News

Dec 18

Save the date for our next OpenChain and Friends event in 2026!

By rchauhan News

After a successful first #openchainandfriends – event this year, we plan to have our next event for 2026.

So mark the 24^th , 25^th and 26^th of march 2026 in your calendars and prepare to join us in Stuttgart and talk about “Supply Chain (Chances and) Risk Management and beyond!”

We enhance our open source process management and automation topics with a dedicated stream for Open Source education and will have additional topic streams about Artificial Intelligence, CyberSecurity and Digital Sovereignty. We will explore Automotive / SDV and Embedded and OpenHW topics and discuss potential Open Source business opportunities for small- and medium-sized enterprises.

The program is collaboratively developed by the contributing communities so please regularly visit our event website to monitor the progress or even get involved yourself!:

https://openchainproject.org/news/2025/12/09/openchain-and-friends-2026

Big thanks to our friends at The FOSS-LÄND Community (https://github.com/the-foss-laend) for helping to make this happen and also supporting us again in the next year.

Registration will open in early January – Stay tuned!

We wish everyone a great holiday season and hope to see you in our event in 2026!

Dec 17

RECORDING: OpenChain Monthly Specification and Education Call (North America – Europe) – 2025-12-10

By Shane Coughlan News

We Discussed:

Lead by Chris Wood (Chair, Specification Work Group) and Martin Yagi (Chair Education Work Group), the call covered the following topics:

Survey results around the OpenChain ISO standards, the final draft of the new online training course material, and next steps to encourage community feedback.

Watch the Recording:

Check out the Meeting Slides:

https://github.com/OpenChain-Project/Meeting-Minutes/tree/main/Slides/2025

Coming Next:

A ton of work pending on education, and a survey to be released for the spec. Expect a strong focus on looking at what we have accomplished, looking at feedback, and making it better.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

Dec 17

RECORDING: OpenChain AI Work Group – Monthly Workshop for Europe and Asia – 2025-12-10

By Shane Coughlan News

Our regular OpenChain AI Work Group Asia Sync took place with participants from Europe and Asia, and with a focus on discussing next steps with the AI System Bill of Materials Compliance Guide. We are encouraging more market feedback to inform future development.

Watch the Recording:

Get Involved:

Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list for the AI Work Group: https://lists.openchainproject.org/g/ai

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate

Dec 17

OpenChain Newsletter #84

By Shane Coughlan Monthly Newsletter, News

Newsletter – Issue 84 – November 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

This month’s update highlights significant momentum in global adoption, particularly in the semiconductor and logistics sectors, alongside a wealth of educational resources regarding AI, SBOMs, and container compliance.

Strategic Updates

The Governing Board has released a special message regarding the project’s direction. Additionally, for those who missed it, the full recording of the OpenChain Mini-Summit from OSS Europe is now available.

Read the Governing Board Message: View Message
Watch the Mini-Summit: View Recording

New Adopters (ISO/IEC 5230)

The ecosystem continues to expand with major industry players announcing conformance. This is a strong signal for supply chain managers to review their own vendor requirements.

NXP Semiconductors: Read Announcement
Telechips: Read Announcement
CJ Logistics (First in Korean Logistics Industry): Read Announcement

Knowledge Base & Webinars

Three critical topics were covered this month: Software identification, patent non-aggression (OIN), and container compliance.

Software Hash ID: Watch Webinar
OIN 2.0 Preview: Watch Webinar
Containers and Compliance: Watch Webinar

Work Group Recordings & Deep Dives

If you are actively building compliance programs, these recordings provide insight into current best practices for AI, Telco, and SBOMs.

AI Work Group (Asia Sync): View Recording
AI Work Group (NA/Europe Workshop): View Recording
SBOM Work Group: View Recording
Telco Work Group: View Recording
Specification & Education Call (Europe – Asia): View Recording
Specification & Education Call (NA – Europe): View Recording

Community & Ecosystem News

New Partner: Sun Square is now an official OpenChain Partner. Read More
Survey Data: OpenChain featured in the Deloitte Global ITAM Survey 2025. Read More
Event Recaps:
- Automotive Workshop: Details
- Open Source India: Details
- Open Source Summit Korea: Details

Actionable Items for Readers

Assess Your Container Strategy: With the new webinar on “Containers and Compliance,” now is a good time to review how your organization handles license compliance within containerized environments.
Review AI Governance: The AI Work Group is highly active. If your organization is integrating AI, reviewing the “Asia Sync” or “NA/Europe Workshop” recordings is recommended to stay ahead of upcoming specification adjustments.
Benchmarking: Review the Deloitte Global ITAM Survey to see how your asset management and compliance practices compare to global standards.

Get Involved: Future Meetings

The recordings listed above represent recurring monthly work groups. To influence the direction of OpenChain standards (particularly in AI and SBOMs), you are encouraged to attend the next live sessions.

For Automotive: Look for the next Automotive WG Workshop to discuss supply chain specifics.
For AI Policy: Join the next monthly workshop (split by region) to contribute to the AI compliance roadmap.
For General Education: The Monthly Specification and Education calls are the best entry point for newcomers.

To find the schedule for the next meetings and join the mailing lists, please visit: https://openchainproject.org/participate

Note: This newsletter usually only contains primary meetings. Some community meetings are not recorded or are released through other channels.

Read Previous Newsletters:

https://openchainproject.org/newsletter

AI Usage:

This newsletter is created by using a template, curating links from a month of OpenChain news posted on the blog and using these prompts on Google Gemini to fill out the central news:

“Summarize the following newsletter for folks interested in the open source compliance to learn the latest changes in the space and find possible items that can act on. Include the links in this newsletter. Add notes on potential further actions by readers, particularly around attending future meetings. Direct people to this link to participate further: https://openchainproject.org/participate”

The newsletter is then subject to an edit cycle. If you spot any errors we missed, please contact us.

Dec 16

Analog Devices, Inc. has announced OpenChain ISO/IEC 5230:2020 conformance

By Shane Coughlan Featured, News

Analog Devices, Inc. (ADI) has announced an OpenChain ISO/IEC 5230:2020 conformant program, making another important step forward for open source governance and management in the global silicon supply chain.

“Achieving OpenChain conformance underscores our belief that open source stewardship is foundational to engineering excellence,” said Rob Oshana, Senior Vice President, Software & Digital Platforms at ADI. “It reinforces our commitment to transparent processes, clear compliance standards and continuous improvement across the software lifecycle.”

“ADI is an excellent steward of open source,” says Shane Coughlan, OpenChain General Manager. “Their contributions to the open source community have been notable too, not least their direct engagement with the OpenChain Project as we have developed and deployed standards and reference material related to open source compliance. It is a genuine pleasure to welcome them to our community of conformance, and we look forward to continued collaboration in the future.”

About ADI

ADI is a global semiconductor leader that bridges the physical and digital worlds to enable breakthroughs at the Intelligent Edge. ADI combines analog, digital, AI, and software technologies into solutions that help drive advancements in automation and robotics, mobility, energy and data centers, and healthcare, combat climate change, and reliably connect humans and the world. With revenue of more than $11 billion in FY25, ADI ensures today’s innovators stay Ahead of What’s Possible. Learn more at www.analog.com and on LinkedIn and X (formerly Twitter).

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Dec 15

Open Compliance Summit 2025 – Review and Photos

By Shane Coughlan Featured, News

The Open Compliance Summit 2025 was a tremendous success, with strong representation from China, Japan, Korea, Germany, Sweden, the United States, the United Kingdom, India and more. Over a packed schedule on the 11th and 12th December, attendees shared knowledge, networked and provided an exceptionally strong analysis of what is coming for licensing, security and regulatory compliance in 2026.

This event provided a substantial amount of analysis around OpenChain Project-related activities, ranging from the ISO standards to capability modeling, SBOM quality and AI System Bill of Material management.

The Open Compliance Summit is expected be held again in December 2026, and talk submissions are welcome. Learn more about the event on the official LF website around April 2026: https://events.linuxfoundation.org

This event also marked the last public event of our current General Manager, Shane Coughlan. We had a little ceremony and took some photos.

Dec 12

RECORDING: OpenChain Telco Work Group – 2025-12-04

By Shane Coughlan News

Attendees:

Jimmy Ahlberg, Ericsson
Takashi Ninjouji, Honda
Marc-Etienne Vargenau, Nokia

We show the anti-trust notice https://github.com/OpenChain-Project/Reference-Material/tree/master/OpenChain-Templates/Work-Group-Slide-Template as reminded by Shane.

Jimmy is back from his Asia trip. He will go in Japan for the Open Source and Compliance summits.

Jimmy has concerns about the recently released version 1.7 of the CycloneDX standard. CycloneDX v1.7 introduces first-class support for patents and patent families. These new fields could be used by patent trolls.

Shane will be leaving his role as OpenChain General Manager. His last day will be the 12^th of December. There is no replacement for him yet. It might take some time. Everyone is welcome to propose candidates.

We have no news from CISA about their Minimum Elements document. Nokia comments were provided, but they are still not visible at https://www.regulations.gov/document/CISA-2025-0007-0001/comment. So we have no idea when the final version of the document will be published.

The Python ntia-conformance-checker https://pypi.org/project/ntia-conformance-checker/ has been updated. It is now possible to check also conformance to the CISA document, meaning checking also Licenses and Copyright Holder. But the default is still to check NTIA, an option has to be added to check for CISA. So it has no impact on the openchain-telco-sbom-validator that uses this library.

It is now also possible to check conformance for SPDX 3 SBOMs. But we have not yet tested this capability.

A new release 0.3.3 of the openchain-telco-sbom-validator has been published. It only fixes a very small bug in the handling of the CISA SBOM type when followed by more text in the comment.

Nokia has published a new Python tool https://pypi.org/project/pypispdx/ to create SBOMs for Python packages available on https://pypi.org/. It will create an SBOM in multiple SPDX 2.3 formats (tag:value, JSON, RDF, XML, YAML). The SBOM will be compliant with the OpenChain Telco SBOM Guide. It includes the recursive dependencies of the package. For every package, it contains the PackageDownloadLocation, the PackageChecksum in both SHA256 and MD5 and the licenses when available.

Takashi-san reminds that the last version of the German BSI document requires SPDX in version 3, whereas the previous version required only SPDX 2. Most tools, including for example Black Duck, produce only SPDX 2 for the moment. We do not know the reason why the BSI requires it. In practice, the simplest solution could be to convert SPDX 2 to SPDX 3 using the Java tools https://github.com/spdx/tools-java.

Takashi-san shows the work done by the automotive group about SPDX 3.

The OpenChain automotive work group handles SPDX 3 generate by Yocto and would like to validate it against the Telco Guide. Currently, the validator can only handle SPDX 2, as the Python library it uses (https://github.com/spdx/tools-python/) cannot parse SPDX 3. The last release of this library is more that one year old. A new maintainer has been nominated, so we hope to have a new release that can handle SPDX 3, but we have no date.

We can start to think to an update of the SBOM Guide to allow SPDX 3. The OpenChain SBOM work group has produced in its document a mapping table of the Telco Guide between SPDX 2 and SPDX 3.

Jimmy will provide a better wording of the paragraph about encryption (see https://github.com/OpenChain-Project/Telco-WG/pull/214).

Watch the Recording:

Be part of this:

Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list:
https://lists.openchainproject.org/g/telco

💻 We have a dedicated GitHub Repo:
https://github.com/OpenChain-Project/Telco-WG

You are also welcome to participate in any of our other working groups around the world:

https://openchainproject.org/participate

Dec 11

RECORDING: OpenChain AI Work Group – Monthly Workshop for North America and Europe – 2025-12-02

By Shane Coughlan News

We continued to explore the question of how to address the intersection of open source, AI and process management in our regulation OpenChain AI Work Group Workshop for North America and Europe. Chaired by Matthew Crawford of Arm and Dave Marr of Qualcomm, this work group is building on the knowledge gathered and deployed to market in the OpenChain AI System Bill of Materials Compliance Guide.

Watch the Recording:

Get Involved:

Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list for the AI Work Group: https://lists.openchainproject.org/g/ai

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate

Dec 09

OpenChain and Friends 2026 – Stuttgart – March 24~26

By Shane Coughlan Featured, News

Locations
Topic Streams
Keynotes
Program Details
Sponsors
Q&A

“OpenChain and Friends” is an in-person community event focused on open source software supply chain management, compliance, and collaboration. It’s organized by the OpenChain Project in partnership with local and international communities, such as The FOSS-LÄND Community. The event takes place in Stuttgart, Germany and gathers people working with open source across different industries.

Register Here / Hier Registrieren Registration is required for this free event / kostenlose Veranstaltung, aber Registrierung ist erforderlich

Please register until march 19th 2026 EOB latest.

In-person only. (Please actively select/de-select the topics you plan to attend or not, we will only consider your registration for the actively selected tracks on a first come first serve base. By submitting your registration you confirm to follow the event code of conduct.)

The event is subject to the Chatham House Rule.

We will hold the second annual OpenChain and Friends event in Stuttgart from the 24th to the 26th of March 2026. (learn about last year’s edition here: https://openchainproject.org/news/2025/02/20/openchain-and-friends-stuttgart )

Main Event Location:

Robert Bosch GmbH – Service and Supply Chain Campus (SCC) Feuerbach, Bregenzer Str. 26A, 70469 Stuttgart

Satellite Event Locations:

Mercedes-Benz Tech Innovation in Vaihingen, Gropiusplatz 10, 70563 Stuttgart
Bosch Digital in Ludwigsburg, Groenerstraße 5/1, 71636 Ludwigsburg

Socializing Event Locations (on day 1):

Wichtel Feuerbach, Stuttgarter Straße 21, 70469 Stuttgart

In Partnership With:

The FOSS-LÄND Community

Topic Streams:

Open Source Compliance and OSPOs – Open Source Compliance & OSPO – processes, automation, governance & NFRs
Cybersecurity – Cybersecurity in the Software Supply Chain – CRA, SBOM requirements, ISO 18974, and good practices
Women in Open Source – networking and cross-track contributions
Embedded and Open Source Hardware – from chip design to licensing and IP questions
Artificial Intelligence – AI Systems Engineering & Data Platforms – methods, tools, open platforms, open AI agents for resilient supply chains
Digital Sovereignty and Open Source in Business – public/private collaboration, open source as a competitive factor
Education – open trainings, infrastructure, new formats
Automotive /SDV – Open Automotive Platform, Ecosystems, Tool Interoperability
Cross-Innovation and Innovation Practices – potential of mixing creative industries and digital sovereignty ideas with industrial Open Source
Linux OS and beyond – software supply chain from the Linux ecosystem perspective

KEYNOTES

on tuesday march 24th 2026:

Bjoern Schiessle Nextcloud

“Digital sovereignty isn’t about choosing your dependencies — it’s about eliminating them.”

– Björn Schiessle, Co-founder and Director of Sales Engineering at Nextcloud

Charley Mann & Florian Wohlrab OpenHW Foundation

“The Unified RISC-V IP Access Platform is absolutely critical to supporting technological sovereignty in Europe, and the OpenHW Foundation is committed to developing it into a sustainable, interoperable, and community driven resource for the wider RISC-V ecosystem. Open source collaboration is essential to ensuring a competitive playing field, and by working together, we will be able to go further, faster.”

– Florian Wohlrab, CEO, OpenHW Foundation

Dr.-Ing. Thomas Usländer Fraunhofer IOSB

„Beyond and precisely because of the AI hype there is need for a systematic approach to engineer, develop, deploy and operate AI systems. If not applied along the whole lifecycle, there is no sustainable and commercial benefit of an AI system.”

– Dr.-Ing. Thomas Usländer, Business Developer AI Systems Engineering, Fraunhofer IOSB, and head of the subprojects “AI Data Platform” and “AI Challenge” of the AI Alliance Baden-Württemberg

Aleksander Sadowski (ALSADO)

“Let’s empower sole inventors to become the manufacturers of tomorrow, securing our long term prosperity by establishing open-source software in manufacturing!”

– Aleksander Sadowski (ALSADO), a founder, inventor, author, developer and influencer in the German mechanical engineering industry

on wednesday march 25th 2026:

Prof. Dr. Ingo Weber (Fraunhofer Gesellschaft / TU Munich)

“George Box famously said: ‘All models are wrong, but some models are useful.’ This is also true for LLMs.
But to know how we can make them useful, openness in code, data, and governance helps.”

– Prof. Dr. Ingo Weber, Director for AI & Innovation at the Fraunhofer Gesellschaft, Full Professor and Chair of Information System Development and Operation in the Computer Science Department at the TUM School of Computation, Information and Technology (Technical University of Munich)

Dr. Ingo Simonis (CTO Open Geospatial Consortium)

“The most powerful AI systems won’t be built in isolation. They’ll emerge from open platforms where diverse communities collaborate, share data, and validate solutions together”

– Dr. Ingo Simonis (CTO Open Geospatial Consortium)

on thursday march 26th 2026:

Shane Coughlan (Open Invention Network)

“Open source is community and innovation realized in its purest form, and our management of this paradigm is critical for sustainable, sovereign societies.”

– Shane Coughlan, Global Ambassador OIN 2.0, Open Invention Network

Dirk Targoni (Robert Bosch GmbH)

“Don’t avoid dependencies—master them: track everything, verify continuously, and enforce need‑to‑know. Open source isn’t the risk; opaque code is. As AI reshapes the security paradigm, our winning strategy is shared visibility and collaborative defense.”

– Dirk Targoni, Product Vulnerability and Incident Response Team at Robert Bosch GmbH, ASRG-S lead and co-organizer

Franz Loogen (e-mobil BW GmbH)

“Software increasingly defines our industry. Open collaboration strengthens the supply chain. Through the Automotive Software Collaboration BW and the FOSS‑LÄND Community, we provide tailored support for organisations of all kinds, including OEMs, SMEs, public organisations and research institutions.“

– Franz Loogen, President of e-mobil BW GmbH

Mary Meixia Wang (OpenChain)

“Our vision is a global supply chain where open source is delivered with trusted, transparent, and consistent process management, supported by standards such as ISO/IEC 5230 and ISO/IEC 18974. At the same time, the community must help each other understand how open source and AI together are reshaping modern business.”

– Mary Meixia Wang, Executive Director of the Linux Foundation OpenChain Project

Program Details

Program details and schedule are collaboratively developed and can be tracked in our repository: OpenChain and Friends Program 2026.

Overall Event Schedule (all days, all locations)

Final schedule (as of 2026-03-25+update increment 16 – including a link column to access the abstracts in the stream-specific agendas, where already available – updates will be regularly provided – stay tuned!)

OpenChainAndFriends_final_schedule_inc16.pdf

Topic-Stream specific schedules with details

Hint: All contents still preliminary.

Contributing Communities and Marketplace

We will have many Open Source communities (also from the region) and most of them present themselves in the Community Marketplace in the hallway of the event for all three days. Come and join us!

OpenChain @ COSCON 2025 on 2025-12-06

By Shane Coughlan News

The OpenChain Project had a Mini-Summit as COSCON 2025 in China on the 6th of December 2025. We were hosted by the local open source community in Beijing, and our OpenChain China Work Group Chair – Zhenhua Sun of ByteDance – lead discussion around licensing, security and regulatory compliance topics.

We Discussed:

Watch the Recording:

Check out the Meeting Slides:

Coming Next:

Join Our Work:

Watch the Recording:

Get Involved:

Attend Future Meetings:

Strategic Updates

New Adopters (ISO/IEC 5230)

Knowledge Base & Webinars

Work Group Recordings & Deep Dives

Community & Ecosystem News

Actionable Items for Readers

Get Involved: Future Meetings

Read Previous Newsletters:

About ADI

About the OpenChain Project:

About The Linux Foundation:

Watch the Recording:

Be part of this:

Watch the Recording:

Get Involved:

Attend Future Meetings:

Main Event Location:

Satellite Event Locations:

Socializing Event Locations (on day 1):

In Partnership With:

Topic Streams:

KEYNOTES

Bjoern Schiessle Nextcloud

Charley Mann & Florian Wohlrab OpenHW Foundation

Dr.-Ing. Thomas Usländer Fraunhofer IOSB

Aleksander Sadowski (ALSADO)

Prof. Dr. Ingo Weber (Fraunhofer Gesellschaft / TU Munich)

Dr. Ingo Simonis (CTO Open Geospatial Consortium)

Shane Coughlan (Open Invention Network)

Dirk Targoni (Robert Bosch GmbH)

Franz Loogen (e-mobil BW GmbH)

Mary Meixia Wang (OpenChain)

Program Details

Overall Event Schedule (all days, all locations)

Topic-Stream specific schedules with details

Contributing Communities and Marketplace

SPONSORS

DIAMOND

BRONZE

View the Keynote Slides: