On July 28, 2025, Cadence Design Systems, Inc. (“Cadence”), a leading U.S. provider of electronic design automation (“EDA”) software and semiconductor-design technology, reached a comprehensive resolution with the U.S. Department of Justice (“DOJ”)[1] and the Department of Commerce’s Bureau of Industry and Security (“BIS”)[2] regarding the unlawful export of EDA hardware, software and semiconductor-design intellectual property technology to the National University of Defense Technology (“NUDT”)—a PRC Military university on the Entity List—in violation of U.S. export control laws.[3] The resolution addressed parallel criminal and civil enforcement actions and included, among other things, a guilty plea by Cadence to a charge of conspiracy to commit export control violations and the payment of monetary penalties totaling more than $140 million.[4]
The resolutions centered on Cadence’s sales, through its Chinese subsidiary,[5] of EDA hardware, software and semiconductor-design technology to Chinese entities linked to the Chinese military without the required U.S. export licenses. Consistent with DOJ’s ongoing focus on corporate national security enforcement, particularly related to sensitive technologies, the Assistant Attorney General for DOJ’s National Security Division (“NSD”) announced the resolution of the criminal case by explaining that “American ingenuity is one of our Nation’s most precious assets” and that NSD would “vigorously enforce U.S. export control laws to protect the technological advantage we enjoy because of that ingenuity.”[6]
Key Takeaways
- Heightened Enforcement and Significant Penalties for Export Control Violations: The Cadence case demonstrates the U.S. government’s aggressive approach to enforcing export controls on sensitive technologies, particularly those involving China and the semiconductor industry.
- Critical Importance of Robust Compliance and Voluntary Self-Disclosure: Companies in high-risk sectors should maintain strong export control compliance programs, conduct thorough due diligence, and respond promptly to regulatory changes and government notifications. Cooperation and remediation can reduce penalties, but failure to voluntarily self-disclose violations—especially when willful misconduct or aggravating factors are present—can still lead to substantial penalties and criminal charges.
- Ongoing Compliance Obligations and Regulatory Oversight: Resolutions in export control cases often include long-term compliance requirements, such as probation, annual reporting and internal audits. The Cadence resolutions underscore the expectation that companies not only address past violations but also maintain effective compliance programs and proactively engage with regulators to prevent violations.
- Dynamic and Evolving Regulatory Landscape: Although not directly at issue in the Cadence case, the use and subsequent rescission of broad licensing requirements for EDA software exports to China highlight the rapidly changing nature of U.S. export controls. Companies should continuously monitor regulatory developments and adapt their compliance practices to remain in line with evolving government expectations.
DOJ Criminal Charges and Plea Agreement
Cadence’s plea agreement resolved criminal charges brought by NSD’s Counterintelligence and Export Control Section and the United States Attorney’s Office for the Northern District of California for conspiracy to violate U.S. export control laws, specifically the Export Control Reform Act, the International Emergency Economic Powers Act and the Export Administration Regulations (“EAR”).
According to the DOJ, from 2015 to 2021, Cadence, through its Chinese subsidiary, engaged in a scheme to circumvent U.S. export controls by exporting EDA hardware, software and semiconductor-design technology without the required BIS licenses to Central South CAD Center (“CSCC”)—an alias for NUDT, which was added to the Entity List “in February 2015 due to its use of U.S.-origin components to produce supercomputers believed to support nuclear explosive simulation and military simulation activities in the PRC.” The DOJ further alleged that Cadence transferred items previously exported to CSCC to Phytium, another Chinese semiconductor company linked to NUDT, in violation of General Prohibition Ten of the EAR.
The government alleged a detailed pattern of willful violations, including the use of aliases, direct communications with NUDT personnel and efforts to conceal the true end user of the exported items. Specifically, the filings provide that “employees of Cadence China did not disclose to and/or concealed from other Cadence personnel, including Cadence’s export compliance personnel, that exports to CSCC were in fact intended for delivery to NUDT and/or the PRC military.” For example, Cadence admitted that in May 2015, a few months after NUDT was added to the Entity List, Cadence’s then-head of sales in China cautioned colleagues to refer to their customer as CSCC in English and NUDT only in Chinese characters, writing that “the subject [was] too sensitive.” Furthermore, in October 2020, “Cadence consented to CSCC’s assignment to Phytium” and demonstrated that they understood that CSCC and Phytium were effectively the same entity both before and after the decision to transfer Candence China’s business from CSCC to Phytium until February 2021.
Cadence agreed to plead guilty to one count of conspiracy to commit export control violations and to pay a total criminal penalty of approximately $117 million, consisting of a criminal fine of $72 million and forfeiture of $45 million (the value of the unlawful exports). Notably, the plea was entered by Cadence itself (the parent company), rather than Cadence’s subsidiary in China, which was the direct subject of the DOJ’s detailed allegations. The plea agreement also imposes a five-year probation period, during which Cadence must cooperate with ongoing government investigations, implement and maintain a robust export compliance program and provide annual compliance reports to the DOJ. Cadence also must promptly report any evidence or allegations of further export control violations and to certify its compliance program’s effectiveness at the end of the three-year probationary term.
The DOJ credited Cadence for its cooperation and remediation efforts, but noted that the company did not receive full credit because of its failure to self-report the violations and certain deficiencies in its cooperations (such as not proactively obtaining all relevant communications or facilitating interviews with some Chinese-based employees).
BIS Civil Charges and Settlement Agreement
In parallel with the DOJ’s criminal resolution, BIS reached a settlement agreement with Cadence, in which Cadence admitted to 61 violations of the EAR and agreed to pay a civil penalty of approximately $95 million. The civil charges focused on Cadence’s Chinese subsidiary, which knowingly transferred sensitive U.S. technology to entities involved in developing supercomputers that support China’s military modernization and nuclear weapons programs. These actions led to 56 instances of unlicensed export violations, as well as violations of General Prohibition Ten of the EAR, which prohibits transferring items with knowledge that a prior violation has occurred. The conduct underlying the civil charges also included three instances in which parties on the Entity List were able to download software after their designation, due to system-level compliance gaps.
The civil settlement requires Cadence to conduct two internal audits of its export controls compliance program, with results submitted to BIS, and makes compliance with the settlement a condition for the granting or continuation of any export privileges.[7]
DOJ’s Enforcement Policy for Business Organizations
As we have discussed in a prior memorandum, the DOJ’s National Security Division maintains an Enforcement Policy for Business Organizations that encourages companies to voluntarily self-disclose willful violations of U.S. export control and sanctions, fully cooperate with investigations and timely remediate compliance deficiencies.[8] Companies that meet these criteria may be eligible for non-prosecution agreements and reduced penalties, absent aggravating factors such as egregious or pervasive misconduct, involvement of senior management, repeated violations or significant profit from the misconduct. The same basic principles underlying NSD’s Enforcement Policy for Business Organizations were reiterated in recent guidance for the Criminal Division, which provides that companies that fully cooperate, timely and appropriately remediate and have no aggravating circumstances will not be required to enter into a criminal resolution at all.[9]
The criminal resolution involving Cadence demonstrates the practical application of the Enforcement Policy for Business Organizations, which the DOJ specifically referenced in its press release.[10] Cadence benefited from reduced penalties because of its cooperation and remediation, but DOJ explained that Cadence’s failure to voluntarily self-disclose the conduct and the presence of aggravating factors—such as continued willful violations, use of aliases to conceal the true end user, and significant profit from the misconduct—limited the extent of those benefits. In addition, even with respect to cooperation, DOJ stated that Cadence received only “partial credit” because “it failed proactively to obtain and disclose to the government relevant communications, and it failed proactively to facilitate interviews of certain China-based employees with information relevant to the offense conduct.”
This case underscores the benefit of prompt self-disclosure, cooperation and remediation in mitigating penalties for export control violations. It also illustrates the application of the DOJ’s warning that, even with cooperation and remediation, the involvement of serious misconduct “could result in a more stringent resolution for an organization.”
BIS Guidance to the Industry[11]
Separate from the Cadence resolutions, it is important to note that BIS has recently taken steps that reflect a heightened regulatory environment for companies operating in sensitive technology sectors. BIS uses tools such as “is informed” letters,[12] “red flag” letters and Project Guardian requests to alert companies to diversion risks and potential violations. These notifications require companies to conduct enhanced due diligence and, in some cases, seek BIS authorization before proceeding with transactions. Non-compliance with such notifications can be treated as an aggravating factor in enforcement actions.
A recent example of this heightened scrutiny occurred in May 2025, when BIS issued “is informed” letters to major EDA companies, temporarily imposing broad licensing requirements for certain EDA software and technology exports to China. Although these requirements were rescinded in July 2025, the episode underscores how quickly the regulatory landscape can shift and the need for companies to maintain robust compliance programs and closely monitor regulatory developments.
Conclusion
The Cadence case demonstrates the U.S. government’s willingness to pursue both criminal and civil remedies for export control violations involving sensitive technologies and high-risk jurisdictions. The Cadence settlement also highlights that prompt remediation, cooperation with authorities and voluntary self-disclosure can serve to mitigate penalties in some instances. More broadly, the use of “is informed” letters coupled with rapid changes in licensing requirements highlight the need for ongoing monitoring of export control developments and proactive engagement with regulators.
* * *
[1] United States v. Cadence Design Systems, Inc., No. CR 25-00217-EJD (N.D. Cal. July 2025) (Plea Agreement).
[2] Order Relating to Cadence Design Systems, Inc., Bureau of Industry and Security, U.S. Dep’t of Commerce (July 2025)(BIS Settlement Agreement).
[3] Office of Public Affairs, U.S. Dep’t of Justice, Press Release, Cadence Design Systems Agrees to Plead Guilty and Pay Over $140 Million for Unlawfully Exporting Semiconductor Design Tools to a Restricted PRC Military University (July 28, 2025) (“DOJ Press Release”) , available here.
[4] United States v. Cadence Design Systems, Inc., No. 5:25-cr-00217-EJD (N.D. Cal. July 2025) (Indictment).
[5] Cadence Design Systems Management (Shanghai) Co., Ltd. (“Cadence China”) was a subsidiary of Cadence located in the People’s Republic of China (“PRC”) through which Cadence sold products and services to customers in the PRC. Cadence China was indirectly owned and wholly controlled by Cadence. Id. at 1-2.
[6] See DOJ Press Release ; we previously addressed DOJ’s Corporate and White Collar Enforcement Priorities. See Paul, Weiss, DOJ Announces New Corporate and White-Collar Enforcement Policies and Priorities (May 14, 2025), available here.
[7] The $140 million represents the total amount of both criminal and civil penalties, broken down as follows: Criminal penalties: Approximately $92 million, calculated as $117 million (comprising roughly $72 million in penalties and about $45 million in forfeitures), less approximately $25 million in credits for cooperation and remediation; Civil penalties: Approximately $48 million, calculated as $95 million, less about $47 million credited once the DOJ criminal payments are made in full. See also Paul, Weiss, DOJ Issues New Guidance on Crediting Penalties in Coordinated Resolutions (June 16, 2025) available here.
[8] See Paul, Weiss, DOJ Announces New Corporate and White-Collar Enforcement Policies and Priorities (May 14, 2025) available here.
[9] NSD Enforcement Policy for Business Organizations, U.S. Dep’t of Justice, Nat’l Sec. Div. (Mar. 7, 2024), available here.
[10] “CES and NDCA entered into the plea agreement with Cadence after considering the factors set forth in the Department’s Principles of Federal Prosecution of Business Organizations and the National Security Division Enforcement Policy for Business Organizations (NSD Enforcement Policy).” DOJ Press Release.
[11] U.S. Dep’t of Commerce, Bureau of Indus. & Sec., Guidance to Industry on BIS Actions Identifying Transaction Parties of Diversion Risk (July 10, 2024), available here.
[12] “is informed” letters are used by BIS as a targeted notification that certain items are subject to export licensing requirements to specific destinations or entities. These letters are essentially an effort by BIS to put relevant exporters on notice that they cannot export their products to these destinations or counterparties without a BIS license. They outline specific items, entities or activities that require a license and detail the review process BIS will apply to license applications. BIS has specifically stated in guidance that “[f]rom an enforcement perspective, non-compliance with an “is informed letter” is treated the same as non-compliance with any other BIS license” and can be used as an aggravating factor in any subsequent enforcement action. See Id.
