{ "meta": { "version": "v0", "buildDate": "2026-06-23", "scope": "Public corporate identity + government designation status for the marquee surveillance/spyware vendors. Designations rebuilt from primary public-domain government feeds (US BIS, OFAC, Treasury NS-CMIC, FCC; EU). No customer-deployment claims, no targeting data, no PII — those are curated separately and not published in v0.", "vendorCount": 26, "designationCount": 40, "activeDesignationCount": 37, "vendorsWithActiveDesignation": 21, "silos": { "mercenary-spyware": 7, "forensic": 2, "dpi-censorship": 3, "biometric-video": 11, "network": 3 } }, "vendors": [ { "vendor": "NSO Group", "slug": "nso-group", "country": "", "silo": "mercenary-spyware", "products": [ "Pegasus", "Phantom", "Circles" ], "corporateNote": "NSO Group Technologies Ltd. is a surveillance-technology firm founded in 2010 (founders Niv Karmi, Shalev Hulio, Omri Lavie). It operates under the Q Cyber Technologies group, which is known as OSY Technologies in Luxembourg; a North American subsidiary previously operated as Westbridge. It is privately held (not publicly traded).", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List", "date": "2021-11-04", "scopeNote": "Added by the Bureau of Industry and Security to the Entity List (Supplement No. 4 to 15 CFR Part 744), effective November 4, 2021, based on a determination that NSO Group developed and supplied spyware used by foreign governments to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers. Effect: a license is required for the export, reexport, or in-country transfer of all items subject to the EAR to NSO Group, no license exceptions are available, and BIS applies a license-review policy of presumption of denial. This is an export-control restriction on US-origin items/technology going TO NSO; it is NOT an asset-blocking sanction (no OFAC SDN designation, no property blocking, no general prohibition on dealings with the company).", "sourceUrl": "https://www.federalregister.gov/documents/2021/11/04/2021-24123/addition-of-certain-entities-to-the-entity-list", "sourceTitle": "Federal Register: Addition of Certain Entities to the Entity List (86 FR 60759; Doc. 2021-24123)" } ], "noDesignationNote": "No US OFAC SDN/sanctions designation, no US Treasury NS-CMIC investment listing (that list is by statute limited to Chinese military-industrial-complex companies and cannot apply to this firm), no EU consolidated-sanctions designation, and no US FCC Covered List entry on public record as of the research date (2026-06). NSO Group's only verified government designation among the surveyed authorities is its November 4, 2021 addition to the US BIS Entity List, which is an export-control measure rather than an asset-blocking sanction. Human-rights organizations have publicly called for EU sanctions, but no EU designation has been imposed. The FCC Covered List is scoped to telecommunications and video-surveillance equipment and services and does not include NSO Group.", "confidence": "high" }, { "vendor": "Intellexa / Cytrox", "slug": "intellexa-cytrox", "country": "Greece", "silo": "mercenary-spyware", "products": [ "Predator (mercenary spyware suite; one-click and zero-click mobile device compromise)", "Nova (successor/rebranded Predator implant reported by security researchers)" ], "corporateNote": "Intellexa is a \"consortium\" / loosely affiliated international web of companies that develops and markets the Predator commercial spyware, founded by former-intelligence figure Tal Jonathan Dilian. U.S. authorities have named related corporate entities across multiple jurisdictions, including Intellexa S.A. (Greece), Intellexa Limited (Ireland), Cytrox Holdings ZRT/Crt (Hungary), Cytrox AD (North Macedonia), Thalestris Limited (Ireland), and Aliada Group Inc. (British Virgin Islands). On 2025-12-30, OFAC removed three individuals from the SDN List following petitions for reconsideration: Sara Aleksandra Fayssal Hamou (designated 2024-03-05), and Andrea Nicola Costantino Hermes Gambazzi and Merom Harpaz (both designated 2024-09-16); Treasury stated each had demonstrated measures to separate from the Intellexa Consortium. No corporate entities were delisted: the BIS Entity List entries and the OFAC entity designations from 2024 remain in place per public record as of the research date.", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List", "date": "2023-07-18", "scopeNote": "Bureau of Industry and Security added four affiliated entities to the Entity List for 'trafficking in cyber exploits used to gain access to information systems': Intellexa S.A. (Greece), Cytrox Holdings Crt (Hungary), Intellexa Limited (Ireland), and Cytrox AD (North Macedonia). Effect is an export-control restriction: a license requirement (reviewed under a presumption of denial) for all items subject to the EAR. This is NOT an asset-freezing sanction. Confirmed against the BIS primary press release. All four entity entries remain on the Entity List as of the research date.", "sourceUrl": "https://www.bis.gov/press-release/commerce-adds-four-entities-entity-list-trafficking-cyber-exploits", "sourceTitle": "Commerce Adds Four Entities to the Entity List for Trafficking in Cyber Exploits (BIS, July 18, 2023)" }, { "authority": "US OFAC", "authorityType": "sanction", "program": "SDN List (E.O. 13694, as amended)", "date": "2024-03-05", "scopeNote": "OFAC designated two individuals (Tal Jonathan Dilian, founder/architect; Sara Aleksandra Fayssal Hamou) and five entities (Intellexa S.A., Intellexa Limited, Cytrox AD, Cytrox Holdings ZRT, Thalestris Limited) pursuant to E.O. 13694, as amended by E.O. 13757 (malicious cyber-enabled activities). Effect: blocking sanction — all property and interests in property within US jurisdiction are blocked and US persons are generally prohibited from dealing with them. CORRECTION ON CURRENT STATUS: Hamou was removed from the SDN List on 2025-12-30 (see OFAC recent action 20251230); Dilian and all five entities remain designated as of the research date. Names, authority, date, and blocking language confirmed against Treasury press release jy2155.", "sourceUrl": "https://home.treasury.gov/news/press-releases/jy2155", "sourceTitle": "Treasury Sanctions Members of the Intellexa Commercial Spyware Consortium (March 5, 2024; corroborated by OFAC Recent Actions 2024-03-05 and 2025-12-30 removal)" }, { "authority": "US OFAC", "authorityType": "sanction", "program": "SDN List (E.O. 13694, as amended)", "date": "2024-09-16", "scopeNote": "OFAC designated five individuals (Felix Bitzios, Andrea Nicola Costantino Hermes Gambazzi, Merom Harpaz, Panagiota Karaoli, Artemis Artemiou) and one entity (Aliada Group Inc., a British Virgin Islands company) associated with the Intellexa Consortium pursuant to E.O. 13694, as amended. Effect: blocking sanction — assets within US jurisdiction blocked; US persons generally prohibited from transactions. CORRECTION ON CURRENT STATUS: per the OFAC primary record, Gambazzi and Harpaz were removed from the SDN List on 2025-12-30 (recent action 20251230); Bitzios, Karaoli, Artemiou, and Aliada Group Inc. remain designated as of the research date. Names, authority, date, and blocking language confirmed against Treasury press release jy2581.", "sourceUrl": "https://home.treasury.gov/news/press-releases/jy2581", "sourceTitle": "Treasury Sanctions Enablers of the Intellexa Commercial Spyware Consortium (Sept 16, 2024; 2025-12-30 removals confirmed at OFAC Recent Actions 20251230)" } ], "noDesignationNote": "", "confidence": "high" }, { "vendor": "Candiru", "slug": "candiru", "country": "", "silo": "mercenary-spyware", "products": [ "DevilsTongue (the persistent spyware implant, named by Microsoft)", "Sherlock (cross-platform browser/OS zero-day exploitation tooling)" ], "corporateNote": "Mercenary-spyware vendor founded in 2014. Its current registered legal name is Saito Tech Ltd; it has operated under multiple successive registered names. The U.S. BIS Entity List entry lists seven aliases: Candiru Ltd., DF Associates Ltd., Grindavik Solutions Ltd., Taveta Ltd., Saito Tech Ltd., Greenwick Solutions, and Tabatha Ltd.", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List", "date": "2021-11-04", "scopeNote": "Added to the Commerce/BIS Entity List effective Nov 4, 2021 (final rule 2021-24123) for developing and supplying spyware. Imposes a license requirement for all items subject to the EAR (per 15 CFR 744.11), with no license exceptions available and a license review policy of presumption of denial. Listed with seven aliases including Saito Tech Ltd. This is a U.S. export-control restriction, NOT a financial/asset sanction. Independently verified against the primary govinfo.gov Federal Register text: the entity entry, the seven aliases, the EAR-wide license requirement, the presumption-of-denial review policy, and the listing all match.", "sourceUrl": "https://www.govinfo.gov/content/pkg/FR-2021-11-04/html/2021-24123.htm", "sourceTitle": "Federal Register / BIS Final Rule 2021-24123 — Addition of Certain Entities to the Entity List (FR-2021-11-04)" } ], "noDesignationNote": "No US OFAC (SDN/sanctions), US Treasury NS-CMIC investment-restriction, EU consolidated sanctions, or US FCC Covered List designation for Candiru/Saito Tech is on public record as of the research date. The only verified government designation is the US BIS Entity List addition (effective Nov 4, 2021). A 2025 press headline referring to \"US sanctions ... including Candiru\" was checked and found to be journalistic shorthand for this same November 2021 BIS Entity List action, not a separate or new designation.", "confidence": "high" }, { "vendor": "Paragon (Paragon Solutions Ltd.)", "slug": "paragon-solutions", "country": "", "silo": "mercenary-spyware", "products": [ "Graphite (zero-click mobile spyware that extracts data from encrypted messaging apps; reported targets include WhatsApp, Signal, and Facebook Messenger)" ], "corporateNote": "Paragon Solutions Ltd. is a mercenary-spyware vendor founded in 2019 by Ehud Schneorson and others, known for its Graphite spyware. In 2024 it was acquired by AE Industrial Partners (a Florida-based private investment firm) for a reported ~$500M (with earn-outs valued higher), with plans to combine it with AE portfolio company REDLattice Inc. The company is widely reported to have held a US federal (ICE/DHS) contract, underscoring that it has not been the subject of a US blacklist or sanction.", "designations": [], "noDesignationNote": "No US (BIS Entity List, OFAC SDN, Treasury NS-CMIC, FCC Covered List) or EU designation against Paragon Solutions is on public record as of the research date (2026-06-22). This was checked against the cited reporting (Wikipedia and Citizen Lab), both of which describe regulatory scrutiny but explicitly note no formal blacklisting; by contrast, NSO Group is on the BIS Entity List and Intellexa/Predator-linked persons were OFAC SDN-designated. Paragon held a US ICE/DHS contract (paused under the Biden administration, reinstated in 2025), which is inconsistent with any US sanction or export-control designation. Note: the December 2025 OFAC SDN delistings widely reported in this space concerned three individuals (Sara Hamou, Andrea Gambazzi, Merom Harpaz) tied to the separate Intellexa/Predator consortium, not Paragon.", "confidence": "high" }, { "vendor": "Cellebrite", "slug": "cellebrite", "country": "", "silo": "forensic", "products": [ "UFED (Universal Forensic Extraction Device)", "Cellebrite Inseyets / Physical Analyzer (mobile data extraction and decoding)", "UFED Premium (advanced lock-bypass extraction)", "Cellebrite Pathfinder (investigative analytics)", "Cellebrite Guardian (cloud evidence management)", "Digital Collector / MacQuisition (computer forensics, ex-BlackBag)" ], "corporateNote": "Cellebrite DI Ltd. is a digital-forensics / \"digital intelligence\" company founded in 1999. It is publicly traded on the Nasdaq under ticker CLBT (listed via SPAC merger with TWC Tech Holdings II in 2021). Its largest shareholder is Japan's Sun Corporation (Nagoya), which holds a stake of roughly 40-48 percent (reported around 44 percent); other notable holders have included True Wind Capital.", "designations": [], "noDesignationNote": "No US or EU government designation on public record as of the research date (June 2026). Cellebrite does not appear on the US BIS Entity List, OFAC SDN/sanctions lists, the US Treasury NS-CMIC investment-restriction list (which applies only to Chinese military-industrial companies and is inapplicable to this firm), the EU consolidated sanctions list, or the FCC Covered List. The FCC Covered List was independently checked and contains only named PRC and Russian entities (Huawei, ZTE, Hytera, Hikvision, Dahua, China Mobile, China Telecom, China Unicom, Pacific Networks, and Kaspersky); Cellebrite is not among them. Search results associating Cellebrite with NS-CMIC or the FCC Covered List were false-positive noise about those programs' general scope, not actual listings.", "confidence": "high" }, { "vendor": "Geedge Networks", "slug": "geedge-networks", "country": "China", "silo": "dpi-censorship", "products": [ "Tiangou Secure Gateway (TSG) - commercial deep packet inspection (DPI) gateway deployed at telecom-operator scale for traffic inspection, filtering, and blocking", "Tiangou DPI platform - mass traffic analysis supporting VPN/circumvention-tool detection, TLS/SSL fingerprinting, and full-session logging", "Cyber Narrator - operator-facing analytics/management console for monitoring and control of subscriber traffic", "National-scale network monitoring, real-time mobile-subscriber tracking, and region-specific censorship rule management" ], "corporateNote": "Privately held Chinese company; full legal name reported as Geedge (Hainan) Information Technology Co., Ltd., founded in 2018 and based in Hainan (Hainan Free Trade Port). Fang Binxing (widely described as the \"father\" of China's Great Firewall) is a founder and served as chief scientist; the company is closely tied to the MESA Lab (Massive and Effective Stream Analysis) under the Institute of Information Engineering, Chinese Academy of Sciences (IIE-CAS), from which much of its core R&D personnel originated (e.g., CTO Zheng Chao came from MESA). No publicly reported foreign parent or public-market listing. (A separately reported Beijing R&D office is plausible but not confirmed in the primary leak analysis.)", "designations": [], "noDesignationNote": "No US (BIS Entity List, OFAC SDN, Treasury NS-CMIC, FCC Covered List) or EU designation against Geedge Networks could be verified on public record as of the research date (June 2026). The OpenSanctions aggregator (which consolidates those lists plus others) returns zero matches for \"Geedge,\" OFAC and BIS searches surface no entry, and the current FCC Covered List names only Huawei, ZTE, Hytera, Hikvision, Dahua, China Mobile, China Telecom, Pacifica/ComNet and China Unicom (plus 2026 router/UAS additions) — not Geedge. The September 2025 Geedge & MESA leak prompted advocacy (e.g., Justice For Myanmar) calling for sanctions, which itself confirms none had been imposed at that time; no subsequent formal designation has been verified.", "confidence": "high" }, { "vendor": "Sandvine / AppLogic Networks", "slug": "sandvine-applogic-networks", "country": "Canada", "silo": "dpi-censorship", "products": [ "Deep packet inspection (DPI) network intelligence platform", "Network policy control / traffic management software", "Application classification and congestion management (broadband/mobile networks)", "AppLogic application-classification engine (namesake of the 2025 rebrand)" ], "corporateNote": "Founded 2001 in Waterloo, Ontario, Canada. Taken private in 2017 by an affiliate of private equity firm Francisco Partners and combined with Procera Networks. In June 2024 control passed from Francisco Partners to a group of (undisclosed) shareholders. Following a Companies' Creditors Arrangement Act (CCAA) restructuring approved by the Ontario Superior Court of Justice on Jan 30, 2025, the company emerged in March 2025 and rebranded as AppLogic Networks, with a stated headquarters in Plano, Texas. Privately held; not publicly traded.", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List (REMOVED — historical listing, no longer active)", "date": "2024-02-27", "scopeNote": "Sandvine Incorporated was ADDED to the Commerce/BIS Entity List effective Feb 27, 2024 (FR Doc 2024-03674), listed under the destinations Canada, India, Japan, Malaysia, Sweden, and the United Arab Emirates. Per the official BIS basis-for-listing, the addition was for supplying deep packet inspection technology to the Government of Egypt used in mass web-monitoring and censorship; the listing carried a license requirement for all items subject to the EAR with a license review policy of presumption of denial. This is an EXPORT-CONTROL listing, not an OFAC sanction. IMPORTANT: the listing was REMOVED effective Oct 23, 2024 (FR Doc 2024-24562, 89 FR 84460; removal announced by BIS Oct 21, 2024) following BIS-recognized corporate reforms, and is therefore NO LONGER an active designation — it is reported here only as a verified historical export-control listing.", "sourceUrl": "https://www.govinfo.gov/content/pkg/FR-2024-02-27/html/2024-03674.htm", "sourceTitle": "Federal Register / 89 FR / FR Doc 2024-03674 (Feb 27, 2024) — Additions of Entities... to the Entity List (Sandvine added; effective Feb 27, 2024). Removal corroborated by FR Doc 2024-24562, 89 FR 84460 (Oct 23, 2024), https://www.govinfo.gov/content/pkg/FR-2024-10-23/html/2024-24562.htm and BIS press release Oct 21, 2024, https://www.bis.gov/press-release/commerce-removes-sandvine-entity-list-following-significant-corporate-reforms-protect-human-rights" } ], "noDesignationNote": "As of the research date (June 2026) Sandvine / AppLogic Networks has NO ACTIVE US or EU designation on public record. The only government designation ever recorded — addition to the US BIS Entity List effective Feb 27, 2024 (FR Doc 2024-03674) — was officially REMOVED effective Oct 23, 2024 (FR Doc 2024-24562, 89 FR 84460; BIS press release Oct 21, 2024) after BIS recognized corporate reforms; it is reported above only as a verified historical export-control listing. No OFAC SDN sanction, no US Treasury NS-CMIC investment restriction (the company is Canadian/US-based, not a PRC military-industrial-complex entity, so NS-CMIC is inapplicable), and no FCC Covered List equipment-authorization restriction are on public record for this vendor. No customer/deployment claims beyond the official BIS basis-for-listing language are included, and no individual PII below corporate-officer level is reported.", "confidence": "high" }, { "vendor": "Protei (NTC Protei / Nauchno-Tekhnicheskiy Tsentr Protei)", "slug": "protei", "country": "Russia", "silo": "dpi-censorship", "products": [ "Deep packet inspection (DPI) / PCRF traffic-management platform", "Lawful intercept / SORM-compatible interception systems", "Web/content filtering and blocking", "Telecom core network systems (NGN, mobile core, HLR/HSS)", "Messaging and VAS platforms", "Private LTE/5G and IoT/M2M platforms", "Roaming solutions" ], "corporateNote": "Protei is a Russian telecommunications software and hardware company founded as NTC Protei (OOO Nauchno-Tekhnicheskiy Tsentr Protei) in St. Petersburg in 2002 (INN 7825483961, OGRN 1027809185227). It builds carrier core-network systems plus DPI, web-filtering and SORM-compatible lawful-intercept products; commercial sales are also run through an affiliate operating from Amman, Jordan. IDENTITY NOTE (verified): a separately incorporated, name-related St. Petersburg entity, OOO Protey Spetstekhnika / Protei ST (INN 7802471913, OGRN 1097847159321, incorporated 3 June 2009), is the entity on the U.S. OFAC SDN List (added 2024-05-01 under E.O. 14024). Per public corporate records aggregated by OpenSanctions, NTC Protei is recorded as the parent/owner of Protey Spetstekhnika; the two are nonetheless distinct legal persons, and the OFAC designation attaches to Protey Spetstekhnika, not to NTC Protei. On the public record the OFAC designation should not be conflated with the commercial DPI vendor NTC Protei, which itself carries no U.S./EU designation. Treasury's May 1, 2024 press release (jy2318) characterizes Protey Spetstekhnika as developing telecommunication systems for the Russian Ministry of Defense; the OFAC SDN record itself lists the designation under program RUSSIA-EO14024 without that descriptive language.", "designations": [], "noDesignationNote": "As of the research date (2026-06-22), the commercial DPI/lawful-intercept vendor NTC Protei (INN 7825483961) has NO designation on public record from any in-scope authoritative source: it is not on the US OFAC SDN List, the US BIS Entity List, the US Treasury NS-CMIC investment list, the EU consolidated sanctions list, or the US FCC Covered List. (The FCC Covered List was verified to contain only Huawei, ZTE, Hytera, Hikvision and Dahua and their subsidiaries/affiliates; no Protei entity appears on it.) The only government listing found for this specific entity is on Ukraine's NSDC sanctions register, which falls outside the authoritative-source set specified for this database. A name-related but separately incorporated St. Petersburg company, OOO Protey Spetstekhnika / Protei ST (INN 7802471913, a.k.a. PROTEI ST LTD), IS on the OFAC SDN List, verified at OFAC Sanctions List Search detail id=48657 (program RUSSIA-EO14024, effective 2024-05-01, designated under E.O. 14024 sec. 1(a)(i) for operating in the technology sector of the Russian Federation economy). That designation is recorded against Protey Spetstekhnika and is deliberately NOT attributed to NTC Protei here, to avoid guilt by association. No customer/deployment claims and no individual PII are reported in this record.", "confidence": "high" }, { "vendor": "Hangzhou Hikvision Digital Technology Co., Ltd. (Hikvision)", "slug": "hikvision", "country": "China", "silo": "biometric-video", "products": [ "Network/IP surveillance cameras (CCTV)", "Network video recorders (NVRs) and digital video recorders (DVRs)", "Video management software and surveillance platforms", "AI-powered video analytics and facial-recognition systems", "Access control and intercom systems", "Thermal and traffic cameras" ], "corporateNote": "Headquartered in Hangzhou, China (555 Qianmo Road, Binjiang District). Publicly listed on the Shenzhen Stock Exchange (ticker 002415; ISIN CNE100000PM8). Its controlling shareholder is the state-owned China Electronics Technology Group Corporation (CETC), holding roughly 40+ percent via subsidiaries China Electronics Technology HIK Group (CETHIK) and CETC's 52nd Research Institute; CETC is ultimately supervised by the State-owned Assets Supervision and Administration Commission (SASAC) of China's State Council. Widely described as the world's largest video-surveillance equipment manufacturer.", "designations": [ { "authority": "US BIS (Department of Commerce, Bureau of Industry and Security)", "authorityType": "export_control", "program": "Entity List", "date": "2019-10-09", "scopeNote": "VERIFIED against the primary Federal Register notice. Hikvision was added to the Entity List (15 CFR Part 744, Supplement No. 4) effective October 9, 2019. A license is required for all items subject to the Export Administration Regulations (EAR); the license-review policy is case-by-case for ECCNs 1A004.c, 1A004.d, 1A995, 1A999.a, 1D003, 2A983, 2D983, and 2E983 and for EAR99 items described in the Note to ECCN 1A995, and presumption of denial for all other items. Listed because the entity has been implicated in human-rights violations and abuses in China's campaign of repression and high-technology surveillance against Uyghurs, Kazakhs, and other Muslim minority groups in the Xinjiang Uyghur Autonomous Region (XUAR). This is an export-control restriction on US-origin items, not an asset freeze or a ban on commercial trade with the company generally.", "sourceUrl": "https://www.govinfo.gov/content/pkg/FR-2019-10-09/html/2019-22210.htm", "sourceTitle": "Federal Register: Addition of Certain Entities to the Entity List (FR-2019-10-09, Doc. 2019-22210), BIS" }, { "authority": "US FCC (Federal Communications Commission)", "authorityType": "equipment_authorization", "program": "Covered List (Section 2, Secure and Trusted Communications Networks Act of 2019)", "date": "2021-03-12", "scopeNote": "VERIFIED against FCC Public Notice DA-21-309 (released March 12, 2021), which published the initial Covered List and named 'Hangzhou Hikvision Digital Technology Company' among the five inaugural entities. Hikvision's telecommunications and video-surveillance equipment is covered only 'to the extent it is used for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes' (extends to subsidiaries/affiliates). This is an equipment-authorization restriction, NOT an OFAC-style sanction or asset freeze: under the FCC's November 2022 rules (FCC 22-84, effective for new applications after Feb. 6, 2023), covered equipment cannot receive new FCC equipment authorization for marketing/import for those purposes; prior authorizations were not revoked. Note: in Hikvision USA, Inc. v. FCC, 97 F.4th 938 (D.C. Cir. 2024), the court upheld the rules generally but found the FCC's definition of 'critical infrastructure' unjustifiably broad and remanded that prong for the Commission to revise; the Hikvision Covered List entry itself remains in effect.", "sourceUrl": "https://www.fcc.gov/supplychain/coveredlist", "sourceTitle": "FCC: List of Equipment and Services Covered By Section 2 of The Secure Networks Act (Covered List)" }, { "authority": "US Treasury OFAC (Office of Foreign Assets Control)", "authorityType": "investment_restriction", "program": "Non-SDN Chinese Military-Industrial Complex Companies List (NS-CMIC List)", "date": "2021-06-03", "scopeNote": "VERIFIED against the OFAC recent-action announcement. Hangzhou Hikvision Digital Technology Co. was named in the Annex to Executive Order 14032 (signed June 3, 2021), placing it on the NS-CMIC List. The EO prohibits US persons from purchasing or selling the publicly traded securities (and securities derivative of, or designed to provide investment exposure to, such securities) of the company; the securities-transaction prohibition for the inaugural listees took effect at 12:01 a.m. EDT on August 2, 2021, with a divestment wind-down period (ending June 3, 2022). This is a capital-markets/investment restriction only — it does NOT freeze assets, block correspondent banking, place the company on the SDN List, or bar ordinary commercial trade with the company.", "sourceUrl": "https://ofac.treasury.gov/recent-actions/20210603", "sourceTitle": "OFAC: Issuance of Executive Order Addressing the Threat from Securities Investments that Finance Certain Companies of the PRC; Introduction of the NS-CMIC List (June 3, 2021)" } ], "noDesignationNote": "", "confidence": "high" }, { "vendor": "Dahua Technology (Zhejiang Dahua Technology Co., Ltd.)", "slug": "dahua-technology", "country": "China", "silo": "biometric-video", "products": [ "IP / network surveillance cameras", "Analog HDCVI cameras", "PTZ and fisheye cameras", "Network video recorders (NVR) and digital video recorders (DVR)", "Video management software (VMS)", "Video analytics / AI-based recognition systems" ], "corporateNote": "Zhejiang Dahua Technology Co., Ltd. is a Chinese video-surveillance equipment manufacturer headquartered in Hangzhou, Zhejiang, founded in 2001 by Fu Liquan. It is publicly traded on the Shenzhen Stock Exchange (ticker 002236) and is one of the world's largest makers of video-surveillance hardware and analytics.", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List", "date": "2019-10-09", "scopeNote": "Zhejiang Dahua Technology Co., Ltd. was added to the BIS Entity List effective October 9, 2019 (84 FR 54002, rule 2019-22210). The listing imposes a license requirement for all exports, reexports, and in-country transfers of items subject to the Export Administration Regulations (EAR), with a license review policy of presumption of denial, and no license exceptions available. This is an export-control restriction, not a sanction or asset freeze. Verified against the official Federal Register rule text (govinfo.gov mirror confirms the presumption-of-denial policy and all-items-subject-to-the-EAR scope).", "sourceUrl": "https://www.federalregister.gov/documents/2019/10/09/2019-22210/addition-of-certain-entities-to-the-entity-list", "sourceTitle": "Addition of Certain Entities to the Entity List, 84 FR 54002 (Oct. 9, 2019) (BIS rule 2019-22210; primary text mirrored at govinfo.gov/content/pkg/FR-2019-10-09/pdf/2019-22210.pdf)" }, { "authority": "US FCC", "authorityType": "equipment_authorization", "program": "Covered List (Secure and Trusted Communications Networks Act, Section 2)", "date": "2021-03-12", "scopeNote": "Video surveillance and telecommunications equipment produced or provided by Dahua Technology Company (including its subsidiaries and affiliates) was placed on the FCC Covered List on March 12, 2021, but ONLY to the extent it is used for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes (tracking the statutory scope of 2019 NDAA Section 889(f)(3)(B)). This is an equipment-authorization restriction under the FCC equipment authorization program (covered equipment cannot be authorized for sale/import for those purposes); it is NOT a flat sanction and does not prohibit all Dahua products in the U.S. Scope and date corroborated by the FCC Covered List page and the FCC PSHSB public notice DA-21-309, and by OpenSanctions structured data (listed 2021-03-12).", "sourceUrl": "https://www.fcc.gov/supplychain/coveredlist", "sourceTitle": "List of Equipment and Services Covered By Section 2 of The Secure Networks Act (FCC Covered List)" } ], "noDesignationNote": "No US OFAC SDN designation and no EU consolidated-sanctions designation on public record as of the research date. Crucially, Dahua is NOT on the US Treasury OFAC Non-SDN Chinese Military-Industrial Complex Companies (NS-CMIC) list: I downloaded and searched the authoritative OFAC consolidated sanctions list data file (cons_prim.csv, 68 CMIC-EO13959 entries) and the OFAC SDN list (sdn.csv) directly, and found zero matches for \"Dahua\" or \"Zhejiang Dahua\" in either; only Hangzhou Hikvision Digital Technology Co., Ltd. appears on the NS-CMIC list (CMIC listing date 03 Jun 2021). Several secondary commentaries incorrectly claim Dahua is in the Executive Order 14032 annex, but this conflates Dahua with Hikvision and is refuted by the primary OFAC data, so no investment-restriction designation is included here. (Separately, the US DOD has listed Dahua on its Section 1260H Chinese Military Companies list since 2022-10-05; the 1260H list is a statutory identification rather than an export-control / sanction / equipment-authorization / investment restriction among the named authorities for this record, so it is not reported in the designations array. No customer/deployment claims and no individual PII below corporate-officer level are included.)", "confidence": "high" }, { "vendor": "Huawei Technologies Co., Ltd.", "slug": "huawei-technologies", "country": "China", "silo": "network", "products": [ "Telecommunications network equipment (5G/4G RAN, base stations, core network)", "Optical transport and carrier networking gear", "Enterprise networking and data-center switches/routers", "Video surveillance equipment (incl. \"safe city\" / smart-city camera and platform systems)", "Smartphones and consumer electronics", "Cloud and ICT infrastructure" ], "corporateNote": "Huawei Technologies Co., Ltd. is the principal operating company of the Huawei group, which is held through Huawei Investment & Holding Co., Ltd., a privately held company headquartered in Shenzhen, China. Founded in 1987 by Ren Zhengfei, Huawei describes itself as employee-owned, with shares held by a trade-union committee and Ren retaining roughly 1 percent; it is not publicly listed.", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List", "date": "2019-05-16", "scopeNote": "BIS final rule (RIN 0694-AH86, doc. 2019-10616; effective on display May 16, 2019, published in the Federal Register May 21, 2019) added Huawei Technologies Co., Ltd. and 68 non-U.S. affiliates in 26 destinations to the Entity List. Effect: a license requirement applies to all items subject to the EAR for export, reexport, or transfer (in-country) to the listed parties, with a license review policy of presumption of denial and no license exceptions available. This is an export-control license restriction, not an asset-blocking sanction. Confirmed against the BIS public-inspection final rule text quoting 'a license requirement for all items subject to the EAR and a license review policy of presumption of denial.'", "sourceUrl": "https://www.federalregister.gov/documents/2019/05/21/2019-10616/addition-of-entities-to-the-entity-list", "sourceTitle": "Addition of Entities to the Entity List, 84 FR 22961 (Federal Register, May 21, 2019; doc. 2019-10616)" }, { "authority": "US FCC", "authorityType": "equipment_authorization", "program": "Covered List (Secure and Trusted Communications Networks Act of 2019, Sec. 2)", "date": "2021-03-12", "scopeNote": "The FCC Public Safety and Homeland Security Bureau's first Covered List Public Notice (March 12, 2021) identified telecommunications equipment and video surveillance equipment produced or provided by Huawei Technologies Company (and subsidiaries/affiliates), and telecom/video-surveillance services using such equipment, as covered under Sec. 2(b)(2)(A)-(C) of the Secure Networks Act. Effect: following the FCC Report & Order (adopted Nov. 25, 2022), as of Feb. 6, 2023 'covered' equipment is prohibited from obtaining a new FCC equipment authorization (cannot be marketed, sold, or imported for the covered purposes in the U.S.). This is an equipment-authorization restriction, NOT a flat sanction or asset block.", "sourceUrl": "https://www.fcc.gov/supplychain/coveredlist", "sourceTitle": "List of Equipment and Services Covered By Section 2 of The Secure Networks Act (FCC Covered List)" }, { "authority": "US Treasury (OFAC)", "authorityType": "investment_restriction", "program": "Non-SDN Chinese Military-Industrial Complex Companies (NS-CMIC) List, E.O. 13959 as amended by E.O. 14032", "date": "2021-06-03", "scopeNote": "Huawei is on OFAC's Non-SDN Chinese Military-Industrial Complex Companies (NS-CMIC) List under the June 3, 2021 action implementing E.O. 14032 (amending E.O. 13959). Effect: U.S. persons are prohibited from the purchase or sale of publicly traded securities (and securities derivative of, or designed to provide investment exposure to, such securities) of the listed company; trading prohibition effective 12:01 a.m. EDT Aug. 2, 2021, with a divestment window through June 3, 2022. This is a capital-markets/investment restriction, NOT an SDN asset-blocking sanction; the EO does not prohibit ordinary non-securities dealings (e.g., purchase of goods or services).", "sourceUrl": "https://ofac.treasury.gov/sanctions-programs-and-country-information/chinese-military-companies-sanctions", "sourceTitle": "Chinese Military Companies Sanctions (OFAC NS-CMIC program page)" } ], "noDesignationNote": "Huawei is NOT on the OFAC Specially Designated Nationals (SDN) asset-blocking list, and no EU consolidated-sanctions designation of Huawei was found on public record as of the research date (June 2026). The three designations above are distinct in legal effect: BIS Entity List = export-control license requirement (presumption of denial); FCC Covered List = equipment-authorization prohibition (no new FCC authorizations for covered equipment as of Feb. 6, 2023); Treasury NS-CMIC = publicly-traded-securities investment restriction. None of these is an SDN-style asset freeze. (A U.S. DoD Section 1260H 'Chinese Military Companies' listing exists but is outside the in-scope authority set for this record and is therefore not reported here.)", "confidence": "high" }, { "vendor": "Megvii Technology Limited", "slug": "megvii-technology", "country": "China", "silo": "biometric-video", "products": [ "Face++ (computer vision / facial recognition platform)", "FaceID (facial recognition authentication platform)", "Brain++ (proprietary deep learning framework)" ], "corporateNote": "Megvii Technology Limited is a Chinese artificial-intelligence and computer-vision company founded in 2011 by Tsinghua University graduates, headquartered in the Haidian/Zhongguancun district of Beijing, China. It is best known for its Face++ facial-recognition and computer-vision platform. Megvii pursued public listings (a withdrawn 2019 Hong Kong IPO and a later Shanghai STAR Market filing); as of the research date it is not confirmed as publicly traded on a major exchange.", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List", "date": "2019-10-09", "scopeNote": "Megvii Technology added to the Bureau of Industry and Security (BIS) Entity List effective Oct 9, 2019 (84 FR 54002; rule 2019-22210; Docket No. 190925-0044; RIN 0694-AH68), as one of 28 PRC entities determined to be acting contrary to U.S. foreign-policy interests in connection with high-technology surveillance and human-rights abuses against Uyghur and other Muslim minority groups in Xinjiang. A license is required for all items subject to the EAR for exports, reexports, and transfers (in-country), with a presumption of denial (case-by-case review for a limited set of ECCNs and certain EAR99 items). This is an export-control licensing restriction, NOT an asset freeze, an OFAC sanction, or a flat trade ban.", "sourceUrl": "https://www.govinfo.gov/content/pkg/FR-2019-10-09/html/2019-22210.htm", "sourceTitle": "Federal Register, 84 FR 54002 (Oct. 9, 2019): Addition of Certain Entities to the Entity List (rule 2019-22210)" }, { "authority": "US Treasury (OFAC)", "authorityType": "investment_restriction", "program": "Non-SDN Chinese Military-Industrial Complex Companies List (NS-CMIC)", "date": "2021-12-16", "scopeNote": "On Dec 16, 2021, the U.S. Treasury (OFAC) identified Megvii Technology Limited as one of eight Chinese technology firms and added it to the NS-CMIC List pursuant to Executive Order 13959 (as amended by E.O. 14032), for operating or having operated in the surveillance technology sector of the PRC economy. The designation prohibits U.S. persons from purchasing or selling publicly traded securities (and certain derivatives) of the company; the divestment/wind-down period ran for 365 days. This is a securities-investment restriction, NOT an OFAC SDN asset-blocking sanction (Megvii is on the Non-SDN list, so assets are not frozen).", "sourceUrl": "https://home.treasury.gov/news/press-releases/jy0538", "sourceTitle": "U.S. Department of the Treasury Press Release JY0538: Treasury Identifies Eight Chinese Tech Firms as Part of the Chinese Military-Industrial Complex (Dec. 16, 2021)" } ], "noDesignationNote": "", "confidence": "high" }, { "vendor": "SenseTime", "slug": "sensetime", "country": "China", "silo": "biometric-video", "products": [ "Computer-vision / deep-learning platform (SenseTime / Shang Tang)", "Facial recognition and image recognition", "Object detection and video analysis", "Optical character recognition (OCR)", "SenseFoundry (smart-city / urban management platform)", "SenseCare (medical image analysis)", "Autonomous driving and remote sensing" ], "corporateNote": "SenseTime (Shang Tang) is a Chinese artificial-intelligence company specializing in computer vision and deep learning, including facial recognition, image/object detection, video analysis, OCR, medical imaging, and autonomous driving. Co-founded in October 2014 (co-founders include Tang Xiao'ou of the Chinese University of Hong Kong and Xu Li). Publicly traded on the Hong Kong Stock Exchange (HKEX: 0020.HK) following its December 2021 IPO. The OFAC-listed corporate parent entity is \"SENSETIME GROUP LIMITED,\" with an address in the Hong Kong Science Park (Hong Kong New Territories), Hong Kong SAR, and Hong Kong company registration (C.R.) number 2162198. Headquartered in Hong Kong with operations across mainland China and additional international offices.", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List (15 CFR Part 744, Supplement No. 4)", "date": "2019-10-09", "scopeNote": "BIS added SenseTime (listed in the rule as 'Sense Time') to the Entity List effective October 9, 2019, as part of a final rule adding 28 China-based entities determined to be acting contrary to U.S. foreign-policy interests for their role in human-rights abuses against Uyghurs, Kazakhs, and other Muslim minority groups in the Xinjiang Uyghur Autonomous Region (XUAR). The listing imposes a license requirement for all items subject to the Export Administration Regulations (EAR), with a license-review policy of presumption of denial. This is an export-control restriction on supplying U.S.-origin (EAR-subject) items to the entity; it is NOT an asset-blocking sanction and does not by itself prohibit U.S. persons from transacting with or investing in the company. Corroborated by independent legal and press reporting (Winston & Strawn; TechCrunch). Listing remains in effect; not removed.", "sourceUrl": "https://www.federalregister.gov/documents/2019/10/09/2019-22210/addition-of-certain-entities-to-the-entity-list", "sourceTitle": "Federal Register: Addition of Certain Entities to the Entity List (84 FR 54002; Oct. 9, 2019; doc. 2019-22210)" }, { "authority": "US Treasury (OFAC)", "authorityType": "investment_restriction", "program": "Non-SDN Chinese Military-Industrial Complex Companies (NS-CMIC) List, program code CMIC-EO13959", "date": "2021-12-10", "scopeNote": "On December 10, 2021 (listing date) OFAC added 'SENSETIME GROUP LIMITED' to the Non-SDN Chinese Military-Industrial Complex Companies (NS-CMIC) List under Executive Order 13959, as amended by E.O. 14032 (OFAC program field 'CMIC-EO13959'). Verified directly against OFAC's Sanctions List Search record (id=33114): Non-SDN list; program CMIC-EO13959; listing date 10 Dec 2021; effective date (CMIC securities-trading prohibition) 08 Feb 2022; divestment/wind-down date 10 Dec 2022; address Block 1, 1F & 2F Harbour View, 12 Science Park West Avenue, Hong Kong Science Park, Hong Kong SAR; C.R. No. 2162198; alias 'SENSETIME GROUP LTD.' The NS-CMIC designation prohibits U.S. persons from purchasing or selling publicly traded securities (and derivatives of, or securities designed to provide investment exposure to, such securities) of the listed entity. This is an investment/securities restriction on U.S. persons — it is NOT an asset-blocking SDN sanction (the entity is on the Non-SDN list, not the SDN list) and does not block the company's assets or impose a general transaction ban. The action coincided with SenseTime's Hong Kong IPO pricing; the U.S. government basis for the designation references an affiliate's facial-recognition capabilities. Listing remains in effect; not removed.", "sourceUrl": "https://sanctionssearch.ofac.treas.gov/Details.aspx?id=33114", "sourceTitle": "OFAC Sanctions List Search — SENSETIME GROUP LIMITED (Non-SDN / CMIC-EO13959), id=33114" } ], "noDesignationNote": "SenseTime is NOT on the OFAC Specially Designated Nationals (SDN) blocking list — its OFAC listing is on the separate Non-SDN NS-CMIC list, which is an investment/securities restriction, not an asset freeze (verified via OFAC Sanctions List Search id=33114, which shows \"Non-SDN\"). SenseTime is NOT on the FCC Covered List. (Note: the FCC Covered List is an equipment-authorization restriction, not a flat sanction. As of the latest update verified, the list names Huawei, ZTE, Hytera, Hikvision, and Dahua and their subsidiaries/affiliates for telecommunications and video-surveillance equipment, plus Kaspersky Lab and the Chinese carriers China Mobile, China Telecom, Pacifica Networks/ComNet, and China Unicom; SenseTime is not among any of these.) No EU consolidated-sanctions, EU Sanctions Map, or EU member-state listing of SenseTime was located in this research (OpenSanctions shows only US listings; no EU designation). Only the two designations above — BIS Entity List (export control) and OFAC NS-CMIC (investment/securities restriction) — were verified against authoritative sources and are retained.", "confidence": "high" }, { "vendor": "iFLYTEK", "slug": "iflytek", "country": "China", "silo": "biometric-video", "products": [ "Intelligent speech recognition (ASR) and speech synthesis (TTS) engines", "Voiceprint / speaker identification and voice biometrics", "Natural language processing and machine translation", "Spark (Xinghuo) large language model and AI open platform (xfyun)", "AI-powered education, smart-office, and consumer voice products (translators, recorders, smart hardware)" ], "corporateNote": "iFLYTEK Co., Ltd. (Chinese: 科大讯飞) is a partially state-owned Chinese AI company founded in 1999, headquartered in Hefei, Anhui Province. It was spun off from the University of Science and Technology of China and is publicly listed on the Shenzhen Stock Exchange (ticker 002230); state-owned China Mobile is among its largest shareholders. The company is a national leader in intelligent speech and natural-language technologies (speech recognition, synthesis, translation, voiceprint biometrics) and operates the xfyun open AI platform and the Spark/Xinghuo large language model. Corporate basics are drawn from public company profiles and Wikipedia and are provided for identification only; they are not themselves a government designation.", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List (15 CFR Part 744, Supplement No. 4)", "date": "2019-10-09", "scopeNote": "Verified against the primary Federal Register notice (84 FR 54002, doc. 2019-22210). BIS added IFLYTEK to the Entity List effective October 9, 2019; the entry reads \"IFLYTEK, National Intelligent Speech High-tech Industrialization Base, No. 666, Wangjiang Road West, Hefei City, Anhui Province, China.\" The listing imposes a license requirement for all items subject to the Export Administration Regulations (EAR). The license review policy is case-by-case review for ECCNs 1A004.c, 1A004.d, 1A995, 1A999.a, 1D003, 2A983, 2D983, and 2E983, and for EAR99 items described in the Note to ECCN 1A995; presumption of denial for all other items subject to the EAR. BIS stated the entity was added for involvement in human-rights violations and abuses in China's campaign of repression, mass arbitrary detention, and high-technology surveillance against Uyghurs, Kazakhs, and other Muslim minority groups in the Xinjiang Uyghur Autonomous Region (XUAR). SCOPE: this is an export-control restriction on the transfer of U.S.-origin items only; it is NOT an asset-blocking sanction, does not freeze assets, and does not prohibit dealings with the company beyond covered exports, reexports, and in-country transfers. STATUS: still in force; no Federal Register notice removing IFLYTEK from the Entity List was located, and the current BIS Supplement No. 4 to Part 744 continues to list the entity (verified against 2024-2025 Entity List revision notices, which record removals of other entities but not IFLYTEK).", "sourceUrl": "https://www.govinfo.gov/content/pkg/FR-2019-10-09/html/2019-22210.htm", "sourceTitle": "Federal Register / Addition of Certain Entities to the Entity List (84 FR 54002, Oct. 9, 2019)" } ], "noDesignationNote": "Only one in-scope designation is verified on record: the BIS Entity List addition of October 9, 2019 (an export-control restriction). Searches of the other in-scope authorities returned no listing for iFLYTEK. It does NOT appear on the OFAC Specially Designated Nationals (SDN) List (the 2019 action was a distinct export-control Entity List mechanism, not an asset-blocking SDN designation). It is NOT on the Treasury Non-SDN Chinese Military-Industrial Complex Companies (NS-CMIC) investment-restriction list. It is NOT on the FCC Covered List (which identifies Huawei, ZTE, Hytera, Hikvision, Dahua and their affiliates -- plus later non-iFLYTEK additions such as Kaspersky, certain foreign-made drones, and consumer routers -- but not iFLYTEK). No EU consolidated sanctions listing for iFLYTEK was identified. For completeness, and although it is outside the five in-scope authorities, iFLYTEK was also not found on the U.S. DoD Section 1260H Chinese Military Companies list as verified against an authoritative enumeration mirroring the official list (updated June 10, 2026); a contrary unsourced search-summary claim that iFLYTEK appears on the 1260H list could not be corroborated against any primary DoD notice or law-firm enumeration of the actual listings and is therefore not credited. These absences are reported conservatively to avoid implying restrictions that are not on record.", "confidence": "high" }, { "vendor": "Yitu Technology", "slug": "yitu-technology", "country": "China", "silo": "biometric-video", "products": [ "Dragonfly Eye (cloud facial-recognition / video surveillance platform used by public-security bureaus to identify individuals and vehicles)", "Facial recognition and computer-vision software (machine vision, identity verification)", "Speech recognition and natural-language / semantic comprehension software", "AI medical imaging diagnosis platform (care.ai / healthcare AI)", "questcore AI inference chip / smart-city computing systems" ], "corporateNote": "Yitu Technology is a Shanghai-based artificial-intelligence company founded August 27, 2012 by Leo Zhu (Zhu Long) and Lin Chenxi, specializing in facial recognition and computer vision. Its flagship Dragonfly Eye platform is marketed for identification of individuals and vehicles; the company also markets speech/NLP, AI medical imaging, and smart-city/chip products. The operating company is Shanghai Yitu Technology Co., Ltd. The BIS Entity List entry names \"Yitu Technologies\" at a Shanghai address, while the OFAC NS-CMIC listing names \"YITU LIMITED,\" a related Cayman Islands holding entity; the exact legal names differ by source. Caution: a small number of 2024 secondary press accounts loosely described the December 2021 Treasury action as an \"SDN List\" designation; that is imprecise. OFAC's own records place Yitu on the Non-SDN NS-CMIC list (program CMIC-EO13959), an investment restriction, NOT the asset-blocking Specially Designated Nationals (SDN) list.", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List", "date": "2019-10-09", "scopeNote": "Added to the BIS Entity List as \"Yitu Technologies\" (Shanghai address: 23F, Shanghai Arch Tower I, 523 Loushanguan Rd, Changning District, Shanghai, China) effective October 9, 2019, in a notice adding 28 Chinese government and commercial entities. License required for all items subject to the EAR; license review policy is case-by-case for ECCNs 1A004.c, 1A004.d, 1A995, 1A999.a, 1D003, 2A983, 2D983, and 2E983, and for EAR99 items described in the Note to ECCN 1A995, with presumption of denial for all other items subject to the EAR. The End-User Review Committee determined the listed entities were implicated in China's campaign of repression, mass arbitrary detention, and high-technology surveillance against Uighurs, Kazakhs, and other members of Muslim minority groups in the Xinjiang Uighur Autonomous Region (XUAR). This is an export-control restriction on U.S.-origin/EAR-subject items, NOT a financial/asset-blocking sanction. As of verification this listing remains in effect (not removed).", "sourceUrl": "https://www.govinfo.gov/content/pkg/FR-2019-10-09/html/2019-22210.htm", "sourceTitle": "Federal Register Vol. 84, No. 196 (Oct. 9, 2019): Addition of Certain Entities to the Entity List (84 FR 54002; doc. 2019-22210)" }, { "authority": "US Treasury (OFAC)", "authorityType": "investment_restriction", "program": "Non-SDN Chinese Military-Industrial Complex Companies List (NS-CMIC); program tag CMIC-EO13959", "date": "2021-12-16", "scopeNote": "Listed as \"YITU LIMITED\" (address: Suite #4-210, Governors Square, 23 Lime Tree Bay Avenue, PO Box 23211, Grand Cayman, KY1-1209, Cayman Islands) on the Non-SDN Chinese Military-Industrial Complex Companies List on December 16, 2021, pursuant to Executive Order 13959 as amended by Executive Order 14032. This is an investment/securities restriction only: it prohibits U.S. persons from purchasing or selling publicly traded securities (and derivatives or securities providing investment exposure) of the listed entity. Per the OFAC record, the trading-restriction effective date (CMIC) is February 14, 2022, with a purchase/sales divestment date of December 16, 2022. IMPORTANT: This is the Non-SDN NS-CMIC list, NOT the SDN list; it does not block assets or prohibit general dealings. As of verification this listing remains in effect (not removed).", "sourceUrl": "https://sanctionssearch.ofac.treas.gov/Details.aspx?id=33893", "sourceTitle": "OFAC Sanctions List Search — Details for YITU LIMITED (record id 33893; Non-SDN, program CMIC-EO13959)" } ], "noDesignationNote": "Conservatively excluded after verification: (1) OFAC SDN List — Yitu is NOT on the asset-blocking SDN list; OFAC records place it only on the Non-SDN NS-CMIC list (program CMIC-EO13959). Some 2024 secondary press loosely called the December 2021 action an \"SDN\" listing; that wording is inaccurate per OFAC's own records and is not adopted here. (2) FCC Covered List — Yitu does NOT appear; the FCC Covered List covers Huawei, ZTE, Hytera, Hikvision, Dahua, named PRC carriers (China Mobile, China Telecom, China Unicom, Pacific/Pacifica Networks), and Kaspersky — not Yitu. (3) EU consolidated sanctions — no listing for Yitu was found. Only the BIS Entity List (export control) and Treasury NS-CMIC (investment restriction) designations are verifiable and are reported above. No customer or deployment-specific claims and no personal data are included.", "confidence": "high" }, { "vendor": "CloudWalk Technology", "slug": "cloudwalk-technology", "country": "China", "silo": "biometric-video", "products": [ "Facial recognition software / algorithms (face detection, 1:N face recognition, face attributes)", "Facial recognition terminals and access-control / door-entry devices", "Facial-payment ('face scan') solutions for banks and retail", "AIoT platforms and smart-city / smart-governance / smart-finance solutions", "CWOS human-machine collaboration operating system", "Large language model ('Comfort', released 2023 for beta)" ], "corporateNote": "CloudWalk Technology Co., Ltd. (云从科技集团股份有限公司; legal/group name CloudWalk Technology Group Co., Ltd.) is a Chinese artificial-intelligence and facial-recognition company founded March 2015 and headquartered in Guangzhou, Guangdong. It is one of China's so-called \"four AI dragons\" of computer vision and is a leading facial-recognition vendor to Chinese banks. The company listed on the Shanghai Stock Exchange STAR Market on May 27, 2022 (SSE: 688327). US Entity List records list four aliases: Chongqing Cloudwalk Technology Co., Ltd.; Guangzhou Yunshang Information Technology Co., Ltd.; Yun Cong Information Technology Co. Ltd.; and Yun Cong Technology. Corporate basics drawn from the company's own materials and reference sources; not all corporate details are independently government-verified.", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List (Xinjiang / human-rights tranche)", "date": "2020-06-05", "scopeNote": "Added to the BIS Entity List by final rule effective June 5, 2020 (announced May 22, 2020), listed at 15 CFR part 744 Supplement No. 4 under China. Listed as 'CloudWalk Technology' with four aliases (Chongqing Cloudwalk Technology Co., Ltd.; Guangzhou Yunshang Information Technology Co., Ltd.; Yun Cong Information Technology Co. Ltd.; Yun Cong Technology). Reason given: implicated in human-rights violations and abuses in the implementation of China's campaign of repression, mass arbitrary detention, forced labor, and high-technology surveillance against Uighurs, Kazakhs, and other members of Muslim minority groups in the Xinjiang Uighur Autonomous Region (XUAR). License requirement: license required for all items subject to the EAR, no license exceptions available; license review policy of case-by-case review for ECCNs 1A004.c, 1A004.d, 1A995, 1A999.a, 1D003, 2A983, 2D983, 2E983 and for EAR99 items, and presumption of denial for all other items subject to the EAR. SCOPE: this is an EXPORT-CONTROL restriction on the export, reexport, and transfer of US-origin items and technology to the entity; it is NOT a financial sanction or asset freeze and does not bar all dealings. Verified against the Federal Register final rule; no evidence of removal as of the research date. NOTE: an October 2019 listing hint is incorrect — CloudWalk was added in the May/June 2020 tranche, not the October 2019 tranche (which covered Hikvision, Dahua, Megvii, SenseTime, Yitu, iFlytek, and others).", "sourceUrl": "https://www.govinfo.gov/content/pkg/FR-2020-06-05/html/2020-10868.htm", "sourceTitle": "Federal Register, Vol. 85, No. 109 (June 5, 2020) — Addition of Entities to the Entity List (final rule, 2020-10868)" }, { "authority": "US Treasury (OFAC)", "authorityType": "investment_restriction", "program": "Non-SDN Chinese Military-Industrial Complex Companies (NS-CMIC) List", "date": "2021-12-16", "scopeNote": "On December 16, 2021, OFAC identified CloudWalk Technology Co., Ltd. as a Chinese Military-Industrial Complex Company and added it to the NS-CMIC List. The OFAC Sanctions List Search detail entry confirms the entity 'CLOUDWALK TECHNOLOGY CO., LTD.' (a.k.a. CLOUDWALK) on the Non-SDN list under program code CMIC-EO13959 (Executive Order 13959, as amended by Executive Order 14032). Identified for operating in the surveillance technology sector of the PRC economy; Treasury's stated rationale was active support for the biometric surveillance and tracking of ethnic and religious minorities in China, particularly Uyghurs in Xinjiang. Listed on the same date alongside seven other firms (Dawning Information Industry; Leon Technology; Megvii Technology; NetPosa Technologies; SZ DJI Technology; Xiamen Meiya Pico Information; Yitu Limited). SCOPE: this is an INVESTMENT/SECURITIES restriction only — it prohibits US persons from purchasing or selling publicly traded securities (and derivatives thereof) of the listed company. It is NOT an SDN designation, does NOT freeze assets, and does NOT broadly bar all dealings. A divestment wind-down deadline applied (no later than Dec 15, 2022). CloudWalk is on the Non-SDN/Consolidated list, NOT the SDN list. Verified against the OFAC Sanctions List Search detail record; no evidence of removal as of the research date.", "sourceUrl": "https://ofac.treasury.gov/recent-actions/20211216", "sourceTitle": "OFAC Recent Actions, December 16, 2021 — Non-SDN Chinese Military-Industrial Complex Companies (NS-CMIC) List Updates" } ], "noDesignationNote": "Two designations verified against authoritative sources: (1) BIS Entity List (export control, effective June 5, 2020, verified against the Federal Register final rule 2020-10868) and (2) OFAC NS-CMIC List (investment/securities restriction, December 16, 2021, verified against the OFAC Sanctions List Search detail record showing program CMIC-EO13959 on the Non-SDN list). CloudWalk is NOT on the OFAC SDN list — its OFAC presence is limited to the Non-SDN NS-CMIC program, which only restricts dealings in publicly traded securities, not a full asset freeze. CloudWalk is NOT on the FCC Covered List; the FCC Covered List comprises 12 named targets (AO Kaspersky Lab / Kaspersky Lab Inc., Hytera Communications, China Mobile International USA, China Unicom (Americas) Operations, China Telecom (Americas), Pacific Networks Corp, ComNet (USA) LLC, ZTE Corporation, Zhejiang Dahua Technology, Huawei Technologies, and Hangzhou Hikvision Digital Technology), and CloudWalk does not appear among them. CloudWalk was not located on the EU consolidated sanctions list during this research, so no EU designation is asserted. The October 2019 BIS tranche hint is debunked: CloudWalk was added in the May/June 2020 tranche, not 2019. No customer, deployment, victim, or PII claims are included in this record.", "confidence": "high" }, { "vendor": "Meiya Pico", "slug": "meiya-pico", "country": "China", "silo": "forensic", "products": [ "Digital forensics workstations / computer forensic laboratory equipment", "Mobile device forensics and data-extraction tools", "Data recovery and password recovery solutions", "Multichannel data acquisition systems", "Public-security big-data and surveillance/analytics software" ], "corporateNote": "Xiamen Meiya Pico Information Co., Ltd. (legal/long form: Xiamen Meiya Pico Information Co. Ltd.; \"Meiya Pico\") is a Chinese digital-forensics and information-security company founded in 1999 and headquartered in Xiamen, Fujian Province, China. It is publicly listed on the Shenzhen Stock Exchange's ChiNext board (equity ticker 300188 CN), with an IPO in 2011. The company is widely described as a leader in China's domestic digital-forensics industry and a major vendor of public-security big-data and forensic-extraction technology. Its product line centers on extracting and analyzing evidence from computers, mobile phones, and storage media. Fits the \"forensic\" silo (digital forensics / mobile extraction).", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List (15 CFR Part 744, Supplement No. 4)", "date": "2019-10-09", "scopeNote": "Added to the BIS Entity List as \"Xiamen Meiya Pico Information Co. Ltd.\" under \"China, People's Republic of,\" effective October 9, 2019, in connection with human-rights violations and abuses in the implementation of China's campaign of repression, mass arbitrary detention, and high-technology surveillance against Uighurs, Kazakhs, and other members of Muslim minority groups in the Xinjiang Uyghur Autonomous Region. License requirement: license required for all items subject to the Export Administration Regulations (EAR), per Sec. 744.11. License review policy: case-by-case review for certain enumerated ECCNs (1A004.c, 1A004.d, 1A995, 1A999.a, 1D003, 2A983, 2D983, 2E983, and EAR99 items described in the Note to ECCN 1A995) and presumption of denial for all other items subject to the EAR. This is an export-control listing (a licensing restriction on U.S.-origin exports, reexports, and in-country transfers), NOT an asset-blocking sanction. Verified against the primary Federal Register text (84 FR, Oct. 9, 2019). Remains in force; no removal/delisting identified.", "sourceUrl": "https://www.govinfo.gov/content/pkg/FR-2019-10-09/html/2019-22210.htm", "sourceTitle": "Federal Register: Addition of Certain Entities to the Entity List (84 FR, Oct. 9, 2019; doc. 2019-22210)" }, { "authority": "US Treasury (OFAC)", "authorityType": "investment_restriction", "program": "Non-SDN Chinese Military-Industrial Complex Companies (NS-CMIC) List (program tag CMIC-EO13959)", "date": "2021-12-16", "scopeNote": "Added to OFAC's Non-SDN Chinese Military-Industrial Complex Companies (NS-CMIC) List on December 16, 2021 (listing date) as \"XIAMEN MEIYA PICO INFORMATION CO., LTD.\"; the securities prohibition took effect February 14, 2022 (CMIC effective date). Action taken under Executive Order 13959 (as amended by Executive Order 14032). Effect: this is a securities-INVESTMENT restriction only - U.S. persons are prohibited from purchasing or selling publicly traded securities (or securities derivative of, or designed to provide investment exposure to such securities) of the listed company. It is an NS-CMIC (Non-SDN) listing, NOT an SDN/asset-blocking sanction; it does not block the entity's property or prohibit ordinary commercial dealings. OFAC Sanctions List Search shows Program \"CMIC-EO13959,\" List: Non-SDN, ticker 300188 CN, listing date 16 Dec 2021, effective date 14 Feb 2022. Verified against the OFAC Sanctions List Search detail record (id 33896). Remains in force; no removal/delisting identified.", "sourceUrl": "https://sanctionssearch.ofac.treas.gov/Details.aspx?id=33896", "sourceTitle": "OFAC Sanctions List Search - Detail record id 33896 (XIAMEN MEIYA PICO INFORMATION CO., LTD.; Program CMIC-EO13959; Non-SDN)" } ], "noDesignationNote": "No OFAC Specially Designated Nationals (SDN/asset-blocking) designation was found for Meiya Pico; its OFAC presence is limited to the Non-SDN NS-CMIC investment-restriction list. No EU consolidated sanctions listing and no U.S. FCC Covered List entry were found for Meiya Pico. Both verified designations (BIS Entity List, Oct. 9, 2019; OFAC NS-CMIC, listed Dec. 16, 2021, prohibition effective Feb. 14, 2022) remain in force as of the research date; no removal/delisting was identified. Adversarial verification confirmed the BIS Entity List entry against the primary Federal Register text (84 FR, doc. 2019-22210), including the exact entity name, effective date, Xinjiang justification, license requirement, enumerated ECCNs, and presumption-of-denial policy. The OFAC NS-CMIC entry was confirmed against the OFAC Sanctions List Search detail record (id 33896), which shows the Non-SDN status, program CMIC-EO13959, ticker 300188 CN, listing date 16 Dec 2021, and effective date 14 Feb 2022. The Treasury/OFAC recent-actions press page for Dec. 16, 2021 corroborates the action but timed out on direct fetch; the OFAC Sanctions List Search detail record was used as the authoritative primary source. Note added on second-pass review: the NS-CMIC securities prohibition's effective date (14 Feb 2022) is distinct from and later than the 16 Dec 2021 listing/announcement date.", "confidence": "high" }, { "vendor": "ZTE Corporation", "slug": "zte-corporation", "country": "China", "silo": "network", "products": [ "Carrier-network telecommunications equipment (wireless RAN, 5G base stations, optical transmission, switching/exchange systems)", "Data communications and core network gear", "Smartphones, tablets, mobile hotspots and CPE (consumer devices)", "Government/enterprise ICT systems, including video surveillance and video conferencing services" ], "corporateNote": "ZTE Corporation (Zhongxing Telecommunications Equipment Corporation) is a Chinese multinational telecommunications-equipment and systems company headquartered in Shenzhen, China, founded in 1985 and listed on the Hong Kong and Shenzhen stock exchanges. It operates across three segments: carrier networks, government/enterprise, and consumer devices. An affiliated entity named alongside ZTE in US export-control actions is ZTE Kangxun Telecommunications Ltd. The \"surveillance equipment\" framing is only partially supported: the FCC Covered List entry explicitly extends to \"video surveillance services\" provided by ZTE or using its equipment, but ZTE is primarily a carrier-network/telecom-infrastructure vendor rather than a dedicated surveillance specialist — hence the \"network\" silo.", "designations": [ { "authority": "US FCC", "authorityType": "equipment_authorization", "program": "FCC Covered List (Secure and Trusted Communications Networks Act of 2019; implementing Sec. 889(f)(3) of the John S. McCain NDAA FY2019, Pub. L. 115-232)", "date": "2021-03-12", "scopeNote": "ZTE Corporation was placed on the FCC's first Covered List published March 12, 2021. Verified verbatim against the primary FCC source: the entry covers 'Telecommunications equipment produced or provided by ZTE Corporation, including telecommunications or video surveillance services provided by such entity or using such equipment,' and the list is read to include subsidiaries and affiliates. This is a communications-supply-chain / equipment-authorization measure: under the Secure Equipment Act of 2021 the FCC subsequently prohibited new equipment authorizations for listed gear, and federal universal-service funds may not be used to buy it. It is NOT an asset-blocking sanction and NOT an OFAC/BIS designation. The listing remains ACTIVE as of the most recent FCC update (January 2026).", "sourceUrl": "https://docs.fcc.gov/public/attachments/DA-21-309A1.txt", "sourceTitle": "FCC Public Notice DA-21-309: List of Equipment and Services Covered By Section 2 of the Secure Networks Act (released March 12, 2021)" }, { "authority": "US BIS", "authorityType": "export_control", "program": "REMOVED — BIS Entity List (added 2016-03-08; removed effective 2017-03-29)", "date": "2016-03-08", "scopeNote": "ZTE Corporation and ZTE Kangxun Telecommunications Ltd. were added to the BIS Entity List on March 8, 2016 over alleged re-export of US-origin items to sanctioned destinations (including Iran) via a shell-company scheme, triggering license requirements for exports/reexports/transfers of items subject to the EAR. A temporary general license (issued March 2016 and extended several times) largely restored normal licensing pending settlement. ZTE was REMOVED from the Entity List effective March 29, 2017 following settlement of administrative and criminal enforcement actions (Federal Register 2017-06227). This listing is no longer active — historical export-control measure only. Note: the same Federal Register rule separately added an individual (ZTE's former CEO) to the Entity List; that individual listing is NOT attributed to the ZTE corporate entity here.", "sourceUrl": "https://www.federalregister.gov/documents/2017/03/29/2017-06227/removal-of-certain-persons-from-the-entity-list-addition-of-a-person-to-the-entity-list-and-ear", "sourceTitle": "Federal Register 2017-06227: Removal of Certain Persons From the Entity List; Addition of a Person to the Entity List; and EAR Conforming Change (effective March 29, 2017)" }, { "authority": "US BIS", "authorityType": "export_control", "program": "REMOVED — BIS Denial Order / Denied Persons List (activated 2018-04-15; terminated July 2018)", "date": "2018-04-15", "scopeNote": "On April 15, 2018 BIS activated a previously suspended seven-year denial of export privileges against Zhongxing Telecommunications Equipment Corporation (ZTE) and ZTE Kangxun, placing them on the Denied Persons List after BIS found ZTE breached the 2017 settlement (false statements; failure to discipline employees). The order barred parties from supplying ZTE with US-origin items subject to the EAR. BIS then issued a superseding settlement; upon ZTE's full payment of a USD 1,000,000,000 penalty and placement of USD 400,000,000 in escrow (the suspended portion of a USD 1,761,000,000 civil penalty), BIS TERMINATED the April 15, 2018 denial order and removed ZTE from the Denied Persons List in July 2018 (Federal Register 2018-15633). No longer active — historical export-control measure only.", "sourceUrl": "https://www.federalregister.gov/documents/2018/07/23/2018-15633/order-terminating-denial-order-issued-on-april-15-2018-against-zhongxing-telecommunications", "sourceTitle": "Federal Register 2018-15633: Order Terminating Denial Order Issued on April 15, 2018, Against Zhongxing Telecommunications Equipment Corporation and ZTE Kangxun Telecommunications Ltd. (July 23, 2018)" } ], "noDesignationNote": "No verifiable OFAC SDN listing, no US Treasury NS-CMIC (Non-SDN Chinese Military-Industrial Complex Companies) investment-restriction listing, and no EU consolidated sanctions listing were found for ZTE Corporation against authoritative sources as of June 2026. ZTE is NOT an asset-blocked or sanctioned party under OFAC. (Note for accuracy: OFAC entered a 2017 civil monetary settlement with ZTE for past sanctions/export violations, but that was a settlement of enforcement charges, not an SDN designation or asset block, so it is correctly excluded from the designations array.) The only currently ACTIVE US authoritative measure is the FCC Covered List placement (equipment-authorization / communications-supply-chain restriction, not a sanction). The two BIS export-control actions (2016 Entity List addition and 2018 Denial Order) are both historical and were formally REMOVED/TERMINATED — they are retained here for accuracy with explicit removal/termination dates and should not be presented as current restrictions. No customer/deployment claims and no personal data are included in this record.", "confidence": "high" }, { "vendor": "Hytera", "slug": "hytera", "country": "China", "silo": "network", "products": [ "Digital Mobile Radio (DMR) two-way radios / professional mobile radio (PMR) systems", "TETRA trunked radio systems and infrastructure", "Push-to-talk over cellular (PoC) radios and broadband two-way radios", "Land mobile radio (LMR) base stations, repeaters, and dispatch/command-and-control systems", "Body-worn cameras and converged video/voice communication devices" ], "corporateNote": "Hytera Communications Corporation Limited is a Shenzhen-headquartered manufacturer of professional/land mobile radio communications equipment (DMR, TETRA, PoC), publicly listed on the Shenzhen Stock Exchange (ticker 002583). Registered address: Hytera Tower, No. 9108 Beihuan Road, Hi-Tech Zone, Nanshan District, Shenzhen, Guangdong, China. It is one of the world's largest two-way radio vendors and is a competitor to Motorola Solutions. NOTE ON CORPORATE IDENTITY: the U.S. BIS Entity List entry (see designations) is for a separately named affiliate, \"Hytera Communications Limited,\" using Hong Kong addresses. This Hong Kong entry is distinct from the Shenzhen-based Hytera Communications Corporation that appears on the FCC Covered List, and the two designations rest on entirely different factual bases. Do not infer that the Russia-related Entity List basis applies to Hytera's radio/surveillance products or to the Shenzhen parent.", "designations": [ { "authority": "US FCC", "authorityType": "equipment_authorization", "program": "Covered List under Section 2 of the Secure and Trusted Communications Networks Act of 2019", "date": "2021-03-12", "scopeNote": "Verified against the primary source. The FCC's initial Covered List (Public Notice DA 21-309, released March 12, 2021, WC Docket No. 18-89) lists, in its Appendix table: 'Video surveillance and telecommunications equipment produced or provided by Hytera Communications Corporation, to the extent it is used for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes, including telecommunications or video surveillance services produced or provided by such entity or using such equipment.' This is NOT a flat sanction or asset freeze. The listing flows from the John S. McCain NDAA for FY2019 Section 889 determination (incorporated via the Secure Networks Act) and means such equipment/services are ineligible for FCC universal-service funding; under the FCC's later Report and Order (FCC 22-84, released Nov. 25, 2022, effective Feb. 6, 2023), the FCC will not grant new equipment authorizations for covered Hytera equipment used for the listed prohibited purposes. The scope is purpose-limited, not a blanket ban on all Hytera equipment. In Hikvision USA, Inc. v. FCC, No. 23-1032 (D.C. Cir. Apr. 2, 2024), the court vacated and remanded the FCC's definition of 'critical infrastructure' as arbitrarily broad, but upheld the underlying authorization prohibition and did NOT remove any entity from the Covered List. Hytera Communications Corporation remains on the Covered List as of June 2026; it has not been removed.", "sourceUrl": "https://docs.fcc.gov/public/attachments/DA-21-309A1.pdf", "sourceTitle": "FCC Public Notice DA 21-309, 'Public Safety and Homeland Security Bureau Announces Publication of the List of Equipment and Services Covered by Section 2 of the Secure Networks Act,' WC Docket No. 18-89 (Released March 12, 2021)" }, { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List addition (89 FR 68544), Supplement No. 4 to Part 744 of the Export Administration Regulations", "date": "2024-08-27", "scopeNote": "Verified against the primary source. In the final rule 'Revisions to the Entity List' (89 FR 68544, published and effective August 27, 2024), BIS added an entity named 'Hytera Communications Limited' (a.k.a. 'Hytera Communications Ltd.') under the People's Republic of China (Hong Kong), with three Hong Kong addresses (e.g. Room 8, 11/F, Wang Fai Industrial Building, 29 Luk Hop Street, San Po Kong, Kowloon, Hong Kong). For this entity a license is required for all items subject to the EAR (see EAR 734.9(g), 746.8(a)(3), and 744.11), reviewed under a policy of denial. The stated basis in the rule's supplementary information is that the added entities procured U.S.-origin/U.S.-branded items in support of Russia's military and defense industrial base, particularly following Russia's 2022 full-scale invasion of Ukraine. SCOPE CAVEAT: this Entity List entry names the Hong Kong-addressed 'Hytera Communications Limited,' which is named differently from, and may be a distinct legal entity from, the Shenzhen-based 'Hytera Communications Corporation' on the FCC Covered List. The basis is Russia-related export diversion, NOT any surveillance or radio-technology determination. An Entity List addition is an export-licensing restriction, not an OFAC asset-blocking sanction.", "sourceUrl": "https://www.govinfo.gov/content/pkg/FR-2024-08-27/html/2024-19130.htm", "sourceTitle": "Bureau of Industry and Security, 'Revisions to the Entity List,' 89 FR 68544 (August 27, 2024)" } ], "noDesignationNote": "No U.S. OFAC SDN listing, no U.S. Treasury NS-CMIC (Non-SDN Chinese Military-Industrial Complex Companies) investment restriction, and no EU consolidated-sanctions listing was found for Hytera Communications Corporation (the Shenzhen parent) among the five authoritative sources this database treats as primary, on the dates checked (June 2026). The Shenzhen entity appears on the U.S. FCC Covered List (a supply-chain/procurement-funding restriction, verified above), and is referenced under the 2019 NDAA Section 889 procurement prohibition, but these are not OFAC asset-blocking sanctions. A separately named Hong Kong affiliate, 'Hytera Communications Limited,' appears on the U.S. BIS Entity List (verified above); it has also been reported on EU/Swiss/Ukraine Russia-related measures via secondary aggregation, but those listings (a) are not among the five primary sources, and (b) attach to the Hong Kong entity on a Russia-related basis rather than to the Shenzhen radio manufacturer, so they are noted only as context and not asserted as verified designations. The most publicized Hytera matter in the press is a U.S. Department of Justice trade-secret-theft criminal prosecution (N.D. Ill.) over DMR technology taken from Motorola Solutions; that is a criminal-justice matter, not a sanction/export-control/equipment-authorization/investment designation, and is therefore excluded from the designations array.", "confidence": "high" }, { "vendor": "Positive Technologies", "slug": "positive-technologies", "country": "Russia", "silo": "mercenary-spyware", "products": [ "Vulnerability research and exploit development", "MaxPatrol (vulnerability and compliance management / SIEM)", "PT Application Firewall (web application firewall)", "PT Application Inspector (application security testing)", "PT Network Attack Discovery (NDR)", "MaxPatrol SIEM", "PT Sandbox (malware detection)", "Positive Hack Days (PHDays) security conference" ], "corporateNote": "Russian information-security firm headquartered in Moscow. The legal entity on the OFAC SDN List is AKTSIONERNOE OBSHCHESTVO POZITIV TEKNOLODZHIZ (a.k.a. JSC Positive Technologies / Pozitiv Teknolodzhiz, AO), Russia Tax ID 7718668887, address d. 23A pom. V kom, 30, shosse Shchelkovskoe, Moscow 107241. Operates ptsecurity.ru and ptsecurity.com. The firm markets commercial defensive security products (MaxPatrol, PT Application Firewall, NDR/SIEM), but US authorities designated it for trafficking in cyber exploits and for supporting Russian intelligence services. Per the US government's stated rationale (Treasury press release JY0127, 15 April 2021), the firm provides computer-network security solutions to Russian businesses, foreign governments, and international companies, and hosts large-scale conventions (Positive Hack Days) characterized by Treasury as recruiting events for the FSB and GRU; this reflects the government's designation rationale, not any independently asserted customer or deployment claim. NOTE on silo: the task hint suggested 'dpi-censorship,' but that is not supported by the evidence. Both US designations describe trafficking in offensive cyber exploits/tools (the November 2021 Entity List action grouped the firm with NSO Group and Candiru), so 'mercenary-spyware' is the accurate enum value.", "designations": [ { "authority": "US OFAC", "authorityType": "sanction", "program": "Specially Designated Nationals (SDN) List (SDN entry program tags: RUSSIA-EO14024; CAATSA - RUSSIA; CYBER2; NPWMD)", "date": "2021-04-15", "scopeNote": "Full blocking sanction. AKTSIONERNOE OBSHCHESTVO POZITIV TEKNOLODZHIZ (a.k.a. JSC Positive Technologies; Pozitiv Teknolodzhiz, AO), Tax ID 7718668887, was added to the OFAC SDN List on 15 April 2021. All property and interests in property subject to US jurisdiction are blocked and US persons are generally prohibited from transactions with the entity. The current SDN entry (Sanctions List Search id=31455) carries the program tags RUSSIA-EO14024; CAATSA - RUSSIA; CYBER2; NPWMD (verified verbatim). On the announcement date, Treasury press release JY0127 stated the firm was designated pursuant to E.O. 13694 (the CYBER2 tag), E.O. 13382 (the NPWMD tag), and CAATSA for providing support to the FSB; E.O. 14024 was the broad new Russia authority signed the same day and the SDN entry also carries the RUSSIA-EO14024 tag. This is a blocking sanction, not an export-only or investment-only restriction. Verified against the OFAC Sanctions List Search entry and Treasury press release JY0127.", "sourceUrl": "https://sanctionssearch.ofac.treas.gov/Details.aspx?id=31455", "sourceTitle": "OFAC Sanctions List Search - AKTSIONERNOE OBSHCHESTVO POZITIV TEKNOLODZHIZ (id 31455)" }, { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List (Export Administration Regulations); final rule 'Addition of Certain Entities to the Entity List,' 86 FR 60759, FR document 2021-24123 (RIN 0694-AI64)", "date": "2021-11-04", "scopeNote": "Export-control listing, not a financial blocking sanction. Effective 4 November 2021 (announced 3 November 2021), BIS added Positive Technologies (Russia) to the Entity List for engaging in activities contrary to US national security, specifically trafficking in cyber tools used to gain unauthorized access to information systems. The listing imposes a license requirement for all items subject to the EAR, a license review policy of presumption of denial, and no available license exceptions. It restricts US-origin exports, reexports, and in-country transfers to the firm; it does not by itself block property or prohibit all dealings the way an OFAC SDN designation does. The firm was added in the same final rule as NSO Group, Candiru, and Computer Security Initiative Consultancy PTE. LTD. (COSEINC, Singapore). Verified against the Federal Register final rule (govinfo mirror of FR document 2021-24123, 86 FR 60759-60761), corroborated by the Commerce/BIS press release and the US State Department statement.", "sourceUrl": "https://www.federalregister.gov/documents/2021/11/04/2021-24123/addition-of-certain-entities-to-the-entity-list", "sourceTitle": "Federal Register: Addition of Certain Entities to the Entity List (86 FR 60759, 4 Nov 2021)" } ], "noDesignationNote": "Both designations are independently corroborated by primary US-government sources: the OFAC Sanctions List Search entry (id=31455) and Treasury press release JY0127 for the 15 April 2021 SDN listing; and the Federal Register final rule (govinfo mirror of FR document 2021-24123, 86 FR 60759-60761), the Commerce/BIS press release, and the US State Department statement for the 4 November 2021 Entity List addition. Two corrections were applied during adversarial verification: (1) the OFAC scopeNote no longer asserts E.O. 14024 as 'the primary basis announced that day' because Treasury press release JY0127 states the firm was designated pursuant to E.O. 13694, E.O. 13382, and CAATSA, although the current SDN entry also carries the RUSSIA-EO14024 program tag; (2) the BIS RIN was corrected from 0694-AI66 to 0694-AI64 per the Federal Register text. Positive Technologies is NOT on the FCC Covered List (verified: the only Russia-related entries are the two Kaspersky legal entities, Kaspersky Lab, Inc. and AO Kaspersky Lab), so no equipment_authorization entry applies. No Treasury NS-CMIC (investment_restriction) listing was found for this entity. No evidence was found that either the OFAC SDN designation or the BIS Entity List designation has been removed as of June 2026; both appear to remain in force (the OFAC entry was present on the SDN List as of the 22 June 2026 list update). The record contains no customer/deployment claims (client references are the US government's own designation rationale) and no victim or personally identifiable information.", "confidence": "high" }, { "vendor": "Tiandy Technologies (Tianjin Tiandi Weiye Technologies Co., Ltd.)", "slug": "tiandy-technologies", "country": "China", "silo": "biometric-video", "products": [ "IP surveillance cameras (CCTV)", "Network Video Recorders (NVR / SuperNVR)", "Video surveillance systems", "AI video analytics / intelligent video solutions" ], "corporateNote": "Tianjin Tiandi Weiye Technologies Co., Ltd., operating internationally as Tiandy Technologies, is a Chinese video-surveillance equipment manufacturer founded in 1994 and headquartered in Tianjin, China. It designs and produces IP/CCTV cameras, network video recorders (marketed as SuperNVR), and integrated AI-based video surveillance systems, and operates an in-house R&D institute. The firm is a privately held supplier of commercial and security video-surveillance hardware and software.", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List", "date": "2022-12-16", "scopeNote": "Added to the Entity List (15 CFR Part 744, Supplement No. 4) under destination China as \"Tianjin Tiandi Weiye Technologies Co., Ltd., a.k.a. Tiandy Technologies,\" with a license requirement for all items subject to the EAR and a presumption-of-denial license review policy. The rule states it is effective December 16, 2022.", "sourceUrl": "https://www.govinfo.gov/content/pkg/FR-2022-12-19/pdf/2022-27151.pdf", "sourceTitle": "Additions and Revisions to the Entity List and Conforming Removal From the Unverified List, 87 FR (Dec. 19, 2022), final rule 2022-27151" } ], "noDesignationNote": "", "confidence": "high" }, { "vendor": "NetPosa Technologies, Ltd.", "slug": "netposa-technologies", "country": "China", "silo": "biometric-video", "products": [ "Video Management System (VMS) platforms", "Network video recorders (NVR)", "Video analysis / video-structured analytics systems", "Cloud storage and video big-data platforms", "Video coding/decoding devices" ], "corporateNote": "NetPosa Technologies, Ltd. (aliases include Dongfang Netpower Technology Co. and Dongfang Wangli Technology) is a Chinese video-surveillance software company founded in 2000 and based in Beijing. It is publicly listed on the Shenzhen Stock Exchange ChiNext/GEM board (stock code 300367). The company develops video management system (VMS) platforms, network video recorders, video-structured analysis systems, and cloud-storage/big-data platforms for video networking. It is a publicly traded developer of video surveillance management software and related hardware.", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List", "date": "2020-06-05", "scopeNote": "Added to the Entity List (15 CFR Part 744, Supplement No. 4) under destination China as \"NetPosa\" with three listed aliases (Dongfang Netpower Technology Co.; Dongfang Wangli Technology; NetPosa Technologies Ltd.), with a license requirement for specified ECCNs and items subject to the EAR and a case-by-case license review policy. The rule is effective June 5, 2020.", "sourceUrl": "https://www.govinfo.gov/content/pkg/FR-2020-06-05/pdf/2020-10868.pdf", "sourceTitle": "Addition of Certain Entities to the Entity List; Revision of Existing Entries on the Entity List, 85 FR (June 5, 2020), final rule 2020-10868" } ], "noDesignationNote": "", "confidence": "high" }, { "vendor": "SZ DJI Technology Co., Ltd. (DJI / Da-Jiang Innovations)", "slug": "sz-dji-technology", "country": "China", "silo": "biometric-video", "products": [ "Consumer and enterprise unmanned aerial vehicles (drones)", "Aerial camera/imaging and gimbal systems", "Drone flight-control and stabilization platforms", "Drone payloads and remote-sensing/mapping equipment" ], "corporateNote": "Shenzhen-headquartered Chinese manufacturer of unmanned aerial vehicles (drones) and aerial imaging systems, including consumer and enterprise camera drones, gimbals, and flight-control and remote-sensing payloads. One of the world's largest civilian drone makers. Also known by the aliases Shenzhen DJI Innovation Technology Co., Ltd., Shenzhen DJI Sciences and Technologies Ltd., and Da-Jiang Innovations.", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List", "date": "2020-12-18", "scopeNote": "Added to the BIS Entity List (15 CFR Part 744, Supplement No. 4) under the China heading, subjecting exports, reexports, and transfers of items subject to the EAR to a license requirement; license review policy is case-by-case for items necessary to detect, identify, and treat infectious disease and presumption of denial for all other items. Listed as 'DJI' with aliases including 'SZ DJI Technology Co., Ltd.' Rule effective Dec 18, 2020; published in the Federal Register Dec 22, 2020.", "sourceUrl": "https://www.govinfo.gov/content/pkg/FR-2020-12-22/html/2020-28031.htm", "sourceTitle": "Federal Register Vol. 85, No. 246 (Dec. 22, 2020), Doc. 2020-28031 — Addition of Entities to the Entity List" }, { "authority": "US Treasury (NS-CMIC)", "authorityType": "investment_restriction", "program": "Non-SDN Chinese Military-Industrial Complex Companies (NS-CMIC) List", "date": "2021-12-16", "scopeNote": "Identified by OFAC as a Chinese Military-Industrial Complex Company under Executive Order 13959 (as amended by E.O. 14032), restricting U.S. persons from transacting in covered publicly traded securities of the entity. Listed as 'SZ DJI TECHNOLOGY CO., LTD.' with program tag [CMIC-EO13959] and Listing Date (CMIC) 16 Dec 2021. Determination dated Dec 16, 2021; published in the Federal Register Dec 22, 2021.", "sourceUrl": "https://www.govinfo.gov/content/pkg/FR-2021-12-22/pdf/2021-27642.pdf", "sourceTitle": "Federal Register Vol. 86, No. 243 (Dec. 22, 2021), Doc. 2021-27642 — OFAC NS-CMIC List Determinations" } ], "noDesignationNote": "", "confidence": "high" }, { "vendor": "Tongfang NucTech Technology Ltd. (Nuctech)", "slug": "nuctech-tongfang", "country": "China", "silo": "biometric-video", "products": [ "Security inspection and screening equipment", "X-ray and CT cargo, baggage, and parcel scanners", "Body and people-screening imaging systems", "Radiation detection and explosives/contraband detection systems" ], "corporateNote": "Chinese manufacturer of security-inspection and screening equipment, including X-ray and CT scanning systems for cargo, baggage, parcels, and people, plus radiation-detection and contraband-detection imaging systems. Operates under the alias 'NucTech.'", "designations": [ { "authority": "US BIS", "authorityType": "export_control", "program": "Entity List", "date": "2020-12-18", "scopeNote": "Added to the BIS Entity List (15 CFR Part 744, Supplement No. 4) under the China heading, imposing a license requirement on exports, reexports, and transfers of items subject to the EAR with a license review policy of presumption of denial. Listed as 'Tongfang NucTech Technology Ltd.' with the alias 'NucTech.' Rule effective Dec 18, 2020; published in the Federal Register Dec 22, 2020.", "sourceUrl": "https://www.govinfo.gov/content/pkg/FR-2020-12-22/html/2020-28031.htm", "sourceTitle": "Federal Register Vol. 85, No. 246 (Dec. 22, 2020), Doc. 2020-28031 — Addition of Entities to the Entity List" } ], "noDesignationNote": "", "confidence": "high" }, { "vendor": "i-SOON (Anxun Information Technology Co., Ltd.)", "slug": "i-soon-anxun-information-technology", "country": "China", "silo": "mercenary-spyware", "products": [ "Hacking-for-hire / offensive cyber intrusion services", "Data exfiltration and network exploitation tooling", "Commercial spyware and surveillance platforms" ], "corporateNote": "i-SOON is the trading name of Anxun Information Technology Co., Ltd., a privately held Chinese information-security and offensive-cyber contractor. It markets itself as a network-security and penetration-testing firm and develops intrusion, data-collection, and surveillance tooling. A large cache of internal documents attributed to the company was leaked publicly in early 2024, which brought attention to its business as a contract cyber-operations provider.", "designations": [ { "authority": "EU", "authorityType": "sanction", "program": "EU consolidated list (cyber sanctions, Council Implementing Regulation (EU) 2026/589)", "date": "2026-03-16", "scopeNote": "Listed as an entity for an asset freeze under the EU horizontal cyber sanctions regime via Council Implementing Regulation (EU) 2026/589, for providing offensive cyber/hacking services affecting EU member states and partners. Funds and economic resources are frozen and EU persons are prohibited from making resources available to the entity.", "sourceUrl": "https://www.consilium.europa.eu/en/press/press-releases/2026/03/16/cyber-attacks-against-the-eu-and-its-member-states-council-sanctions-three-entities-and-two-individuals/", "sourceTitle": "Council of the EU — Cyber-attacks against the EU: Council sanctions three entities and two individuals (16 March 2026); Council Implementing Regulation (EU) 2026/589" } ], "noDesignationNote": "i-SOON / Anxun Information Technology is NOT on any U.S. primary-government list. It is not on the OFAC SDN List, the BIS Entity List, the Treasury NS-CMIC List, or the FCC Covered List. U.S. action against the company consists of a DOJ indictment (SDNY, unsealed March 2025, charging eight i-SOON employees and two PRC Ministry of Public Security officers) and a U.S. State Department Rewards for Justice offer — neither of which is a list designation, so no U.S. designation is recorded here. The related OFAC SDN designations from January and March 2025 (Yin Kecheng; Zhou Shuai and Shanghai Heiying Information Technology Company, Ltd.) targeted individuals and a different company, not i-SOON/Anxun. The only confirmed primary-government LIST designation is the EU consolidated-list listing of 2026-03-16.", "confidence": "high" }, { "vendor": "Integrity Technology Group, Incorporated (Integrity Tech)", "slug": "integrity-technology-group", "country": "China", "silo": "mercenary-spyware", "products": [ "Cybersecurity / network-security products and services", "Network and attack-surface infrastructure tooling", "Threat-intelligence and security platforms" ], "corporateNote": "Integrity Technology Group, Incorporated (Integrity Tech) is a Beijing-based, publicly traded Chinese cybersecurity company. It markets network-security, threat-intelligence, and attack-surface management products and services and presents itself as an enterprise and government information-security vendor.", "designations": [ { "authority": "US OFAC", "authorityType": "sanction", "program": "SDN List (CYBER2)", "date": "2025-01-03", "scopeNote": "Designated by OFAC and added to the Specially Designated Nationals and Blocked Persons (SDN) List under Executive Order 13694 (as amended by E.O. 13757), program tag CYBER2, for its role in malicious cyber-enabled activities. All property and interests in property in the United States or in the possession/control of U.S. persons are blocked and must be reported to OFAC.", "sourceUrl": "https://ofac.treasury.gov/recent-actions/20250103", "sourceTitle": "Cyber-related Designation (OFAC Recent Actions, January 3, 2025)" }, { "authority": "EU", "authorityType": "sanction", "program": "EU consolidated list (cyber sanctions, Council Implementing Regulation (EU) 2026/589)", "date": "2026-03-16", "scopeNote": "Listed as an entity for an asset freeze under the EU horizontal cyber sanctions regime via Council Implementing Regulation (EU) 2026/589, for routinely providing products used to compromise and access devices in the EU and worldwide. Funds and economic resources are frozen and EU persons are prohibited from making resources available to the entity.", "sourceUrl": "https://www.consilium.europa.eu/en/press/press-releases/2026/03/16/cyber-attacks-against-the-eu-and-its-member-states-council-sanctions-three-entities-and-two-individuals/", "sourceTitle": "Council of the EU — Cyber-attacks against the EU: Council sanctions three entities and two individuals (16 March 2026); Council Implementing Regulation (EU) 2026/589" } ], "noDesignationNote": "", "confidence": "high" } ] }