Monthly Newsletter

Key Updates and Announcements

• AI System Bill of Materials Guide: The public comment period for the “Artificial Intelligence System Bill of Materials – Compliance Management Guide for the Supply Chain” has now closed. The AI Work Group, Governing Board, and Steering Committee are reviewing the feedback received. You can follow the progress and view the draft guide here.
• OpenChain at Open Source Summit Europe: The OpenChain Project had a strong presence at the recent Open Source Summit Europe, with talks and panels from board members and work group chairs. A mini-summit was also held to share knowledge on license, security, and regulatory compliance. You can learn more about the event here.
• Call for Translation Collaboration: The OpenChain Project is seeking community assistance in translating the self-certification materials for ISO/IEC 5230 (Open Source License Compliance) and ISO/IEC 18974 (Open Source Security Assurance) into German, Japanese, Korean, and Chinese (Simplified and Traditional). If you are fluent in these languages, you can contribute to this important effort. Draft machine translations are available on GitHub to get you started. Find out more here.
• Improved Self-Certification: The online self-certification process for both OpenChain ISO/IEC 5230 and OpenChain ISO/IEC 18974 has been updated and improved, making it easier for organizations to assess and declare their conformance. Check out the updates here.
• OpenChain in China: A successful mini-summit on “Open Source Software Supply Chain Security Compliance in the AI Era” was held at the 2025CCF China Open Source Conference in Shanghai. The event was led by the OpenChain China Work Group and covered both legal and technical aspects of compliance. Read more about it here.
• Understanding the CHAOSS Project: A recent webinar explored the CHAOSS (Community Health Analytics for Open Source Software) project, a Linux Foundation initiative focused on developing metrics and software to better understand the health of open source communities. You can find more information about this informative session here.

Recent Meeting Recordings

For those who missed them, recordings of recent OpenChain meetings are now available:

• Monthly Specification and Education Call (North America – Europe) – August 13, 2025: This call covered the latest project news, a call for papers for the Open Compliance Summit, and updates from the Specification and Education Work Groups. You can watch the recording here.
• OpenChain Japan Community Day #34 at Mitsubishi Electric: Recordings from this two-day event, featuring discussions on OSPO activities, preventing common licensing mistakes, and an introduction to OSS compliance for beginners, are now online. Access the recordings here.

Potential Further Actions for Readers

• Attend Future Meetings: The best way to stay informed and contribute is to participate in the various OpenChain work group calls. The monthly Specification and Education calls, along with other topical and regional meetings, are open to everyone. You can find the full schedule of upcoming meetings and information on how to join on the OpenChain participation page.
• Contribute to Translations: If you have language skills, your contribution to the translation of self-certification materials would be highly valuable. This is a practical way to help the global community adopt OpenChain standards.
• Engage with Work Groups: Consider joining the mailing lists of the work groups that align with your interests, such as the AI Work Group, Specification Work Group, or Education Work Group. This will allow you to follow discussions and contribute your expertise.

To get more involved in any of these activities and to help build a more trusted open source supply chain, please visit: https://openchainproject.org/participate

Key Announcements & Action Items:

• Public Comment Period for AI Bill of Materials: The OpenChain Project has announced a public comment period for its “Artificial Intelligence System Bill of Materials – Compliance Management Guide for the Supply Chain.” This is a key opportunity for professionals to provide feedback and shape this important guidance.
  • Action: Read the announcement and provide feedback. Your input is valuable in shaping the future of AI compliance.
• New Leadership: The 2025/2026 chairs for the OpenChain Specification, Education, and Telco Work Groups have been elected.
  • Action: Meet the new chairs and consider reaching out to them with your ideas and offers of support.

Conformance & Community Growth:

Several companies have announced their conformance with OpenChain ISO/IEC 5230, demonstrating the standard’s growing adoption across various industries.

• ECARX: ECARX Announces An OpenChain ISO/IEC 5230 Conformant Program
• Element: Element Announces OpenChain ISO/IEC 5230 Conformant Program
• CJ CGV: CJ CGV Announces An ISO/IEC 5230 Conformant Program
• Woven by Toyota: Woven by Toyota Completes OpenChain ISO 5230 Re-Conformance
  • Action: If your organization is not yet conformant, these announcements can serve as case studies and inspiration. Learn more about the benefits of conformance and how to get started on the OpenChain website.

New Resources & Materials:

• Updated Overview Slides: The OpenChain overview slides have been updated for July 2025, providing fresh material to explain the path to a more trusted supply chain.
  • Action: Get the slides to use in your own presentations and to advocate for open source compliance within your organization.
• Telco Industry Handbook & Translation: A new handbook for software supply chain security in the Telco industry has been released, along with a Korean translation of the OpenChain Telco SBOM Guide.
  • Action: If you work in the telecommunications industry, these resources are essential reading.
    • New Telco Handbook
    • Korean Telco SBOM Guide

Webinars & Recordings:

A wealth of knowledge has been shared through recent webinars and community calls. These recordings are a great way to catch up on the latest discussions and best practices.

• Action: Review the recordings of past meetings to get up to speed on the topics that interest you most. You can also join future meetings to participate in the conversation live. Find out how to join the mailing lists and attend calls at https://openchainproject.org/participate.
  • Webinars:
    • ZF’s ISO/IEC 5230 Certification Case Study: Watch Here
    • Project OCCTET.eu – The Why, What and How: Watch Here
    • Compliance at CARIAD with ORT: Watch Here
  • Community Meeting Recordings:
    • Monthly Specification and Education Calls: North America/Europe, Europe/Asia
    • AI Work Group Workshops: North America/Europe, Europe/Asia
    • SBOM Study Group Meeting: Recording
  • Special Community Recordings:
    • OpenChain Mini-Summit @ Open Source Summit North America: Recording
    • Strategy Discussions for Germany and India: Germany, India
    • OpenChain Tooling Work Group Video Series: Watch Here

Other Community Updates:

• Japan Work Group Community Day: Notes and pictures from the 34th Community Day in Yokohama. View Here
• Tooling Work Group Slides: Slides from the July 2nd meeting are available. View Here

To get more involved in the OpenChain Project, including joining mailing lists, attending meetings, and contributing to the work, please visit: https://openchainproject.org/participate

News:

• New Conformance Programs:
  • Mercedes-Benz Research and Development India has announced an ISO/IEC 5230 Conformant Program, demonstrating a commitment to open source compliance.
  • S-core has strengthened its open source security by adopting OpenChain ISO/IEC 18974. These announcements indicate growing industry adoption and focus on formalizing open source compliance and security.
  • Action Item: Companies can look into pursuing ISO/IEC 5230 or ISO/IEC 18974 conformance to enhance their own open source governance and security posture.
• Updated Open Source Policy Template:
  • The Open Source Policy Template has been updated, providing a valuable resource for organizations developing or refining their open source policies.
  • Action Item: Review the updated template to ensure your organization’s open source policy aligns with best practices and incorporates the latest considerations.
• Recordings of Meetings and Calls:
  • Recordings of the OpenChain Q2 2025 Steering Committee Meeting – 2025-06-25 and the OpenChain Monthly Specification and Education Call (Europe- Asia) – 2025-06-18 are available. These provide insights into ongoing discussions, future directions, and educational content.
  • Action Item: Watch these recordings to stay informed about the strategic direction of OpenChain and learn from community discussions.
• Articles on OpenChain:
  • An article titled “Reflection on yesterday – OpenChain Korea Meeting, a community of professionals (and friends)” and an External Contribution: Operationalizing Software Trust: Why OpenChain Matters! emphasize the importance of OpenChain in building software trust.
  • Action Item: Read these articles to deepen your understanding of the strategic value of OpenChain and how it can be applied within your organization.
• Webinars:
  • Webinars on “AboutCode – Practical Compliance in One Stack – Licensing, Vulnerabilities, and More” and “How big is the risk of using LLM-generated code from the open source license compliance point of view?” are highlighted. The latter is particularly relevant given the increasing use of AI in software development.
  • Action Item: Attend or review summaries of these webinars to gain practical insights into compliance tools and navigate the complexities of AI-generated code from a licensing perspective.
• Events:
  • OpenChain had a presence at OSS NA with sessions on:
    • Expanding the OpenChain Standards Portfolio – More Sister Standards? – 2025-06-25
    • Empowering Asian Contributions: The Rise of Regional User Groups in Open Source Communities – 2025-06-24
    • In From the Cold: Open Source as Part of Mainstream Software Asset Management – 2025-06-25
  • OpenChain was also at the OSPO Summit China, and we have released Keynote Slides.
  • Action Item: Review the materials from these events to understand discussions around the future of OpenChain standards, community building, and the broader context of open source in enterprise software management. Look for opportunities to participate in future OpenChain events or regional user groups.