DOJ's National Security Division Issues First Declination Under New Corporate Enforcement Policy
BIS Imposes Significant Civil Penalty for Related Export Controls Violations
Highlights
- The U.S. Department of Justice's (DOJ) National Security Division issued its first declination under a revised Corporate Enforcement Policy, citing a non-U.S. company's voluntary self-disclosure, full cooperation and extensive remediation efforts.
- In a parallel civil enforcement action, the Bureau of Industry and Security (BIS) imposed a $36 million penalty for violations involving exports from the non-U.S. company to a China-based party on the Entity List, underscoring the continued prioritization of export enforcement.
- The coordinated resolutions highlight the benefits of prompt self-disclosure and cooperation in certain circumstances and also serve as a reminder of the complex export compliance risks facing non-U.S. companies that manufacture or ship products subject to the Foreign Direct Product Rule.
The U.S. Department of Justice (DOJ) recently announced the first declination of prosecution by its National Security Division (NSD) under the revised departmentwide Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP), which was announced in March 2026. The DOJ investigation – alongside a parallel civil enforcement action by the U.S. Department of Commerce's Bureau of Industry and Security (BIS) – is the most recent example of U.S. enforcement authorities targeting a non-U.S. company for export control violations.
The DOJ declination resolved NSD's investigation into Robert Bosch GmbH (Bosch) for alleged exports by two Bosch subsidiaries of foreign-produced sensor products and software to Huawei Technologies Co., Ltd. (Huawei), as well as its affiliates in China, without the required authorizations from BIS. In parallel, BIS announced a civil penalty of approximately $36 million against Bosch – equal to half of the exports at issue – for violations of the Export Administration Regulations (EAR) involving the Foreign Direct Product Rule (FDPR).
The coordinated resolution underscores the tangible benefits of voluntary self-disclosure and cooperation – both with respect to DOJ, which declined prosecution, and BIS, which credited the company's cooperation in reducing the penalty amount. It also illustrates the potential consequences of inadequate export controls compliance, particularly regarding the FDPR, which continues to be a central focus of BIS enforcement and can create exposure for transactions that occur entirely outside of the U.S.
The DOJ Declination: What Bosch Did Right
The Bosch declination is the first time NSD has declined prosecution of a company under the revised CEP announced in March 2026 and only the second DOJ-wide declination under the revised policy.
Under the revised CEP, DOJ will decline to prosecute a company when four conditions are met:
- The company voluntarily self-discloses the misconduct to an appropriate DOJ component.
- The company fully cooperates with the investigation.
- The company timely and appropriately remediates the identified misconduct.
- No aggravating circumstances exist that would warrant prosecution.
On March 30, 2026, NSD issued further guidance explaining that voluntary self-disclosures of national security-related matters should be directed to NSD under the new CEP and confirming that enforcing U.S. export control and sanctions laws "is a top priority for NSD."
In announcing the Bosch resolution, Assistant Attorney General for National Security John Eisenberg stated that the declination "reflects the clear benefits for companies that promptly disclose potential violations and fully assist in our investigations" and described it as "a first-of-its-kind decision by NSD" that "highlights the important role of transparency in safeguarding U.S. technology and national security." DOJ credited Bosch with meeting each of the CEP's requirements:
- Voluntary Self-Disclosure. Bosch voluntarily disclosed the misconduct to NSD while its internal investigation was still underway.
- Full Cooperation. Bosch fully cooperated with NSD's investigation by preserving and proactively disclosing relevant facts, information and documents, along with promptly responding to NSD's subsequent requests.
- Timely and Appropriate Remediation. Bosch made organizational changes, imposed disciplinary action, added 66 employees to its trade compliance organization, expanded its U.S. trade compliance resources and updated internal policies and procedures.
- Absence of Aggravating Circumstances. Bosch's violations were not the result of willful conduct, and no aggravating factors were present.
The declination is conditioned upon Bosch's agreement to disgorge approximately $11.4 million, representing the pre-tax profits from its sales to Huawei. A portion of this disgorgement will be credited toward the $36 million civil penalty imposed by BIS. DOJ also cited the BIS civil penalty as evidence of the "adequacy of regulatory remedies" – an additional factor DOJ considered in declining prosecution.
The BIS Case
In addition to securing a DOJ declination, Bosch's self-disclosure and cooperation also led to substantial mitigation of the BIS penalty amount, with BIS providing a 50 percent reduction in its penalty calculation. Still, even the mitigated penalty of $36 million is a significant one from BIS, highlighting the serious consequences of even non-willful compliance mistakes. As BIS Assistant Secretary for Export Enforcement David Peters stated, the BIS settlement agreement "should serve as a warning to embrace compliance and as an example of the benefits of voluntary self-disclosure."
The Alleged Violations
BIS issued a Proposed Charging Letter alleging that Bosch committed 109 violations of Section 764.2(a) of the EAR. Between September 2020 and September 2024, Bosch, through two German subsidiaries, exported from abroad approximately $72 million worth of Micro-Electro-Mechanical Systems (MEMS) sensor products and software to Huawei and its affiliates. The MEMS sensors at issue have a broad range of consumer applications, including in smartphones, wearable technology and automobiles.
These items were entirely foreign-made and exported to Huawei from outside of the U.S. However, the relevant FDPR made the items subject to the EAR because the items were produced by a plant or major component of a plant (i.e., production equipment) located outside of the U.S., which was itself the direct product of specified U.S.-origin technology or software identified in the relevant FDPR. As such, the foreign-made items were subject to a license requirement when exported to Huawei or its affiliates included on the BIS Entity List.
BIS highlighted a number of compliance errors that led to the violations. First, according to BIS, Bosch's trade compliance team was not sufficiently staffed or trained to provide accurate guidance on the complex requirements of the FDPR, with the U.S.-based export controls compliance team consisting of only two employees at the time. BIS also emphasized missed opportunities where third-party companies identified potential applications of the FDPR to their products or equipment used in providing services to Bosch. As stated in the charging documents, Bosch or its subsidiary received multiple inquiries from such third parties raising potential FDPR issues, including one that referenced the $300 million penalty imposed by BIS against Seagate Technology LLC in 2023 for FDPR violations, which remains the largest standalone administrative penalty in BIS history. Due to "a lack of compliance processes during the relevant period," Bosch personnel overlooked these warnings and continued to rely on an erroneous understanding of the FDPR's application to the items exported to Huawei.
Takeaways
The Bosch enforcement action includes several important takeaways for companies engaged in international trade.
Concrete Benefits of Voluntary Self-Disclosure and Cooperation
The cooperative approach taken by Bosch led to NSD's declination under the revised CEP, avoiding criminal prosecution that could have resulted in severe consequences. Moreover, while Bosch faced a substantial civil penalty, that penalty represents only half of the exports at issue, reflecting substantial mitigation from BIS. Companies that become aware of potential export control violations should seriously consider the advantages of prompt self-disclosure and robust remediation, including whether disclosures to DOJ, BIS or both are warranted.
On this front, companies should note that under the CEP, a disclosure made only to a regulatory agency (such as BIS) but not to DOJ generally does not qualify for credit from DOJ, though good faith disclosures to such agencies may qualify at DOJ's discretion. For this reason, a disclosure strategy should account for parallel civil and criminal enforcement regimes. Especially in situations that may involve willful conduct, a voluntary self-disclosure to BIS alone may not, by itself, protect a company from potential criminal prosecution.
The FDPR Is a Powerful Enforcement Tool, and Companies Must Plan Accordingly
Nearly three years after the Seagate enforcement action, BIS continues to pursue enforcement cases using the FDPR against non-U.S. companies even when products are manufactured and shipped entirely outside the U.S. Moreover, although both this case and the Seagate matter involved Huawei, companies should not view FDPR risk as limited to Huawei. Other sections of the FDPR can reach other restricted destinations, end users and end uses, including certain exports to parties on the Entity List, end users in Russia, Belarus, Crimea or Iran, as well as exports involving certain military- or space-related items, advanced computing, supercomputing or semiconductor manufacturing equipment.
If a product was made using specified technology or software subject to the EAR at any point in the production process – even if produced entirely abroad – companies can face serious enforcement risk when exporting to such restricted end users or destinations without a license. Companies should also note that 1) the EAR defines "production" broadly to include all production stages, such as production engineering, manufacture, integration, assembly (mounting), inspection, testing and quality assurance, and 2) use of U.S.-origin technology and software in the production of equipment used to make the foreign product can also trigger FDPR controls (a particularly challenging aspect of the FDPR). Given the enforcement focus of BIS in this area, both U.S. and non-U.S. companies should carefully assess their exposure throughout every stage of production under the FDPR.
Compliance Staffing and Training Are Critical
The settlement makes clear that BIS expects industry to staff and train compliance personnel to adequately analyze and apply the EAR's complex and often evolving compliance requirements, including the different ways that the EAR can catch foreign-made products. That is particularly so when a company receives outreach from third-party suppliers indicating that the FDPR may apply. The case also highlights the difference between determining whether the de minimis rule applies, which depends on the amount of incorporated U.S.-origin content that is controlled for a given destination, or whether the FDPR applies, which depends on the software, technology and equipment used to produce an item rather than incorporated content. Companies should ensure that compliance teams understand the full reach of U.S. export controls and have sufficient staffing, resources and recurring training to keep pace with rapidly changing rules in this area.
Holland & Knight Can Help
Holland & Knight's International Trade Group will continue to monitor this space and is available to advise companies navigating export controls compliance obligations and related government inquiries. If you have questions on this alert or Holland & Knight's International Trade practice, contact the authors.
Information contained in this alert is for the general education and knowledge of our readers. It is not designed to be, and should not be used as, the sole source of information when analyzing and resolving a legal problem, and it should not be substituted for legal advice, which relies on a specific factual analysis. Moreover, the laws of each jurisdiction are different and are constantly changing. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. If you have specific questions regarding a particular fact situation, we urge you to consult the authors of this publication, your Holland & Knight representative or other competent legal counsel.