The tax authority is not equipped to assess EU grant compliance. The EU anti-fraud office is not designed to detect personnel cost fraud. The EPPO does not investigate contractual irregularities or inflated cost declarations. The data protection authority is not mandated to investigate EU budget fraud. The labour court does not audit EU grant accounts. Every institution processes its piece, the complete picture exists only with the person who lived it, the one carrying all the files, writing all the letters, and paying all the bills.
Nine institutions, late action, no full picture
In October 2023 you report to SPF Finance, Belgium’s federal tax authority, that your employer had failed to withhold and remit professional salary tax, a statutory obligation. Three personal tax assessments land in your name: €2,292.69, €2,764.86, €1,086.84, for an obligation the law places entirely on the employer. You pay all three. The tax authority tells you everything was done correctly by you, “contact your employer”. The employer refuses to take accountability and you keep receiving tax bills, so you file a formal complaint. Nothing happens for two years, until you mention, in writing, that OLAF and EPPO are already involved. Just then, two investigations are opened: CKLOK/ACA/25/1343 and 2025/07/92096. The same facts, the same evidence, the same EU-funded NGO. Under Article 337 CIR 92, SPF Finance cannot share their findings with the person whose taxes were not withheld.
The SPF Employment (French: SPF Emploi, Travail et Concertation sociale) is the authority tasked with enforcing labour law, empowered to protect you. After one letter asking support, they do not answered basic, legally relevant questions and dismiss the case. The response remains in writing: “my department is not or no longer authorized to intervene in the facts that you are reporting”.
The Belgian National Social Security Office (ONSS, French: Office National de Sécurité Sociale) also opened an investigation, SR3267824, to find itself unable to prove and further reffer it back to SPF Finance.
You take the same complaint to the Belgian Federal Ombudsman. They dismiss it twice, the allegations are categorized as a private matter, outside their mandate. You submit again, with structured documentary evidence. The ombudsman reverses its position, the whistleblower status is confirmed on the third attempt, after you are asked to debate yourself the merits of the facts.
The EU anti-fraud office, two investigations for the same facts
You file a formal whistleblower complaint with the EU’s anti-fraud office through the secured Fraud Notification System, case OC/2024/1165. Six months pass. Then OLAF writes to inform you the facts are “liable to be relevant for criminal prosecution” and have been forwarded to the European Public Prosecutor’s Office.
What that message does not mention: EPPO had already closed the file five months earlier, in November 2024, on the same facts OLAF is now describing as criminally significant.
In October 2025, sixteen months after the first OLAF complaint, the Director-General opens a second investigation: OC/2025/0568. The investigator writes directly by email, requesting all files. Same facts, same evidence, same EU-funded NGO, two separate OLAF cases, sixteen months apart. The EU-funded NGO is still active, still receiving EU funds.
The Prosecutor that closed the file in four days, on a Saturday
In November 2024, four days after your original submission, EPPO, The European Public Prosecutor Office issues closure letter P.001733/2024 – PP.02676_2024_EN. The conclusion: outside EPPO’s competence. Case closed. The office “will not be in a position to respond to any queries regarding your report”. The same letter states: “for reasons of operational security, the EPPO is currently unable to process external links and e-mail attachments”.
The attachments were the evidence; the case was closed without the evidence being reviewed.
Five months later, EPPO’s Head of Communication writes that the office has a process for reopening cases and that “any new, relevant information may lead to a reconsideration”. The November 2024 closure letter had stated the opposite, categorically, in writing. Both letters are on the record. The full exchange is published at the end of this article.
The data that was declared deleted, then produced in court three days later
After repeated refusals to provide access to your own data, you file a formal complaint with the Belgian Data Protection Authority, APD, DOS-2024-05238. The records at issue: the timesheets the EU-funded NGO created, circulated internally, and used to claim EU reimbursements in your name.
The NGO’s response, filed with the APD: a sworn statement signed by the director declaring all personal data deleted. Three days later, the same EU-funded NGO produce emails from years earlier in a separate court proceeding, archived the day after the declared deletion. The APD proceedings are ongoing. The EU-funded NGO is still active, still receiving EU grants.
You then ask the EU’s own grant management agencies whether they hold any individual-level data identifying you in the personnel cost claims submitted in your name. CINEA, REA, and other EU agencies confirm: no. Under H2020 and Horizon Europe, beneficiaries report aggregate person-months per work package, not individual names. Confirmed in writing by CINEA, reference Ares(2026)805786.
The implication is precise and documented: the European Commission cannot verify, from its own records, whether hours attributed to specific people in beneficiary timesheets correspond to work actually performed. The only records that could answer that question were held by the NGO. The NGO declared them deleted.
The statement no one can reconcile
The timesheets at the centre of the GDPR dispute are the same files at the centre of everything else. Created by the EU-funded NGO, distributed to the project team, used to justify EU cost reimbursements. Submitted to Belgian authorities and European institutions. Declared deleted by the EU-funded NGO.
Before the Belgian Labour Court, Tribunal du travail francophone de Bruxelles, RG 24/4345/A, the EU-funded NGO states in its formal submissions that the hours recorded in those files “ne représentent aucunement les heures de travail prestées”: they do not in any way represent hours worked.
The same files. the same hours, submitted to the European Commission to justify personnel cost reimbursements, denied in court as representing actual work.
Both cannot be true. One set of statements was made to obtain EU funding, the other was made before three judges. No authority currently holds both simultaneously.
The labour court covers labour violations; it does not cover EU grant compliance, does not challenge a director’s €1.000 per day remuneration fees, or 180+ parallel project hours declared in one month per person. The EU-funded NGO is still active, still receiving EU grants.
The EU contract clauses nobody invoked
The Commission has known about this since at minimum 2024. The H2020 Model Grant Agreement gives the European Commission the right to terminate a grant when a beneficiary fails to pay wages and social security contributions. The same agreements require beneficiaries to retain supporting records for five years after final payment.
The EU-funded NGO failed to withhold salary taxes across three consecutive years. It declared all records deleted while active grants were still running. Both are documented, neither triggered any Commission action, the grants continued.
The legal motion that failed, €5,000 per post, per day
After two years of institutional complaints produced no visible result, you published: cross-registry analysis drawn from public records and documents lawfully obtained during employment.
The EU-funded NGO filed a legal motion seeking to stop all publication on LinkedIn and any other platform. Proposed penalty: €5,000 per post, per day.
The court rejected it in March 2026. Article 11 of the EU Charter of Fundamental Rights and Article 10 of the European Convention on Human Rights held.
An organisation receiving millions in EU grants deployed professional legal resources to intimidate and silence a journalist and a formally recognised whistleblower. The attempt failed, but legal proceedings cost money to defend regardless of outcome. The intimidation effect requires no successful outcome to function.
Why going public and why building what the system refused to build
When every formal channel has been exhausted, when the file sits open across nine institutions simultaneously and none holds the complete picture, when the EU-funded NGO at the centre of it all continues receiving public money throughout, publication is the only accountability mechanism left.
This is all about a system that processes complaints in fragments, refers citizens in circles, and produces no outcome unless someone forces the complete picture into public view, as the only working resort.
The defamation injunction came after partial publication, not before. An organisation with access to millions in EU grants tried to use the courts to put the information back in the box. The court said no. That matters because it means the information stays visible, and visible information demands answers.
What the numbers say that no institution was required to calculate
€7.89 billion in EU grants to Belgian NGOs between 2014 and 2024. Four concluded OLAF investigations in a decade, in the country that hosts OLAF. 45 HR audits in eight years, correcting €1.2 million out of €7.89 billion.
285 organisations managing €1.74 billion with no public accounts filed. Zero concluded Horizon Europe HR audits of Belgian non-profits.
One organisation. 20+ simultaneous EU grants at peak. 1–4 declared employees. No accounts filed with the National Bank of Belgium. Monthly hours in internal project files reaching 180+ per person. Two OLAF investigations opened on the same facts, sixteen months apart. A sworn deletion declaration contradicted by the NGO’s own lawyers three days later.
The data required to see this was always public, in four registries, on four portals, it had simply never been connected. I connected it: 758 verified entities, €7.89 billion, four registries, one methodology, fully documented and reproducible.
The questions this article cannot answer, but you should ask
What does Europe actually protect when a whistleblower reports? The person, the procedure, or only the appearance that a procedure exists?
If one file can cross tax law, labour law, social security, data access, project reporting, anti-fraud oversight and still never be seen whole by one authority, what exactly is the citizen supposed to trust?
If an organisation declares records deleted to a data protection authority on a Tuesday, and its lawyers produce those same records in court on a Friday, who is responsible for that contradiction?
If the EU anti-fraud office describes facts as liable for criminal prosecution, and the European Public Prosecutor had already closed the file on those same facts, which assessment is correct, and who decided?
If the H2020 Model Grant Agreement gives the European Commission the right to terminate a grant when a beneficiary fails to pay wages and social security contributions, and that failure is documented, reported, and confirmed, why did the grants continue?
If 83.8% of Belgian EU grant recipients produce no publicly verifiable expenditure record, and EU HR audit coverage stands at 0.015% of the total grant universe, what exactly is being overseen?
The only conclusion the record supports
Incompetence has a solution: clearer mandates, cross-institutional coordination, better systems. What the record shows is not the absence of tools. The tools exist, the clauses exist, the enforcement rights exist. None were used.
I am Anca Păduraru, journalist, data analyst, former NGO insider. I know how the system works from inside it. This is my story, it is documented, it is reproductible. Anyone with the will to look can see exactly what I saw. The question is no longer whether it is visible, the question is who, in Europe, will act on what is now visible.
