DOJ’s National Security Division Issues Its First Corporate Declination Under New Corporate Enforcement Policy

DOJ Declination and Parallel BIS Consent Order With Non-U.S. Company Reflects Continued Enforcement Focus on Export Controls

On June 17, the Department of Justice (DOJ)’s National Security Division (NSD) announced that it had declined to prosecute Robert Bosch GmbH (Bosch), a company headquartered in Germany, in connection with alleged violations of U.S. export controls. This was the first declination by NSD under DOJ’s March 2026 Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP) and provides a first look at how NSD will apply the CEP in the enforcement of national security laws, including export controls.[1] The assistant attorney general for national security stated that the declination “reflects the clear benefits for companies that promptly disclose potential violations and fully assist in our investigations.”

In parallel with DOJ’s declination, the Department of Commerce’s Bureau of Industry and Security (BIS) entered into a settlement with Bosch for the same alleged conduct, which included a $36 million civil penalty. The assistant secretary of commerce for export enforcement noted that this “action should serve as a warning to embrace compliance and as an example of the benefits of voluntary self-disclosure.”[2]

DOJ’s March 2026 Corporate Enforcement Policy

On March 10, DOJ released its first-ever department-wide CEP for criminal matters.[3] Whereas the prior CEP applied only to the DOJ’s Criminal Division, the 2026 CEP applies to “all corporate criminal matters handled by the Department,” excluding only certain antitrust violations.

Under Part I of the CEP, DOJ “will decline to prosecute a company for criminal conduct” if the following conditions are met: (i) the company “voluntarily self-disclosed the misconduct” to a criminal component of the department; (ii) the company “fully cooperated” with the investigation; (iii) the company “timely and appropriately remediated the misconduct;” and (iv) there are “no aggravating circumstances.”[4] Under the CEP, the company “will be required to pay all disgorgement/forfeiture as well as restitution/victim compensation payments resulting from the misconduct at issue.”

On March 30, the National Security Division confirmed that it would apply the CEP and that “voluntary self-disclosures concerning potential criminal violations of U.S. national security laws” should be sent to a dedicated NSD email inbox for voluntary self-disclosures.[5] The CEP supersedes NSD’s prior Enforcement Policy for Business Organizations.[6] While the CEP generally aligns with the prior policy, it offers greater potential benefits to a company that voluntarily self-discloses, cooperates and remediates misconduct. Under the prior policy, if a company met these requirements, NSD “generally will not seek a guilty plea” and there would be a “presumption” that the company would receive a non-prosecution agreement. Under the new department-wide CEP, DOJ has stated that it “will” decline to prosecute a company if these requirements are met.

DOJ’s Declination

On June 17, NSD announced it had declined to prosecute Bosch for violations of the Export Administration Regulations (EAR) by two German subsidiaries — Bosch Sensortec GmbH and ETAS GmbH. As described in NSD’s publicly released declination letter, these two Bosch subsidiaries had re-exported to Huawei Technologies Co., Ltd. and its Entity Listed affiliates (collectively, Huawei) foreign-produced micro-electro-mechanical systems (MEMS) sensor products[7] and software that were subject to the Entity List Foreign Direct Product Rule (FDPR). The Entity List FDPR is a rule that: (i) subjects certain foreign-produced items to U.S. export controls if they are produced using U.S. software, technology or production equipment and (ii) prohibits the export, re-export or in-country transfer of such products to entities on the Entity List, including Huawei, absent authorization from BIS.

NSD’s declination letter[8] noted that from September 2020 to September 2024 the two Bosch subsidiaries had sold more than $70 million worth of these sensors and software to Huawei, which resulted in Bosch making more than $11.4 million in pre-tax profits. NSD noted that “Bosch’s trade compliance personnel were ill-equipped to provide accurate guidance on the FDPR” and found that there were “several missed opportunities where third-party companies identified potential applications of the FDPR to their products or equipment used in the provision of their service.”

NSD explained the decision to issue the declination under the principles in the CEP and Principles of Federal Prosecution of Business Organizations:

1. Self-Disclosure: NSD noted “Bosch’s timely and voluntary self-disclosure of the conduct,” which Bosch made both to NSD and BIS “while still conducting its internal investigation.”
2. Cooperation: NSD noted “Bosch’s cooperation in this matter, including its disclosure of relevant facts about the conduct, the preservation, collection, and disclosure of relevant documents and information, and its prompt and voluntary responses to CES’ requests following Bosch’s voluntary self-disclosure.”
3. Remediation: NSD noted “Bosch’s timely and appropriate remediation.” This included “organizational changes, the addition of 66 employees to its trade compliance organization, the expansion of its U.S. trade compliance resources, and updates to internal policies and procedures to provide a clearer explanation of U.S. export controls jurisdiction and licensing requirements.”
4. Adequacy of Regulatory Remedies: While not a factor under the CEP, the Principles of Federal Prosecution of Business Organizations provides that prosecutors should consider the availability of civil or regulatory alternatives.[9] Here, NSD determined that there were adequate regulatory remedies, specifically the approximately $36 million penalty imposed by BIS in a parallel resolution announced on June 17.

While the declination did not include a dedicated discussion of the absence of aggravating circumstances, NSD did note Bosch’s conclusion from its internal investigation that the violations were based on “numerous mistakes” but that “Bosch does not believe those mistakes rose to the level of acting willfully.”[10]

As a condition of the DOJ declination, Bosch agreed to disgorge the full $11.4 million in pre-tax profits. DOJ credited against the disgorgement amount more than $7.8 million paid to BIS in connection with the parallel settlement agreement, making the disgorgement amount approximately $3.6 million.

BIS’ Consent Order

As noted, BIS entered into a parallel settlement agreement with Bosch for more than $36.1 million for the same alleged conduct. BIS’ consent order noted that “Bosch’s U.S. export compliance team did not have sufficient expertise or resources at the time to adequately address” the FDPR and that “Bosch’s failure to have an effective U.S. export controls compliance program in place ... contributed directly to the violations at issue.” BIS noted that Bosch received multiple “warnings” from third-party companies stating that Bosch would not be able to provide the products processed by those companies to Huawei under the FDPR and Bosch did not heed those warnings.

BIS’ settlement of $36.1 million reflected half of the $72.2 million in goods and software that were re-exported to Huawei in violation of the FDPR. While the order did not provide a detailed explanation for the settlement amount, this is well below the maximum of twice the value of the transactions that BIS can impose and the order referred to several of the factors cited by DOJ in the declination, including that Bosch timely filed a voluntary self-disclosure with BIS, remediated the misconduct including through committing “significant resources” to its compliance program and “fully cooperated” with BIS’ investigation. Under BIS’ regulations, a voluntary self-disclosure is a “mitigating factor” and, notably, a company’s deliberate decision not to disclose significant apparent violations is an “aggravating factor.”[11]

BIS also credited the disgorgement of $3.6 million pursuant to the DOJ declination, making the amount due to BIS approximately $32.5 million.

Key Takeaways

The Bosch declination offers an early indication that NSD intends to apply the CEP in a manner that rewards companies that voluntarily disclose, cooperate and remediate misconduct, even if the matter involves items worth a significant sum or conduct that extends over a significant period. The declination is notable in that it is in the context of sales to a high-profile Chinese company on the Entity List, which has been a priority enforcement area under this administration as well as the prior one.[12]  

While NSD had issued a declination in 2024 to a company where export control violations were committed by a single employee who engaged in fraud and contravened the company’s compliance requirements, this declination is notable because the conduct did not involve the actions of a rogue employee but instead was part of the company’s standard operating practices over an extended period. [13] Here, Bosch filed a voluntary self-disclosure even while its own investigation was ongoing, cooperated with NSD’s investigation and remediated the misconduct through significant enhancements to its trade compliance function. The fact that NSD credited those steps with a full declination could be an encouraging sign for other companies weighing whether to voluntarily disclose a potential criminal violation of U.S. national security laws, though it remains to be seen how NSD will apply the CEP to other fact patterns. In particular, the declination letter notes Bosch’s characterization that it committed “numerous mistakes” in applying the FDPR and Bosch’s belief that those mistakes did not rise to the level of acting willfully. NSD may take a different approach on facts that involve more serious conduct that could be characterized as aggravating circumstances under the CEP. 

The DOJ declination and the parallel BIS settlement also underscore the importance of the correct application of complex export control laws that can have extraterritorial applications, including the Foreign Direct Product Rule. These regulations have been a significant area of focus for BIS in recent years. [14] DOJ and BIS have emphasized that “U.S. export control laws may extend to items subject to the EAR anywhere in the world and to foreign persons who deal with them” because “the law follows the goods.”[15] The actions by DOJ and BIS demonstrate their continued focus on enforcing U.S. export controls, including with respect to non-U.S. companies.