Category Archives: Export Controls

From Peanuts to Elephant-Sized Penalties: A Fresh Look at Recent U.S. Export Controls Enforcement Developments & Future Trends

Photo courtesy of the author

Export controls penalties that were previously peanuts compared to FCPA penalties are now becoming more like elephants, with the “high probability” standard driving the stampede.

On July 28, 2025, DOJ and BIS announced a $140 million resolution with an electronic design automation (“EDA”) exporter via a guilty plea[1] and BIS settlement[2] over exports to China.

The BIS settlement turned on what the exporter had “reason to know, including awareness of a high probability” (aka the “high probability” standard), and not just actual knowledge—an escalation in BIS’s use of the full definition of “knowledge” under the U.S. Export Administration Regulations (“EAR”).[3] Recent BIS guidance in July 2024, October 2024, and May 2025 foreshadowed this shift,[4] as did an August 15, 2025, $5.8 million settlement.[5]

For practical guidance on the “high probability” standard, see prior “Fresh Looks” posts.[6]

This recent case also warrants an update of the November 14, 2023, comparison of export controls and FCPA enforcement, which likewise leveraged the “high probability” standard.[7]

Continue reading →

White House’s AI Action Plan: Winning the Race in a Patchwork Regulatory Era

By Joshua Ashley Klayman, Ieuan Jolly, Jeffrey Cohen, and Caitlin Potratz Metcalf

Left to right: Joshua Ashley Klayman, Ieuan Jolly, Jeffrey Cohen, and Caitlin Potratz Metcalf (photos courtesy of Linklaters)

On July 23, 2025, the White House published Winning the AI Race: America’s AI Action Plan (the AI Action Plan), a comprehensive effort aimed to solidify United States leadership in artificial intelligence. The AI Action Plan acknowledges the U.S.’ uniquely complex—and, at times, conflicting—regulatory landscape, including the patchwork of state-level laws that impact innovation, compliance, and policy predictability. The Action Plan calls for national leadership and seeks a unified, pro-innovation regulatory approach, with an understanding that states will continue to develop their own laws. Businesses should prepare for both the opportunities and the compliance challenges that will arise as the Action Plan is implemented.

Continue reading →

Maturing Compliance with the Bulk Sensitive Data Rule before the July 8, 2025 Safe Harbor Expires

by Luke Dembosky, Avi Gesser, Erez Liebermann, Rick Sofield, Johanna N. Skrzypczyk, and Mengyi Xu

Top left to right: Luke Dembosky, Avi Gesser, Erez Liebermann, Rick Sofield, Johanna N. Skrzypczyk, and Mengyi Xu (photos courtesy of Debevoise & Plimpton LLP)

All eyes are on the DOJ Bulk Sensitive Data Rule (28 C.F.R. Part 202) and July 8, 2025, when the recently announced good-faith safe harbor expires. The rule, which the Department of Justice now refers to as the Data Security Program (the “DSP”), creates a comprehensive export control regime to restrict the transfer of bulk sensitive personal and government-related data to foreign adversaries deemed threats to U.S. national security. On April 11, 2025, shortly after the first effective date of the DSP, the National Security Division (“NSD”) of DOJ issued a suite of three policy and guidance documents to facilitate compliance with the DSP, including a 90-day civil enforcement safe harbor for good-faith compliance. As previously discussed, the DSP seeks to address the bipartisan concern that sensitive datasets could be exploited by foreign adversaries for espionage, cyberattacks, malign influence, and coercion, which would undermine the United States’ national security interests.

Continue reading →

Board Priorities in a Geopolitical Landscape: Risk, Compliance, and Supply Chain Resilience

This post comes from a webinar with Bets Lillo, Edward Knight, Will A. Clarke, and Jana del-Cerro delivered on May 22, 2025. They offered a clear-eyed view of how boards and executive management must adapt to effectively lead amid a world where national security, economic policy, and supply chain resilience are deeply intertwined. Five key takeaways from their discussion are outlined below, alongside practical implications for boardroom oversight and planning.

From left to right: Bets Lillo, Edward Knight, Will A. Clarke, and Jana del-Cerro (photos courtesy of authors).

As the impact of global interdependencies becomes increasingly complex, boards and executive management are guiding and governing their companies in an unpredictable environment. That was the central theme of the recent May 2025 webinar, Geopolitical Issues Impacting Global Supply Chains and National Security, hosted by the Nasdaq Center for Board Excellence and the Program on Corporate Compliance and Enforcement at NYU School of Law.

Continue reading →

Continuity and Change at the Intersection of National Security and Corporate Crime

by Marshall L. Miller

Photo courtesy of the author

Much recent attention has centered on shifts in approach at the Department of Justice in the new Administration, but one area where we should expect as much continuity as change is at the intersection of corporate crime and national security.

During two separate leadership stints at the Department of Justice, I oversaw corporate criminal enforcement—from 2014 to 2015 and again from 2022 to 2024. The difference was night and day. Where national security prosecutions were corporate crime outliers in the mid-2010s, by 2022 they represented a majority of DOJ’s major corporate criminal resolutions. And then the number doubled from 2022 to 2023. Early signals indicate that national security will be a continued area of white-collar focus in 2025 and beyond.

Continue reading →

President Trump Issues “America First Investment Policy” Presidential Memorandum

by Jeffrey P. Bialos, Ginger T. Faulk, Mark D. Herlach, and Nicholas T. Hillman

From left to right: Jeffrey P. Bialos, Ginger T. Faulk, Mark D. Herlach, and Nicholas T. Hillman. Photos courtesy from Eversheds Sutherland.

On February 21, 2025, President Trump issued a memorandum titled “America First Investment Policy” (the “Investment Memo” or “Memo”), in which the President aims to modify the U.S. Government’s approach to inbound and outbound foreign investment to address national security threats.

The Investment Memo reconfirms the United States’ longstanding commitment to open investment to encourage domestic development of key advanced technologies and takes steps to streamline investments by trusted allies and partners. Among other things, it seeks to establish the “fast tracking” of certain investment and environmental reviews and seeks to minimize the use of “open ended” mitigation agreements.

Continue reading →

Trust, But Verify…Therein Lies the Rub: A Fresh Look at Audits of Export Controls Compliance Programs

by Brent Carlson and Michael Huneke

Left to right: Brent Carlson and Michael Huneke (Photos courtesy of the authors)

Export controls have risen to a top corporate compliance priority in recent years, and now even pose enterprise risk for many companies.[1] The combination of new rules and enforcement signals from the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) and increasing bipartisan congressional scrutiny, means that in-house legal and compliance teams face enormous challenges. New, innovative tools and techniques are necessary to stay ahead of the game, and this includes making upgrades to keep a company’s audits effective.

Continue reading →

Long-Awaited U.S. Outbound Investment Regime Published, Will Become Effective January 2, 2025

by Chase Kaniecki, Samuel H. Chang, B.J. Altvater, and Ryan Brown

Left to right: Chase Kaniecki, Samuel H. Chang, B.J. Altvater, and Ryan Brown (Photos courtesy of Cleary Gottlieb Steen & Hamilton LLP)

On October 28, 2024, the U.S. Department of the Treasury (“Treasury”) issued a long-awaited Final Rule (the “Final Rule”) implementing the U.S. Outbound Investment Security Program (the “Program”).[1] Under the Program, effective January 2, 2025, U.S. persons will be prohibited from engaging in, or required to notify Treasury regarding, a broad range of transactions involving entities engaged in certain activities relating to semiconductors and microelectronics, quantum information technologies, and artificial intelligence (“AI”) systems in “countries of concern” (presently limited to China, Hong Kong, and Macau).

Continue reading →

Avoid Kicking the Hornet’s Nest: A Fresh Look at How to Anticipate, Avoid, and Respond to BIS Administrative Subpoenas (Part 2)

by Brent Carlson and Michael Huneke

Brent Carlson and Michael Huneke (photos courtesy of authors)

In Part 2 we pick up where we left off in Part 1 to continue our discussion of how best to avoid an administrative subpoena. We then discuss how best to respond, if and when they cannot be avoided, and conclude with some practical guidance.

Avoid: How to Dissuade BIS from Resorting to Administrative Subpoenas (Continued)

Prepare well for outreach visits

Companies should prepare for outreach visits. Persons who will be meeting or speaking with OEE agents should be well prepared to do so with an eye toward and an awareness of the implications of the information and representations they are providing to BIS. Any and all information that company representatives provide to BIS representatives is fair game for future enforcement and for sharing with other U.S. agencies.

Continue reading →

Avoid Kicking the Hornet’s Nest: A Fresh Look at How to Anticipate, Avoid, and Respond to BIS Administrative Subpoenas (Part 1)

by Brent Carlson and Michael Huneke

Brent Carlson and Michael Huneke (photos courtesy of authors)

Anticipating, avoiding, and responding to administrative subpoenas pose the next in a long line of challenges facing U.S. companies and their legal and compliance teams as the new wave of export controls enforcement unfolds.

The Department of Commerce’s Bureau of Industry & Security (“BIS”) has primed the corporate enforcement engine[1] through (1) public guidance identifying “red flags” indicating a “high probability” of diversion in violation of U.S. export controls, (2) successful criminal prosecutions in partnership with the U.S. Department of Justice (“DOJ”) in the Disruptive Technology Strike Force of intermediaries facilitating diversion,[2] and (3) “supplier list” and “red flag” letters warning companies of the risks of diversion posed by certain counterparties.[3]

Continue reading →