SecuraPoint, a company providing services around ISO 27001, BSI IT-Grundschutz, Open Source Compliance & DevSecOps, has announced the adoption of ISO/IEC 5230. You can see them listed in our community of conformance here:
Get To Know Our Thought-Leaders:
The OpenChain Project will have a substantial presence at Open Source Summit Europe next week! Catch talks and panels from our Board Members and Work Group Chairs, and have a chance to ask questions or share ideas.
Learn More:
+ The Mini-Summit on the 28th of August will be Special:
The OpenChain Mini-Summit will feature a great many of our current board members and chairs in one place, ready to share their knowledge and experience with both beginners and experts in license, security and regulatory compliance.
Get to know:
☑️ Ayumi Watanabe, Hitachi Solution
☑️ Helio Chissini de Castro, CARIAD
☑️ Jimmy Ahlberg, Ericsson
☑️ Jonathan Torres, META
☑️ Marcel Kurzmann, Bosch
☑️ Marc-Etienne Vargenau, Nokia
☑️ Masato Endo, Toyota
☑️ Norio Kobota, Sony
☑️ Sandra Hermoso Rodriguez, Arm
☑️ Taiki Kawamura, Honda
It’s Free To Register for the Mini-Summit:
The OpenChain Project has always offered online self-certification support, and we are delighted to announce that this has been improved for our two ISO/IEC standards:
- Online Self-Certification for OpenChain ISO/IEC 5230 for open source license compliance
- Online Self-Certification for OpenChain ISO/IEC 18974 for open source security assurance
Any organization can self-certify to OpenChain ISO/IEC 5230 or OpenChain ISO/IEC 18974. It is as simple as answering “yes” to all the questions on the online form. If an organization cannot answer “yes” to all of the questions, it does not yet meet the requirements of the standard.
Please note that this is a self-certification, and an organization is solely responsible for the accuracy of the statements it makes about conformance.
CJ CGV announces that it has become the first company in the Korean entertainment industry to obtain ‘ISO/IEC 5230:2020’ self-certification, the international standard for open source license compliance. This achievement signifies that CJ CGV’s systematic open source management system has earned global recognition for its effective operation.
The OpenChain Project, which maintains this standard, is an international collaboration initiated by the nonprofit Linux Foundation in the United States. The standard comprehensively evaluates the compliance capabilities of companies, including their open source software policies and processes, organizational expertise, and employee education. The international standard (ISO/IEC 5230:2020) defines key requirements for companies to use open source safely and efficiently, covering obligations for open source license compliance.
Recognizing the growing importance of open source in building next-generation systems, CJ CGV has strengthened its management capabilities. Since 2023, the company has established an open source management system, gradually meeting the core requirements of the international standard.
To achieve this, CJ CGV designated dedicated teams and personnel for open source verification and management, formed an ‘open source council’ including legal and security experts, and set up a system to identify and manage potential risks proactively. The company also introduced its internal open source management regulations, made open source verification mandatory during system development, and implemented an automated open source management system that verifies licenses and checks for security vulnerabilities.
On July 15, during the planning and development of its new next-generation system, CJ CGV rigorously examined the safety and security of all open source components. This effort supported one of the system’s primary goals—strengthening information protection capabilities—and provided critical technical infrastructure for “CineTalk,” CJ CGV’s movie community service.
Son Jong-soo, Head of Digital Innovation at CJ CGV, stated, “As digital transformation accelerates, strategic and secure utilization of open source has become essential in the entertainment industry. Achieving this international standard certification highlights CJ CGV’s technical management capabilities. We will continue to deliver trustworthy services and contribute to the growth of the open source ecosystem.”
About the OpenChain Project:
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation:
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Check Out The Publicly Announced Community of Conformance:
About Element
Element is a decentralized and flexible communications platform, built on the Matrix open standard, that gives people and organizations the independence to communicate with confidence. Learn more: https://element.io
About the OpenChain Project:
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation:
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Check Out The Publicly Announced Community of Conformance:
Woven by Toyota, a company designed to drive the evolution of mobility to enhance safety, peace of mind, fulfillment and opportunity for all, has completed its periodic re-conformance to the OpenChain ISO/IEC 5230 specification. ISO/IEC 5230 is the international standard for open source license compliance process management, and has seen widespread adoption throughout the mobility industry.
All our publicly announced conformance programs:
The OpenChain AI Work Group has been considering how to manage AI compliance in the supply chain for over a year. During this time the community has collaboratively produced a draft guide to identify key process points for a quality AI compliance program:
Next Steps:
With approval from the OpenChain Governing Board, the draft ‘The Artificial Intelligence System Bill of Materials: Compliance Management Guide for the Supply Chain’ is now entering a Public Comment Period.
Participate:
This Public Comment period will follow the OpenChain Project process outlined on our website:
YOU CAN SUBMIT A COMMENT BY:
- Opening an issue on the OpenChain Project Reference Library GitHub Repository:
https://github.com/OpenChain-Project/Reference-Material/issues - Emailing the OpenChain AI Work Group mailing list:
https://lists.openchainproject.org/g/ai
The Public Comment Period will run for six weeks.
—
THE DEADLINE FOR SUBMISSION OF PUBLIC COMMENTS IS 2025-08-18 AT 04:00 PDT / 11:00 UTC / 13:00 CEST / 20:00 JST.
—
Please note: THE DRAFT GUIDE IS NOT A PRODUCTION RELEASE OR OFFICIAL RELEASE DOCUMENT FROM THE OPENCHAIN PROJECT. AT THIS JUNCTURE, IT IS WORKING DOCUMENT DESIGNED TO ALLOW INTERESTED PARTIES TO SHARE IDEAS.
ECARX is a global automotive technology provider partnering with OEMs to accelerate the future of software-defined vehicles. As OEMs develop new vehicle platforms from the ground up, ECARX is developing a full-stack solutions to enhance the user experience, while reducing complexity and cost.
To date ECARX products have been integrated into more than 8.7 million cars worldwide. Founded in 2017, and listed on the Nasdaq in 2022, it has more than 1,800 team members across Europe, Asia and the Americas working towards one ambition: to redefine the driving experience by making it safer and more enjoyable for everyone.
We had the OpenChain Governing Board meeting last week, and our community-elected chairs for the OpenChain Specification, Education and Telco Work Groups were formally approved. Their terms begin today, July 1st 2025.
Please welcome:
– Specification: Chris Wood, Lockheed Martin (4th term)
– Education: Martin Yagi, First Light Fusion (1st term)
– Telco: Marc-Etienne Vargenau, Nokia (3rd term)
It is wonderful to have their help, contributions and experience applied to making a more trusted open source supply chain.
We are looking forward to the year ahead! There is a lot to do.
Want to be part of this? Check out our participation page. Everyone is welcome.
We are delighted to welcome Mercedes-Benz Research and Development India to the OpenChain community of conformance. This is another milestone in the adoption of OpenChain standards by the automotive supply chain, and serves as a reminder of the broad applicability for our solutions around the world.
About Mercedes-Benz Research and Development India:
Mercedes-Benz Research and Development India (MBRDI) is the largest research and development center for Mercedes-Benz Group AG outside of Germany. Started in 1996, the Bengaluru headquartered organisation plays a prominent role in the development of new technologies like connected, autonomous, and electric in the mobility world. MBRDI, known for its engineering innovations, has grown to a team of over 8,500 employees and is one of the earliest technology and innovation center of a global automotive company to set up a strong presence in India.
In line with the global ambitions of the Mercedes-Benz Group, MBRDI plays a prominent role in innovating and accelerating the future of sustainable mobility. Over the last 25 years of its presence in India, MBRDI has established itself as an innovation powerhouse. The engineers at MBRDI are committed to providing an unparalleled experience and comprehensive digital capabilities, with technology at the core. MBRDI harnesses the role of IT in accelerating the future of automotive technology in terms of engineering, digitalisation, testing and simulation, and data science.
MBRDI offices in Bengaluru specialise in end-to-end capabilities in product development and IT services. The satellite office in Pune focuses on interior component designs and IT engineering.
About the OpenChain Project:
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation:
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
