The OpenChain Steering Committee held its Q2 2025 meeting on the 25th of June 2025 to discuss two items:
- An ISO periodic review to confirm that ISO/IEC 5230 is relevant, used and will continue to be used. The conformation had previously been agreed by email, and was formally motioned and passed at this meeting.
- Community proposals for future updates to ISO/IEC 5230 and ISO/IEC 18974.
The Outcomes
As noted above, there was an administrative matter related to ISO periodic review of ISO/IEC 5230, and this matter was submit to a formal motion and approval as per this meeting.
The second matter tabled consumed the majority of the meeting, and it is outlined in detail below.
The OpenChain Specification Work Group, chaired by Chris Wood and Helio Chissini de Castro (year 1), and then Chris Wood (to-date) underwent a two year and nine month process to (a) gather suggestions from inside and outside the OpenChain Project about potential improvements to ISO/IEC 5230 (license compliance) and ISO/IEC 18974 (security assurance), (b) run a six month public comment period and (c) run a three month freeze period.
These proposed updates went before the OpenChain Steering Committee on the 25th of June 2025 as per our formal processes, and were duly approved. The updates will be released sometime in 2026, with the exact date to be determined.
Provisionally, it is likely to be in Q2 2026, because we (i) need to complete a separate ISO periodic review of ISO/IEC 5230 in 2025, and (ii) we want to ensure plenty of time to formulate and spread a clear message about what to expect in the community updates a little later.
A quick overview is that:
- (1) The primary change in the updates is adjusting the confirmation of conformance from 18 months to 12 months
- (2) Alongside language improvements and citation or reference improvements
and
When ISO/IEC 5230 and ISO/IEC 18974 are sent into the update cycle in ISO a few things will happen.
- (3) There will be a ballot to confirm the adjusted standards
- (4) The new versions of the standards will get new ISO numbers
It is important to remember that while ISO/IEC 5230 and ISO/IEC 18974 will be superseded by the new versions, the existing ISO/IEC 5230 and ISO/IEC 18974 standards will still be a useful and available option for the supply chain. This will be a key part of our messaging ahead of finalizing a date for release in 2026. It is very important that companies understand that their current procurement cycle can continue, and no quick changes are needed.
Our duty, and our challenge, will be to ensure these expectations are set, communicated and supported by our work in 2H 2025.
