Overview
Key Takeaways:
- First use of PAIPA sanctions targets foreign beneficiaries of trade secret theft, marking a significant expansion in US enforcement tools and filling a long‑standing gap in addressing overseas recipients of stolen IP.
- From a cybersecurity perspective, PAIPA offers an additional avenue for sanctions, expanding potential consequences for cyber‑enabled trade‑secret theft and related exploit‑broker activity.
- Regulators' interpretation of what constitutes a "significant threat" remains uncertain, and Steptoe' Sanctions and IP teams will continue monitoring how broadly agencies apply this standard across sectors.
- These actions create an opportunity—and a need—for companies to reassess their global IP and trade‑secret risk posture, including cross‑border partnerships, employee onboarding, and incident‑response strategies.
On February 24, the Trump administration announced several actions against perpetrators of international trade secret theft, including the issuance of the first-ever sanctions under the Protecting American Intellectual Property Act of 2022 (PAIPA) (Pub. L. No. 117-366). The coordinated actions between the Departments of Justice (DOJ), Treasury, and State suggest that the Trump administration will adopt a broader approach to trade secret enforcement. In announcing the sanctions, Treasury Secretary Scott Bessent warned, "[i]f you steal US trade secrets, we will hold you accountable."
The new approach signals opportunities for US companies that are victims of trade secret theft, who may now go on the offensive against entities and individuals that are often difficult to sue. It signals increased risks for foreign entities and individuals that may be targeted as beneficiaries of stolen trade secrets.
Under PAIPA, the State Department sanctioned Matrix LLC (also known as "Operation Zero"), a Russian cyber-tools broker that allegedly bought zero-day exploits from Peter Williams, an Australian national and former general manager of a US defense contractor. According to the State Department, those exploits were meant to be sold exclusively to the US government and select allies. The State Department also sanctioned Sergey Sergeyevich Zelenyuk, a Russian national who serves as the director and sole owner of Operation Zero, and a United Arab Emirates (UAE)-based entity, Special Technology Services LLC FZ (STS), that Zelenyuk allegedly intended to circumvent US sanctions on Russia.
The Office of Foreign Assets Control (OFAC) also announced that it was sanctioning Operation Zero, Zelenyuk, and STS pursuant to Executive Order (EO) 13694, as amended by EO 14306. This EO authorizes sanctions against persons engaged in significant, malicious, cyber-enabled activities and those that receive or use trade secrets misappropriated through cyber-enabled means for commercial or competitive advantage or private financial gain. Additionally, OFAC sanctioned several alleged affiliates of Operation Zero, including Zelenyuk' assistant, a suspected member of the Trickbot cybercrime gang, and a separate exploit brokerage firm owned by an Operation Zero affiliate.
On that same day, the US District Court for the District of Columbia sentenced Williams to 87 months in prison for selling his employer' trade secrets to Operation Zero. Assistant Attorney General for National Security John A. Eisenberg stated that the DOJ is "committed to ensuring that those who abuse their access to sensitive information and thereby harm our national security face severe consequences." This underscores a broader point: risks to trade secrets and secure networks are not limited to external technical intrusion—employees and others with privileged access also present meaningful risk.
These developments signal a potential shift in how the US government approaches trade secret theft, moving from primarily a framework of commercial tort to one of core national security concern. Although OFAC had the authority to target cyber-enabled thefts of trade secrets since 2015, and PAIPA has been in effect since 2023, prior administrations have not typically pursued trade secret theft under these authorities. This development may signal an attempt by the administration to address a long-standing gap for companies that previously lacked meaningful recourse against end beneficiaries abroad. While civil trade-secret litigation remains highly active, available remedies are limited in their ability to prevent and penalize the theft of trade secrets by foreign actors. The new focus on trade secrets by the Trump administration may open the door for US victims of trade secret theft to work with the US government to pursue those that steal or knowingly benefit from misappropriated trade secrets.
Notably, there is an impetus for at least annual use of PAIPA by the administration because PAIPA includes an annual reporting requirement to Congress. Accordingly, US businesses should consider whether any instances of intellectual property (IP) theft committed against them by foreign persons warrants consultation with the US government for consideration of penalties against the offending parties.
A key open question is how broadly regulators will interpret conduct that poses a "significant threat" to US national security, foreign policy, economic health, or financial stability. In general, we expect that the administration could construe this term broadly to include innovations from high value sectors such as biotech, advanced materials, and artificial intelligence (AI) that are deemed strategically consequential, even as the administration has been reticent to regulate (or allow states to regulate) AI more generally. Going forward, companies should reassess their trade secret risk profiles, cross-border partnerships, and incident response strategies with the expectation that sanctions exposure may now attach across the entire misuse ecosystem—not only the initial wrongdoer but also the ultimate beneficiary. For example, incident response plans should be updated to include these considerations and a process for decision-making in relation to notification under these regimes.
Similarly, foreign companies should be careful to ensure that they are not benefiting from a significant theft of trade secrets that could be viewed as a significant threat to US national security or the US economy. Foreign companies should pay particular attention to new employees that may provide trade secrets from former employers. Unlike the cyber-focused sanctions authorities, PAIPA authorizes sanctions regardless of the means of theft. Moreover, executives and board members involved with foreign companies should be careful to ensure that their companies are not subject to sanctions under PAIPA. Chief executive officers and members of the board of directors of a foreign company sanctioned under PAIPA can be subject to sanctions in their personal capacity as well.
For additional information regarding the evolving intersection between sanctions and trade secret theft, please contact a member of our National Security & Cross-Border Transactions, Economic Sanctions or Intellectual Property practices.
