On April 23, 2025, the U.S. Department of Justice (“DOJ”)’s National Security Division (“NSD”), in coordination with the U.S. Attorney’s Office for the Northern District of California, issued a declination to the Universities Space Research Association (“USRA”) for violations of U.S. export controls. The investigation stemmed from misconduct by a former USRA employee who pleaded guilty in January 2023 to unlawfully exporting certain software to China and misappropriating over $160,000 in licensing fees. DOJ declined to prosecute USRA, citing the organization’s timely and voluntary self-disclosure, proactive cooperation, and meaningful remediation efforts—each a core element of the NSD’s Enforcement Policy for Business Organizations.

The violations involved the export of flight control software subject to the Export Administration Regulations (“EAR”) to Beihang University, an institution on the Entity List maintained by the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”). The software was intended for the development of military rocket systems and, consequently, the export was subject to BIS’s licensing requirements. DOJ emphasized that the former employee sought to obscure the transaction by routing the software through an intermediary—another example of DOJ’s increased scrutiny of indirect or concealed dealings with restricted foreign parties. Although the software was classified as EAR99, which means that its export to most destinations and end users was permitted, DOJ’s action shows that even such lower-risk items are national security priorities when exported to China or other jurisdictions deemed by the United States to be countries of concern.

DOJ credited USRA for several key remediation actions, including prompt internal reporting, within days of the employee’s admission and three months after retaining counsel. USRA also took steps preserve records, discipline the employee’s supervisor, and make enhancements to its compliance program. These efforts were central to DOJ’s declination decision and reaffirm that DOJ expects appropriate compliance frameworks, even from nonprofit institutions.

This marks only the second time NSD has issued a declination under its Enforcement Policy. The first was in 2024, when MilliporeSigma received a declination following its self-disclosure of export violations involving the diversion of pharmaceutical products to China. In that case, the company reported the misconduct to NSD within a week of detection, prior to completing its internal investigation, and cooperated fully with authorities.

Both the USRA and MilliporeSigma resolutions rewarded very swift self-disclosures to DOJ. In each case, the company preserved evidence, cooperated extensively, and implemented meaningful remedial measures, including personnel accountability and compliance enhancements. Notably, MilliporeSigma is a multinational corporation whereas USRA is a nonprofit research institution, underscoring that DOJ will hold organizations to the same core expectations regardless of size or sector. These cases also highlight DOJ’s focus on China-related transactions, even as it reallocates resources toward cartel and transnational criminal enforcement.

The USRA case reflects the increasing enforcement risks facing academic and nonprofit institutions, particularly those engaged in sensitive sectors such as aerospace, AI systems development and government-funded research with potential dual-use applications. Although many of these organizations appreciate their export controls obligations and have adopted export compliance programs, they may not have typically viewed themselves as likely targets of national security enforcement. Yet their international business arrangements—especially those involving China-linked or sanctioned entities—are subject to increasing scrutiny. DOJ has made clear that nonprofit and research institutions are not exempt from compliance obligations, particularly when restricted technologies, concealed end users, or indirect routing are involved.

In light of DOJ’s evolving priorities, organizations that handle controlled technologies or receive federal research funding to develop such technologies should reassess their export compliance programs, particularly if they have not done so recently. That includes reviewing export classification procedures, strengthening due diligence on foreign collaborations, and enhancing internal monitoring and reporting mechanisms.

Organizations that become aware of a potential export control or sanctions violation should engage legal counsel early to preserve legal privilege, assess the seriousness of the alleged conduct and determine whether a voluntary self-disclosure may be warranted. Experienced counsel also can help institutions mitigate enforcement risks, navigate interactions with regulators and implement remediation measures consistent with DOJ’s expectations under the NSD Enforcement Policy. By taking proactive steps to strengthen compliance and respond swiftly to potential violations, businesses and organizations can not only reduce legal and reputational exposure but also position themselves to benefit from DOJ’s declination in the event of future enforcement scrutiny.

This publication is for general information purposes only. It is not intended to provide, nor is it to be used as, a substitute for legal advice. In some jurisdictions it may be considered attorney advertising.