The Bosch Declination is an important early marker in the Department of Justice’s new corporate enforcement architecture. It is also a practical case study in how export controls, national security compliance, voluntary self-disclosure, and remediation now intersect under the Department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy. Over the next two blog posts we will consider this Declination. Today we look at the Declination itself. In the next blog post (on Monday) we will consider the lessons for compliance professionals.

On June 17, 2026, DOJ announced that the National Security Division had declined prosecution of Robert Bosch GmbH, resolving an investigation into an alleged scheme involving the export of products and software to an Entity-listed company in the People’s Republic of China. The Declination was reached under Part I of DOJ’s Department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy, after DOJ considered the Principles of Federal Prosecution of Business Organizations. DOJ stated that Bosch promptly disclosed the misconduct to NSD, fully cooperated, and timely and appropriately remediated, with no aggravating circumstances present.

The facts are significant. DOJ’s Declination letter states that from approximately September 2020 to September 2024, Bosch, through two non-U.S. subsidiaries, re-exported from abroad more than $70 million worth of foreign-produced Micro-Electro-Mechanical Systems sensor products and foreign-produced software to Huawei Technologies Co., Ltd. and its affiliates on the Entity List, including Huawei Tech. Investment Co., Ltd., Hong Kong. DOJ identified the two Bosch subsidiaries as Bosch Sensortec GmbH and ETAS GmbH. According to DOJ, the products were provided without the required license or authorization from the Department of Commerce’s Bureau of Industry and Security, in violation of the Export Administration Regulations.

The central export control issue was the Entity List Foreign Direct Product Rule, or FDPR. DOJ stated that BST and ETAS provided Huawei with foreign-produced items subject to the EAR under the Entity List FDPR for entities designated, without obtaining required authorization from BIS. DOJ further found that Bosch’s trade compliance personnel were “ill-equipped” to provide accurate guidance on the FDPR. The investigation also identified ongoing sales despite several missed opportunities where third-party companies had identified potential FDPR applications to Bosch products or equipment used in providing services. DOJ calculated that Bosch made approximately $11,430,098 in pre-tax profits from the conduct.

That fact pattern is important for compliance professionals because this was not described as a simple denied-party screening failure. It involved the intersection of foreign-produced products, U.S.-origin technology or software, non-U.S. subsidiaries, Entity List restrictions, and a rule that requires sophisticated technical, legal, and operational judgment. This is precisely the type of export control risk that can sit outside traditional compliance comfort zones. It may involve engineering data, manufacturing equipment, software lineage, product classification, third-party technical inputs, and commercial teams operating far from the United States.

The DOJ letter also makes clear that Bosch’s response mattered. DOJ stated that, after discovering the issues, Bosch conducted an internal investigation and voluntarily self-disclosed the matter to both the National Security Division’s Counterintelligence and Export Control Section and BIS while the internal investigation was still ongoing. Bosch also remediated promptly and appropriately. The Declination letter notes that Bosch’s internal investigation uncovered numerous mistakes in the application of the FDPR to Huawei sales, although Bosch did not believe those mistakes rose to the level of willfulness required for criminal violations under the Export Control Reform Act.

DOJ’s decision rested on four factors. First, Bosch made a timely and voluntary self-disclosure. Second, Bosch cooperated, including by disclosing relevant facts, preserving, collecting, and producing documents and information, and promptly responding to NSD requests. Third, Bosch remediated, including through organizational changes, adding 66 employees to its trade compliance organization, expanding U.S. trade compliance resources, and updating policies and procedures to provide clearer guidance on U.S. export control jurisdiction and licensing requirements. Fourth, DOJ found that regulatory remedies were adequate, specifically the approximately $36 million penalty imposed by BIS for civil violations under the ECRA and EAR.

The financial terms are also instructive. DOJ conditioned the Declination on Bosch’s agreement to disgorge $11,430,098 within thirty days. That amount represented the pre-tax profits from sales to Huawei through BST and ETAS for products where Bosch had not obtained required EAR authorization. DOJ agreed to credit $7,829,069 paid by Bosch to BIS in the parallel resolution against the disgorgement amount.

Law360 reported that Bosch agreed to pay $36 million to resolve allegations that it improperly exported technology products to Huawei, with the payment amount including profit disgorgement under the DOJ Declination and a penalty under the parallel BIS agreement. Law360 also reported that Bosch said the civil violations were unintentional and that, upon discovering the potential export control violations, it conducted an extensive investigation, voluntarily self-disclosed to U.S. authorities, and cooperated throughout the process.

The timing matters. DOJ released its first Department-wide Corporate Enforcement Policy for criminal matters on March 10, 2026. That policy was designed to provide uniformity, predictability, and fairness across DOJ corporate criminal enforcement. DOJ stated that, absent certain limited aggravating circumstances, companies that voluntarily disclose discovered misconduct, cooperate, and timely and appropriately remediate may receive a declination.

The Bosch matter is also tied directly to NSD’s export control and sanctions enforcement priorities. DOJ’s March 30, 2026 NSD guidance stated that enforcing export control and sanctions laws is a top priority for NSD and that companies and employees are at the forefront of protecting U.S. national security by preventing unlawful exports of sensitive commodities, technologies, and services, as well as unlawful transactions with sanctioned countries and designated parties.

In that context, Bosch is not merely an export controls case. It is the first public example of how NSD will apply the new Department-wide CEP to a national security matter. DOJ stated this was the first time NSD had declined prosecution of a company under the CEP.

For trade compliance professionals, the facts underscore several enforcement realities. Export control jurisdiction can attach to foreign-produced items. Non-U.S. subsidiaries can create U.S. enforcement exposure. Entity List designations require more than customer screening. FDPR analysis must be integrated into product classification, sales review, engineering support, and third-party risk management. A compliance program that lacks the technical competency to interpret the rule can fail even when employees are trying to comply.

This is where the facts become the enforcement message. DOJ did not say Bosch had no compliance program. DOJ said the relevant personnel were ill-equipped on a critical rule and that third-party warning signs were missed. In other words, the issue was not simply whether the company had a trade compliance function. The issue was whether that function had the expertise, authority, resources, and escalation mechanisms to identify and stop sales governed by complex national security controls.

The Bosch Declination also shows that voluntary self-disclosure continues to have real value, but only when paired with cooperation and remediation. DOJ did not reward disclosure alone. It credited Bosch for preserving and producing facts, responding promptly, making organizational changes, expanding resources, adding personnel, strengthening policies, accepting disgorgement, and resolving the civil matter with BIS.

That is the factual landscape. On Monday we will turn from the facts to the lessons. For CCOs, Bosch is not simply a trade compliance resolution. It is a case study in what DOJ expects from compliance governance, internal controls, resources, remediation, and board oversight when national security risk moves from theoretical to real.