Bosch to Pay $36 Million Over Unauthorized Huawei Shipments

Key Takeaways

• A Costly Compliance Failure: Bosch agreed to pay a $36.18 million penalty after BIS determined the company exported more than $72.3 million worth of controlled products and software to Huawei and its affiliates without the required authorization.
• Foreign-Made Does Not Mean Outside U.S. Jurisdiction: The case centers on the Foreign Direct Product Rule, underscoring how products manufactured outside the United States can still fall under U.S. export controls when they incorporate certain U.S. technology or software.
• Huawei Remains a Major Enforcement Focus: The settlement highlights the continued regulatory scrutiny surrounding Huawei and the expectation that companies maintain robust controls when dealing with Entity List parties.
• Voluntary Disclosure Helped Mitigate the Outcome: BIS cited Bosch's voluntary self-disclosure and cooperation during the investigation, reinforcing the benefits regulators often extend to companies that proactively report violations.

Deep Dive

The U.S. Department of Commerce's Bureau of Industry and Security announced Wednesday that the German industrial giant agreed to pay a $36.18 million civil penalty to resolve allegations that it exported controlled items to Huawei Technologies Co. and its affiliates without the licenses required under U.S. export control rules. The settlement closes a case that stretched across four years and more than $72 million in transactions.

According to BIS, Bosch exported approximately $72.37 million worth of Micro-Electro-Mechanical Systems, or MEMS, sensor products and automotive software to Huawei and affiliated entities between September 2020 and September 2024. The agency said the products were subject to the Export Administration Regulations through the Foreign Direct Product Rule, making them subject to U.S. export controls despite being produced outside the United States.

The products themselves were hardly exotic. MEMS sensors are embedded throughout modern consumer technology. They help smartphones detect movement, enable functions in wearable devices, and are used across the automotive sector. What mattered to regulators was not the technology's sophistication but its destination.

Huawei has occupied a central place in U.S. export enforcement for years. Since being added to the Entity List in 2019, the Chinese telecommunications company and many of its affiliates have been largely cut off from receiving U.S.-controlled technology without government approval. The Foreign Direct Product Rule, expanded in 2020, extended those restrictions far beyond American borders by capturing certain foreign-manufactured products developed with U.S. technology or software.

That extraterritorial reach has become one of the defining features of modern export controls. Companies headquartered thousands of miles from Washington can find themselves squarely within the jurisdiction of U.S. regulators if their products fall within the rule's scope.

BIS said Bosch had multiple opportunities to identify and prevent the violations.

"Bosch had several opportunities to avoid these violations had they exercised the increased vigilance BIS has repeatedly said it expects of companies whose transactions are governed by the EAR," Assistant Secretary of Commerce for Export Enforcement David Peters said in announcing the settlement.

The agency also pointed to factors that helped reduce the company's exposure. Bosch voluntarily disclosed the conduct to regulators and cooperated with the subsequent investigation.

Under the agreement, Bosch will pay a civil penalty of $36,184,680. The company separately reached an arrangement with the Department of Justice to disgorge profits connected to the transactions. While that disgorgement was partially suspended, Bosch will make an actual payment of approximately $3.6 million. BIS agreed to suspend roughly the same amount from its own penalty as a credit for the Justice Department payment.

The case arrives as export controls continue to move from a niche compliance concern into a board-level issue for multinational manufacturers. For much of the past decade, sanctions programs often dominated discussions around restricted-party screening and cross-border trade risk. Huawei-related enforcement actions have forced companies to confront a different reality. The question is no longer simply whether a customer appears on a restricted list. It is whether a product designed, developed, manufactured, or modified through a global supply chain falls within the reach of U.S. controls.

That determination can turn on technical details buried deep inside a product's development history. And as Bosch's settlement demonstrates, regulators increasingly expect companies to know those details before the shipment leaves the warehouse.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.