On June 17, local time, the Bureau of Industry and Security (BIS) under the U.S. Department of Commerce reached a settlement agreement with German auto parts giant Robert Bosch. Bosch agreed to pay a civil penalty of approximately US$36.1847 million (approximately RMB 245 million) and return more than US$11.43 million in related pre-tax profits to settle charges that it illegally exported controlled products to Huawei and its affiliates, which were included in the US trade blacklist.


BIS pointed out that Bosch's two wholly-owned German subsidiaries, Bosch Sensor Technology Co., Ltd. (BST) and ETAS Co., Ltd., exported microelectromechanical systems (MEMS) sensor products and automotive software worth approximately US$72.37 million to Huawei without BIS permission between September 2020 and September 2024. BIS determined that although these products were produced outside the United States such as Germany and were classified as EAR99 (low-control items), their export still required a U.S. license because the end user was Huawei and the Foreign Direct Product Rules (FDPR) were triggered.

The U.S. Department of Justice (DOJ) decided not to initiate criminal proceedings against Bosch based on its proactive disclosure of violations, full cooperation with the investigation and active rectification. This is the first non-prosecution decision made by the DOJ National Security Division after updating its corporate enforcement policy.

Details of the violation: Four years of “misunderstandings” and omissions

The investigation revealed that Bosch's violations were not a malicious evasion, but resulted from serious errors and insufficient resources by its export compliance team.

BIS pointed out that Bosch's U.S. export control compliance team at the time mainly consisted of only two employees, only one of whom was responsible for providing compliance advice for German and overseas businesses. The team lacked sufficient professional knowledge and resources to deal with the expansion of U.S. FDPR rules for Huawei in 2020.

The key misunderstanding is that Bosch compliance staff mistakenly believe that its products do not apply to the FDPR rules. For example, in August 2020, a German compliance employee incorrectly advised BST management that its products were not subject to the new regulations. This misjudgment was adopted by the management for a long time and was not corrected even after receiving multiple warnings from business partners:

Physical sensors: In June 2023, a potential foundry clearly informed Bosch subsidiary BST that it was not allowed to supply Huawei without BIS permission, citing the case of Seagate Technology being fined US$300 million for violations as evidence. But Bosch compliance officials still mistakenly attributed the warning to the foundry's "internal policy" rather than U.S. regulatory requirements.

Automotive software: ETAS, another Bosch subsidiary, was told multiple times between August and October 2020 that FDPR rules only apply to physical goods and not software. Based on this misunderstanding, ETAS exported CycurHSM, an automotive firmware product worth approximately US$1.9 million, to Huawei.

FDPR Rules: Why are Bosch products subject to U.S. jurisdiction?

Although the relevant MEMS sensors and software are made in Germany and are only classified as EAR99, the basis for BIS's determination that they are subject to the EAR is the Foreign Direct Product Rule (FDPR).

The core of FDPR is that even if a product is produced outside the United States, as long as specific U.S.-controlled technology, software or equipment is used in its production, testing or key component manufacturing, the product may be included in the scope of U.S. export controls.

Specific to this case: Among the 11 Bosch sensor models involved, 9 of the MEMS chips used epitaxial equipment from a non-U.S. company containing U.S. technology. The ASIC chips used in the other two models are produced by foundries using American technology and equipment.

Obviously, the BIS enforcement boundary not only depends on whether the product contains US-origin components, but can be traced back to the entire production chain and "technical blood."

Bosch responds: Strengthen compliance to prevent recurrence

Bosch accepted the BIS findings and stressed in a statement that the violations were "unintentional."

Bosch said it immediately launched an extensive investigation upon discovering the potential breach, proactively self-disclosed to U.S. authorities and fully cooperated throughout the process.

Bosch said it was "pleased that BIS and DOJ have completed their respective reviews" and has strengthened its trade compliance program by adding 66 trade compliance employees, expanding U.S. compliance team resources, and updating internal policies to prevent similar incidents from happening again in the future.

As part of the settlement, Bosch must pay a fine of $36.18 million to BIS within 30 days and return profits of $11.43 million, otherwise it may face a one-year suspension of export privileges.