Dear Clients and Friends,
We are pleased to share highlights of key regulatory updates, proposed legislation, and enforcement events pertaining to international trade regulation over the first quarter of 2026. These developments may affect compliance requirements for companies operating in Israel and abroad.
Regulatory Updates | Proposed Regulation | Enforcement Updates
Regulatory Updates
Israel – Repeal of the Encryption Order Enters into Force
On March 21, 2026, the repeal of the Supervision of Commodities and Services (Engagement in Encryption Means) Order, 5734-1974 (“the Encryption Order”) entered into force. With the repeal’s entry into force, many consumer products (B2C) were removed from control, while many commercial products (B2B) came under the supervision of the Defense Export Control Agency (DECA) at the Ministry of Defense or the Export Control Division at the Ministry of Economy and Industry (supervision of dual-use exports), as explained in detail in previous client updates. Exporters must reclassify their encryption products and update their compliance processes accordingly.
In anticipation of the Repeal of the Encryption Order on March 19, 2026, DECA published a presentation from a training session it held on the repeal of the Encryption Order, providing information to exporters regarding the implementation of the regulatory change.
Israel – DECA Publishes a Clarification on the Definition of “Model”
On 2 February 2026, DECA published a material clarification regarding the definition of a “model” for the purposes of defense export controls. According to this clarification, a “model” is a representation of a controlled product that has no functional capabilities whatsoever and contains no components or parts of the original product.
DECA further clarified that a model that fully satisfies this definition is not subject to control, whereas a model that only partially satisfies the definition requires export and marketing licenses. DECA also noted that where such a model is used as part of a marketing activity, the marketing activity itself is subject to licensing requirements unless it falls within an applicable exemption.
Israel – DECA Updates forms and performs a facelift on the website
In recent months, the DECA website has been revamped and various documents on the site have been updated. Among other things, it is important to note that various forms and instructions relating to product registration and updates were updated, including the format of the cover letter and the guide for writing a technical specification. In addition, DECA updated the specification for submitting applications for product registration. Among other things, the updates evidence a focus on foreign ownership and control and on use of artificial intelligence in controlled products.
Israel – Iraq’s Exemption from the Trading with the Enemy Ordinance Extended
The Trading with the Enemy Ordinance prohibits trade with designated enemy states (Iran, Iraq, Syria, Lebanon). On March 25, 2026, the Minister of Finance extended the existing general permit that exempts Iraq from this definition until June 30, 2026 (published in Official Gazette No. 14401).
US – BIS Amends Licensing Policy for Advanced AI Chips to China and Macau
On January 15, 2026, the Bureau of Industry and Security (BIS) published a final rule amending the licensing policy for advanced computing chips destined for China and Macau. License applications for the Nvidia H200, AMD MI325X, and similar chips will now be reviewed on a case-by-case basis under certain conditions, instead of the previous presumption of denial.
The policy change followed a parallel announcement by President Trump: on January 14, 2026, a 25% tariff was imposed on imports of semiconductors, semiconductor manufacturing equipment, and derivative products, pursuant to Section 232 of the Trade Expansion Act of 1962. The tariff includes exemptions for several end-uses, including use in US data centers, US research and development, startups, and public sector applications.
US – BIS Removes Restrictions on Exports of Certain Drones to Friendly Countries
On January 21, 2026, BIS published a final interim rule removing previous restrictions on the export (or reexport) of certain drones to friendly countries. Specifically, certain less sensitive drones that operate for less than one hour can now be exported without a license to Country Group A:1 (license exemptions before the rule only applied to exports to Australia, Canada, and the UK). The new rule now permits some exports (and reexports) of long-range drones used for cargo delivery and agricultural spraying to Country Group A:5 via the STA exception. This provision may facilitate and assist US manufacturers and companies producing drones in the US that meet the exemption conditions.
US – OFAC Launches Online Portal for Voluntary Self-Disclosures
On February 6, 2026, OFAC launched its online portal for voluntary self-disclosures of violations. Voluntary self-disclosures to OFAC must only be those that relate to activity that gives rise to civil liability (i.e., not criminal). Voluntary self-disclosures for criminal sanctions violations (i.e., where conduct is willful) must be made separately to the National Security Division of the United States Department of Justice.
The portal represents a significant upgrade to the existing reporting mechanism and allows for secure, efficient, and transparent online submission of self-reports. According to OFAC, the new system will enable faster acknowledgment of receipt of reports, clearer communication throughout the review process, and an improved user experience. The authority encourages business entities to start using the new portal instead of traditional reporting methods (email/fax).
Voluntary self-reporting is a strategy for mitigating civil penalties in the event of a violation – OFAC can significantly reduce fines or even avoid imposing them when a company reports on its own initiative, cooperates, and remedies the problem. The new portal streamlines this process and makes it easier for companies to meet their compliance obligations.
US – OFAC Published Advisory on Transactions and Sanctions Evasion
On March 31, 2026, OFAC published an advisory warning against “sham transactions”. OFAC emphasized that transfers to trusts, family members, close associates, shell companies, or other nominal owners – do not extinguish a blocked person’s sanctions interest where the practical or economic reality shows that the blocked person continues to benefit from, control, use, or influence the property, and OFAC reiterates that such property remains blocked absent authorization. The advisory highlights several key red flags, including commercially unreasonable transfers, transfers to family members or close associates, unclear business purpose, unduly complex structures involving higher-risk jurisdictions, continued involvement by the blocked person, transfers timed near designation, and evasive responses about ownership or control, with particular caution urged for trusts and similar legal arrangements.
US – Cancels Acquisition of a US Company by a Chinese Buyer
On January 2, 2026, President Trump signed a divestment order directing HieFo Corporation, controlled by a Chinese national, to sell within 180 days all assets it acquired from EMCORE in a transaction completed in April 2024. The acquired assets include digital chip and wafer design and manufacturing businesses.
The order is based on the President’s authorities under CFIUS (the Committee on Foreign Investment in the United States) and states that the transaction poses a threat to national security. Until the sale is completed, HieFo is prohibited from granting access to any technical information, intellectual property, or IT systems of the US assets to foreign parties without explicit approval from CFIUS, and the company must report weekly on the progress of the sale process.
European Union – European Commission Updates FAQs on Russia Sanctions
On January 23, 2026, the European Commission published an updated version of the Russia Sanctions FAQ document, which includes substantive clarifications regarding the prohibition on providing services under Article 5n of Regulation 833/2014. The update expanded the scope of prohibited services and clarified their practical application, including in advanced fields such as artificial intelligence (AI), high-performance computing (HPC), quantum computing, and space-based commercial services. In addition, clarifications were provided regarding the indirect provision of services, the use of outsourcing, and the application of the prohibitions to complex structures and supply chains, with the aim of reducing circumvention possibilities and deepening the regulation’s scope. Subsequently, on March 13, 2026, the Commission published another focused update, this time on the provision of payment services under Article 5b(2) of the same regulation. This update does not expand the scope of the prohibitions but provides operational clarifications regarding their interpretation, and in particular defines what is considered “payment services,” how the prohibition also applies to the indirect provision of financial services, and what responsibility is imposed on banks, financial institutions, and other intermediaries in preventing circumvention. In doing so, the update strengthens enforcement and raises the bar for compliance requirements in the financial sector.
United Kingdom – Structural Reform of Sanctions Lists and Expansion of OTSI’s Powers
On January 28, 2026, the UK consolidated its sanctions list, with the UK Sanctions List becoming the single, authoritative source for all UK sanctions. The change came in response to industry feedback that a single list would remove duplication and simplify the processes for checking who is under sanctions. The Consolidated List published by OFSI (covering asset freezes and investment bans) was discontinued, and the consolidated list now covers all financial sanctions, trade sanctions, immigration sanctions, and transport sanctions.
In parallel, at the beginning of 2026, the Office of Trade Sanctions Implementation (OTSI) assumed responsibility for all export sanctions licensing, except for activities involving goods and technology subject to strategic export controls, which remained under the Export Control Joint Unit (ECJU). This structural change requires companies to ensure they submit license applications to the appropriate body.
United Kingdom – OFSI Publishes Guidance on the Ownership and Control Test in Financial Sanctions Regulations
On February 16, 2026, the UK Treasury, through OFSI, published guidance detailing the “Ownership and Control Test” as it applies to the UK’s financial sanctions regulations. This test is critical for determining whether an entity is subject to sanctions due to its ownership or control by a sanctioned person. The guidance emphasizes that businesses must conduct thorough due diligence to understand the ownership structures and control mechanisms of their counterparties.
The ownership and control test requires companies to assess whether a sanctioned person directly or indirectly owns or controls an entity. “Control” is broadly defined and can include factors such as the ability to direct the entity’s policies or activities. Companies must implement robust procedures to identify these relationships and ensure compliance with UK financial sanctions. Failure to correctly apply the ownership and control test can result in significant penalties.
The listings expand the scope of sanctions beyond politicians and businesspeople to include public figures who serve as tools for propaganda and resource mobilization for the Russian war effort.
Proposed Regulation
US – Bill to Close the “Cloud Loophole” in Export Controls
On January 12, 2026, the Remote Access Security Act 2683 passed in the US House of Representatives, aiming to grant the Department of Commerce (BIS) the authority to impose controls on “remote access” to sensitive technologies. The bill is designed to prevent foreign entities (primarily from China and Russia) from circumventing export restrictions on AI and advanced computing chips by using cloud infrastructure (IaaS) located in the US or third countries.
If the bill is finally approved by the Senate and signed into law, it is expected to impose a significant burden on cloud service providers (CSPs), technology companies, and data center operators. These companies will be required to implement stricter “Know Your Customer” (KYC) procedures, conduct due diligence regarding the identity and location of users, and monitor the nature of the use of their computing resources to ensure they are not available to entities on blacklists (such as the Entity List).
Israel – Memorandum of Law for the Regulation of Foreign Trade: Control of Civil Dual-Use and CBRN Exports
On March 26, 2026, the Dual-Use Export Control Division at the Ministry of Economy published the draft “Law for the Regulation of Foreign Trade: Control of Civil Dual-Use and CBRN Exports, 5786-2026” for public comments until April 25, 2026. The memorandum of law is intended to replace the current import and export orders and to grant the Dual-Use Export Control Division extensive enforcement and supervision powers.
Among the key features of the proposed new legislation:
- Expansion of the scope of control to “non-controlled items”: a Catch-All mechanism in cases of concern about use in weapons of mass destruction, sanctions circumvention, or terrorist activity
- Imposition of a licensing requirement on brokering, transshipment, and technical assistance activities
- Establishment of a various administrative sanctions: significant financial penalties, warnings, and undertakings
- Establishment of criminal sanctions: including personal liability for corporate officers
The draft legislation is a significant step in strengthening the framework for dual-use export control in Israel and aligning it with international standards.
A more detailed client alert regarding the draft law and its implications can be found here.
United Kingdom – Review of the “Ownership and Control” Test in Financial Sanctions Regulations
On February 16, 2026, the UK Treasury, through OFSI, published a Call for Evidence to examine the application of the ownership and control test within the UK sanctions framework.
The review focuses on three key areas:
- The frequency with which “hypothetical control” arises in practice
- The impact on compliance costs, legal risk, and business decisions, including the phenomenon of de-risking
- The utility of existing legal concepts for the application of the regulations
The purpose of the review is to ensure that the sanctions regime is clear, effective, and proportionate, while maintaining strict enforcement against sanctioned parties without unduly burdening legitimate businesses. The findings may lead to significant regulatory changes that will affect sanctions compliance procedures in the UK financial sector and possibly internationally.
Enforcement Updates
US – Department of Justice Department-wide Corporate Enforcement Policy
On March 10, 2026, the US Department of Justice announced a department-wide Corporate Enforcement Policy (CEP), which largely standardizes existing corporate enforcement policies across the entire Department of Justice and also updates its enforcement priorities and the use of the US Sentencing Guidelines in determining the prosecutorial resolution for cooperating companies.
The policy creates clear incentives for early self-disclosure of violations:
- Companies that disclose misconduct before the authorities are aware of it, cooperate fully, and take timely remedial action will receive a declination of prosecution, provided there are no aggravating circumstances.
- In cases where there are aggravating circumstances or the report was made in good faith but did not meet the technical requirements, the company may receive a non-prosecution agreement (NPA) with a 50%-75% discount off the fine under the federal guidelines, a term of less than three years, and no appointment of a corporate monitor.
The new policy is particularly relevant for companies operating in the field of export controls and sanctions, and offers significant incentives for voluntary disclosure and cooperation with the authorities.
US – BIS Imposes a $252 Million Fine on Applied Materials
On February 12, 2026, BIS announced that Applied Materials had agreed to pay a fine of approximately $252 million to the Bureau of Industry and Security for violating US export laws, after it exported chip manufacturing equipment to a Chinese customer on the Entity List through an indirect structure via Applied Materials Korea, without obtaining the required license. The case highlights that reexport through a third country and assembly outside the US do not necessarily sever the applicability of the EAR, and that reliance on country of origin’ regulations is not relevant to understanding the applicability of the EAR.
The fine, which is double the value of the transactions and one of the highest ever imposed, reflects strict enforcement and also includes a commitment to strengthen the compliance program, conduct periodic audits, and replace responsible personnel who were involved in the violations.
US – BIS Imposes a $1 Million Fine on Teledyne FLIR for De Minimis Rule Violations
On February 26, 2026, BIS reached a settlement with Teledyne FLIR LLC for it to pay a civil penalty of $1,000,000 for 19 violations of export control regulations between 2017-2024 by it and its subsidiaries.
The violations included:
- Nine exports of ECCN 6A003 thermal cameras from Sweden to China without a license, resulting from incorrect De Minimis calculations – the company valued only part of the product instead of the full value of the complete product including lenses.
- Evasion – designing a “market collaboration fee” with a Chinese drone manufacturer in 2018 to artificially lower the value of US content below 25%.
- Failure to maintain records required by the terms of a BIS license.
- Eight exports of cameras to a Hong Kong address on the Entity List for transfers to Russia.
The company submitted a voluntary self-disclosure and admitted to the violations.
The key lessons:
- De Minimis calculations must be based on the fair market value of the complete product at the time of export.
- Manipulation of pricing to avoid licensing is considered evasion.
- Screening must also include address-level controls, not just names.
- Voluntary self-disclosure can mitigate but not prevent penalties in cases of planned evasion.
US – OFAC Imposes a $3.7 Million Fine on a US Expat for Violations of Syria Sanctions That Have Since Been Revoked
On February 25, 2026, OFAC announced a $3,777,000 settlement with a U.S. person to resolve 20 apparent violations of Syria sanctions that have since been revoked. Between January 2018 and December 2021, while U.S. sanctions on Syria were still in effect, the U.S. person provided management services to Syrian entities in his capacity as a manager and board member of four Syrian real estate companies.
The enforcement action highlights:
- OFAC’s continued willingness to hold individuals who violate U.S. sanctions accountable, including individuals residing outside the United States.
- OFAC emphasized that its prohibitions apply to all U.S. citizens, including those residing abroad.
- OFAC can and will hold accountable those who violate U.S. sanctions even if such sanctions are later lifted, and the fact that U.S. sanctions no longer exist is not a defense against liability.
US – OFAC Imposes a $1.72 Million Fine on a Sports Academy for Accepting Tuition Payments from Sanctioned Sources
In February 2026, OFAC announced a $1.72 million settlement with IMG Academy, a school and training facility in Florida known for its high annual tuition of approximately $100,000 and its high school football program that sends players to top US college football teams, many of whom go on to play professional football in the NFL.
IMG’s sanctions violations stemmed from entering into enrollment agreements for two students with their Mexican parents, members of a cartel, each of whom is sanctioned under OFAC’s SDN list under the U.S. Foreign Narcotics Kingpin Sanctions Regulations. Specifically, over a six-year period, IMG received wire transfers and credit card payments to IMG’s U.S. bank account from non-SDN parties related to them in satisfaction of the tuition obligations for the two students.
OFAC noted that IMG – through minimal due diligence – could have determined that the fathers of the two students were sanctioned during the students’ application and enrollment stages. Moreover, the penalty highlights the broad structure of the prohibition on dealing in “property or interests in property” of an SDN. Here, although the tuition payments were received from non-SDN parties, the contractual obligation to pay the students’ tuition rested with their SDN parents, thereby attaching a sanctioned property interest to the tuition payments from the non-SDN parties.
The case also underscores the scope of risk of U.S. sanctions violations within the United States and even in academic institutions, and serves as a reminder that sanctions risks exist even outside the traditional financial sector.
US – OFAC Sanctions a Network of North Korean IT Workers Operating Fraud Schemes
On March 12, 2026, OFAC added six individuals and two entities to the sanctions lists involved in a fraud network of North Korean IT workers, who infiltrated Western companies using false identities and remote employment. The network operated to generate revenue in the hundreds of millions of dollars (approximately $800 million in 2024 alone), which was transferred to the North Korean regime to finance its weapons of mass destruction programs, while also using money laundering and crypto mechanisms and at times even introducing malware into the systems of target companies.
This is a case that clarifies that sanctions exposure is not limited to traditional parties and applies to activities with employees and third parties, and there is a need to conduct effective due diligence even when hiring such service providers.
European Union – General Court Issues a Substantive Judgment in the Euro Asia Cargo Case
On January 14, 2026, the General Court (First Chamber) of the European Union issued a noteworthy opinion in the Euro Asia case (Euro Asia Cargo Private Ltd v Council of the EU – 232/24). The decision stems from a challenge by Euro Asia, a Sri Lanka-based entity, seeking the annulment of its listing in Annex IV of Council Regulation (EU) 833/2014, which subjects it to a prohibition on dual-use exports from the EU, arising from the Council’s finding that it acted as an intermediary consignee and shipper of electronic components used in Russian drones deployed in Ukraine.
The General Court dismissed the application, ruling that the Council has broad discretion in subjecting entities to the dual-use prohibition of Annex IV in that the Council is not required to prove that acts performed by such entities that form the basis for such a listing require any intent.
The judgment emphasizes that the Council can impose sanctions even without proof of malicious intent, based on factual findings of involvement in sanctions circumvention.
Israel – DECA Publishes Three Key Enforcement Events
In recent months, DECA has published several enforcement events that highlight DECA’s enforcement approach and the importance of compliance:
Marketing without a Marketing License (November 24, 2025)
A defense exporter signed a Memorandum of Understanding (MOU) with a foreign company regarding several areas of cooperation, for two of which it did not hold an appropriate marketing license. The Defense Export Control Agency rejected the exporter’s claims that it was a JV partner, the division is not for marketing, the document is not binding, and the knowledge is not in its possession, and imposed a civil penalty of NIS 355,950 (after a 65% reduction).
DECA emphasizes that even signing an MOU with a foreign entity, if its purpose is to promote a defense export transaction, may require licenses. In addition, signing a document whose purpose is to promote controlled subjects, even if the knowledge is not in the company’s possession, constitutes a violation without the appropriate license. DECA wishes to emphasize the importance of the involvement of the compliance officer in projects and meetings with clients.
Export without an Export License (November 20, 2025)
The Defense Export Control Agency decided to impose civil penalties totaling NIS 711,900 on a defense exporter for several violations: transferring defense equipment to a customer for final sale while holding only temporary export licenses (for demonstration purposes) and providing a defense service to a customer without any export license at all.
The exporter presented at the hearing extensive corrective actions it had taken, including replacing officers and position holders, establishing a control unit subordinate to the CEO, appointing external consultants, implementing dedicated computer systems for license management, providing ongoing training to employees, establishing a compliance committee, and conducting internal audits. Due to the corrective actions and the absence of prior violations, the penalties were reduced by 65%.
The case highlights the critical importance of a precise understanding of the types of export licenses and their conditions, as well as the value of a strong compliance infrastructure – including a dedicated control unit, license management systems, and ongoing training – in reducing potential sanctions.
Export without Registration and Export License (November 20, 2025)
The Defense Export Control Agency imposed a civil penalty of NIS 101,700 on a defense exporter that carried out a defense export to several countries without registering the product with DECA, without export licenses, and after its registration in the Exporters’ Registry had expired.
The exporter claimed that the violations stemmed from good faith and a lack of proper handover between compliance officers, and that immediately after discovering the violations, it regularized the control issue, renewed its registration, registered the product, and cooperated fully. The penalty was reduced by 90% (50% for the absence of a prior violation, 25% for ceasing the violation and proactive reporting, and 15% for preventive actions). This case highlights the importance of voluntary disclosure, cooperation with the regulator, and implementing preventive actions, which can significantly reduce sanctions.
This memorandum provides access to certain material developments in the field of international trade regulation. It contains only a summary and does not cover all updates that occurred in the first quarter of 2026. The information in this memorandum is provided as general information only and should not be relied upon in any specific case without additional legal advice.
