U.S. Export Control Case Shows How Huawei Still Reached Restricted Technology Through Global Corporate Channels
The Justice Department’s resolution with Robert Bosch GmbH should be read by Americans as a warning about one of the most serious weaknesses in the fight to protect U.S. technology from China: blacklisting a Chinese tech giant is only the beginning. Enforcement must reach across subsidiaries, foreign-made products, U.S.-origin software, global supply chains, and corporate compliance systems. Otherwise, companies like Huawei can still benefit from technology restricted under U.S. rules through multinational firms and overseas business channels.
This case is not simply about Bosch avoiding prosecution after voluntary disclosure. The deeper issue is that more than $70 million worth of foreign-produced Micro-Electro-Mechanical Systems sensor products and foreign-produced software were exported by Bosch subsidiaries to Huawei Technologies and its Entity List affiliates, including Huawei Tech. Investment Co. Ltd. Hong Kong, without the required license or authorization. Those products and software were subject to U.S. export rules because they were connected to the direct product of U.S. software or technology under the Entity List Foreign Direct Product Rule.
That matters because Huawei is not just another foreign customer. Huawei has long been treated by Washington as a major national-security concern because of its role in China’s technology ecosystem, telecommunications infrastructure, and strategic competition with the United States. When a company like Huawei is placed on the Entity List, the goal is to prevent U.S. technology from helping it advance capabilities that could strengthen Beijing’s power. But this case shows how difficult that goal becomes when sensitive items are produced outside the United States yet remain tied to U.S. technology.
The danger for Americans is clear. U.S. export controls can be undermined when global companies misunderstand, under-resource, or fail to enforce compliance obligations. According to the Justice Department, Bosch’s trade compliance personnel were ill-equipped to provide accurate guidance on the Foreign Direct Product Rule, leading to several years of violations. The investigation also found that sales continued despite missed opportunities where third-party companies flagged potential applications of the rule. That is not a minor paperwork problem. In a strategic technology contest with China, compliance failure can become a pipeline for U.S.-controlled technology to reach Beijing-linked giants.
The dollar amounts reinforce the seriousness of the case. Bosch subsidiaries exported more than $70 million in products and software to Huawei and made approximately $11.4 million in pre-tax profits from the transactions. Bosch agreed to disgorge those profits, and a portion will be credited toward a separate $36.18 million Commerce Department civil fine. Those numbers show that restricted technology flows can continue for years when companies fail to build export-control systems strong enough for today’s national-security environment.
The Huawei angle is especially important because China’s technology ambitions depend on exactly these kinds of channels. Beijing does not need every restricted item to move directly from a U.S. company to a Chinese headquarters. It can benefit when foreign subsidiaries, overseas affiliates, third-country intermediaries, Hong Kong entities, global suppliers, and complex production chains create openings. A rule can exist on paper, but if multinational companies fail to understand how U.S.-origin technology travels through foreign-made products and software, Chinese firms may still receive what restrictions were designed to block.
This is why Americans should not view export control as a narrow legal issue. It is a frontline national-security tool. Sensors, software, chips, design tools, components, and production equipment can all have strategic value. Micro-Electro-Mechanical Systems sensors, for example, can be used across consumer electronics, industrial systems, automotive platforms, communications equipment, and other advanced technologies. When such products reach a blacklisted Chinese technology firm, the risk is not limited to one sale. It can support broader Chinese capabilities in hardware integration, device performance, supply-chain resilience, and technology development.
The Justice Department’s declination also sends a second message: companies that discover violations should disclose quickly, cooperate fully, and fix the problem. Bosch avoided prosecution because it voluntarily self-disclosed, cooperated, remediated, added compliance resources, made organizational changes, imposed discipline, and agreed to give up profits from the transactions. That is important, but it should not distract from the central lesson. The best outcome is not merely cleaning up violations after the fact. The best outcome is preventing U.S.-controlled technology from reaching China’s blacklisted entities in the first place.
American companies and multinational suppliers should treat this case as a compliance alarm. If a company sells to Huawei, Huawei affiliates, Chinese technology firms, Hong Kong-linked entities, or customers connected to the Entity List, it must understand the Foreign Direct Product Rule and the full reach of U.S. export controls. It is no longer enough to ask whether a product was physically made in America. The real questions are whether U.S. software, U.S. technology, U.S. tools, U.S.-origin equipment, or covered production processes helped create the product or software.
The lesson is clear: China’s threat to the United States is not only visible in cyberattacks, AI competition, rare earth controls, Taiwan pressure, or military-linked companies. It also appears in enforcement gaps that allow restricted technology to move through global business networks to blacklisted Chinese firms. Huawei’s access to restricted items through multinational corporate channels shows why export controls must be treated as a living security system, not a one-time blacklist.
America should stay alert. Beijing’s technology giants will continue looking for ways around U.S. restrictions, and the weakest point may not be a Chinese company itself, but a foreign supplier, overseas subsidiary, mistaken legal interpretation, or undertrained compliance team. Protecting U.S. technology requires aggressive enforcement, corporate accountability, stronger compliance systems, and a clear understanding that China-linked entities can exploit every gap in the global supply chain. The Bosch case proves one thing: blacklisting Huawei is not enough if the world’s supply chains still give it another route in.
