Reporting persons shall qualify for protection under this Directive provided that:
(a) they had reasonable grounds to believe that the information on breaches reported was true at the time of reporting and that such information fell within the scope of this Directive; and
(b) they reported either internally in accordance with Article 7 or externally in accordance with Article 10, or made a public disclosure in accordance with Article 15.
2. Without prejudice to existing obligations to provide for anonymous reporting by virtue of Union law, this Directive does not affect the power of Member States to decide whether legal entities in the private or public sector and competent authorities are required to accept and follow up on anonymous reports of breaches.
3. Persons who reported or publicly disclosed information on breaches anonymously, but who are subsequently identified and suffer retaliation, shall nonetheless qualify for the protection provided for under Chapter VI, provided that they meet the conditions laid down in paragraph 1.
4. Persons reporting to relevant institutions, bodies, offices or agencies of the Union breaches falling within the scope of this Directive shall qualify for protection as laid down in this Directive under the same conditions as persons who report externally.