Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

DOJ Issues First Corporate Enforcement Policy Declination: Lessons from Bosch’s FDPR Export Control Resolution

By Faith Dibble & Thad McBride on July 9, 2026
Email this postTweet this postLike this postShare this post on LinkedIn
1783622438-3844514-9893-lxb_photoVvh_9ooeEZ0lxb_photo-
David Trinks, Unsplash

Table of Contents

  • Key Takeaways
  • Background: Bosch's Conduct
  • How DOJ Applied the Corporate Enforcement Policy to Bosch
  • Terms of Bosch’s BIS Settlement Agreement
  • Export Compliance Takeaways from the Bosch Declination

Link to Key Takeaways Key Takeaways

  • DOJ’s Corporate Enforcement Policy (CEP) provides a concrete path to avoid criminal prosecution for export control violations when companies voluntarily self-disclose, fully cooperate, and implement meaningful remediation.
  • Early disclosure is critical. Bosch reported potential FDPR violations to DOJ while its internal investigation was still ongoing, which DOJ specifically highlighted as a factor supporting the declination.
  • A declination does not eliminate financial consequences. Bosch will pay approximately $40 million in combined civil penalties and disgorgement, demonstrating that self-disclosure reduces criminal risk but does not guarantee full immunity from enforcement costs.

On June 17, the U.S. Department of Justice (DOJ) National Security Division (NSD) announced its first declination under the Department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP), declining to prosecute Robert Bosch GmbH (Bosch) for potential criminal violations of the Export Control Reform Act (ECRA).

The declination marked NSD’s first application of the CEP, which DOJ adopted in March 2026 to incentivize voluntary self-disclosure of criminal corporate misconduct, including matters implicating U.S. trade controls. The resolution reflects the balance DOJ is striking in its current enforcement posture: a commitment to pursuing export control violations as a top national security priority, coupled with a concrete path to avoid criminal prosecution for companies that promptly self-disclose, fully cooperate, and invest in meaningful remediation.

Link to Background: Bosch’s Conduct Background: Bosch’s Conduct

Bosch is a German multinational engineering, technology, and services company headquartered in Germany. Its operations span mobility, industrial technology, consumer goods, and energy and building technology sectors.

According to the NSD, from approximately September 2020 through September 2024, two Bosch German subsidiaries, Bosch Sensortec GmbH (BST) and ETAS GmbH (ETAS), made unauthorized shipments of Micro-Electro-Mechanical Systems (MEMS) sensor products and automotive software to Huawei and certain Entity List affiliates.

Although the products were manufactured outside of the United States, they were nonetheless subject to the U.S. Export Administration Regulations (EAR) under the Foreign Direct Product Rule (FDPR), which extends U.S. export control jurisdiction to certain foreign-produced items that are the direct product of, or produced by equipment that is itself the direct product of, specified U.S.-origin technology or software.

Where the FDPR applies, and the end user is an Entity List party such as Huawei, companies must obtain a license from the Commerce Department’s Bureau of Industry and Security (BIS) before exporting, re-exporting, or transferring the covered items. BST and ETAS shipped approximately $72.4 million worth of products to Huawei and its Entity List affiliates without obtaining a BIS license, generating approximately $11.4 million in pre-tax profits and exposing Bosch to significant civil penalties and potential criminal prosecution.

DOJ highlighted the inadequacies of Bosch’s trade compliance efforts during the relevant period, noting that Bosch’s trade compliance personnel were “ill-equipped to provide accurate guidance” on the FDPR and that sales continued despite third-party warnings identifying potential issues.

Link to How DOJ Applied the Corporate Enforcement Policy to Bosch How DOJ Applied the Corporate Enforcement Policy to Bosch

DOJ declined to pursue criminal charges against Bosch based on the company’s satisfaction of the CEP criteria, which establish a uniform framework across DOJ for evaluating corporate voluntary self-disclosures, cooperation, and remediation.

Under Part I of the CEP, DOJ will decline prosecution when a company does the following:

  1. Voluntarily self-discloses misconduct to an appropriate DOJ criminal component
  2. Fully cooperates with the ensuing investigation
  3. Timely and appropriately remediates
  4. Presents no aggravating circumstances that would warrant a criminal resolution

Upon discovering the potential violations, Bosch took several measures consistent with the CEP’s requirements:

  • Voluntary self-disclosure. Bosch proactively reported the conduct to NSD’s Counterintelligence and Export Control Section (CES) and BIS while its internal investigation was still ongoing.
  • Full cooperation. Bosch disclosed pertinent facts, preserved and produced relevant documents and information, and provided prompt responses to CES requests.
  • Timely remediation. Bosch made significant organizational investments in strengthening its compliance programs, including engaging external counsel, adding 66 trade compliance employees, and updating its written compliance materials to better address FDPR requirements.

DOJ also cited the adequacy of parallel regulatory remedies, specifically, a $36 million BIS civil penalty, as a factor supporting the declination. The declination requires Bosch to disgorge $11,430,098 in pre-tax profits, with DOJ crediting $7,829,069 already paid to BIS for 109 alleged violations of the EAR arising from the same underlying conduct.

Link to Terms of Bosch’s BIS Settlement Agreement Terms of Bosch’s BIS Settlement Agreement

The BIS Settlement Agreement emphasizes mitigating factors that closely parallel DOJ’s CEP framework. Specifically, BIS credited Bosch’s immediate halting of the transactions, engagement of external counsel, and timely filing of a voluntary self-disclosure with the agency.

BIS further acknowledged Bosch’s “full” cooperation with the Office of Export Enforcement and the company’s senior management commitment of “significant resources and attention” to addressing noncompliance and carrying out remediation. These factors – prompt disclosure, cooperation, and remediation – mirror the first three criteria of the CEP’s declination framework.

Notably, BIS’s Proposed Charging Letter also details how Bosch’s trade compliance personnel failed to act on third-party warnings about FDPR applicability, including during a period when the company was focused on addressing the global semiconductor shortage. This context may have informed BIS’s characterization of the violations as the product of inadequate compliance infrastructure rather than willful evasion, though the document does not explicitly identify it as a mitigating factor. The penalty amount of $36 million, relative to the transaction value of approximately $72 million, suggests that BIS treated Bosch’s violations as “non-egregious” violations disclosed through voluntary self-disclosure pursuant to the BIS Penalty Guidelines, under which the base penalty amount is set at up to one-half of the transaction value.

Link to Export Compliance Takeaways from the Bosch Declination Export Compliance Takeaways from the Bosch Declination

The Bosch resolution offers several important lessons for companies navigating export control risks:

  • Self-disclosure is effective. This outcome confirms that NSD will decline prosecution for export control violations when CEP criteria are met. As Assistant Attorney General for National Security, John A. Eisenberg stated, “Bosch’s cooperation and timely remediation met the high standards set by the Corporate Enforcement Policy, supporting a fair and efficient resolution. This first-of-its-kind decision by NSD highlights the important role of transparency in safeguarding U.S. technology and national security.” The Bosch outcome stands in stark contrast to the Cadence Design Systems enforcement action, in which Cadence agreed to plead guilty and pay over $140 million in combined net criminal and civil penalties for unlicensed exports of controlled technology to an Entity List-designated party, a resolution driven in part by Cadence’s failure to voluntarily self-disclose, among other factors. Although the Cadence matter pre-dated the CEP, it illustrates the significantly harsher outcomes companies may face when they do not come forward promptly.
  • Declinations still carry significant costs. Bosch will pay roughly $40 million in combined civil penalties and disgorgement. Companies should not assume that self-disclosure eliminates all financial consequences; rather, it reduces the risk of criminal prosecution, debarment from U.S. government contracts, and denial of export privileges.
  • Early disclosure is persuasive. DOJ specifically highlighted that Bosch disclosed while its internal investigation was still ongoing. This aligns with the CEP’s stated preference for “disclosure at the earliest possible time” and underscores that time is of the essence when responding to suspected noncompliance.
  • The FDPR’s jurisdictional reach is expansive. The Bosch products at issue were foreign-made items, shipped from abroad, by non-U.S. subsidiaries. Yet U.S. export controls applied because of the FDPR. Multinational companies should evaluate whether their products, even those manufactured entirely outside the United States, may be subject to the EAR under the FDPR, particularly where Entity List parties are involved.

Please contact the authors if you have any questions. The authors wish to thank summer associates Megan Sibree and Anastasia Sorochinsky for their contributions to this content.

Photo of Faith Dibble Faith Dibble

Faith Dibble counsels clients as they navigate the complex regulations associated with a global marketplace. She advises clients on international trade and complex cross-border transactions, investigations, and regulatory and compliance matters relating to U.S. national security.

Read more about Faith DibbleEmail
Photo of Thad McBride Thad McBride

Thad McBride advises public and private companies on the legal considerations essential to successful business operations in a global marketplace. He focuses his practice on counseling clients on compliance with U.S. export regulations (ITAR and EAR), economic sanctions and embargoes, import controls (CBP)…

Thad McBride advises public and private companies on the legal considerations essential to successful business operations in a global marketplace. He focuses his practice on counseling clients on compliance with U.S. export regulations (ITAR and EAR), economic sanctions and embargoes, import controls (CBP), and the Foreign Corrupt Practices Act (FCPA). He also advises clients on anti-boycott controls, and assists companies with matters involving the Committee on Foreign Investment in the United States (CFIUS). Thad supports international companies across a range of industries, including aviation, automotive, defense, energy, financial services, manufacturing, medical devices, oilfield services, professional services, research and development, retail, and technology. Beyond advising on day-to-day compliance matters, Thad regularly assists clients in investigations and enforcement actions brought by government agencies, including the U.S. Department of Justice (DOJ), the U.S. Treasury Department Office of Foreign Assets Control (OFAC), the U.S. State Department Directorate of Defense Trade Controls (DDTC), Customs and Border Protection (CBP), the U.S. Commerce Department Bureau of Industry & Security (BIS), and the Securities & Exchange Commission.

Read more about Thad McBrideEmail
Show more Show less
  • Posted in:
    Corporate Governance and Compliance
  • Blog:
    GovCon & Trade
  • Organization:
    Bass, Berry & Sims PLC
  • Article: View Original Source

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo