Seagate Technology has agreed to pay a $300 million civil penalty to the Bureau of Industry and Security for violating the Export Administration Regulations by continuing to supply hard disk drives to Huawei Technologies after the Chinese telecoms giant was placed on the Entity List and the Foreign Direct Product (FDP) rule was expanded.
It is the largest administrative penalty BIS has ever imposed.
The timeline is straightforward. Huawei was added to the Entity List in May 2019, restricting U.S.-origin technology exports to the company. In August 2020, the Commerce Department expanded the FDP rule, which extended export controls to foreign-made items produced using U.S. technology or software. This expansion was specifically designed to close the loophole that allowed Huawei to source components from non-U.S. manufacturers that used American equipment in their production processes.
Every major hard drive manufacturer except Seagate stopped shipping to Huawei after the FDP rule expansion. Western Digital and Toshiba — Seagate’s primary competitors — ceased sales. Seagate did not. Between August 2020 and September 2021, the company shipped approximately 7.42 million hard drives worth over $1.1 billion to Huawei — effectively becoming the sole supplier of a critical component to a company the U.S. government had identified as a national security threat.
BIS found that Seagate’s shipments constituted violations of the EAR because the drives were produced using U.S.-origin technology and equipment, bringing them within the scope of the FDP rule. Seagate’s position — that it believed its drives were not covered — was rejected.
The $300 million penalty includes provisions for Seagate to conduct an internal review of its compliance programme and to implement enhanced export control procedures. No criminal charges were filed.
Export controls as the new sanctions frontier
The Seagate case sits at the intersection of export controls, national security, and corporate competitive strategy — and it raises questions that go beyond the specific facts of the violation.
From a compliance perspective, the most significant aspect is the FDP rule itself. Unlike traditional export controls, which apply to items manufactured in the United States, the FDP rule extends U.S. jurisdiction to any product, anywhere in the world, that was made using American technology or equipment. Given the pervasiveness of U.S. semiconductor manufacturing tools in global chip and drive production, this effectively gives the United States extraterritorial control over a substantial portion of the world’s technology supply chain.
Seagate’s decision to continue shipping when all competitors stopped was, in my assessment, a calculated commercial gamble. Becoming Huawei’s sole hard drive supplier was enormously profitable — $1.1 billion in revenue over 13 months. The company appears to have bet that its interpretation of the FDP rule would hold, or that enforcement would be limited to a manageable fine. That bet cost $300 million.
For technology companies operating in the current geopolitical environment, the lesson is clear: export control compliance is no longer a back-office function. It is a board-level strategic risk. The regulatory landscape is shifting rapidly, and the penalties for misjudging the boundaries are no longer trivial.