Belgium: Private Investigation Law – How it affects you

in short

Belgium’s new Private Investigators Act (PIA) was published in the Official Gazette (in French and French) on 6 December 2024, with most of its provisions entering into force on 16 December 2024. The PIA replaces the Belgian Private Investigators Act of 1991 and aims to modernize the applicable legal framework in line with new investigative methods and the application of the General Data Protection Regulation (GDPR). With its wider scope of application (the legislation now also applies to internal investigations) and the important additional requirements it imposes, the PIA will undoubtedly affect many businesses operating in Belgium.

content

1. Is my company affected?
2. What to look out for when conducting an internal investigation: Key obligations
3. What are the risks if there is non-compliance?
4. When does the Private Investigators Act apply?
5. Next steps

Many companies operating in Belgium will be affected by this new legislation, which applies not only to private investigations conducted by traditional external investigators, but also to internal investigations conducted in Belgium. PIA applies to Internal Investigation Servicesthat is, a service organized by a natural or legal person for its own needs to carry out private investigation activities in a structured manner, which means that private investigation activities must be part of the tasks of at least one partner. This includes investigative activities within the same company group.

private investigative activities Defined as activities carried out by natural persons at the request of a principal, including the collection and processing of information about natural or legal persons or about the specific circumstances of crimes committed by these persons. The purpose of a private investigation is to provide the client with information obtained in order to safeguard his or her interests in the event of a potential or active dispute or to research a missing person or lost/stolen item.

Certain activities are outside the scope of PIA, such as:

• Professional activities of notaries, lawyers, bailiffs, journalists, auditors and statutory auditors.
• Activities and professions that specifically seek to identify, analyze, and address cybersecurity incidents.
• Activities carried out to fulfill legal obligations on behalf of the client, such as investigations within the framework of a whistleblower report or complaints regarding psychosocial risks at work (carried out by a health and safety prevention consultant). However, a PIA is applicable when the findings are used outside of the pure fulfillment of a legal obligation (which seems to be a difficult line to draw in practice).

The PIA imposes a number of onerous obligations that must be adhered to when conducting an internal investigation, the most important of which are:

• license: Private investigation firms and internal investigation services must obtain prior authorization or permission from the Ministry of the Interior to legally conduct private investigations in Belgium. The license is valid for five years and is renewable. This requires not having a criminal record for certain criminal offenses, undergoing certain training, being a national of that country and having a principal residence In the European Economic Area (EEA) or Switzerland (or Private Investigator in the UK).
  Please note that exemptions from license requirements apply to Internal human resources department These agencies conduct private investigations in the context of “incident investigations” (a concept that has not yet been defined) against employees, based on the employer’s needs. Although HR departments are not permitted to obtain Home Office authorization in this case, they must comply with the other requirements of the PIA.
• Internal regulations/policies: An employer may only initiate an internal investigation of its employees if it has implemented internal regulations or policies that provide clear and transparent information regarding the permissibility and mode of the investigation. Companies have until December 16, 2026 to implement such internal regulations or policies.
• Mission Statement or Mission Register: Before commencing any investigation, a written mission statement must be entered into between the principal and the agent, which must describe the scope, purpose and duration of the mission and other mandatory information enumerated in the PIA. For internal investigations, if the private investigator is employed by a client, the private investigator must maintain an up-to-date assignment register that contains many specific information requirements, rather than an assignment statement, and keep it for five years.
• investigation report: The attorney must provide the client with a written investigative report (with certain mandatory content) no later than one month after the last investigative action.
• GDPR and privacy obligations: Investigations in certain specific areas are expressly prohibited (for example, investigations into the political, religious or philosophical beliefs, racial or ethnic origin, etc. of the person under investigation). In addition, PIA requires the prior consent of the person under investigation for specific areas of investigation (e.g., investigating someone’s family, financial or professional situation) and investigation methods (e.g., interviews). In addition, if the principal wishes to use the information and personal data contained in the investigative report, the agent must be notified in writing within 30 days of receipt of the report. The agent must then provide specific written mandatory information to the person being investigated and any other person identifiable in the report, including their rights of access, correction, and deletion. The client shall not use the information contained in the investigative report without first notifying the respondent and any other identifiable persons and giving them an opportunity to exercise their rights.
• legal aid: Respondents may request assistance from a person of their choice (e.g., attorney, union representative) during the interview.

Failure to comply with a PIA may result in a range of sanctions:

• administrative penaltyincluding non-delivery, suspension or revocation of licenses and administrative fines of up to 25,000 euros.
• GDPR Sanctionsincluding administrative fines of up to 20 million euros or 4% of global annual turnover.
• The evidence is invalid The information collected violates specific provisions of the PIA and therefore will not be supported in court. In particular information that conducts private investigations without the necessary licenses or necessary internal regulations or policies (as of December 16, 2026), relates to prohibited areas (see above) or involves private investigators (who knew or should have) or evidence. known to be) obtained illegally.

The above provisions are without prejudice to the criminal sanctions that may be imposed.

The provisions of PIA apply From December 16, 2024except for the following situations:

• Valid requests to obtain a license must be submitted by private investigation firms and in-house investigation services lawfully carrying out private investigation activities within six months of the PIA coming into effect from December 16, 2024, i.e. June 16, 2025.
• Employees of the private investigation firms and internal investigative services listed above 18 months After their company obtains a license, it must undergo required training and obtain a license card.
• Internal regulations or policies must be implemented within two years of the PIA becoming effective, i.e. December 16, 2026.

The PIA will undoubtedly have a significant impact on many businesses operating in Belgium, which will need to rethink their internal investigation processes in light of the new requirements it imposes, taking into account existing privacy and GDPR requirements, particularly as they apply to access to employee emails and other electronic communications.

Please feel free to contact the experts at Baker McKenzie’s Brussels office for help assessing the impact of a PIA on your current internal investigation processes and the documentation and policies required for implementation.