What Every Multinational Should Know About … The First Use of Economic Sanctions to Target Intellectual Property Theft

For years, companies facing trade-secret theft have relied on civil litigation, criminal enforcement, and cybersecurity measures — tools that often fall short when the perpetrators or beneficiaries are overseas and beyond the reach of U.S. courts.

That may now be changing. On February 24, 2026, the Trump administration announced the first sanctions imposed under the Protecting American Intellectual Property Act of 2022 (PAIPA). The coordinated action by the Departments of the Treasury, Justice, and State marks a notable shift in the U.S. response to intellectual property theft.

Rather than treating trade-secret misappropriation solely as a commercial dispute, the United States is showing a willingness to use economic sanctions — traditionally reserved for threats such as terrorism and proliferation — to deter and punish large-scale IP theft.

For multinational companies, this development creates both opportunity and risk. Victims of foreign IP theft may have a new avenue for government action, while global businesses must be alert to potential sanctions exposure tied to improperly obtained technology, data, or proprietary information.

This article examines how PAIPA sanctions work, what the February 2026 designations signal about enforcement priorities, and what companies should do if they believe they are victims of foreign intellectual property theft.

A New Enforcement Tool for Trade Secret Theft

PAIPA gives the U.S. government a new mechanism to address international trade-secret theft, particularly when foreign actors operate beyond the practical reach of U.S. courts.

Until recently, PAIPA had not been used. The sanctions announced in February 2026 therefore mark a significant development in U.S. enforcement policy.[1] PAIPA requires sanctions against foreign persons or entities that knowingly engage in, or benefit from, significant theft of trade secrets belonging to U.S. persons when the theft threatens U.S. national security, foreign policy, economic health, or financial stability.

In announcing the action, Treasury Secretary Scott Bessent signaled the administration’s intent to broaden the tools available to combat international IP theft. More broadly, the designations reflect a policy shift: U.S. authorities increasingly view the theft of strategically important intellectual property not only as a private commercial dispute, but as a national security and economic competitiveness issue.

The first PAIPA sanctions targeted a network allegedly involved in cyber-enabled trade-secret theft and exploit brokerage. The State Department designated:

• Matrix LLC, also known as Operation Zero, a Russian cyber-tools broker;
• Sergey Sergeyevich Zelenyuk, the alleged owner and director of Operation Zero; and
• Special Technology Services LLC FZ, a UAE-based company allegedly used to facilitate sanctions evasion.

According to U.S. authorities, the network bought zero-day cyber exploits from Peter Williams, an Australian national and former general manager at a U.S. defense contractor. The exploits were reportedly intended for sale only to the U.S. government and certain allied governments.

At the same time, the Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions under Executive Order 13694, which authorizes sanctions for significant malicious cyber-enabled activities, including the theft or use of misappropriated trade secrets for commercial advantage. OFAC also designated additional individuals and entities allegedly tied to Operation Zero, including Zelenyuk’s assistant, a person suspected of links to the Trickbot cybercrime group, and another exploit brokerage firm connected to the network.

These OFAC designations block all property and interests in property of the sanctioned parties within U.S. jurisdiction and generally prohibit U.S. persons from engaging in transactions with them.

The sanctions were accompanied by a parallel criminal case, underscoring the seriousness of the government’s response. On the same day the sanctions were announced, the U.S. District Court for the District of Columbia sentenced Peter Williams to 87 months’ imprisonment for selling his employer’s trade secrets to Operation Zero.

According to the Department of Justice, the case highlights the risks posed not only by external cyber intrusions but also by insiders with access to sensitive technical information. As DOJ emphasized, those who misuse privileged access in ways that harm U.S. national security can expect serious criminal consequences.

Why This Development Matters

The February 2026 actions signal an important shift in how the U.S. government approaches trade-secret theft. Historically, trade-secret disputes have been addressed primarily through civil litigation under statutes such as the Defend Trade Secrets Act or through criminal prosecutions under the Economic Espionage Act. While these tools remain important, they often provide limited recourse when the ultimate beneficiary of stolen IP is located overseas, the entity cannot easily be subjected to U.S. jurisdiction, or when civil remedies are difficult to enforce internationally.

Sanctions authorities, by contrast, allow the U.S. government to directly target foreign beneficiaries of stolen trade secrets, including entities that knowingly receive or exploit misappropriated IP. This new tool potentially fills a long-standing enforcement gap.

Cybersecurity and the Expanding Sanctions Landscape

PAIPA’s use alongside existing cyber-related sanctions authorities has important implications for cybersecurity enforcement. Under authorities such as Executive Order 13694, OFAC may sanction individuals or entities involved in:

• significant malicious cyber-enabled activity;
• the theft of trade secrets through cyber intrusions; or
• the use or receipt of misappropriated trade secrets for competitive advantage.

The recent designations show how the U.S. government may increasingly use sanctions as part of a broader response to cyber-enabled IP theft, including against exploit brokers and intermediaries that help monetize stolen data.

A key open question is how broadly regulators will interpret PAIPA’s requirement that the conduct pose a “significant threat” to U.S. national security, foreign policy, economic health, or financial stability. The standard gives the government substantial discretion.

In practice, PAIPA is most likely to be used aggressively in sectors viewed as critical to U.S. technological leadership and economic security, including:

• artificial intelligence;
• biotechnology and pharmaceuticals;
• advanced materials and semiconductors;
• defense technologies; and
• energy and critical infrastructure.

Companies in these sectors may face heightened scrutiny where stolen intellectual property has broader national security or economic implications. At the same time, companies that believe they are victims of trade-secret theft may have a new avenue for seeking government action — particularly where foreign actors are involved and traditional litigation offers limited relief.

PAIPA also requires annual reporting to Congress on international intellectual property theft, creating a further institutional incentive for the government to identify and pursue significant cases.

Companies should therefore consider whether past or ongoing incidents of trade-secret theft involving foreign actors warrant engagement with relevant U.S. authorities.

Implications for Foreign Companies

The new enforcement posture also creates additional risks for foreign companies that may knowingly or inadvertently benefit from stolen intellectual property. Importantly, PAIPA sanctions can apply regardless of the method by which trade secrets were obtained. Exposure could therefore arise not only from cyber-enabled theft, but also from more traditional commercial situations, such as:

• employees bringing proprietary information from former employers;
• joint-venture partners sharing protected technical information; or
• third-party suppliers using misappropriated trade secrets in production.

Foreign companies should therefore conduct appropriate due diligence when hiring employees from competitors or entering into partnerships involving sensitive technology.

Senior executives and board members should also be aware that individual sanctions exposure is possible, particularly where they knowingly participate in or benefit from trade-secret misappropriation.

Other Enforcement Options When Misappropriated IP Appears in Imported Goods

While the first use of PAIPA sanctions represents an important expansion of the U.S. government’s enforcement toolkit, sanctions are only one of several mechanisms available to companies seeking to address intellectual property theft, particularly when stolen technology is incorporated into products exported to the United States.

When misappropriated trade secrets are embedded in imported goods, companies may also consider a range of trade-remedy and border-enforcement tools designed to prevent those products from entering or circulating within the U.S. market.

Section 337 Investigations at the U.S. International Trade Commission

One of the most powerful enforcement options available to intellectual property holders is Section 337 of the Tariff Act of 1930, which authorizes investigations by the U.S. International Trade Commission (ITC) into unfair acts in connection with imported goods, including the misappropriation of trade secrets.

Section 337 proceedings offer several significant advantages for companies seeking to prevent the importation of products incorporating stolen technology:

• Relatively rapid timelines, with most investigations concluding within approximately 16 to 18 months.
• Exclusion orders, directing U.S. Customs and Border Protection (CBP) to block infringing goods from entering the United States.
• Cease and desist orders, which can prohibit the domestic sale or distribution of infringing products already present in the U.S. market.
• Effective jurisdiction over foreign actors, because the proceeding focuses on imported goods rather than personal jurisdiction over foreign defendants.

In recent years, Section 337 has increasingly been used in disputes involving trade-secret misappropriation tied to overseas manufacturing. As a result, ITC proceedings can serve as a powerful complement to sanctions-based enforcement measures.

Working with U.S. Customs and Border Protection

Companies may also work directly with CBP to help prevent infringing products from entering the United States. CBP has a range of enforcement tools that can assist rights holders, including:

• Recordation of intellectual property rights with CBP, which helps enable border enforcement actions.
• Providing product identification guidance to assist CBP officers in identifying infringing goods at ports of entry.
• Supporting enforcement of ITC exclusion orders, where CBP is responsible for blocking covered products.
• Submitting e-Allegations or other reports where imported goods may violate U.S. trade or intellectual property laws.

Where an ITC exclusion order is issued, CBP becomes the primary enforcement authority responsible for preventing the importation of covered goods. In practice, effective cooperation between rights holders and CBP can play an important role in ensuring that exclusion orders are successfully implemented at U.S. ports of entry.

Practical Steps for Multinational Companies

In light of these developments, multinational companies should consider reassessing their intellectual property, cybersecurity, and sanctions risk management frameworks — particularly where sensitive technologies or proprietary information may attract heightened regulatory scrutiny.

Key steps may include the following:

Strengthen Trade Secret Protection Programs:

• Reevaluate internal measures designed to protect trade secrets and other sensitive technical information.
• Tighten controls over employee and contractor access to proprietary technology, research data, source code, and other confidential materials.
• Review onboarding and offboarding procedures to ensure confidentiality obligations are clearly communicated, acknowledged, and enforced.
• Reinforce confidentiality, data protection, and information security policies across business units and jurisdictions.
• Provide targeted training for personnel in high-risk roles, including R&D, engineering, product development, and business development teams.

Assess Cross-Border and Third-Party Risks:

• Conduct enhanced due diligence on technology partners, joint ventures, distributors, suppliers, and research collaborators.
• Evaluate the risks associated with sharing proprietary information with foreign counterparties, particularly in high-risk jurisdictions or strategic sectors.
• Review contractual protections governing the use, storage, transfer, and return of confidential information in cross-border collaborations.
• Assess whether third parties could expose the company to sanctions, export control, or reputational risk through the use of improperly obtained technology or data.
• Incorporate trade-secret and cyber-risk review into M&A, investment, and post-acquisition integration processes.

Update Incident Response and Escalation Procedures

• Update incident-response plans to address potential trade-secret theft involving foreign actors, including cyber-enabled theft and insider misconduct.
• Establish procedures for preserving evidence, documenting losses, and assessing whether stolen information may have national security or strategic significance.
• Build in protocols for evaluating whether sanctions, export controls, or other regulatory issues may arise from a suspected incident.
• Define escalation pathways to legal, compliance, cybersecurity, and senior management teams when theft of sensitive IP is suspected.
• Establish protocols for engaging with U.S. enforcement authorities where appropriate.

Evaluate Sanctions and Regulatory Exposure:

• Review whether the company has adequate controls to identify dealings with sanctioned parties or intermediaries connected to cyber-enabled theft or exploit brokerage.
• Screen relevant counterparties against OFAC and other applicable restricted-party lists.
• Assess whether the company could face legal or commercial risk if it acquires, licenses, uses, or benefits from technology or information that may have been misappropriated.
• Consider the overlap with export controls, especially where stolen technology involves defense, dual-use, or other strategically sensitive items.

Monitor Enforcement Developments:

• Track developments in PAIPA implementation and related cyber-sanctions authorities.
• Assess sector-specific risks, particularly where the company operates in areas viewed as important to U.S. technological leadership or national security.
• Monitor government guidance, enforcement actions, and congressional reporting trends for signals about future priorities.

Taken together, these steps can help companies not only protect sensitive intellectual property, but also prepare for a regulatory environment in which trade-secret theft may increasingly be addressed through sanctions, cybersecurity, and other national security tools.

Looking Ahead: A Broader Toolkit for Combating IP Theft

The first use of sanctions under the Protecting American Intellectual Property Act marks an important evolution in the U.S. government’s response to international trade-secret theft. By adding economic sanctions to its enforcement toolkit, the U.S. government now has a way to target foreign actors that profit from stolen intellectual property — even when those actors are beyond the practical reach of U.S. courts.

Sanctions are only one part of a broader enforcement framework. Companies confronting trade-secret theft may also draw on civil litigation, criminal prosecutions, Section 337 proceedings before the U.S. International Trade Commission, and Customs enforcement at the border. Used strategically, these tools can help block the commercialization of misappropriated technology and limit the ability of foreign competitors to profit from stolen innovation.

For multinational companies, the message is clear: the enforcement landscape is widening. Organizations should ensure that their intellectual property protection programs, compliance controls, and incident-response strategies reflect the growing convergence of trade enforcement, sanctions policy, and national security.

The Foley International Trade & National Security Practice

Foley International Trade & National Security Team covers the full gamut of international trade needs, including for tariffs, Customs, supply chain integrity, trade remedies/antidumping/countervailing duty, export controls, economic sanctions, and CFIUS national security filings. Our Tariff & International Trade blog regularly publishes practical guidance, like this client alert, on all international trade topics and compiles it by topic area on the Foley Tariff & International Trade Resources blog. Click Here to Register for our email list to receive future emails and practical international regulatory compliance tips, including our What Every Multinational Should Know and Tariff-ied! articles.

[1] PAIPA requires the President to impose at least five sanctions from a menu of twelve options, including the following: (1) blocking of property; (2) inclusion on the Bureau of Industry and Security’s Entity List; (3) denial of Export-Import Bank assistance; (4) prohibition on loans from U.S. financial institutions exceeding $10 million; (5) opposition to loans from international financial institutions; (6) prohibitions on designation as a primary dealer in U.S. government debt or service as a repository for government funds (for financial institutions); (7) federal procurement bans; (8) prohibition on foreign exchange transactions; (9) prohibition on banking transactions; (10) a ban on U.S. person investment in equity or debt of the designated entity; (11) exclusion of corporate officers from the United States; and (12) sanctions on principal executive officers.