Cadence Design Systems, Inc. (Cadence), a multinational electronic design automation technology company with headquarters in San Jose, California, has reached a parallel resolution with the DOJ and the U.S. Department of Commerce Bureau of Industry and Security (BIS) for unlawfully exporting semiconductor design tools to a restricted military university in China.
The company agreed to plead guilty to one count of conspiracy to commit export control violations and to pay $140 million in net criminal and civil penalties and forfeiture. Cadence entered a plea agreement (Plea) and criminal information (Information) in the Northern District of California (NDCal) with the DOJ, and a separate settlement agreement with BIS (BIS Settlement). The government’s pursuit of Cadence for the actions of its subsidiary, Cadence Design Systems Management (Shanghai) Co. Ltd. (Cadence China), located in the People’s Republic of China, might be considered by some to be an aggressive approach.
“With this plea, Cadence has admitted to unlawfully exporting its semiconductor design technology to a restricted PRC military university using a front company, and accepted responsibility for its wrongdoing,” Craig Missakian, U.S. Attorney for the NDCal, said in a press release announcing the settlement (Press Release).
The action “stands as a strong indicator that the administration, as it has said it would, is prioritizing criminal enforcement of national security-related offenses,” Joshua Drew, a member at Miller & Chevalier, told the Anti-Corruption Report.
“At the same time, the administration is willing to offer significant carrots to the semiconductor industry in terms of licensable sales and potential revenue sharing, [but] those carrots are not a ‘free pass,’” Michael Huneke, told the Anti-Corruption Report while a partner at Hughes Hubbard. “There is a stick to U.S. export controls enforcement that BIS is brandishing in parallel to those incentives,” he said.
See “Dual Resolutions Demonstrate Full Spectrum of Sanctions-Related Enforcement Against Investment Firms” (Aug. 27, 2025).
Failing to Monitor a Chinese Subsidiary
The DOJ accused Cadence of criminally violating export controls by selling electronic design automation hardware to the National University of Defense Technology (NUDT), which is based in China and is under the leadership of that country’s Central Military Commission. The university had been added to the U.S. Department of Commerce’s Entity List in February 2015 because it had used components of U.S. origin to make supercomputers that purportedly support nuclear explosive simulation and military simulation activities in China. Cadence and its subsidiary caused exports to Central South CAD Center (CSCC) “despite knowledge” that the center was an alias for the National University of Defense Technology and that the university was on the entity list, according to the statement of facts attached to the Plea (SOF).
The SOF further reveals that some Cadence China employees concealed that CSCC was an alias for the NUDT. At least one employee instructed others to refer to their customer as CSCC in English and NUDT only in Chinese characters.
At the time of these various activities, Cadence had employed one export control officer who was responsible for the company’s export control compliance program, according to the SOF. Some employees earned sales commissions that incentivized achieving sales quotas.
In addition, Cadence had approved the assignment of its contracts with CSCC to Phytium Technology (Phytium), another company in China, despite having knowledge that Export Administration Regulations (EAR) had been violated and that CSCC and Phytium “were effectively the same entity,” the SOF says.
BIS alleged in its proposed charging letter (Charging Letter) included in the BIS Settlement that Cadence had committed 61 violations of the EAR. Cadence’s China subsidiary purportedly had violated the regulations repeatedly by selling or loaning items subject to the regulations to the CSCC, without any required license or other authorization from BIS, according to the Charging Letter.
A Due Diligence Failure
Cadence China had “reason to know, or awareness of circumstances that should have prompted further due diligence,” that the CSCC was an alias of the NUDT, the Charging Letter alleges. Later, Cadence transferred CSCC’s software and technology to Phytium despite the awareness of some employees that the two were linked.
“From the public facts, there is a suggestion that there was a focus on form over substance,” Huneke observed. For example, the Charging Letter refers to an unnamed “Vice President and Deputy General Counsel” who noted in an email to employees about the points of contact at Phytium that “of course the email addresses should all be @phytium.com.cn corporate addresses.”
Not Quite Actual Knowledge?
The verbiage in both the BIS Settlement and Plea regarding Cadence’s knowledge of inappropriate goings-on is noteworthy. “By far, the most important takeaway” from Cadence’s resolutions “is the repeated emphasis by BIS throughout the settlement agreement about which facts Cadence had ‘reason to know, including an awareness of a high probability,’” Huneke said.
As explained by BIS in the Charging Letter,
Pursuant to Section 772.1 of the EAR, “knowledge of a circumstance (the term may be a variant, such as “know,” “reason to know,” or “reason to believe”) includes not only positive knowledge that the circumstance exists or is substantially certain to occur, but also an awareness of a high probability of its existence or future occurrence.” 15 C.F.R. § 772.1. This awareness may be inferred from evidence of a person’s conscious disregard of known facts or a person’s willful avoidance of facts.
“This is the most significant enforcement action to date in which BIS has emphasized the ‘full’ definition of knowledge, to include less than ‘actual’ knowledge,” Huneke noted. “This ‘high probability’ standard is the same as the knowledge standard under the FCPA’s third-party payments provision, which in my view was the driver of the FCPA enforcement era from 2004 to present,” he explained.
“The U.S. government has been saying for some time that sanctions and export controls are the ‘new FCPA,’” Huneke said. “This is not just rhetoric now that BIS is leveraging the same ‘high probability’ standard in export controls enforcement that drives FCPA enforcement,” he continued.
See “DOJ Is Evolving Its Focus and Encourages Companies to Join” (May 11, 2022).
Earning Credit Under the Corporate Enforcement Policy
In the Plea, Cadence pled guilty to one count of conspiracy to commit export control violations.
A Parent-Level Guilty Plea
Requiring Cadence to plead guilty to conspiracy based on the actions of subsidiary Cadence China is unusual. The DOJ “took an aggressive approach, requiring a parent-level guilty plea for an indirectly owned foreign subsidiary, under an agency theory of liability,” Drew observed.
The parent-level guilty plea, rather than one from its subsidiary, “is likely an application by DOJ of the ‘common knowledge doctrine,’ which allows U.S. prosecutors to attribute to the corporate parent the collective knowledge of company employees, even at subsidiaries,” Huneke said. “This is not limited to what the legal or compliance teams knew, but includes any employees – sales, logistics, customer service, finance, etc.,” he continued.
That Cadence, rather than Cadence China, pled guilty “is yet another example of how, in white-collar corporate enforcement, U.S. agencies ignore corporate formalities that might otherwise be relevant from a tax or civil liability perspective,” Huneke explained.
This is a notable contrast to guidance issued by Deputy AG Todd Blanche for enforcement of the FCPA which directs prosecutors to “not attribute nonspecific malfeasance to corporate structures….”
See “The Blanche Memo’s Take on Corporate Responsibility: Individuals Versus Corporations” (Sep. 10, 2025).
No Voluntary Self-Disclosure, But (Partial) Cooperation
Cadence did not receive voluntary disclosure credit pursuant to the NSD Enforcement Policy for Business Organizations (NSDEP) or the federal Sentencing Guidelines because it did “not voluntarily and timely self-disclose” to NSD, according to the relevant considerations accompanying the Plea (Relevant Considerations).
Cadence did receive some cooperation credit for providing documents; facilitating interviews with current and former employees, including a foreign-based employee who was made available for an interview in the United States; providing presentations based on its internal investigation; and agreeing to toll applicable statutes of limitation.
However, Cadence did not earn full cooperation credit “because it failed to proactively obtain certain communications by employees and to proactively facilitate interviews of certain China-based employees,” according to the Relevant Considerations.
The impact of Cadence’s failure to self-disclose or to cooperate fully on the resolution “is hard to say,” according to Huneke. In the Plea, “the failure to cooperate seems to turn on making data and persons from China available to DOJ,” he noted. “Doing so is no small matter, given Chinese laws prohibiting cooperation – absent prior approval from the Chinese Ministry of Commerce – with U.S. government audits.”
See “Navigating Recent Changes to China’s Data Privacy Laws in Internal Investigations” (Jun. 5, 2024).
Remediation
Cadence implemented and agreed to continue to implement a compliance program for preventing and detecting violations of U.S. export control and sanctions laws as part of the Plea. The company “has implemented a strong export compliance program to help prevent any further illegal transmission of American technology,” Assistant AG for National Security John Eisenberg said in the Press Release.
The company received remediation credit for hiring export control compliance personnel, expanding and improving its export control compliance program, formalizing its training program, and implementing enhanced export control compliance screenings of its databases and customers for the term of the plea agreement on remediation and implementation of compliance measures.
It also managed to avoid a monitor, “consistent with DOJ’s preference for self-directed compliance enhancements,” Drew said. In May 2025, Assistant AG Matt Galeotti issued a memo to all Criminal Division personnel about the Selection of Monitors.
See “Assessing the Criminal Division’s 2025 Take on Compliance Monitors” (Jul. 2, 2025).
Credit for Its Efforts
According to the Plea, Cadence is to pay a criminal fine of about $72 million, which reflects a discount for Cadence’s cooperation and remediation from the maximum possible fine of more than $90 million. The company will receive a credit of $24 million for the amount paid as part of the BIS Settlement. Cadence also agreed to a $45‑million forfeiture.
Cadence will be placed on organizational probation for three years, with an extension of up to one year if it violates the Plea. It is also obligated to cooperate fully in matters related to the conduct addressed in the agreement and other conduct under investigation by the DOJ National Security Division (NSD) Counterintelligence and Export Control Section (CES), the NDCal, and domestic or foreign law enforcement or regulatory authorities and agencies.
However, the Plea notes that Cadence’s cooperation is subject to local laws, but it must provide a log of any information or cooperation that is not provided based on “an assertion of law, regulation, or privilege.”
Cadence’s criminal resolution sheds light on how DOJ’s National Security Division interprets NSDEP, which was revised in 2024, Drew noted. This is the first settlement since the NSDEP was revised and the DOJ “appears to have taken a tough stance on corporate cooperation, including requiring proactive production of documents from China,” he said.
See “Do the 2025 Changes to the DOJ’s CEP and Whistleblowing Programs Encourage Companies to Self-Report?” (Jul. 16, 2025).
The Civil Settlement with BIS
The BIS Settlement requires Cadence to pay a civil administrative penalty of approximately $95 million for allegedly committing 61 violations of the EAR. “Companies that violate export laws and compromise national security should face strong penalties that deter future wrongdoing,” BIS Under Secretary of Commerce for Industry and Security Jeffrey Kessler said in the press release.
Mirroring DOJ, BIS took an aggressive approach as well by “imposing an administrative penalty that appears to be close to the statutory maximum of twice the value of the hardware, software and technology sold in violation of the EAR,” Collmann Griffin, counsel at Miller & Chevalier, told the Anti-Corruption Report.
“Notably, BIS’ enforcement action focused on Electronic Design Automation (EDA) hardware and software, as well as semiconductor design technology, that is not strictly controlled (i.e., 900 series and EAR99 items) and can be exported to most destinations in the world, including China, without a license,” explained Griffin, who was also a Senior Advisor for Export Administration at BIS until earlier this year.
BIS’ allegations “were based on violations of its controls on certain ‘end users’ of hardware, software or technology,” in this case NUDT, which was added to the BIS Entity List in 2015 “in connection with the production of supercomputers believed to be used in nuclear explosive activities,” Griffin explained.
In the BIS Settlement, Cadence admitted to selling certain products to CSCC, which was known to be an alias of NUDT, “highlighting the risks associated with sales to companies known to be associated with listed or sanctioned entities,” Griffin said.
Pursuant to the BIS Settlement, Cadence is to conduct two internal audits of its export controls compliance program and submit the results of the audits to BIS. Compliance with the terms of the BIS Settlement Agreement is a condition to the “granting, restoration, or continuing validity of any export license, license exception, permission, or privilege granted, or to be granted” to Cadence.
Whether any aspects of the settlement, either with the DOJ or BIS, could be deemed a win “is hard to say because we often do not know what else was potentially on the table or what further charges were avoided through pre-resolution cooperation beyond the facts on which the Plea and the BIS settlement were based,” Huneke observed.
See “How Companies Doing Business in China Should Adjust to the New FCPA Enforcement Landscape” (May 7, 2025).
Takeaways
Cadence’s settlement offers a warning to companies about updating their risk assessments and export controls programs, particularly with regard to subsidiaries.
Updating Risk Assessments
“This case is less about the wayward subsidiary and more about what U.S. parent entities need to do to recalibrate their assessment of enforcement risk going forward,” Huneke suggested. “Specifically, companies should enhance legacy assessments of export controls risk and compliance procedures by designing and implementing a ‘high probability’ protocol to determine whether those legacy controls are fit-for-purpose as BIS focuses more and more on not only about which companies have ‘actual knowledge’ but on where companies might have ‘an awareness of a high probability’ of export controls violations,” he continued.
This is critical for the provisions of the EAR that turn on “knowledge,” such as General Prohibition 10, various end-use and end-user catch-all provisions, and the various “inchoate” provisions contained in 15 CFR 764.2, which covers conspiracy, aiding, and abetting as well as “acting with knowledge” of a violation, Huneke cautioned.
Strengthening Export Controls Programs
Export controls programs might be strengthened to avoid the problems experienced by Cadence.
“Export control programs need to look beyond the technical details of item-based license requirements – which they still have to be mindful of – and adopt a new, ‘high probability’ mindset to best anticipate where BIS is heading in terms of export controls enforcement,” Huneke suggested. “This is particularly the case for any companies granted allowances by the U.S. government for otherwise-restricted sales subject to a license requirement,” he continued.
“The ‘ultimate consignees’ and end users on those license applications are going to be closely scrutinized because the administration is not going to want to be embarrassed by the next round of media reports about alleged smuggling,” Huneke predicted.
Know Your Customers
As a result, companies might want to spend more time determining whether an organization is an alias or a front company for an entity on the EAR Entity List, applying know-your-customer (KYC) techniques from the world of FCPA, anti-money laundering and sanctions compliance to their export controls programs, as well.
“Assessing the potential risk that a purchaser is really a front company needs to go beyond legacy KYC screening and be part of a protocol to assess risks both holistically and dynamically,” Huneke said. Risk assessments “need to be holistic in the sense of looking, after doing some risk-based triage, at potentially high-risk purchasers’ overall business situation (e.g., date of incorporation, ownership, ties to arms-embargoed countries, whether purported end users exist or make sense) and dynamic in the sense of how trade flows to those high-risk purchasers have changed over time, particularly around increased export controls (e.g., whether a purchaser was established right around a change in export control laws, by whom, and whether sales through a purchaser to common diversion hubs spiked),” he added.
See “Five Ways to Use Existing Resources to Meet Sanctions and Export Control Compliance Needs” (Apr. 10, 2024).