News

The DOJ reaffirms NSD as gatekeeper for voluntary self‑disclosure of criminal national security violations and seeks to further incentivize disclosure

14 April 2026

Key takeaways

The Department of Justice’s (DOJ’s or Department’s) Department‑wide Corporate Enforcement Policy (CEP) applies to national security matters, and the DOJ’s National Security Division (NSD) remains the proper recipient for voluntary self‑disclosures (VSDs) involving potential criminal national security violations.

A good‑faith disclosure to one DOJ component will not disqualify a company from declination eligibility if the matter is later referred to another appropriate component.

As with prior NSD VSD guidance, disclosures made solely to civil or administrative regulators (e.g., Department of Treasury’s Office of Foreign Assets Control, Department of Commerce’s Bureau of Industry and Security, or Department of State’s Directorate of Defense Trade Controls) generally do not qualify for CEP credit.

Most notably, the DOJ’s guidance signals a shift from NSD’s prior presumption of non‑prosecution agreements (NPA) toward a presumption of declination for companies that voluntarily disclose, cooperate, and remediate – absent aggravating circumstances. In other words, the Department appears to have changed its prior position that export control and sanctions violations are necessarily aggravated offenses, thus creating greater incentive for companies to submit VSDs.

The DOJ's March 30, 2026 guidance clarifies where and how companies must self‑disclose national security violations to preserve eligibility for declination under the new CEP.

On March 30, the DOJ's NSD issued a press release clarifying how, and under what circumstances, companies should make VSDs involving potential criminal violations of U.S. national security laws – including export controls and sanctions – under the DOJ's newly adopted Department‑wide CEP.

The NSD's announcement follows the DOJ's March 10, 2026, rollout of its first‑ever Department‑wide CEP for criminal matters (discussed in a previous alert), which seeks to promote consistency and predictability in corporate enforcement and to incentivize voluntary self‑disclosure, cooperation, and remediation.

NSD clarified as the proper intake authority

In its March 30 press release, the NSD emphasized that, under the Justice Manual, it is responsible for enforcing criminal laws affecting national security. Companies are therefore encouraged to direct VSDs to the NSD for potential criminal violations arising under key national security statutes, including the Arms Export Control Act, Export Control Reform Act, and International Emergency Economic Powers Act. The Assistant Attorney General for the NSD is also responsible for the enforcement of criminal offenses arising out of national security violations, such as conspiracy, perjury, and false statements.

The press release also notes that business conduct may implicate other national security laws handled by the NSD, including laws prohibiting material support to or financing of foreign terrorist organizations, as well as criminal violations connected to reviews by the Committee on Foreign Investment in the U.S. and the Committee for the Assessment of Foreign Participation in the U.S. Telecommunications Services Sector. Consequently, the NSD would be the appropriate division to receive any disclosures related to those laws.

National security violations no longer presumed “aggravated”

One open question under the Department‑wide CEP was whether national security offenses would be treated as “aggravating circumstances” that automatically disqualify companies from eligibility for declinations. The NSD's press release suggests they will not. Under the NSD's 2024 Enforcement Policy for Business Organizations (and previous NSD corporate enforcement policies), even when companies made timely disclosures, cooperated fully, and remediated, the expected outcome was an NPA rather than a declination. This reflected a long‑standing view that national security violations were inherently too serious to warrant full declination treatment. In recent years, however, the NSD has issued declinations in circumstances involving criminal violations by rogue employees, signaling a willingness to make more individualized assessments of corporate culpability and compliance.

For example, in April 2025, the DOJ declined to prosecute Universities Space Research Association (USRA) for a willful violation of the Export Administration Regulations by one of its employees, who pleaded guilty to the violation, after USRA voluntarily self-disclosed the conduct, fully cooperated with the NSD's investigation, and remediated the root cause of the misconduct. Similarly, in May 2024, the DOJ declined to prosecute MilliporeSigma following the company's voluntary disclosure that one of its employees had diverted biochemical products to an unauthorized purchaser in China.

Against that backdrop, the NSD's latest guidance confirming the extension of the Department-wide CEP to national security matters appears to move away from the view that export control and sanctions violations are, by their nature, aggravating. If borne out in practice, that shift strengthens the incentive for companies to self‑disclose potential national security violations under the new CEP.

Practical implications

The DOJ's announcement underscores the central role NSD plays in criminal enforcement of national security‑related laws and clarifies when companies should submit voluntary self‑disclosures to obtain credit under the Department‑wide CEP. Companies with potential exposure under export control, sanctions, or other national security laws should consult counsel to ensure that internal escalation and investigation processes are aligned with the DOJ's clarified expectations.

Authored by Elizabeth Cannon, Evans Rice, Anthony Capobianco, Aleksander Dukic, Ajay Kuntamukkala, Beth Peters, Stephen Propst, Alexandra Bailey, Anne Fisher, and Jesse Suh.