On July 28, 2025, the National Security Division of the U.S. Department of Justice (DOJ) and the U.S. Department of Commerce, Bureau of Industry and Security (BIS), announced parallel criminal and civil-administrative export control enforcement resolutions with Cadence Design Systems, Inc. based on dozens of transactions in China that violated the U.S. Export Administration Regulations (EAR). In total, Cadence will pay net fines of $140.6 million to both agencies. In the DOJ resolution, Cadence also agreed to plead guilty to the criminal offense of conspiracy to commit export control violations. Both the DOJ and BIS resolutions center on intentional misconduct by a few employees of Cadence’s indirectly owned Chinese subsidiary, Cadence Design Systems Management (Cadence China). The resolutions state that those employees willfully and knowingly transferred Electronic Design Automation (EDA) hardware and software and semiconductor design technology to parties in China on the U.S. Department of Commerce’s Entity List.
Through Cadence China, Cadence sent EDA tools that were subject to the EAR to the National University of Defense Technology (NUDT), a prohibited end user that BIS had designated on the Entity List, meaning that it could not receive or use items subject to the EAR without a BIS license. BIS listed NUDT in February 2015 on grounds that NUDT uses U.S.-origin components to produce supercomputers believed to support nuclear explosive and military simulation activities. Cadence’s sales to NUDT occurred through two front companies that were, in reality, aliases for NUDT.
According to the DOJ and BIS resolutions, Cadence China maintained a sales relationship with Central South CAD Center (CSCC) for approximately five years after the Commerce Department put NUDT on the Entity List in February 2015, despite having reason to know that CSCC was an alias for NUDT. On the same day that NUDT was added to the Entity List, Cadence’s export control officer emailed Cadence and Cadence China employees to instruct them on NUDT’s restricted status. Nonetheless, employees of Cadence China did not disclose to, and/or concealed from other Cadence personnel, including Cadence’s export compliance personnel, that exports to CSCC were intended for NUDT. For example, a few months after NUDT was added to the Entity List, Cadence’s then-head of sales in China emailed colleagues cautioning them to refer to their customer as CSCC in English and NUDT only in Chinese characters, writing that “the subject [was] too sensitive.” Further, in October 2019, a Cadence China employee instructed another to recall and recirculate an updated version of a weekly email on Cadence China’s customers in China. The updated version of the weekly email removed a reference to the People’s Liberation Army of the People’s Republic of China in relation to CSCC that was included in the original version.
In approximately September 2020, Cadence’s U.S. legal team discovered red flags linking CSCC with NUDT, placed an export hold on the CSCC sales account, and then terminated CSCC as a customer. Cadence subsequently agreed to assign its contracts with CSCC to Phytium. In connection with the assignment, “Cadence requested that Phytium sign a certificate of assurance that Phytium’s products would not be used to support military products and that Phytium would not allow any person connected with or employed by an entity on the Entity List to use Cadence products.” Cadence also conducted diligence that confirmed Phytium was a distinct company with an address and location that was not affiliated with NUDT. However, Cadence China employees apparently knew that Phytium was involved with CSCC, and that NUDT personnel were affiliated with Phytium.
In addition to the charges relating to NUDT, BIS also charged Cadence with prohibited conduct involving other Entity List parties. Specifically, while Cadence had established compliance processes and procedures for terminating transactions with customers who were later designated on the Entity List, certain system-level gaps allowed Joint Stock Company Mikron, Huawei Technologies Co., Ltd., and Semiconductor Manufacturing International Corporation (SMIC) to continue making downloads after they were added to the Entity List.
In connection with the criminal resolution with DOJ, Cadence agreed to plead guilty to one count of conspiring to violate the EAR. Cadence agreed to pay a criminal fine of $72.5 million and forfeiture in the amount of $45.3 million, with the fine being reduced by $24.8 million based on Cadence’s payments in connection with the parallel resolution with BIS. Notably, the parties agreed in the plea agreement that the maximum statutory fine allowable was approximately $90.6 million, but Cadence was permitted to pay a fine in the amount of $72.5 million (a 20% reduction) based on “a discount for the defendant’s cooperation and remediation, pursuant to the National Security Division Enforcement Policy for Business Organizations.” The DOJ plea agreement notes that Cadence terminated some of the bad actors at Cadence China, but the public record contains no evidence of charges filed against those individuals.
The plea agreement describes in significant detail the steps that Cadence took to cooperate in connection with the BIS investigation. For example:
“After Cadence received the administrative subpoena from BIS, Cadence commenced an internal investigation; executed tolling agreements with BIS; identified custodians; identified key documents for BIS obtained counsel for employees and encouraged their cooperation with the BIS investigation, produced to BIS communications and transactional records collected outside of the PRC; responded to BIS requests for information, including outside the scope of the subpoena; facilitated BIS and DOJ witness interviews; and shared its investigative findings with BIS and DOJ.”
However, the DOJ plea agreement notes that Cadence did not receive credit for a voluntary self-disclosure and that it did not receive full cooperation credit because it did not proactively obtain and produce relevant communications or facilitate interviews with employees in China.
In connection with the BIS resolution, Cadence admitted to 61 violations of the EAR and consented to a $91.3 million civil penalty, with half of that amount suspended pending payment of the criminal fine to DOJ. Cadence also agreed to two internal audits of its export controls compliance program, including its oversight over export controls compliance by Cadence China. As with the DOJ resolution, Cadence did not receive credit for a voluntary self-disclosure to BIS.
BIS Imposes Increased Penalties for Violations
The Cadence resolution backs up BIS’s pledge to bring enforcement actions and impose stiff penalties for export violations in China. At the March 2025 annual BIS Update conference, Secretary of Commerce Howard Lutnick pledged that the Commerce Department will pursue a “dramatic increase in enforcement and fines for people who break the rules.” Secretary Lutnick explicitly highlighted China as an enforcement target, stating that China is a “relentless and continuous” threat to “our way of life,” and emphasizing that BIS vigilance is critical because the agency is on the “intellectual front line of the fight between good and evil, between freedom and liberty and a controlled communist future.” Under BIS’s Export Control Reform Act (ECRA) authorities, BIS can impose a maximum penalty of $374,474 per violation or twice the value of the transaction, whichever is greater. According to the resolution, Cadence generated approximately $45,305,317 in revenue from the 56 transactions called out in the resolution, plus an unknown amount of additional revenue from other transactions referenced in the resolution. The $95,312,000 penalty imposed by BIS appears to be the maximum, i.e., twice Cadence’s revenue from the violations. Certain penalties were charged under the International Emergency Economic Powers Act (IEEPA), as the IEEPA provided the statutory basis for the EAR prior to implementation of the ECRA during part of the period of conduct.
DOJ Prioritizes Trade and National Security Prosecutions
The Cadence resolution also backs up DOJ’s pledge to prioritize criminal enforcement of trade and national security offenses. In May 2025, DOJ Criminal Division Chief Matthew Galeotti announced a new white collar enforcement plan in a memorandum entitled “Focus, Fairness, and Efficiency in the Fight Against White-Collar Crime,” which identified “trade” as the second and “national security” as the fifth of ten “high-impact areas” for investigation and prosecution. In the Cadence resolution, DOJ required a guilty plea by the U.S. parent entity, as well as $118 million in criminal penalties. Given the menu of options available for DOJ corporate resolutions (e.g., declinations, non-prosecution agreements, deferred prosecution agreements, or guilty pleas by foreign subsidiaries) this is by far the least favorable outcome for Cadence. The Cadence guilty plea demonstrates that DOJ is, indeed, prioritizing corporate prosecutions involving trade and national security violations.
DOJ Pursues an Aggressive Theory of Corporate Liability
The DOJ resolution also showcases an aggressive theory of corporate liability. According to Cadence’s plea agreement and the related charging document, DOJ is holding Cadence, the U.S. parent company, liable for the conduct of its indirectly owned China subsidiary on the premise that the China subsidiary acted as Cadence’s agent. Notably, neither DOJ nor BIS allege that an employee of the U.S. Cadence parent company engaged in a willful violation of the EAR, which is an essential element for a criminal violation. Rather, DOJ alleges that employees of its foreign subsidiary Cadence China engaged in criminal conduct, which DOJ then imputed to Cadence China and ultimately to the U.S. parent company through an agency theory.
DOJ’s theory of corporate liability is aggressive because “[i]t is a general principle of corporate law . . . that a parent corporation . . . is not liable for the acts of its subsidiaries.” United States v. Bestfoods, 524 U.S. 51, 61-62 (1998); see also Mesenbring v. Rollins, Inc., 105 F.4th 981, 984 (7th Cir. 2024); Pennington v. Fluor Corp., 19 F.4th 589, 598 (4th Cir. 2021). This is true even when the subsidiary is wholly owned. See, e.g., United States v. Bennett, 621 F.3d 1131, 1136–37 (9th Cir. 2010); Neilson v. Union Bank of Cal., N.A., 290 F. Supp. 2d 1101, 1116 (C.D. Cal. 2003). Under the doctrine of respondeat superior, a parent corporation cannot be held liable for the acts of the employees or agents of its subsidiaries, absent a showing that the subsidiary was acting as an agent for the parent corporation or that the corporate veil should be pierced. As one court observed, “[a]n employee acting within the scope of his or her employment is an agent of his or her employer. The same cannot be said of a subsidiary vis-à-vis its parent, at least not necessarily.” Defer LP v. Raymond James Fin., Inc., 654 F. Supp. 2d 204, 218 (S.D.N.Y. 2009); see also In re Mortg. Fund '08 LLC, 527 B.R. 351, 364 (N.D. Cal. 2015).
DOJ guidance recognizes that to hold a parent company criminally liable for the acts of its subsidiary, the facts must show that the parent controlled the conduct of the subsidiary such that the parent is acting as the principal and the subsidiary as the agent. See U.S. Dep’t Just. Crim. Div. & U.S. Secs. & Exch. Comm’n, A Resource Guide to the U.S. Foreign Corrupt Practices Act, at 28-29 (2nd ed. July 2020) (FCPA Resource Guide). According to DOJ, prosecutors should “evaluate the parent’s control – including the parent’s knowledge and direction of the subsidiary’s actions, both generally and in the context of the specific transaction – when evaluating whether a subsidiary is an agent of the parent.” Id. For example, in the FCPA Resource Guide, DOJ cites a resolution where the parent company was held liable for the acts of its subsidiary based on specific facts demonstrating that the parent controlled the conduct of the subsidiary, namely, the subsidiary’s president who committed misconduct reported to the parent’s CEO and was held out as a member of the parent’s management team.
But in Cadence’s plea agreement and the related charging document, the criminal conduct at issue is attributed to the employees of the China subsidiary, without offering facts indicating the parent company exercised the necessary control over the China subsidiary to establish an agency relationship. According to the charging document, Cadence is liable for the conduct of the employees of Cadence China because the China subsidiary “act[ed] on behalf of Cadence.” However, the facts set forth in the plea agreement suggest that Cadence prohibited Cadence China from engaging in transactions with Entity List parties, and the Cadence China employees hid the true nature of the transactions at issue from Cadence. Moreover, according to the plea agreement, Cadence obtained a compliance certification from Phytium assuring Cadence that Phytium would not do business with Entity List parties. That said, the plea agreement also suggests that, in consenting to the transfer of certain contracts to Phytium, Cadence had reason to know of red flags suggesting Phytium’s affiliation with an Entity List party, such as Phytium not paying consideration for the assignment (which might imply a non-bona fide transaction), and communications among Cadence senior executives noting that CSCC was effectively Phytium.
From both the BIS resolution and DOJ resolution, there may be facts that could be strung together to establish an agency theory of criminal liability for Cadence, but the resolution documents do not attempt to do that work or explain to the public why the criminal acts of the Chinese employees of an indirectly owned China subsidiary should be attributed to the U.S. parent corporation. It seems likely that DOJ leaned on Cadence to enter a guilty plea for the acts of the Chinese employees to send a corporate compliance message to U.S. corporations. DOJ’s approach may also signal its acknowledgement of the practical infeasibility of getting a Chinese company to enter a U.S. criminal plea agreement for violations of U.S. laws targeting China that conflict with China’s Anti-Foreign Sanctions Law.
DOJ and BIS Use a ‘Stick’ to Emphasize the Benefits of Voluntary Self-Disclosures
Both BIS and DOJ used the Cadence resolution to emphasize the role of voluntary self-disclosures in their respective enforcement policies. Both DOJ and BIS have policies intended to encourage companies to voluntary self-disclosure legal violations. Under the National Security Division’s Enforcement Policy for Business Organizations, the National Security Division of DOJ assures companies that if they (1) meet the criteria to qualify as a voluntary self-disclosure, (2) fully cooperate, and (3) timely and appropriately remediate, then, absent aggravating factors (as defined in the policy), DOJ generally will not seek a guilty plea, and there is a presumption that the company will receive a non-prosecution agreement and will not pay a fine. BIS similarly encourages companies to submit a voluntary self-disclosure if they believe they may have violated the EAR, or any order, license, or authorization issued thereunder. BIS considers a voluntary self-disclosure to be a strong mitigating factor in the agency’s determination of administrative penalties and also considers a company's deliberate decision not to disclose significant apparent violations to be an aggravating factor in that determination.
Here, both DOJ and BIS highlighted Cadence’s failure to make a voluntary self-disclosure as a basis for the significant penalties and fines levied on Cadence. Likewise, if Cadence had voluntarily self-disclosed the conduct at issue to DOJ, it is unlikely that DOJ would have required Cadence to enter a guilty plea and suffer a criminal conviction. In other words, the Cadence resolutions show that both BIS and DOJ will use a “stick” on companies that do not qualify for a “carrot” under their respective voluntary self-disclosure policies.
Conclusion
Cadence’s joint resolutions with BIS and DOJ emphasize that export control violations will continue to be a key enforcement priority for the current administration and that violations that relate to China may result in particularly severe penalties. Accordingly, companies should continue to ensure that their export control compliance programs are properly tailored to their business operations and sufficiently resourced to avoid violations. That includes incorporating appropriate controls and oversight for subsidiaries (including those operating outside the United States), enhancing third-party diligence as needed to account for qualitative risk factors beyond list-based name screening, and consulting with local counsel to ensure the implementation of compliance measures is operationally workable in cases where there may be conflicts of law.
Also published in Law360 here.