Joint Criminal and Civil Export Controls Enforcement: Lessons from the Cadence Case

On July 28, 2025, Cadence Design Systems Inc. (“Cadence” or “the Company”), a global electronic design automation (“EDA”) technology company based in San Jose, California, agreed to plead guilty in a settlement with the U.S. Department of Justice’s National Security Division (“NSD”) and the U.S. Attorney’s Office for the Northern District of California. Through its guilty plea, Cadence agreed to resolve charges that it committed criminal violations of export controls by selling EDA hardware, software, and semiconductor design intellectual property (“IP”) technology to the National University of Defense Technology (“NUDT”), a Chinese military university on the U.S. Entity List since 2015 due to its involvement in military and nuclear simulation activities. In addition, Cadence simultaneously resolved a civil enforcement action brought by the U.S. Department of Commerce, Bureau of Industry and Security (“BIS”) related to the same underlying conduct.

Cadence agreed to pay criminal penalties totaling nearly $118 million and civil penalties of $95 million, though DOJ and BIS coordinated their resolutions to bring Cadence’s aggregate net penalties and forfeiture to more than $140 million. Additionally, as part of the BIS settlement, Cadence must complete two internal audits of its export controls compliance program, including those related to its Chinese subsidiary involved in many of these violations.

Cadence’s Underlying Export Control Violations

According to the plea agreement and agreed Statement of Facts with DOJ, individuals at Cadence’s wholly-owned China subsidiary, Cadence Design Systems Management (Shanghai) Co., Ltd. (“Cadence China”), knew that BIS had designated NUDT to the Entity List, but continued to use a third party, Central South CAD Center (“CSCC”), to make indirect sales of semiconductor design tools to NUDT, including to NUDT’s Changsha campus, a Chinese military facility, between 2015 and 2021.

Though Cadence ultimately terminated Cadence China’s business relationship with CSCC in 2020, the Company assigned its contracts with CSCC to another third party, Phytium Technology Co. Ltd. (“Phytium”), a semiconductor company that the Company knew was closely associated with CSCC and NUDT, resulting in a transfer of software and technology to Phytium. The Company did this notwithstanding the Company’s knowledge that prior sales and exports of items through CSCC had been exported or reexported to NUDT in violation of the Export Administration Regulations (“EAR”). This transfer itself is a violation of General Prohibition 10 (i.e., it is prohibited to undertake a transaction including an item subject to the EAR with knowledge that the item has been or will be exported, reexported, or transferred in violation of the EAR). As a result, Cadence and Cadence China exported or caused 56 unlawful exports of EDA tools.

During this same period, Cadence also allowed the download of certain of its software by three other parties on the Entity List (one in Russia, and two in China).

Certain now-former employees of Cadence China did not disclose or concealed from other Cadence personnel, including Cadence export controls compliance, that the exports to CSCC were intended for delivery to NUDT.

Reason to Know of the Ties Between CSCC and NUDT

The BIS settlement describes a set of facts illustrating that Cadence had a “reason to know” or had an “awareness of circumstances that should have prompted further due diligence” to determine whether CSCC was an alias for NUDT. Those facts included:

• Cadence China’s sales and technical personnel dealt with CSCC personnel associated with NUDT, prior to and after NUDT’s inclusion on the Entity List;
• Certain Cadence China personnel sometimes used the acronym “CSCC” together with the Chinese characters for NUDT in correspondence, indicating a link between the two;
• Cadence China continued to use training invitations referencing NUDT, to and on behalf of CSCC personnel;
• Cadence China’s sales teams directed CSCC sales account documents to NUDT employees, with NUDT email addresses;
• Cadence China’s strategies for its working relationship with CSCC included “[d]eeply understand[ing]” CSCC’s project details and technical requirements;
• Cadence China’s technical personnel installed and repaired items at NUDT, and engaged in site visits to NUDT, with one technician describing the site as a “military based campus”;
• One Cadence employee considered CSCC and Phytium “the same customer”;
• A Cadence China employee discussed removing certain CSCC contacts from its database and replacing them with Phytium contacts;
• CSCC’s poor credit performance warranted Cadence conducting a deeper review. Eventually Cadence requested a Letter of Assurance from CSCC to confirm there was no prohibited end-use or end-user involved in the transactions with CSCC, though this was not for a number of years.

For these reasons, BIS explained that 56 of the 61 proscribed transactions violated 15 C.F.R. § 764.2(e) (“acting with knowledge of a violation”), as opposed to the more commonly cited Section 764.2(a) (“engaging in prohibited conduct”), which BIS only mentioned for four of the 61 transactions.

Notably, BIS cited Section 764.2(c) (“no person may solicit or attempt a violation of ECRA, the EAR, or any order, license, or authorization issued thereafter”) as the basis for one of the violations, claiming that Cadence attempted to transfer EDA hardware to Phytium with reason to know the hardware had already been exported in violation of the EAR (i.e., it constituted a violation of General Prohibition 10).

DOJ and BIS Penalty Considerations

Though Cadence did not voluntarily self-disclose the conduct to DOJ, DOJ awarded partial cooperation credit to the Company under the NSD Enforcement Policy for Business Organizations for the following actions:

• Gathering and providing evidence of interest and proactively identifying key documents in the voluminous materials collected and produced by Cadence related to willful EAR related misconduct (even when those documents and information were not favorable to the Company);
• Facilitating interviews with current and former employees, including voluntarily making a foreign-based employee available for interview in the United States;
• Making detailed factual presentations concerning the EAR-related misconduct, based on its own internal investigation; and
• Agreeing to toll applicable statutes of limitations.

The Company did not receive full credit for its cooperation with the DOJ because the Company “failed to proactively obtain certain communications by employees and to proactively facilitate interviews of certain China-based employees that would have been relevant to the EAR violations.”

Cadence also received credit for its remedial actions, including

• Hiring additional experienced export control compliance personnel;
• Expanding and improving its export control compliance program;
• Formalizing its export control compliance training program; and
• Implementing enhanced export control compliance screenings of its databases and customers.

DOJ and BIS’ Continued Focus on Export Control Compliance and High Expectations for Cooperation

The settlement marks DOJ’s continued scrutiny of companies’ failure to comply with sanctions and export controls as a threat to national security, particularly in the context of critical technology such as semiconductors and countries of national security concern such as China.

Companies operating in these technology or adjacent spaces should assess their current export control compliance programs, ensure robust oversight and appropriate export controls training for foreign subsidiaries and affiliates, and establish clear procedures for circumstances where an export control violation is identified, including consideration of whether to voluntarily self-disclose violations to BIS and DOJ. NSD has made clear that prompt self-disclosure to the agency of potential willful violations can result in tangible benefits for corporations, such as declinations.

In addition, despite best intentions, Chinese companies may still face conflicts between Chinese law (enforced by civil, administrative, and criminal penalties) and U.S. disclosure requirements (risking sanctions due to failure to cooperate, and loss of credibility and eligibility for cooperation credit). U.S. enforcement agencies typically react unfavorably to claimed difficulties by companies in providing to the government information located in China, such as from the company’s offices or its subsidiaries in China.

The U.S. Department of Justice, for example, expects from companies full disclosure of relevant information no matter where kept, will ask probing questions about failures to produce information based on assertions that it would violate foreign law, and weighs companies’ efforts and success in surmounting such barriers in assessing credibility and cooperation credit. As a result, conducting investigations and discovery in China and jurisdictions with similar secrecy laws increasingly demands specialized expertise and careful planning, as pressures on companies doing business with and in China continue to mount.

Crowell and Moring can assist businesses in reviewing, strengthening, and updating sanctions and export control compliance programs for clients and their subsidiaries, and is available to provide guidance and cross-border investigation assistance related to any potential violations.