AI companies should make their whistleblowing system’s effectiveness and trustworthiness transparent to the public. The first, baseline, step is to make their whistleblowing policies public. This would benefit the public, potential whistleblowers, policy makers, and even the companies themselves:
See signatories
* Please note that AIWI only evaluates the transparency of the policy and outcome reporting—not the content or quality of the underlying system, protections, culture, or past patterns of retaliation.
AI companies should make their whistleblowing system’s effectiveness and trustworthiness transparent to the public. This would benefit the public, potential whistleblowers, policy makers, and even the companies themselves.
AI carries great potential, but also great risks. As acknowledged by former insiders, many of these risks will be visible only to insiders. These insiders should be able to safely raise their concerns, internally and externally.
AI Companies have not published their whistleblowing policies. This makes it impossible to assess whether insiders and the public can rely on internal systems to effectively address risks to (public) safety. An exception is OpenAI, who published their policy following revelations around their highly restrictive non-disparagement clauses.
We have evidence that many AI employees don't know, understand, or trust their whistleblowing policies.
Making whistleblowing policies public and opening the discussion will help people working in AI understand their protections, lay a foundation for trust, and show that companies are committed to a culture of integrity in which flagging of risks is a normal and expected responsibility. Lastly, public dialogue will allow policy makers to identify gaps in coverage and react accordingly.
Substantial empirical evidence shows that better policies are good for companies and employees, with benefits going beyond improved detection and deterrence of misconduct, including greater employee satisfaction, loyalty, and second order effects of speak-up cultures like improved research results, innovation, and safety.
Even shareholder representatives have called upon at least one of these companies to improve their internal whistleblowing policies to reap the benefits outlined above.
There is also no loss from transparency: Whistleblowing policies do not contain trade secrets that could form the basis of competitive advantage.
Besides tech firms (e.g. ASML), companies from a variety of industries publish their whistleblower policies and even regular effectiveness-, outcome-, and protection evaluations. AI companies should exhibit similar leadership rather than deferring publication until it becomes too late. We will work with and commend those that create transparency around their whistleblowing systems and, in doing so, take the first step in improving these systems.
This campaign is led by The AI Whistleblower Initiative (AIWI), an independent, nonpartisan, nonprofit organization supporting whistleblowers in AI. For questions or requests to join our call: Contact us.
Dimitrios Kafteranis
University of Coventry
Simon Gerdemann
University of Goettingen
Please note that this framework only evaluates transparency of policies—not their content, i.e. the effectiveness of the system. A company might have published their policy, but that policy/system might still be ineffective, but we will only know once it is public.
OpenAI
|
Anthropic
|
xAI
|
Meta
|
DeepMind
|
Mistral
|
|
| Summary Score | * | |||||
| Level 0: Minimal policy disclosure? Definition |
Yes1 | Yes1 | Yes1 | Yes1 | Yes1 | Yes1 |
| Level 1: Is policy & system public? Definition |
Yes | No | No | No | No | No |
| Level 2: Outcome transparency? Definition |
No | No | No | No | No | No |
| Sources | Link 1Link 2 | Link 1 | Link 1Link 2 | Link 1Link 2Link 3 | Link 1 | Link 1 |
[1] The existence of an internal policy is disclosed, but no public evaluation possible. This is insufficient for...
Transparency is not token disclosure. It is where stakeholders can meaningfully evaluate the organization’s commitment to protecting whistleblowers and addressing wrongdoing. Below, we set out the core principle of transparency and a transparency framework.
In short, we are looking for
In the below evaluation framework, we focus only on transparency – not on ‘content’. That means a company can score highly on policy transparency while the policy itself is suboptimal – or score highly on Effectiveness Transparency while the published metrics show that e.g. whistleblowers are dissatisfied and retaliation occured.
Level 0: Minimal Disclosure
Why insufficient: Provides no substantive information for stakeholder evaluation
Level 1: Policy Transparency
Enables: Evaluation of policy comprehensiveness and organizational commitment
Why insufficient: Even a strong whistleblowing policy can be circumvented if organizational culture & leadership attitudes are adverse to truly embracing rectification of misconduct.
Level 2: Effectiveness Transparency
“Level 2” means companies provide evidence around how robust their systems are in practice, which challenges they face, and which improvements they are taking. In short, that companies genuinely take seriously creating a ‘speak up culture’, the protection of whistleblowers, and dealing with their concerns.
Companies that take whistleblowing seriously should already gather this evidence and conduct relevant activities as part of continuously improving their function – publication is hence only a matter of transparency. Companies that do not measure and engage in below activities likely do not seriously care about their whistleblowing system.
In fact the ICC Guidelines on Whistleblowing Systems call for this publication of effectiveness metrics to ensure that a policy is actually implemented, reviewed, and effective. This means Level 2 includes, for example:
Metrics/ Indicators. View this report on which metrics/ indicators one might measure to assess an internal whistleblowing system’s effectiveness.
Examples:
Number of reports received/resolved (low does not necessarily mean ‘good’)
Outcome and rectification summaries
Retaliation complaints and status of whistleblowers (e.g. what % “left” the company after their report)
Satisfaction of whistleblowers with process and outcomes, appeal rates
% of anonymous reports over time
Evidence on awareness, understanding, and trust of covered persons (e.g. employees) into the whistleblowing system, e.g. via anonymous surveys
Evidence of regular reviews and improvements to the whistleblowing system, including the content of those improvements. This could be an internal process or, ideally, outcomes of a recurring independent external audit. We can help companies find relevant auditors at no charge.
Enables: Ongoing monitoring of organizational performance and policy effectiveness
We call on AI companies to meet, at a minimum, Level 1.
Level 2 generates trust and is what all AI companies should strive for.
1. Advancing Public Safety
AI carries great potential, but also great risks. As acknowledged by former insiders, many of these risks will only be visible to insiders. Insiders should be able to safely raise their concerns, internally and externally.
Evidence
Industry Acknowledgment: Leading AI companies explicitly recognize these risks. OpenAI states they “operate as if these risks are existential” (Planning for AGI and Beyond). Anthropic warns of “dire consequences” if AI systems pursue conflicting goals (Dario Amodei).
Global Recognition: The Bletchley Declaration signed by governments worldwide acknowledges AI’s “potential for serious, even catastrophic, harm.”
Insiders’ Unique Position: Former and current AI insiders recognize that “current and former employees are among the few people who can hold them accountable to the public” and have called for “compan[ies] to facilitate a verifiably anonymous process for current and former employees to raise risk-related concerns to the company’s board, to regulators, and to an appropriate independent organization with relevant expertise”.
ICC Guidelines note that “Employees are often the first to recognize potential wrongdoing or risk of harm.” For AI, the black-box nature means many risks are only visible to those with internal access (Center for AI Policy).
(Internal) Whistleblowing is highly effective at uncovering and deterring misconduct: In a survey with +1,200 companies, EQS found that 1/3 of companies that had incurred financial damage due to misconduct were able to uncover +80% of that financial damage incurred through misconduct through their whistleblowing channels.
Regulators agree: The EU covers AI Act violations under the EU Whistleblowing Directive, and bipartisan US efforts (AI Whistleblower Bill) recognize more ‘traditional’ outside verification mechanisms are insufficient for AI risks.
2. Trust Is Not Enough
AI Companies have not published their whistleblowing policies. This makes it impossible to assess whether insiders and the public can rely on internal systems to effectively address risks to (public) safety. An exception is OpenAI, who published their policy following revelations around their highly restrictive non-disparagement clauses.
Evidence
Current Transparency Gap: The recent Future Of Life Institute AI Safety Index highlighted that major AI companies (Anthropic, Google DeepMind, xAI, Mistral) have not published their whistleblowing policies, making a neutral assessment extremely challenging. The report also directly calls for the publication of these whistleblowing policies.
None of the major AI companies publish effectiveness metrics.
Stark Internal Policy Quality Differences: An evaluation of whistleblower systems of +70 companies in the Netherlands displayed the stark differences in internal system quality – from protections to processes. Google notably ranked among the bottom 3.
Best Practice Guides [1, 2, 3] for Whistleblowing Policies demonstrate the dimensions along which a policy can be strong or weak: Is anonymous reporting possible? Are investigative teams equipped to evaluate (technical) reports? Do executives oversee the whistleblowing unit or the board?
This matters as the majority of insider try to speak up internally first: The SEC Whistleblower Program’s 2021 Annual Report to Congress showed that three-quarters of award recipients had initially attempted to address their concerns within their organizations before seeking external remedies. These internal efforts typically involved reporting to management, compliance departments, or established internal reporting channels. For most employees, utilizing internal mechanisms serves as the primary method for flagging potential misconduct or legal violations.
Stephen Kohn and Sophie Luskin of KKC, a whistleblowing law firm, highlighted the importance of mandating internal whistleblowing channels as part of the AI Whistleblower Protection Act.
3. Empowering Insiders to Spot Problems
We have evidence that many AI company employees don't know, understand, or trust their whistleblowing policies.
Making whistleblower policies public and opening the discussion will help people working in AI understand their protections, lay a foundation for trust, and show that companies are committed to a culture of integrity in which flagging of risks is a normal and expected responsibility. Lastly, public dialogue will allow policy makers to identify gaps in coverage and react accordingly.
Evidence
Insider Awareness Gap: As no AI company currently publishes evidence on the effectiveness of their whistleblowing policy training campaigns, AIWI conducted interviews with (former) frontier AI company insiders – employees and contractors. This showed that a large share of insiders across organizations do not know of or understand their companies’ internal whistleblowing systems. Others have highlighted this issue previously.
This is not uniquely an AI issue: Research indicates employees are often unaware channels exist (NAVEX on workplace trust) – exposing them to risk when raising concerns internally
Trust Deficit: Research by AIWI suggests AI employees suspect that making a report would be ineffective, or even a trap that could make their work life more difficult.
They might also be too afraid to inquire about policies. According to at least one former insider, managers would automatically be informed if the insider had participated in a training on internal whistleblowing processes.
Find here some quotes from our anonymous AI insider survey:
”"I'm not well-informed about our company's whistleblowing procedures (and it feels uncomfortable to inquire about them directly)."
”"I anticipate that using official reporting channels would likely result in subtle, indirect consequences rather than overt retaliation like termination."
4. Public Feedback Improves the Effectiveness of Whistleblower Policies
Substantial empirical evidence shows that better policies are good for companies and employees, with benefits going beyond improved detection and deterrence of misconduct, including greater employee satisfaction, loyalty, and second order effects of speak-up cultures like improved research results, innovation, and safety. Even shareholder representatives have called upon at least one of these companies to improve their internal whistleblowing policies to reap the benefits outlined above. There is also no loss from transparency: Whistleblowing policies do not contain trade secrets that could form the basis of competitive advantage.
Evidence
Uncovering Misconduct: We can use ‘financial damage through misconduct’ as a quantifiable proxy for misconduct in general: In a survey with +1,200 companies, EQS found that 1/3 of companies that had incurred financial damage due to misconduct were able to uncover +80% of that financial damage through their whistleblowing channels.
A George Washington University 2020 study analyzing nearly two million internal whistleblowing reports from over 1,000 publicly traded U.S. firms found that “internal whistleblowing report volume is associated with fewer and lower amounts of government fines and material lawsuits.”
Innovation Benefits: Research demonstrates “speak-up cultures” generate second-order effects including “improved research results, innovation, and safety” (Business Case for Speaking Up) – critical for AI companies.
The EQS report also found that whistleblowing systems achieve multiple non-financial benefits: “Better understanding of compliance among employees” (#1 benefit), improved processes and stronger integrity, more professional compliance systems, and higher employee satisfaction
Shareholder Support: Trillium Asset Management specifically called upon Google to have its whistleblowing policies reviewed to reap benefits:
“Whistleblowers protect investors, not management,” – Jonas Kron, Chief Advocacy officer at Trillium.
No Competitive Advantage Lost: Whistleblowing policies contain procedural frameworks and legal guarantees, not IP or competitive secrets. Basic reporting structures don’t reveal proprietary algorithms or business strategies.
5. Precedent Is Plentiful
Besides tech firms (e.g. ASML), companies from a variety of industries publish their whistleblower policies and even regular effectiveness-, outcome-, and protection evaluations. AI companies should exhibit similar leadership rather than deferring publication until it becomes too late. We will work with and commend those that create transparency around their whistleblowing systems and, in doing so, take the first step in improving these systems.
Evidence
Publication of policies is a Cross-Industry Practice: Companies across sectors routinely publish policies – in the AI supply chain (ASML), industrial sector (Tata Steel), FMCG (Heineken), or Financial Services (ABN Amro).
Publication of regular system effectiveness evaluations is becoming standard: The ICC 2022 Guidelines explicitly encourage transparency and publication of system effectiveness metrics as best practice, noting enterprises are “measured by how they deal with Whistleblowers.”
Beyond publishing policies, publications of statistics & outcomes is also increasingly becoming common place: A 2024 study among 70 Dutch companies showed that “Slightly more than half of companies (54%) externally publish statistics about whistleblowing cases. Most of them publish this data in the annual report.”
A worrying pattern: Waiting until a scandal. Some companies publish their policies in response to previous misbehaviour – such as Volkswagen – or following public or legal pressure after attempts at silencing insiders, such as at OpenAI or Apple. While this transparency is a step in the right direction, we again need to stress that this does not mean that the systems are strong or that the culture in which the whistleblowing system is embedded guarantees safe reporting channels for insiders. This is also the case as neither OpenAI nor Apple create transparency at “Level 2”, i.e. publishing qualitative or quantitative transparency around case outcomes, system improvements, and effectiveness evaluations.
We should not wait for comparable fallouts in the AI industry to learn the same lessons
We therefore call on AI companies to, at a minimum, publish their policies (Level 1).
Creating transparency around the effectiveness, outcomes, and improvements of their systems (Level 2) is what all AI companies should strive for.
A whistleblowing policy describes a company’s whistleblowing system. It is a formal framework and guideline for those individuals who want to report concerns about wrongdoings or risks posed by the company. A whistleblowing policy will outline, among other items, covered disclosures and reporting persons, the reporting process, channels, independence and competence of recipients, feedback timelines, scope of reporting, and non-retaliation guarantees.
Key References: ICC Guideline, ISO Standard, Transparency International Best Practice Principles
For an interactive way to understand whether an internal whistleblowing policy is in compliance with e.g. the EU Whistleblowing Directive, visit this or this interactive tool.
No, publication alone does not guarantee strong protections. A publicly available policy could still contain significant gaps, weak enforcement mechanisms, or inadequate scope coverage.
However, public disclosure enables external evaluation and accountability. When policies are publicly accessible, regulators, journalists, researchers, whistleblowing non-profits, as well as prospective employees and shareholders can assess their robustness and more easily monitor organizational compliance. This external scrutiny creates pressure for stronger protections over time and allows stakeholders to make informed decisions.
Non-public policies, regardless of their quality, deny stakeholders this oversight capability and can hide restrictive or inadequate protections. Transparency is a necessary, though not sufficient, condition for robust whistleblower protection.
This is why ongoing transparency on outcomes, effectiveness, and improvements to the system matter (see Level 2).
It makes it more likely, but even an excellent policy document does not guarantee a strong system and protections in practice. A comprehensive policy is only as effective as its implementation, organizational culture, and leadership commitment.
Common gaps between policy and practice include:
Informal retaliation that circumvents official protections
Inadequate investigation resources leading to poor follow-up
Lacking awareness & cultural discouragement of reporting despite formal protections
Management non-compliance with stated procedures
This implementation gap is why ongoing transparency and monitoring matters (See Level 2). Regular public reporting on policy usage, outcomes, and effectiveness (like aggregated statistics on reports received and resolved) helps external stakeholders assess whether a company’s protections work in practice, not just on paper.
Strong whistleblower protection requires both robust policies and demonstrable organizational commitment to implementing them.
Follow updates about the campaign, the AI Whistleblower Initiative, and news based on real insider voices in AI
