Belgium’s new Private Investigation Act (PIA), published in the Official Gazette on December 6, 2024, and primarily effective from December 16, 2024, marks a significant shift in the legal landscape for private investigations. This legislation replaces the 1991 Belgian Act on Private Detectives, modernizing the framework to accommodate new investigation methods and ensuring compatibility with the General Data Protection Regulation (GDPR). The PIA’s broadened scope now includes internal investigations, introducing substantial new requirements for businesses operating in Belgium.
Expanding the Scope of Private Investigations
The PIA redefines private investigation activities to include those carried out by a natural person on behalf of a principal to collect and process information regarding individuals or specific circumstances. This expanded definition means that internal investigations within companies, including those conducted within the same corporate group, now fall under the PIA’s purview. This redefinition broadens the reach of the PIA, necessitating changes in how companies approach investigations to ensure compliance.
Certain professional activities are excluded from the PIA’s scope, such as those conducted by notaries, lawyers, bailiffs, journalists, auditors, and statutory auditors. Additionally, cybersecurity incident investigations and legally mandated activities like whistleblowing reports and psychosocial risk assessments are not covered by the PIA. This distinction is crucial for businesses to understand which activities require compliance with the new regulations, as misinterpretation could lead to unintended contraventions. By clarifying these exceptions, companies can better navigate the complexities of the PIA and align their investigation strategies accordingly.
Licensing Requirements for Investigators
One of the most significant changes introduced by the PIA is the licensing requirement for private investigation companies and internal investigation services. To operate legally, these entities must obtain prior authorization or a license from the Ministry of Interior. The license, valid for five years and renewable, necessitates a clean criminal record, specific training, and residency within the European Economic Area (EEA) or Switzerland (or the UK for private investigators). This license requirement brings a new layer of regulatory oversight to the field, ensuring that only qualified personnel can conduct investigations.
However, there is an exemption for HR departments conducting private investigations solely for their own needs in the context of “incident investigations.” While these departments are not required to obtain a license, they must still comply with other mandatory requirements of the PIA. This exemption provides some relief for businesses but underscores the importance of understanding the specific conditions under which it applies. Companies must diligently assess their internal investigation activities to determine if they qualify for this exemption and ensure that all other aspects of the PIA are met.
Implementing Internal Regulations and Policies
To comply with the PIA, companies must implement an internal regulation or policy detailing the permissibility and modalities of investigations against employees. This policy should be in place by December 16, 2026, giving businesses a two-year window to develop and adopt the necessary procedures. This timeframe allows companies to thoroughly review their current practices and make the necessary adjustments to meet the new standards imposed by the PIA.
The internal policy must outline the scope, purpose, and duration of investigations, ensuring transparency and adherence to legal standards. Additionally, companies must prepare a written mission statement before conducting any investigation, specifying the investigation’s objectives and parameters. For internal investigators employed by the principal, maintaining an up-to-date mission register is mandatory, with records retained for five years. These requirements ensure that all investigations are properly documented and that there is accountability for the investigative actions taken.
Reporting and Privacy Obligations
Investigators are required to submit a detailed written report to the principal within one month of the last investigative act. This report must comprehensively document the investigation’s findings and processes, ensuring accountability and transparency. This requirement helps maintain high standards in reporting and allows for a thorough review and analysis of the investigation’s outcomes.
The PIA also imposes strict GDPR and privacy obligations on investigators. Certain investigative activities, such as probing into political or religious beliefs, are explicitly prohibited. Specific investigations require prior consent from the investigated person, emphasizing the importance of respecting individual privacy rights. If the principal wishes to use the information in the report, they must inform the agent within 30 days, and the agent is then required to notify the investigated person(s) about their data rights before the information can be used. This comprehensive approach to privacy ensures that individual rights are upheld and that investigations do not infringe upon protected personal information.
Legal Assistance and Employee Rights
The PIA ensures that employees’ rights are protected during investigations. Interviewees can request the assistance of a chosen representative, such as a lawyer or trade union official, during interviews. This provision aims to balance the investigative process, providing employees with support and ensuring fair treatment. By allowing for legal representation, the PIA helps to mitigate power imbalances and protects the interests of the individuals involved.
Businesses must be aware of these rights and incorporate them into their internal investigation procedures. Failure to do so could result in non-compliance with the PIA, leading to significant legal and financial repercussions. Companies must educate their investigative staff on these rights and ensure that all interviews and investigative processes adhere to the standards set by the PIA. This proactive approach can help prevent legal issues and foster a more equitable investigation environment.
Risks of Non-Compliance
Non-compliance with the PIA carries various sanctions, including administrative, GDPR, and criminal penalties. Administrative sanctions may involve the refusal, suspension, or withdrawal of the investigation license and administrative fines up to EUR 25,000. GDPR violations could lead to administrative fines up to EUR 20 million or 4% of the total annual worldwide turnover. These substantial fines highlight the importance of adhering to the regulatory framework established by the PIA to avoid severe financial repercussions.
Additionally, evidence collected in violation of specific provisions of the PIA, such as lacking necessary licenses or written policies, may be deemed inadmissible in court. This could severely impact a company’s ability to defend itself in legal proceedings. Criminal sanctions, separate from administrative and GDPR penalties, may also be imposed for non-compliance, further highlighting the importance of adhering to the new regulations. By ensuring compliance with all aspects of the PIA, companies can protect themselves from these potential legal challenges and maintain the integrity of their investigative activities.
Criteria for Applicability and Timeline
The PIA comes into force on December 16, 2024, with notable exceptions. Companies must submit a valid license request if they were lawfully conducting private investigations by June 16, 2025. Employees must complete required training and obtain a license card within 18 months after their company receives a license. This staggered implementation timeline allows businesses to gradually adjust to the new requirements and ensure that all personnel involved in investigations are properly trained and licensed.
Policy implementation is another critical step for businesses to comply with the PIA. An internal investigation policy must be in place by December 16, 2026, giving companies ample time to develop and adopt comprehensive internal regulations. These policies must align with the PIA’s requirements and ensure that all investigative activities are conducted legally and ethically. By meeting these deadlines, businesses can demonstrate their commitment to compliance and avoid potential legal issues related to the PIA.
Next Steps for Businesses
Belgium has introduced a new Private Investigation Act (PIA), published in the Official Gazette on December 6, 2024, and predominantly effective from December 16, 2024. This new legislation signifies a major transformation in the legal framework governing private investigations in the country. It replaces the outdated 1991 Belgian Act on Private Detectives, bringing the legal environment up to modern standards. The PIA is designed to accommodate contemporary investigation techniques while ensuring alignment with the General Data Protection Regulation (GDPR). Importantly, the scope of the PIA has been expanded to include internal investigations. This introduces significant new obligations for businesses operating within Belgium, mandating them to adhere to rigorous standards in their investigative practices. The enactment of the PIA reflects Belgium’s commitment to maintaining robust regulatory standards and protecting individual privacy within the context of private investigations.