Huawei on the BIS Entity List: A Complete Timeline and What It Means for Your Supply Chain

Why Huawei Matters as a Case Study

No single export control action in the semiconductor era has had broader supply chain consequences than the May 2019 BIS Entity List addition of Huawei. It was not the first major Entity List action — ZTE's 2018 designation preceded it — but the Huawei action was categorically different in scale, in the speed of its effect, and in the regulatory architecture that followed it.

For compliance teams, Huawei is the canonical example of why counterparty screening cannot be a one-time event at contract signature. The entity you screened in 2018 as clean was on the Entity List by May 2019. The entity your procurement team approved in 2021 may be a Huawei subsidiary that was added in a subsequent batch. The foundry your contract manufacturer uses may be on the MEU list — Military End User — for reasons entirely unrelated to Huawei but with identical practical consequences for your shipment.

This article documents the full Huawei timeline, explains what each action means technically, and identifies the practical implications for teams that have any current or historical exposure to Huawei-connected supply chains.

The 2019 Entity List Addition: What Actually Happened

On 16 May 2019, BIS published a final rule in the Federal Register (84 FR 22961) adding Huawei Technologies Co., Ltd. and 68 non-US affiliates to the Entity List. The rule took effect immediately upon publication. There was no transition period, no advance notice, and no grace period for transactions already in progress.

The legal basis was a finding that Huawei had acted contrary to the national security or foreign policy interests of the United States. The specific allegations included violations of sanctions on Iran under the International Emergency Economic Powers Act (IEEPA), and evidence of efforts to misappropriate US intellectual property.

The practical effect: all items subject to the Export Administration Regulations — including EAR99 items that would otherwise require no licence — now required a BIS licence before they could be exported, re-exported, or transferred to any listed Huawei entity. The licence review policy was a presumption of denial. In plain English, the licence would not be granted.

The immediate supply chain impact was severe. Qualcomm, Intel, and Broadcom halted shipments. Google suspended Android licence arrangements (the software side is outside the EAR, but Google moved early to limit exposure). TSMC, which manufactures Huawei's HiSilicon Kirin chips, entered emergency legal review. Arm suspended licence relationships pending counsel sign-off.

What was not immediately appreciated: the 68 non-US affiliates listed alongside the parent company created a graph of restricted counterparties spanning the US, UK, Germany, France, and more than a dozen other countries. Many were holding companies, IP entities, or sales subsidiaries that Huawei's global supply chain relied on for commercial relationships that had nothing to do with telecom equipment.

The Temporary General Licences: A Source of Persistent Confusion

Within days of the May 2019 listing, BIS issued Temporary General Licence (TGL) No. 1, authorising a limited category of transactions with Huawei entities for a 90-day period. The purpose was to limit disruption to US telecommunications carriers that depended on Huawei infrastructure — particularly rural carriers with limited alternatives — while they planned for the longer-term restriction.

The TGL was extended multiple times. Each extension was published in the Federal Register and modified the scope of authorised transactions. This created a compliance environment where the permitted activities were a moving target. Teams that relied on the initial TGL language without monitoring subsequent Federal Register modifications were exposed.

By 2020, the TGL framework was discontinued. BIS replaced it with a narrower set of specific authorisations, and the general posture shifted from "permitted unless excluded" to "prohibited unless specifically authorised."

August 2020: The Foreign Direct Product Rule Expansion

The May 2020 FDPR expansion targeting Huawei was arguably more consequential than the original Entity List addition. Prior to this rule change, a foreign-made chip was generally outside US jurisdiction — the EAR applied to US-origin items, not to items manufactured entirely abroad from non-US inputs.

The August 2020 rule (85 FR 51596) changed this fundamentally. It extended the FDPR to cover any item that is the direct product of US-origin technology or software subject to the EAR, even if manufactured entirely outside the United States, when the exporter knows or has reason to know that the item is destined for Huawei or any of its listed affiliates.

The practical implication: TSMC could no longer manufacture chips for HiSilicon — Huawei's chip design subsidiary — because the chip fabrication process relies on US-origin semiconductor manufacturing equipment, software, and process technology. Even though TSMC is a Taiwanese company manufacturing in Taiwan, the US-origin inputs brought the transaction within the scope of the EAR.

TSMC announced it would cease accepting new Huawei orders effective 15 September 2020. This effectively disabled Huawei's advanced chip supply chain at the foundry level. It is the action that directly precipitated Huawei's semiconductor stockpiling strategy in 2020 and accelerated China's domestic chip manufacturing investment programme, which eventually produced CXMT, YMTC, and the companies now on the Entity List for different reasons.

The Expanding Affiliate List: 2020–2024

Between 2020 and 2024, BIS made nine separate additions to the Huawei entity cluster — adding affiliates, subsidiaries, and associated research entities that were identified as circumventing the original restrictions or as providing material support to restricted Huawei entities. By 2024, the Huawei-affiliated cluster on the Entity List comprised more than 150 distinct legal entities across more than 30 countries.

Notable additions in this period include:

• Huawei Cloud Computing Technologies Co., Ltd. — the cloud infrastructure subsidiary. Added 2021. Relevant for any company considering cloud services in markets where Huawei Cloud operates.
• HiSilicon Technologies Co., Ltd. — Huawei's chip design arm, the entity responsible for the Kirin processor family. Added in the original 2019 batch. It remains the primary reason TSMC cannot serve Huawei's advanced chip needs.
• Huawei Device (Shenzhen) Co., Ltd. and Huawei Device Co., Ltd. — consumer device subsidiaries. Relevant for any company supplying components into Huawei's consumer product lines.
• Multiple research and standards organisations — entities involved in 5G standardisation, AI research, and spectrum allocation activities that BIS judged to pose dual-use or national security risks.

The pattern across these additions reveals a consistent BIS enforcement theory: any entity that provides material support — engineering talent, IP, financial flows, or manufacturing capacity — to a designated Huawei entity is itself at risk of designation. This has significant implications for tier-2 and tier-3 suppliers that have Huawei-adjacent relationships without a direct contract with the parent company.

2023: The Mate 60 Pro and the Enforcement Escalation

In August 2023, Huawei launched the Mate 60 Pro smartphone containing a 7nm Kirin 9000s processor manufactured by SMIC — the Semiconductor Manufacturing International Corporation. SMIC itself had been added to the Entity List in 2020. The chip's existence demonstrated that SMIC had achieved 7nm-class production despite being cut off from leading-edge equipment vendors, including ASML.

The Mate 60 Pro episode triggered a significant political and regulatory response. BIS expanded its review of potential violations by equipment suppliers whose tools may have reached SMIC through indirect channels. The US House Select Committee on the Chinese Communist Party opened an investigation into whether US technology had contributed to SMIC's 7nm capability through third-country intermediaries.

This is the practical lesson for compliance teams: the entity you are not directly transacting with may still be relevant. If your product reaches a distributor in Malaysia that supplies a Taiwanese contract manufacturer that supplies SMIC — and SMIC uses your product in a process that ends up in a Huawei chip — you have an exposure that your standard counterparty screening did not catch.

The FDPR rules are specifically designed to address this. The "reason to know" standard in the FDPR means you cannot simply screen your direct counterparty and close the file. You need to understand where your product goes after it leaves your dock.

2025: The AI Chip Restrictions

The January 2025 BIS "AI Diffusion Rule" introduced country-group-based controls on advanced AI accelerator chips — specifically targeting the A100, H100, and equivalent performance tiers. While not exclusively a Huawei action, the rule has significant implications for anyone whose supply chain touches Huawei's AI infrastructure business.

Huawei's Ascend 910B and 910C AI accelerators are positioned as Chinese-market alternatives to NVIDIA's restricted chips. The Ascend series is manufactured by SMIC under the same constrained-but-functional 7nm process. From a compliance standpoint, any company supplying components, materials, or services that could plausibly contribute to Huawei's Ascend production programme is within the scope of the MEU and Entity List restrictions.

The 2025 rule also imposed controls on knowledge transfers — including training, technical documentation, and software support — related to advanced AI chip production capabilities. This is an area where many companies have not historically considered their compliance exposure: the software engineers advising on process optimisation for a semiconductor fab may themselves be a controlled export.

The Subsidiary Problem: Why Manual Screening Fails

The Huawei case illustrates the core failure mode of manual counterparty screening: you can only screen the entities you know about.

A compliance team in 2018 screening "Huawei" would have found nothing — the parent company was not yet listed. A team in May 2019 screening the parent company directly would have found the listing, but might have missed the 68 affiliated entities added in the same action. A team doing quarterly reviews in 2021 might have missed the cloud subsidiary addition. A team relying on a sanctions database that updates monthly would not have caught the 2023 enforcement actions in time to adjust their supply chain before the next shipment.

The practical failure modes are:

• Point-in-time screening: Screening once at contract initiation and not again. An entity clean at contract signature may be listed before the first shipment.
• Parent-entity-only screening: Screening Huawei Technologies Co., Ltd. without also screening subsidiaries, affiliates, and associated entities. The 150+ entity cluster means that a clean screen of the parent does not clear the subsidiary you actually transact with.
• Lag in database updates: Many commercial restricted-party databases update weekly or monthly. BIS publishes Entity List additions in real time through the Federal Register. The gap between publication and database update is an exposure window.
• No downstream visibility: Screening direct counterparties but not understanding where your product goes after the first sale. The FDPR's "reason to know" standard requires more than a clean screen of your immediate customer.

What Entity Intelligence Looks Like in Practice

Effective counterparty intelligence for a Huawei-exposed supply chain means maintaining a continuously updated map of which entities are restricted, what the restriction covers, and how that maps to your specific products and flows.

For each entity in your supply chain that has a plausible connection to Huawei, a compliance team needs:

• The entity's current status across all relevant lists — Entity List, MEU List, OFAC SDN, and Unverified List as a minimum
• Historical listing dates — when they were first listed, whether there have been modifications, and whether any TGL or specific authorisation has applied
• Jurisdiction coverage — whether EU, UK ECJU, or Japan METI controls apply in addition to US BIS controls (particularly relevant for non-US companies in the supply chain)
• Adverse media signal — whether there are pre-list signals (enforcement investigations, customs holds, media reports of circumvention activity) that suggest elevated risk before a formal designation

This is entity intelligence. It goes beyond a binary "listed / not listed" check and provides the full compliance picture: when they were listed, what for, under which jurisdiction, and what the current regulatory posture means for a specific transaction.

The Current Huawei Screening Checklist

If your supply chain has any exposure to Huawei-connected entities, the minimum screening programme looks like this:

1. Screen against the full Huawei entity cluster, not just the parent. The 150+ affiliate list means that screening "Huawei" by name will miss subsidiaries with different trading names. Screen by corporate registration number, registered address, and beneficial ownership structure as well as legal entity name.
2. Monitor continuously, not just at contract signature. New Huawei-affiliated entities have been added to the Entity List in nine separate actions since May 2019. If you are screening quarterly, you have a 90-day exposure window on every new addition.
3. Apply FDPR analysis to your product. If your product involves US-origin technology at any stage of its manufacture, the FDPR may extend US jurisdiction to transactions that are otherwise entirely non-US. This is particularly relevant for European and Asian companies that do not consider themselves subject to US export controls by default.
4. Check downstream counterparties. If you sell through distributors or contract manufacturers, your FDPR exposure depends on where your product ultimately goes. Document your due diligence on end-use and end-user, particularly for sales into markets where Huawei has significant infrastructure activity — Middle East, Africa, Southeast Asia.
5. Watch for pre-list signals. The Mate 60 Pro episode was preceded by months of industry reporting on SMIC's 7nm progress. Adverse media monitoring — tracking news and regulatory filings for entities in your supply chain — can provide early warning before a formal Entity List addition arrives.

Screening Huawei on Embargo

Embargo's entity registry contains Huawei Technologies Co., Ltd. and affiliated entities across their full listing history — including all nine addition actions from 2019 to present, the TGL and specific authorisation modifications, and the FDPR expansions. Each entity profile shows:

• First listed date and the specific Federal Register action
• All subsequent modifications and supplementary designations
• Jurisdiction coverage — US BIS, OFAC, EU OJ, and others where applicable
• Risk score based on the number of list appearances, jurisdiction weighting, and recency
• Adverse media signal — recent news articles flagged as compliance-relevant by our classifier

You can screen any entity name against the full registry from the homepage — no account required. A full compliance report, with CSV export and audit trail logging, requires a subscription.