even one of them, Economic and Business Spaces, with 4 employees and a budget of 94 million euros, does not even have its own website where to host the information that the law requires to publish.

The research reveals that 47% of entities do not publish their salaries, 33% do not show the curriculum of their top managers – or do so incompletely – and 13% do not publish accounting information.

“Behind an unpublished or incompletely published curriculum there is not only a legal breach, there may also be an intention to hide the trajectory of someone not too qualified or a purely political career,” says Javier Zamora, head of research at Hay Derecho.

“From Hay Derecho we believe that it is necessary to apply protocols that ensure the active and accessible publication of all information, establish a standardized CV model for public sector managers and hold the top manager responsible for compliance with transparency obligations,” says Safira.

Joan Llinares, director of the Agency, was also present at the press conference, who stated that “we want to thank the work developed by the Hay Derecho Foundation with the preparation of this study as it offers us a vision of what is happening in terms of the selection of management staff in the public sector and especially at a time like the current one in which the selection will proceed and appointment of new managers following the electoral processes”.

Hay Derecho has conducted such research before. In 2020, the first Dedometer focused on evaluating the General State Administration from a series of regulatory bodies and a sample of 36 entities belonging to the public business sector such as Correos, AENA, Red.es or Paradores. The results were: a high level of turnover, with entities that had up to 9 maximum managers during a period of 15 years, little experience in management and little experience in the matter of the maximum managers analyzed. Improved findings in independent authorities, which set specific requirements and mandates with fixed durations for their top managers

In the second research, the different entities of the Metropolitan Area of Barcelona were analyzed, evaluating not only those most responsible, but also their transparency.

The Hay Derecho Foundation is a non-profit, independent foundation that works to defend the rule of law, good institutional functioning and promote the fight against corruption.

Hay Derecho has recently joined the Consell de Participació of the Valencian Anti-Fraud Agency.