BIS enforcement is at record levels

Is your company exposed?

In February 2026, BIS fined Applied Materials $252M for semiconductor equipment exports to China. In 2023, Seagate paid $300M for selling hard drives to Huawei. Penalties are per-violation, enforcement is accelerating, and no company is too small to be targeted. Run the self-audit checklist before regulators come knocking.

Get the Self-Audit ChecklistSee Enforcement Cases
$300M
Largest Single BIS Fine (Seagate, 2023)
$374K
Max Civil Penalty Per Violation
26+
DTSF Criminal Cases (Since 2023)
20 yrs
Max Criminal Imprisonment

Real Companies. Real Consequences.

These are real enforcement actions from BIS, DOJ, and OFAC public records. From Fortune 500 companies to mid-size manufacturers — no one is exempt. Penalties are per-violation, and each shipment counts separately.

$300M Civil Penalty

Seagate Technology

April 2023

Shipped approximately 7.4 million hard disk drives worth $1.1 billion to Huawei after Huawei was added to the Entity List. BIS found 429 separate violations over a sustained period. Largest BIS civil penalty ever imposed.

EAR 744 — Entity List violations (429 counts)

Source: BIS Press Release, April 19, 2023

$252M Civil Penalty

Applied Materials

February 2026

Semiconductor equipment maker penalized for 56 violations involving illegal reexport of ion implanting equipment to SMIC in China via its South Korea subsidiary, without required licenses. Penalty equals twice the $126.3M transaction value — the statutory maximum. Second-largest BIS penalty ever.

EAR 744 — Entity List violations (56 counts)

Source: BIS Press Release, February 12, 2026

$140M+ Criminal + Civil

Cadence Design Systems

July 2025

EDA software company pled guilty to conspiracy for selling hardware, software, and semiconductor design IP to the National University of Defense Technology (NUDT) — a Chinese military university on the Entity List — through a third-party intermediary from 2015-2021. $72.5M fine + $45.3M forfeiture (criminal), plus $91.3M BIS civil penalty.

EAR — 61 violations, unlicensed exports to Entity List

Source: DOJ / BIS Enforcement Action, July 28, 2025

$27.3M Combined Penalties

3D Systems Corporation

February 2023

3D printing company emailed technical blueprints for aerospace and military electronics to its subsidiary in Guangzhou, China from 2012-2019. Settled with BIS ($2.77M), State Department DDTC ($20M ITAR), and DOJ ($4.54M). A clear case of uncontrolled deemed exports.

EAR + ITAR — Unlicensed technology exports to China

Source: BIS / State / DOJ Joint Settlement, Feb 2023

$5.8M Civil Penalty

TE Connectivity

2024

Global technology company penalized for unauthorized exports of items to PRC military electronics entities. TE Connectivity voluntarily self-disclosed the violations, which was a mitigating factor in the penalty amount.

EAR — Unauthorized exports to PRC military-linked entities

Source: BIS 2024 Year in Review

$2.5M Combined BIS + OFAC

Haas Automation

January 2025

CNC machine tool manufacturer fined for 41 EAR violations involving export of machine parts to Entity List parties in Russia and China. The parts were valued at just $29,254 — but BIS assessed penalties 85x the transaction value.

EAR 764 — Entity List violations (41 counts)

Source: BIS / OFAC Settlement, January 2025

$1.5M Civil Penalty

Exyte Management GmbH

January 2026

German semiconductor cleanroom builder penalized for 13 violations involving transfers of EAR-controlled items to Entity List parties. Demonstrates BIS enforcement reach extends to foreign companies handling US-origin technology.

EAR 764 — Causing EAR-controlled transfers to Entity List

Source: BIS Civil Penalty, January 2026

$1M Civil Penalty

Teledyne FLIR

February 2026

19 violations involving thermal imaging camera exports to China and Hong Kong (2017-2024). Key issue: manipulated de minimis content calculations with a Chinese drone manufacturer to keep US-origin content below the 25% threshold. Plus Entity List exports and recordkeeping failures.

EAR — De minimis manipulation, Entity List violations (19 counts)

Source: BIS Final Order, February 26, 2026

$685K Civil Penalty

LuminUltra Technologies

October 2025

Canadian biotech company exported luminometers (water quality testing equipment) to Iran, deliberately concealing the true destination by routing shipments through a UAE freight forwarder. Classic transshipment/diversion scheme.

EAR — Iran embargo violations, concealment

Source: BIS Civil Penalty, October 2025

How Penalties Multiply

BIS penalties are assessed per violation. Each shipment, each transfer, each deemed export is a separate violation. What looks like a small compliance gap can become a multi-million dollar liability overnight.

Per Violation$374,474or 2x transaction value
Number of ViolationsN shipmentseach shipment = 1 violation
Total Exposure$$$before criminal penalties
$3.74M
10 unlicensed shipments at $374K each
Standard civil penalty — no criminal intent needed
$2.5M
41 CNC parts shipments (Haas Automation)
Parts worth $29,254 — penalties 85x transaction value
$252M
56 equipment reexports (Applied Materials)
2x transaction value — statutory maximum applied
$1M + 20 yrs per count
Willful violation with concealment
Criminal prosecution — LuminUltra concealed Iran destination

The Compliance Checklist Most SMBs Fail

If you can't confidently answer "yes" to all of these, you have exposure. BIS doesn't care about your company size — they care about violations.

Do you export products, technology, or software outside the US?

Even cloud access by foreign nationals counts as an export under EAR deemed export rules.

Have you formally classified every item you export with an ECCN?

"We just mark everything EAR99" is the #1 compliance failure BIS finds during audits.

Do you screen every customer, consignee, and end-user against the CSL?

Entity List, SDN, Denied Persons, Unverified List — one miss is a violation.

Do you have a written Export Compliance Program (ECP)?

BIS offers significant penalty mitigation for companies with an ECP. Without one, penalties are maximized.

Can you produce classification records for the last 5 years?

15 CFR 762 requires you to retain export records for 5 years. "We can't find those files" is not a defense.

Do your foreign-national employees have Technology Control Plans?

Sharing controlled technology with foreign nationals in the US is a deemed export — even in your own office.

Do you know your red flags?

BIS Supp. 3 to Part 732 lists specific red flags. If you can't name them, you can't catch them.

Have you done a retrospective audit / lookback in the last 12 months?

Voluntary self-disclosure of violations discovered via lookback drastically reduces penalties.

Get the Self-Audit Checklist

Why Enforcement is Accelerating

Export control enforcement has fundamentally shifted since 2022. Technology competition with China, the Russia sanctions regime, and new semiconductor controls have created an enforcement environment where ignorance is not a defense and penalties are at record levels.

Disruptive Technology Strike Force

Launched February 2023 by DOJ and Commerce to target illicit technology transfers to adversaries. 26+ cases brought in its first two years. Expanded to 17 US Attorney location units. Specifically targets semiconductor, AI, quantum computing, and defense technology diversions.

Entity List Expansion

BIS added 154+ entities to the Entity List in 2025 alone, including companies in China, Russia, Iran, and intermediary countries used for transshipment. If you're not screening regularly, yesterday's compliant transaction could be today's violation.

Foreign Direct Product Rule (FDPR)

BIS expanded the FDPR to cover advanced semiconductors and supercomputing items. Foreign-made products using US technology or software now require BIS licenses for certain destinations — extending enforcement to companies worldwide.

Increased Penalty Amounts

Maximum civil penalties adjusted annually for inflation. Currently $374,474 per violation or twice the transaction value, whichever is greater. Criminal penalties up to $1M per violation and 20 years imprisonment. Each shipment is a separate violation.

AI and Semiconductor Controls

October 2022 and October 2023 semiconductor rules created new controls on advanced chips, semiconductor manufacturing equipment, and AI model weights. Companies that never needed export compliance before are now subject to EAR controls.

Extraterritorial Enforcement

BIS enforcement reaches beyond US borders. Exyte (Germany, $1.5M) and LuminUltra (Canada, $685K) show that foreign companies handling US-origin items face the same penalties. The EAR applies to items anywhere in the world if they contain controlled US-origin content.

BIS Enforcement Tracker

Real enforcement actions from BIS, DOJ, OFAC, and DDTC public records. All data sourced from official agency press releases and settlement documents.

DateEntityActionPenaltyRegulation
Feb 2026Applied Materials
56 violations — ion implant equipment to SMIC via S. Korea		Civil Penalty$252MEAR 744
Feb 2026Teledyne FLIR
19 violations — thermal cameras to China, de minimis manipulation		Civil Penalty$1MEAR
Feb 2026Vizocom
Military antenna specs shared with Chinese manufacturer		Civil Penalty$374KEAR
Jan 2026Exyte Management GmbH
13 violations — EAR99 items to SMIC Beijing		Civil Penalty$1.5MEAR 764
Oct 2025LuminUltra Technologies
Luminometers to Iran via UAE — concealment		Civil Penalty$685KEAR
Jul 2025Cadence Design Systems
61 violations — EDA software to PRC military university		Guilty Plea + Civil$140M+EAR
Jan 2025Haas Automation
41 violations — CNC parts to Russia/China		Civil Penalty (BIS + OFAC)$2.5MEAR 764
2024TE Connectivity
Unauthorized exports to PRC military entities		Civil Penalty$5.8MEAR
Apr 2023Seagate Technology
429 violations — 7.4M HDDs to Huawei		Civil Penalty$300MEAR 744
Feb 20233D Systems Corporation
Blueprints emailed to China subsidiary (2012-2019)		Multi-Agency Settlement$27.3MEAR + ITAR

Sources: BIS press releases, DOJ announcements, Federal Register notices, OFAC SDN updates. Data reflects publicly available enforcement records. Updated periodically.

The Regulatory Landscape

US export controls are enforced by multiple agencies under overlapping regulatory frameworks. Understanding which regulations apply to your products is the first step toward compliance.

Export Administration Regulations (EAR)

Bureau of Industry and Security (BIS), Dept. of Commerce
15 CFR Parts 730-774

Controls exports based on ECCN classification, Country Chart, and end-use/end-user restrictions. Covers everything from semiconductors to encryption software.

International Traffic in Arms Regulations (ITAR)

Directorate of Defense Trade Controls (DDTC), Dept. of State
22 CFR Parts 120-130

Controls items on the US Munitions List (USML). More restrictive than EAR — no license exceptions for most items. 3D Systems paid $20M in ITAR penalties.

Entity List (EAR Part 744, Supp. 4)

BIS End-User Review Committee

Exporting to an Entity List party without a BIS license is a violation. Seagate's $300M penalty was for Entity List violations. The list is updated regularly — if you're not screening, you're exposed.

Consolidated Screening List (CSL)

Multiple agencies (BIS, OFAC, State, DOD)

Includes Entity List, SDN List, Denied Persons List, Unverified List, and more. Must be screened before every transaction — customer, consignee, end-user, and intermediaries.

Deemed Export Rule (EAR 734.2(b))

BIS

Sharing controlled technology with a foreign national employee is considered an 'export' to their home country. Requires a Technology Control Plan (TCP) and may require a license.

Voluntary Self-Disclosure (VSD)

BIS (EAR 764.5) / OFAC / DDTC

Companies that discover and voluntarily disclose violations receive significantly reduced penalties. BIS considers VSD a major mitigating factor. Not disclosing known violations is an aggravating factor.

ExChek Closes Every Gap

The ExChek Engine installs directly into your AI workflow. Every compliance task that caused the violations above — automated with human-in-the-loop approval.

🔍

ECCN Classification

Formal ECCN classification for every item in your catalog using live eCFR data. No more guessing EAR99.

🛡

Denied Party Screening

Real-time screening against all 14 USG restricted party lists. Entity List, SDN, DPL, Unverified — all of them.

📋

License Determination

Country Chart analysis, License Exception eligibility (TMP, TSR, LVS, BAG, ENC), and application guidance.

🚩

Red Flag Assessment

Automated BIS Supp. 3 red flag checklist for every transaction. Catch diversion indicators before they become violations.

📄

Export Documentation

SLI, commercial invoices, AES/EEI data elements — generated automatically with audit-ready formatting.

🔄

Retrospective Audit

Lookback analysis across historical shipments. Find violations before BIS does and file voluntary self-disclosures.

Get the Self-Audit Checklist

8 questions. 5 minutes. We'll email you the compliance checklist that most SMBs fail — with the specific gaps that lead to BIS penalties. No sales call. No waiting.

Free. Instant delivery. No sales call. Just the checklist.

Frequently Asked Questions

Who needs export compliance?

Any US company that exports products, software, or technology — including cloud-hosted software accessed by foreign nationals. If your product has an ECCN (even EAR99), you have compliance obligations. Foreign companies handling US-origin items are also subject to EAR.

What is a Temporary Denial Order (TDO)?

A TDO immediately revokes a company's ability to export. BIS can issue one without a trial. Your shipments stop, your customers can't receive orders, and your business grinds to a halt — often for years.

What are the maximum penalties?

Civil penalties can reach $374,474 per violation or twice the transaction value, whichever is greater. Criminal penalties go up to $1 million per violation and 20 years imprisonment. Penalties are per-violation — each shipment is a separate violation. Seagate paid $300M for 429 violations.

Can small companies really get fined millions?

Yes. Haas Automation was fined $2.5M for CNC parts worth just $29,254 — penalties 85x the transaction value. LuminUltra, a Canadian biotech, paid $685K. BIS penalties are based on the severity of the violation, not company size or shipment value.

What does the self-audit checklist cover?

8 critical compliance questions covering ECCN classification, denied party screening, Export Compliance Programs, recordkeeping, deemed exports, red flags, and retrospective audits. You score yourself instantly and know exactly where your gaps are — plus direct links to fix each one with the free ExChek Engine.

How is ExChek different from hiring a consultant?

ExChek is an engine that runs inside your AI workflow — classification, screening, documentation, and audit happen continuously, not once a year. It costs $0 for the free tier vs $50K+ for a consultant engagement.

What if we find violations during the audit?

That's actually the best outcome. BIS significantly reduces penalties for companies that self-disclose violations through Voluntary Self-Disclosure (VSD). Finding violations proactively is how you protect your company. 3D Systems' voluntary cooperation was a factor in their settlement terms.

What is the Disruptive Technology Strike Force?

Launched February 2023 by DOJ and Commerce, the DTSF targets illicit technology transfers to adversaries. It brought 26+ criminal cases in its first two years — 15 in 2024 alone — and expanded to 17 location units across the US. It specifically targets semiconductor, AI, quantum, and defense technology diversions.

Has BIS enforcement changed recently?

Yes, significantly. BIS ended its 'no admit, no deny' settlement policy — companies must now admit the underlying factual conduct. Commerce Secretary Lutnick has pledged a 'dramatic increase' in enforcement. The Applied Materials ($252M) and Cadence ($140M+) penalties in 2025-2026 signal a new era of record penalties.