Newsletter – Issue 80 – July 2025
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
Key Announcements & Action Items:
- Public Comment Period for AI Bill of Materials: The OpenChain Project has announced a public comment period for its “Artificial Intelligence System Bill of Materials – Compliance Management Guide for the Supply Chain.” This is a key opportunity for professionals to provide feedback and shape this important guidance.
- Action: Read the announcement and provide feedback. Your input is valuable in shaping the future of AI compliance.
- New Leadership: The 2025/2026 chairs for the OpenChain Specification, Education, and Telco Work Groups have been elected.
- Action: Meet the new chairs and consider reaching out to them with your ideas and offers of support.
Conformance & Community Growth:
Several companies have announced their conformance with OpenChain ISO/IEC 5230, demonstrating the standard’s growing adoption across various industries.
- ECARX: ECARX Announces An OpenChain ISO/IEC 5230 Conformant Program
- Element: Element Announces OpenChain ISO/IEC 5230 Conformant Program
- CJ CGV: CJ CGV Announces An ISO/IEC 5230 Conformant Program
- Woven by Toyota: Woven by Toyota Completes OpenChain ISO 5230 Re-Conformance
- Action: If your organization is not yet conformant, these announcements can serve as case studies and inspiration. Learn more about the benefits of conformance and how to get started on the OpenChain website.
New Resources & Materials:
- Updated Overview Slides: The OpenChain overview slides have been updated for July 2025, providing fresh material to explain the path to a more trusted supply chain.
- Action: Get the slides to use in your own presentations and to advocate for open source compliance within your organization.
- Telco Industry Handbook & Translation: A new handbook for software supply chain security in the Telco industry has been released, along with a Korean translation of the OpenChain Telco SBOM Guide.
- Action: If you work in the telecommunications industry, these resources are essential reading.
Webinars & Recordings:
A wealth of knowledge has been shared through recent webinars and community calls. These recordings are a great way to catch up on the latest discussions and best practices.
- Action: Review the recordings of past meetings to get up to speed on the topics that interest you most. You can also join future meetings to participate in the conversation live. Find out how to join the mailing lists and attend calls at https://openchainproject.org/participate.
- Webinars:
- ZF’s ISO/IEC 5230 Certification Case Study: Watch Here
- Project OCCTET.eu – The Why, What and How: Watch Here
- Compliance at CARIAD with ORT: Watch Here
- Community Meeting Recordings:
- Monthly Specification and Education Calls: North America/Europe, Europe/Asia
- AI Work Group Workshops: North America/Europe, Europe/Asia
- SBOM Study Group Meeting: Recording
- Special Community Recordings:
- OpenChain Mini-Summit @ Open Source Summit North America: Recording
- Strategy Discussions for Germany and India: Germany, India
- OpenChain Tooling Work Group Video Series: Watch Here
- Webinars:
Other Community Updates:
- Japan Work Group Community Day: Notes and pictures from the 34th Community Day in Yokohama. View Here
- Tooling Work Group Slides: Slides from the July 2nd meeting are available. View Here
To get more involved in the OpenChain Project, including joining mailing lists, attending meetings, and contributing to the work, please visit: https://openchainproject.org/participate
Note: This newsletter usually only contains primary meetings. Some community meetings are not recorded or are released through other channels.
Read Previous Newsletters:
AI Usage:
This newsletter is created by using a template, curating links from a month of OpenChain news posted on the blog and using these prompts on Google Gemini to fill out the central news:
- “Summarize the following newsletter for folks interested in the open source compliance to learn the latest changes in the space and find possible items that can act on. Include the links in this newsletter. Add notes on potential further actions by readers, particularly around attending future meetings. Direct people to this link to participate further: https://openchainproject.org/participate
The newsletter is then subject to an edit cycle. If you spot any errors we missed, please contact us.
