DOJ National Security Division Issues First Declination Under Revised Corporate Enforcement and Voluntary Self-Disclosure Policy

01 Jul 2026
Client Alert

On June 17, 2026, the Department of Justice (DOJ) National Security Division (NSD) announced that it declined to charge technology company Robert Bosch GmbH (“Bosch” or the “Company”) after the Company voluntarily disclosed potential export-related violations involving two of its non-U.S.-based subsidiaries, Bosch Sensortec GmbH and ETAS GmbH.

The announcement marks NSD’s first declination under the revised Department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP) issued in March 2026. The declination signals NSD’s continued emphasis on timely self-disclosure and remediation.

Declinations Under DOJ’s Revised Corporate Enforcement Policy

In March 2026, DOJ issued the revised CEP as a Department-wide policy, replacing NSD’s prior division-specific policy. A few weeks later, NSD issued guidance on voluntary self-disclosures under national security laws. The guidance highlighted that such disclosures are most likely to arise in the export control and sanctions context but noted that other national security laws—such as those concerning material support for terrorism—may also be implicated.

The revised CEP provides that absent aggravating circumstances (such as the severity or pervasiveness of the misconduct), DOJ will decline prosecution if a company voluntarily self-discloses, fully cooperates, and timely and appropriately remediates the misconduct. (See our June 2025 client alert discussing the revised CEP in more detail.) This revision represents a meaningful shift from the prior policy, which created only a presumption of declination when those factors were met; the revised CEP now effectively requires declination absent aggravating circumstances, providing companies with greater certainty regarding the benefits of self-disclosure. And it continues a long-term trend in which DOJ has been willing to send increasingly strong signals about both the importance of timely self-disclosure in national security cases at the same time when such cases have become an even greater focus of the Department’s corporate enforcement work.

Bosch Investigation

According to the release and associated documents, the investigation concerned two of Bosch’s non-U.S. subsidiaries which exported over $70 million worth of micro-electro-mechanical systems (MEMS) sensor products and software from abroad to Huawei Technologies Co., Ltd. and its affiliates (collectively, “Huawei”), an Entity-Listed company in the People’s Republic of China (PRC). MEMS sensor products and software are used in many everyday products including smartphones, cars, and medical devices. Because these products and software were subject to U.S. export jurisdiction under the Foreign Produced Direct Product Rule (FDPR), exporting them in a transaction involving Huawei without a license or other authorization was a violation of the Export Administration Regulations (EAR). The FDPR extends jurisdiction over certain exports of items with a nexus to U.S. technology in certain cases, even for items manufactured outside the U.S.

After becoming aware of these exports, Bosch conducted an internal investigation into the possible export violations. The investigation revealed ongoing sales in violation of the EAR despite third-party warnings that the items were subject to U.S. jurisdiction. Once Bosch determined that its subsidiaries had potentially violated U.S. export controls, but before the investigation was complete, Bosch voluntarily disclosed the conduct to NSD and the Bureau of Industry and Security (BIS).

Following such disclosures, NSD and BIS ultimately entered into parallel resolutions with Bosch. BIS imposed a $36 million penalty for civil violations under the Export Control Reform Act and the EAR. NSD declined to prosecute on the condition that Bosch would disgorge $11,430,098 in pre-tax profits derived from its sales to Huawei. NSD will credit $7,829,069 of that disgorgement to the BIS penalty.

NSD determined that Bosch: (1) timely and voluntarily self-disclosed its conduct (even before the investigation was completed); (2) fully cooperated with the investigation; and (3) timely and appropriately remediated by, among other things, increasing its trade compliance organization from two people to 66 and updating its policies and procedures to include clearer explanations of U.S. export control laws. In addition, NSD considered the existing regulatory remedies, specifically the $36 million penalty imposed by BIS, to be adequate and did not find any aggravating factors. Notably, unlike previous NSD declinations, the Bosch investigation has not yet resulted in the prosecution of individuals, but the declination letter expressly states that it “does not provide any protection against prosecution of any individuals.”

Key Takeaways

  • Thorough due diligence and timely disclosure to DOJ—as well as BIS—when indications of potential export control violations are found can position companies favorably to resolve criminal exposure. Similar to NSD’s declinations under its previous policies—MilliporeSigma (May 2024), USRA (April 2025), and White Deer (June 2025)—NSD emphasized the importance of timely and voluntary self-disclosure to DOJ, even before an internal investigation is completed. Even where additional violations were discovered and the company has been warned of the issue, as occurred in this case, NSD may still grant benefits of the CEP to companies which disclose violations in a timely manner. In particular, the Department cited Bosch’s disclosure “while still conducting its internal investigation” as the basis for its “timely” status. Given the current Administration’s emphasis on export controls, especially in relation to the PRC, the Bosch matter demonstrates declination is an available pathway, even where the violations relate to priority enforcement areas like semiconductors.
  • Strengthening trade compliance programs and internal controls can position a company to benefit from the CEP. The revised CEP considers enhancements that companies make to compliance programs in disclosed matters. Despite NSD’s finding that the violation was caused in part by Bosch’s trade compliance personnel’s inability to provide accurate guidance on export control laws, NSD specifically noted “organizational changes,” the addition of “66 trade compliance employees,” and “internal updates” as factors in its declination decision. Companies should ensure they are adequately investing in such controls.
  • U.S. export controls can impact companies operating globally. In this matter, a non-U.S. company manufacturing products, including software, outside the U.S., and shipping the products to certain destinations or entities outside the U.S. still found itself within the jurisdiction of U.S. export laws because of the FDPR. Companies should proactively assess their exposure to the FDPR by, among other things, screening products and technology for U.S.-origin content, evaluating supply chains for U.S.-nexus components and manufacturing equipment, and implementing robust compliance protocols to identify transactions that may trigger U.S. licensing requirements, even where all relevant activities occur outside the United States.

Summer Associate Carlee M. Goldberg in the Washington, D.C. office contributed to the writing of this article.

We are Morrison Foerster — a global firm of exceptional credentials. Our clients include some of the largest financial institutions, investment banks, and Fortune 100, technology, and life sciences companies. Our lawyers are committed to achieving innovative and business-minded results for our clients, while preserving the differences that make us stronger.

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Prior results do not guarantee a similar outcome.