1. Member States shall designate the authorities competent to receive, give feedback and follow up on reports, and shall provide them with adequate resources.
2. Member States shall ensure that the competent authorities:
(a) establish independent and autonomous external reporting channels, for receiving and handling information on breaches;
(b) promptly, and in any event within seven days of receipt of the report, acknowledge that receipt unless the reporting person explicitly requested otherwise or the competent authority reasonably believes that acknowledging receipt of the report would jeopardise the protection of the reporting person's identity;
(c) diligently follow up on the reports;
(d) provide feedback to the reporting person within a reasonable timeframe not exceeding three months, or six months in duly justified cases;
(e) communicate to the reporting person the final outcome of investigations triggered by the report, in accordance with procedures provided for under national
…